Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

findgala redirector


  • This topic is locked This topic is locked
38 replies to this topic

#1 bsny

bsny

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 15 May 2012 - 12:40 PM

Though the search bar (top right in IE says Google, searches get redirected to findgala.com. Unable to change search defaults or add another search engine. Also, two Windows updates (KB2393802 and KB2679255 -- one a security update, the other a Vista update) have failed to install. Windows Firewall vacated the premises some time ago (maybe a year), so I added Zonealarm. MBAM and MS Sec Essentials find nothing. What can be done?

Logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 10.4.1
Run by bsny at 11:32:01 on 2012-05-15
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3324.2258 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\alg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\locator.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AirPrint\airprint.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Intel Desktop Utilities\iptray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = *.local;<local>
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ipTray.exe] "c:\program files\intel\intel desktop utilities\ipTray.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\microsoft office.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-explorer: NoInstrumentation = 1
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB
DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} - hxxps://sales.smithnephew.net/crystalreportviewers/activeXViewer/activexviewer.cab
DPF: {80146C90-4B10-407A-9301-13A98FC91189} - hxxp://www.fedex.com/downloads/woas/woas.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {934CC260-C5AA-43C4-A657-7B70C5B3DAE1} - hxxps://sales.smithnephew.net/crystalreportviewers/activeXViewer/activexviewer.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://snuguk.smith-nephew.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{557D811D-059C-448A-901D-D4DF039F3A82} : DhcpNameServer = 10.0.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bsny\appdata\roaming\mozilla\firefox\profiles\t92cs2d4.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 171064]
R2 AirPrint;AirPrint;c:\program files\airprint\airprint.exe -s --> c:\program files\airprint\airprint.exe -s [?]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-14 21504]
R2 IduService;Intel® Desktop Utilities Service;c:\program files\intel\intel desktop utilities\iduServ.exe [2009-1-22 124928]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-2-6 13672]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-8 8312832]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-8 244736]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2007-7-17 20504]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-29 253088]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-26 176128]
S4 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-3 20464]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-3 652360]
.
=============== Created Last 30 ================
.
2012-05-15 15:37:14 -------- d-s---w- C:\CommyFix4712C
2012-05-15 15:33:46 -------- d-----w- c:\program files\Oracle
2012-05-15 15:32:57 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-15 14:45:15 -------- d-----w- c:\program files\CCleaner
2012-05-15 13:47:28 -------- d-s---w- C:\CommyFix1033C
2012-05-15 13:47:01 -------- d-s---w- C:\CommyFix12836C
2012-05-15 13:02:26 -------- d-s---w- C:\CommyFix
2012-05-14 17:59:31 98816 ----a-w- c:\windows\sed.exe
2012-05-14 17:59:31 518144 ----a-w- c:\windows\SWREG.exe
2012-05-14 17:59:31 256000 ----a-w- c:\windows\PEV.exe
2012-05-14 17:59:31 208896 ----a-w- c:\windows\MBR.exe
2012-05-14 15:42:46 288 ----a-w- c:\users\bsny\appdata\roaming\931F16B5.reg
2012-05-14 14:57:03 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d75860a5-6bb4-4f6b-8e38-5515353990f2}\mpengine.dll
2012-05-12 22:14:31 6734704 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-05-10 00:20:01 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 00:19:59 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 00:19:59 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-05-10 00:19:58 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-05-10 00:19:57 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-10 00:19:53 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 00:19:53 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 00:19:52 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 00:19:52 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-10 00:19:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 00:19:47 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 00:19:47 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 00:19:47 2044928 ----a-w- c:\windows\system32\win32k.sys
2012-05-03 23:42:37 -------- d-----w- c:\users\bsny\appdata\local\Win
2012-04-29 17:58:41 -------- d-----w- C:\Download
2012-04-29 17:57:47 -------- d-----w- c:\users\bsny\appdata\roaming\Samsung
2012-04-29 17:57:40 -------- d-----w- C:\AllShare
2012-04-29 17:56:57 -------- d-----w- c:\program files\Samsung
2012-04-29 16:50:12 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-29 16:50:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 23:47:02 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-21 01:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-29 15:11:45 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 13:32:37 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 15:26:16 834048 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 14:21:25 389632 ----a-w- c:\windows\system32\html.iec
2012-02-28 13:56:50 1383424 ----a-w- c:\windows\system32\mshtml.tlb
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x82C50936] -> \Device\Harddisk0\DR0[0x86F752C8]
3 CLASSPNP[0x8BDDF8B3] -> ntkrnlpa!IofCallDriver[0x82C50936] -> \Device\Ide\IAAStorageDevice-0[0x86395028]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user != kernel MBR !!!
error: Read The request could not be performed because of an I/O device error.
.
============= FINISH: 11:32:26.90 ===============

Attached File  DDSAttach.txt   15.71KB   2 downloads

Attached File  ark.txt   8.52KB   0 downloads

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 15 May 2012 - 11:33 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bsny

bsny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 16 May 2012 - 07:45 AM

Mr. Gringo:

Combofix hangs on scan screen -- I waited 30 minutes or so. AV and firewall were disabled.

Also, on bootup and when trying to delete a file, I'm getting a "recycle bin is corrupted..." message.

I appreciate your help with this!

bsny

Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm LTD Toolbar
ZoneAlarm Security
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

CCleaner
JavaFX 2.1.0
Java™ 7 Update 4
Adobe Flash Player 11.1.102.62
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
``````````End of Log````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 16 May 2012 - 12:33 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 bsny

bsny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 17 May 2012 - 10:59 AM

10:45:22.0452 5880 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
10:45:24.0452 5880 ============================================================
10:45:24.0452 5880 Current date / time: 2012/05/17 10:45:24.0452
10:45:24.0452 5880 SystemInfo:
10:45:24.0452 5880
10:45:24.0452 5880 OS Version: 6.0.6002 ServicePack: 2.0
10:45:24.0452 5880 Product type: Workstation
10:45:24.0452 5880 ComputerName: NEWESTSOB
10:45:24.0452 5880 UserName: bsny
10:45:24.0452 5880 Windows directory: C:\Windows
10:45:24.0452 5880 System windows directory: C:\Windows
10:45:24.0452 5880 Processor architecture: Intel x86
10:45:24.0452 5880 Number of processors: 4
10:45:24.0452 5880 Page size: 0x1000
10:45:24.0452 5880 Boot type: Normal boot
10:45:24.0452 5880 ============================================================
10:45:25.0562 5880 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8A00000 (698.63 Gb), SectorSize: 0x200, Cylinders: 0x16440, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:45:25.0577 5880 Drive \Device\Harddisk1\DR1 - Size: 0x2658A80000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:45:25.0655 5880 ============================================================
10:45:25.0655 5880 \Device\Harddisk0\DR0:
10:45:25.0655 5880 MBR partitions:
10:45:25.0655 5880 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57544000
10:45:25.0655 5880 \Device\Harddisk1\DR1:
10:45:25.0655 5880 MBR partitions:
10:45:25.0655 5880 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x132C0A77
10:45:25.0655 5880 ============================================================
10:45:25.0687 5880 C: <-> \Device\Harddisk0\DR0\Partition0
10:45:25.0733 5880 E: <-> \Device\Harddisk1\DR1\Partition0
10:45:25.0733 5880 ============================================================
10:45:25.0733 5880 Initialize success
10:45:25.0733 5880 ============================================================
10:45:32.0077 4644 ============================================================
10:45:32.0077 4644 Scan started
10:45:32.0077 4644 Mode: Manual;
10:45:32.0077 4644 ============================================================
10:45:32.0468 4644 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:45:32.0468 4644 ACPI - ok
10:45:32.0530 4644 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:45:32.0530 4644 AdobeFlashPlayerUpdateSvc - ok
10:45:32.0593 4644 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
10:45:32.0624 4644 adp94xx - ok
10:45:32.0655 4644 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
10:45:32.0733 4644 adpahci - ok
10:45:32.0749 4644 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
10:45:32.0780 4644 adpu160m - ok
10:45:32.0796 4644 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
10:45:32.0827 4644 adpu320 - ok
10:45:32.0858 4644 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
10:45:32.0905 4644 AeLookupSvc - ok
10:45:32.0952 4644 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:45:32.0968 4644 AFD - ok
10:45:33.0062 4644 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
10:45:33.0093 4644 agp440 - ok
10:45:33.0140 4644 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:45:33.0155 4644 aic78xx - ok
10:45:33.0202 4644 AirPrint - ok
10:45:33.0218 4644 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
10:45:33.0218 4644 ALG - ok
10:45:33.0233 4644 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
10:45:33.0249 4644 aliide - ok
10:45:33.0280 4644 AMD External Events Utility (5320ff0fdec41faf9d5cb01318aefd6a) C:\Windows\system32\atiesrxx.exe
10:45:33.0374 4644 AMD External Events Utility - ok
10:45:33.0405 4644 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
10:45:33.0421 4644 amdagp - ok
10:45:33.0437 4644 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
10:45:33.0452 4644 amdide - ok
10:45:33.0483 4644 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
10:45:33.0499 4644 AmdK7 - ok
10:45:33.0530 4644 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
10:45:33.0562 4644 AmdK8 - ok
10:45:34.0046 4644 amdkmdag (335ace2a8e97439733f0f6a1bbd818d5) C:\Windows\system32\DRIVERS\atikmdag.sys
10:45:34.0140 4644 amdkmdag - ok
10:45:34.0296 4644 amdkmdap (0b1b116d30f133dc918287fd8e212f1e) C:\Windows\system32\DRIVERS\atikmpag.sys
10:45:34.0312 4644 amdkmdap - ok
10:45:34.0343 4644 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
10:45:34.0343 4644 Appinfo - ok
10:45:34.0405 4644 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:45:34.0405 4644 Apple Mobile Device - ok
10:45:34.0421 4644 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
10:45:34.0452 4644 AppMgmt - ok
10:45:34.0468 4644 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
10:45:34.0499 4644 arc - ok
10:45:34.0499 4644 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
10:45:34.0530 4644 arcsas - ok
10:45:34.0546 4644 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:45:34.0562 4644 AsyncMac - ok
10:45:34.0577 4644 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:45:34.0577 4644 atapi - ok
10:45:34.0624 4644 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:45:34.0655 4644 AudioEndpointBuilder - ok
10:45:34.0655 4644 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:45:34.0655 4644 Audiosrv - ok
10:45:34.0671 4644 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:45:34.0687 4644 Beep - ok
10:45:34.0765 4644 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
10:45:34.0765 4644 BITS - ok
10:45:34.0780 4644 blbdrive - ok
10:45:34.0843 4644 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
10:45:34.0843 4644 Bonjour Service - ok
10:45:34.0858 4644 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:45:34.0858 4644 bowser - ok
10:45:34.0874 4644 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:45:34.0890 4644 BrFiltLo - ok
10:45:34.0921 4644 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:45:34.0937 4644 BrFiltUp - ok
10:45:34.0952 4644 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
10:45:34.0983 4644 Browser - ok
10:45:35.0015 4644 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:45:35.0046 4644 Brserid - ok
10:45:35.0140 4644 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:45:35.0171 4644 BrSerWdm - ok
10:45:35.0187 4644 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:45:35.0202 4644 BrUsbMdm - ok
10:45:35.0249 4644 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:45:35.0249 4644 BrUsbSer - ok
10:45:35.0280 4644 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
10:45:35.0296 4644 BthEnum - ok
10:45:35.0327 4644 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:45:35.0358 4644 BTHMODEM - ok
10:45:35.0390 4644 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
10:45:35.0390 4644 BthPan - ok
10:45:35.0437 4644 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
10:45:35.0452 4644 BTHPORT - ok
10:45:35.0468 4644 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
10:45:35.0468 4644 BthServ - ok
10:45:35.0483 4644 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
10:45:35.0499 4644 BTHUSB - ok
10:45:35.0593 4644 catchme - ok
10:45:35.0640 4644 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:45:35.0640 4644 cdfs - ok
10:45:35.0655 4644 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:45:35.0687 4644 cdrom - ok
10:45:35.0702 4644 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:45:35.0718 4644 CertPropSvc - ok
10:45:35.0749 4644 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
10:45:35.0780 4644 circlass - ok
10:45:35.0812 4644 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:45:35.0812 4644 CLFS - ok
10:45:35.0858 4644 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:45:35.0890 4644 clr_optimization_v2.0.50727_32 - ok
10:45:35.0937 4644 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:45:35.0937 4644 clr_optimization_v4.0.30319_32 - ok
10:45:35.0983 4644 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
10:45:35.0983 4644 cmdide - ok
10:45:36.0015 4644 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
10:45:36.0030 4644 Compbatt - ok
10:45:36.0030 4644 COMSysApp - ok
10:45:36.0108 4644 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
10:45:36.0108 4644 crcdisk - ok
10:45:36.0171 4644 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
10:45:36.0202 4644 Crusoe - ok
10:45:36.0233 4644 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
10:45:36.0233 4644 CryptSvc - ok
10:45:36.0327 4644 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
10:45:36.0343 4644 CSC - ok
10:45:36.0390 4644 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
10:45:36.0437 4644 CscService - ok
10:45:36.0499 4644 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:45:36.0499 4644 DcomLaunch - ok
10:45:36.0546 4644 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:45:36.0593 4644 DfsC - ok
10:45:36.0718 4644 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
10:45:36.0843 4644 DFSR - ok
10:45:36.0952 4644 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
10:45:36.0952 4644 Dhcp - ok
10:45:36.0983 4644 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:45:36.0983 4644 disk - ok
10:45:36.0999 4644 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
10:45:37.0015 4644 Dnscache - ok
10:45:37.0046 4644 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
10:45:37.0062 4644 dot3svc - ok
10:45:37.0124 4644 dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
10:45:37.0140 4644 dot4 - ok
10:45:37.0171 4644 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:45:37.0187 4644 Dot4Print - ok
10:45:37.0218 4644 Dot4Scan (a84d8a9006b1ae515cc7b6b3586c295a) C:\Windows\system32\DRIVERS\Dot4Scan.sys
10:45:37.0233 4644 Dot4Scan - ok
10:45:37.0249 4644 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
10:45:37.0281 4644 dot4usb - ok
10:45:37.0344 4644 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
10:45:37.0344 4644 DPS - ok
10:45:37.0359 4644 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:45:37.0375 4644 drmkaud - ok
10:45:37.0391 4644 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
10:45:37.0406 4644 dsNcAdpt - ok
10:45:37.0484 4644 dsNcService (b9750c064b43c7a3bbc8a74f1127aa4e) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
10:45:37.0500 4644 dsNcService - ok
10:45:37.0547 4644 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:45:37.0547 4644 DXGKrnl - ok
10:45:37.0609 4644 e1express (abfd0739bda1a9295b872a4b27326b9c) C:\Windows\system32\DRIVERS\e1e6032.sys
10:45:37.0656 4644 e1express - ok
10:45:37.0703 4644 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:45:37.0734 4644 E1G60 - ok
10:45:37.0781 4644 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
10:45:37.0812 4644 EapHost - ok
10:45:37.0828 4644 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:45:37.0828 4644 Ecache - ok
10:45:37.0875 4644 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
10:45:37.0937 4644 ehRecvr - ok
10:45:37.0953 4644 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
10:45:37.0984 4644 ehSched - ok
10:45:38.0000 4644 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
10:45:38.0000 4644 ehstart - ok
10:45:38.0047 4644 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
10:45:38.0078 4644 elxstor - ok
10:45:38.0125 4644 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
10:45:38.0156 4644 EMDMgmt - ok
10:45:38.0219 4644 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
10:45:38.0219 4644 EventSystem - ok
10:45:38.0250 4644 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:45:38.0298 4644 exfat - ok
10:45:38.0313 4644 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:45:38.0329 4644 fastfat - ok
10:45:38.0376 4644 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
10:45:38.0392 4644 Fax - ok
10:45:38.0407 4644 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:45:38.0407 4644 fdc - ok
10:45:38.0423 4644 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
10:45:38.0423 4644 fdPHost - ok
10:45:38.0470 4644 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
10:45:38.0470 4644 FDResPub - ok
10:45:38.0470 4644 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:45:38.0485 4644 FileInfo - ok
10:45:38.0517 4644 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:45:38.0532 4644 Filetrace - ok
10:45:38.0563 4644 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
10:45:38.0595 4644 flpydisk - ok
10:45:38.0626 4644 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:45:38.0626 4644 FltMgr - ok
10:45:38.0688 4644 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
10:45:38.0704 4644 FontCache - ok
10:45:38.0735 4644 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:45:38.0751 4644 FontCache3.0.0.0 - ok
10:45:38.0782 4644 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
10:45:38.0782 4644 Fs_Rec - ok
10:45:38.0813 4644 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
10:45:38.0813 4644 fvevol - ok
10:45:38.0829 4644 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
10:45:38.0860 4644 gagp30kx - ok
10:45:38.0876 4644 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
10:45:38.0892 4644 GEARAspiWDM - ok
10:45:38.0954 4644 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
10:45:38.0954 4644 gpsvc - ok
10:45:38.0985 4644 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\Windows\system32\drivers\grmnusb.sys
10:45:39.0001 4644 grmnusb - ok
10:45:39.0063 4644 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:45:39.0126 4644 gusvc - ok
10:45:39.0157 4644 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
10:45:39.0173 4644 HdAudAddService - ok
10:45:39.0220 4644 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:45:39.0220 4644 HDAudBus - ok
10:45:39.0220 4644 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\Windows\system32\DRIVERS\HECI.sys
10:45:39.0220 4644 HECI - ok
10:45:39.0251 4644 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
10:45:39.0267 4644 HidBth - ok
10:45:39.0346 4644 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:45:39.0361 4644 HidIr - ok
10:45:39.0424 4644 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
10:45:39.0424 4644 hidserv - ok
10:45:39.0455 4644 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:45:39.0455 4644 HidUsb - ok
10:45:39.0486 4644 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
10:45:39.0549 4644 hkmsvc - ok
10:45:39.0596 4644 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
10:45:39.0611 4644 HpCISSs - ok
10:45:39.0643 4644 HPFXBULK (299683d4c8aaa3f6f5d5d226a1782a6e) C:\Windows\system32\drivers\hpfxbulk.sys
10:45:39.0658 4644 HPFXBULK - ok
10:45:39.0674 4644 HPFXFAX (f728db73a87231e27b6ba34d71ce2edb) C:\Windows\system32\drivers\hpfxfax.sys
10:45:39.0689 4644 HPFXFAX - ok
10:45:39.0783 4644 hpqcxs08 (a0fa5ac8b360780524d7a68376baf4e0) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:45:39.0783 4644 hpqcxs08 - ok
10:45:39.0814 4644 hpqddsvc (99ed733f614660eb32199bf889dfb7e2) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:45:39.0814 4644 hpqddsvc - ok
10:45:39.0846 4644 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:45:39.0893 4644 HTTP - ok
10:45:39.0908 4644 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
10:45:39.0924 4644 i2omp - ok
10:45:39.0971 4644 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:45:39.0986 4644 i8042prt - ok
10:45:40.0064 4644 IAANTMON (e03216d695cdc2d223afc0cab4498888) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
10:45:40.0064 4644 IAANTMON - ok
10:45:40.0096 4644 iaStor (9f1220113a3a7f4f08042c699324d073) C:\Windows\system32\DRIVERS\iaStor.sys
10:45:40.0096 4644 iaStor - ok
10:45:40.0127 4644 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
10:45:40.0127 4644 iaStorV - ok
10:45:40.0221 4644 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:45:40.0378 4644 idsvc - ok
10:45:40.0409 4644 IduService (13202c37cbbc5df5b34ae77b80899cd3) C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe
10:45:40.0409 4644 IduService - ok
10:45:40.0503 4644 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:45:40.0519 4644 iirsp - ok
10:45:40.0565 4644 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
10:45:40.0628 4644 IKEEXT - ok
10:45:40.0659 4644 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
10:45:40.0659 4644 intelide - ok
10:45:40.0690 4644 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:45:40.0690 4644 intelppm - ok
10:45:40.0753 4644 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
10:45:40.0769 4644 IntuitUpdateService - ok
10:45:40.0815 4644 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
10:45:40.0831 4644 IntuitUpdateServiceV4 - ok
10:45:40.0847 4644 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
10:45:40.0862 4644 IPBusEnum - ok
10:45:40.0894 4644 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:45:40.0925 4644 IpFilterDriver - ok
10:45:40.0972 4644 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
10:45:40.0972 4644 iphlpsvc - ok
10:45:40.0972 4644 IpInIp - ok
10:45:41.0003 4644 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
10:45:41.0034 4644 IPMIDRV - ok
10:45:41.0081 4644 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:45:41.0097 4644 IPNAT - ok
10:45:41.0159 4644 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
10:45:41.0159 4644 iPod Service - ok
10:45:41.0190 4644 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:45:41.0206 4644 IRENUM - ok
10:45:41.0237 4644 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
10:45:41.0269 4644 isapnp - ok
10:45:41.0300 4644 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:45:41.0300 4644 iScsiPrt - ok
10:45:41.0410 4644 ISWKL (d068bf274c6fc880e43d7b4a7740c451) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
10:45:41.0410 4644 ISWKL - ok
10:45:41.0613 4644 IswSvc (02ddbb7a11f5ecc1da782790e3f57cef) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
10:45:41.0613 4644 IswSvc - ok
10:45:41.0645 4644 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:45:41.0660 4644 iteatapi - ok
10:45:41.0723 4644 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:45:41.0738 4644 iteraid - ok
10:45:41.0770 4644 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:45:41.0785 4644 kbdclass - ok
10:45:41.0816 4644 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
10:45:41.0832 4644 kbdhid - ok
10:45:41.0848 4644 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:45:41.0863 4644 KeyIso - ok
10:45:41.0895 4644 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
10:45:41.0910 4644 KSecDD - ok
10:45:41.0957 4644 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
10:45:41.0988 4644 KtmRm - ok
10:45:42.0035 4644 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
10:45:42.0035 4644 LanmanServer - ok
10:45:42.0066 4644 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
10:45:42.0066 4644 LanmanWorkstation - ok
10:45:42.0176 4644 LBTServ (3af6b73a3ad1fc37c5933441f66ceb91) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
10:45:42.0223 4644 LBTServ - ok
10:45:42.0270 4644 LEqdUsb (70035567754bed4e6ad353ca3f175127) C:\Windows\system32\Drivers\LEqdUsb.Sys
10:45:42.0285 4644 LEqdUsb - ok
10:45:42.0316 4644 LHidEqd (32491b6bae0afad1d7a62c0ef0af4321) C:\Windows\system32\Drivers\LHidEqd.Sys
10:45:42.0316 4644 LHidEqd - ok
10:45:42.0332 4644 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:45:42.0364 4644 LHidFilt - ok
10:45:42.0396 4644 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:45:42.0411 4644 lltdio - ok
10:45:42.0505 4644 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
10:45:42.0521 4644 lltdsvc - ok
10:45:42.0552 4644 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
10:45:42.0567 4644 lmhosts - ok
10:45:42.0599 4644 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:45:42.0630 4644 LMouFilt - ok
10:45:42.0692 4644 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
10:45:42.0708 4644 LSI_FC - ok
10:45:42.0724 4644 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
10:45:42.0739 4644 LSI_SAS - ok
10:45:42.0755 4644 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
10:45:42.0786 4644 LSI_SCSI - ok
10:45:42.0802 4644 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:45:42.0802 4644 luafv - ok
10:45:42.0864 4644 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
10:45:42.0880 4644 MBAMProtector - ok
10:45:42.0958 4644 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:45:43.0052 4644 MBAMService - ok
10:45:43.0067 4644 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
10:45:43.0083 4644 Mcx2Svc - ok
10:45:43.0130 4644 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
10:45:43.0130 4644 MDM - ok
10:45:43.0161 4644 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
10:45:43.0161 4644 megasas - ok
10:45:43.0192 4644 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:45:43.0192 4644 MMCSS - ok
10:45:43.0208 4644 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:45:43.0224 4644 Modem - ok
10:45:43.0239 4644 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:45:43.0239 4644 monitor - ok
10:45:43.0271 4644 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:45:43.0286 4644 mouclass - ok
10:45:43.0302 4644 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:45:43.0302 4644 mouhid - ok
10:45:43.0333 4644 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:45:43.0333 4644 MountMgr - ok
10:45:43.0380 4644 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:45:43.0380 4644 MozillaMaintenance - ok
10:45:43.0442 4644 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
10:45:43.0442 4644 MpFilter - ok
10:45:43.0458 4644 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
10:45:43.0474 4644 mpio - ok
10:45:43.0552 4644 MpKslb48731fa (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{20E5A3C9-898F-47C3-9478-678D9C952CA9}\MpKslb48731fa.sys
10:45:43.0552 4644 MpKslb48731fa - ok
10:45:43.0614 4644 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:45:43.0614 4644 mpsdrv - ok
10:45:43.0724 4644 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:45:43.0724 4644 Mraid35x - ok
10:45:43.0755 4644 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:45:43.0771 4644 MRxDAV - ok
10:45:43.0786 4644 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:45:43.0786 4644 mrxsmb - ok
10:45:43.0817 4644 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:45:43.0817 4644 mrxsmb10 - ok
10:45:43.0833 4644 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:45:43.0833 4644 mrxsmb20 - ok
10:45:43.0880 4644 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
10:45:43.0896 4644 msahci - ok
10:45:43.0911 4644 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
10:45:43.0942 4644 msdsm - ok
10:45:43.0974 4644 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
10:45:43.0989 4644 MSDTC - ok
10:45:44.0021 4644 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:45:44.0067 4644 Msfs - ok
10:45:44.0067 4644 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
10:45:44.0067 4644 msisadrv - ok
10:45:44.0099 4644 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
10:45:44.0114 4644 MSiSCSI - ok
10:45:44.0130 4644 msiserver - ok
10:45:44.0161 4644 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:45:44.0177 4644 MSKSSRV - ok
10:45:44.0239 4644 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:45:44.0239 4644 MsMpSvc - ok
10:45:44.0255 4644 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:45:44.0255 4644 MSPCLOCK - ok
10:45:44.0271 4644 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:45:44.0286 4644 MSPQM - ok
10:45:44.0317 4644 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:45:44.0317 4644 MsRPC - ok
10:45:44.0333 4644 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:45:44.0333 4644 mssmbios - ok
10:45:44.0349 4644 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:45:44.0364 4644 MSTEE - ok
10:45:44.0364 4644 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:45:44.0364 4644 Mup - ok
10:45:44.0411 4644 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
10:45:44.0427 4644 napagent - ok
10:45:44.0458 4644 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:45:44.0474 4644 NativeWifiP - ok
10:45:44.0521 4644 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:45:44.0599 4644 NDIS - ok
10:45:44.0614 4644 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:45:44.0646 4644 NdisTapi - ok
10:45:44.0692 4644 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:45:44.0692 4644 Ndisuio - ok
10:45:44.0739 4644 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:45:44.0755 4644 NdisWan - ok
10:45:44.0771 4644 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:45:44.0786 4644 NDProxy - ok
10:45:44.0911 4644 Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
10:45:45.0052 4644 Nero BackItUp Scheduler 4.0 - ok
10:45:45.0083 4644 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll
10:45:45.0083 4644 Net Driver HPZ12 - ok
10:45:45.0099 4644 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:45:45.0114 4644 NetBIOS - ok
10:45:45.0146 4644 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:45:45.0177 4644 netbt - ok
10:45:45.0192 4644 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:45:45.0192 4644 Netlogon - ok
10:45:45.0224 4644 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
10:45:45.0224 4644 Netman - ok
10:45:45.0239 4644 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
10:45:45.0255 4644 netprofm - ok
10:45:45.0317 4644 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:45:45.0333 4644 NetTcpPortSharing - ok
10:45:45.0396 4644 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:45:45.0411 4644 nfrd960 - ok
10:45:45.0458 4644 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:45:45.0489 4644 NisDrv - ok
10:45:45.0583 4644 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
10:45:45.0599 4644 NisSrv - ok
10:45:45.0646 4644 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
10:45:45.0646 4644 NlaSvc - ok
10:45:45.0677 4644 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:45:45.0692 4644 Npfs - ok
10:45:45.0724 4644 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
10:45:45.0739 4644 nsi - ok
10:45:45.0755 4644 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:45:45.0771 4644 nsiproxy - ok
10:45:45.0849 4644 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:45:45.0849 4644 Ntfs - ok
10:45:45.0896 4644 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:45:45.0911 4644 ntrigdigi - ok
10:45:45.0942 4644 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:45:45.0942 4644 Null - ok
10:45:45.0942 4644 nvlddmkm - ok
10:45:45.0974 4644 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
10:45:46.0005 4644 nvraid - ok
10:45:46.0021 4644 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
10:45:46.0036 4644 nvstor - ok
10:45:46.0067 4644 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
10:45:46.0083 4644 nv_agp - ok
10:45:46.0083 4644 NwlnkFlt - ok
10:45:46.0099 4644 NwlnkFwd - ok
10:45:46.0114 4644 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
10:45:46.0114 4644 ohci1394 - ok
10:45:46.0146 4644 osaio (d7d120fd31bb8b4ec6a4f628517edc33) C:\Windows\system32\drivers\osaio.sys
10:45:46.0146 4644 osaio - ok
10:45:46.0192 4644 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:45:46.0224 4644 ose - ok
10:45:46.0271 4644 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:45:46.0302 4644 p2pimsvc - ok
10:45:46.0302 4644 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:45:46.0317 4644 p2psvc - ok
10:45:46.0349 4644 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:45:46.0364 4644 Parport - ok
10:45:46.0396 4644 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
10:45:46.0396 4644 partmgr - ok
10:45:46.0411 4644 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:45:46.0411 4644 Parvdm - ok
10:45:46.0442 4644 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
10:45:46.0442 4644 PcaSvc - ok
10:45:46.0474 4644 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:45:46.0474 4644 pci - ok
10:45:46.0474 4644 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
10:45:46.0474 4644 pciide - ok
10:45:46.0567 4644 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:45:46.0583 4644 pcmcia - ok
10:45:46.0646 4644 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:45:46.0646 4644 PEAUTH - ok
10:45:46.0755 4644 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
10:45:46.0833 4644 pla - ok
10:45:46.0942 4644 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
10:45:47.0817 4644 PlugPlay - ok
10:45:47.0849 4644 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll
10:45:47.0849 4644 Pml Driver HPZ12 - ok
10:45:47.0896 4644 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:45:47.0896 4644 PNRPAutoReg - ok
10:45:47.0911 4644 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:45:47.0911 4644 PNRPsvc - ok
10:45:47.0942 4644 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
10:45:47.0974 4644 PolicyAgent - ok
10:45:48.0005 4644 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:45:48.0036 4644 PptpMiniport - ok
10:45:48.0067 4644 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
10:45:48.0083 4644 Processor - ok
10:45:48.0114 4644 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
10:45:48.0114 4644 ProfSvc - ok
10:45:48.0130 4644 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:45:48.0130 4644 ProtectedStorage - ok
10:45:48.0161 4644 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:45:48.0177 4644 PSched - ok
10:45:48.0239 4644 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
10:45:48.0271 4644 ql2300 - ok
10:45:48.0286 4644 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:45:48.0317 4644 ql40xx - ok
10:45:48.0349 4644 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
10:45:48.0396 4644 QWAVE - ok
10:45:48.0411 4644 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:45:48.0427 4644 QWAVEdrv - ok
10:45:48.0474 4644 RapiMgr (70dbdab246c18b78e2200d6401d038be) C:\Windows\WindowsMobile\rapimgr.dll
10:45:48.0474 4644 RapiMgr - ok
10:45:48.0489 4644 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:45:48.0505 4644 RasAcd - ok
10:45:48.0521 4644 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
10:45:48.0536 4644 RasAuto - ok
10:45:48.0552 4644 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:45:48.0583 4644 Rasl2tp - ok
10:45:48.0630 4644 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
10:45:48.0630 4644 RasMan - ok
10:45:48.0646 4644 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:45:48.0661 4644 RasPppoe - ok
10:45:48.0677 4644 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:45:48.0708 4644 RasSstp - ok
10:45:48.0739 4644 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:45:48.0817 4644 rdbss - ok
10:45:48.0849 4644 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:45:48.0864 4644 RDPCDD - ok
10:45:48.0911 4644 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
10:45:48.0974 4644 rdpdr - ok
10:45:48.0989 4644 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:45:48.0989 4644 RDPENCDD - ok
10:45:49.0052 4644 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
10:45:49.0099 4644 RDPWD - ok
10:45:49.0130 4644 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
10:45:49.0146 4644 RemoteAccess - ok
10:45:49.0177 4644 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
10:45:49.0192 4644 RemoteRegistry - ok
10:45:49.0208 4644 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
10:45:49.0224 4644 RFCOMM - ok
10:45:49.0255 4644 RimSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
10:45:49.0271 4644 RimSerPort - ok
10:45:49.0302 4644 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
10:45:49.0333 4644 RimUsb - ok
10:45:49.0333 4644 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
10:45:49.0333 4644 RimVSerPort - ok
10:45:49.0349 4644 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
10:45:49.0364 4644 ROOTMODEM - ok
10:45:49.0396 4644 RoxLiveShare9 - ok
10:45:49.0411 4644 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
10:45:49.0427 4644 RpcLocator - ok
10:45:49.0458 4644 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:45:49.0474 4644 RpcSs - ok
10:45:49.0489 4644 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:45:49.0521 4644 rspndr - ok
10:45:49.0552 4644 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:45:49.0552 4644 SamSs - ok
10:45:49.0583 4644 sbp2port (37ca203f8ccf732cd272a27e55b268c4) C:\Windows\system32\DRIVERS\sbp2port.sys
10:45:49.0583 4644 sbp2port - ok
10:45:49.0614 4644 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
10:45:49.0630 4644 SCardSvr - ok
10:45:49.0692 4644 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
10:45:49.0692 4644 Schedule - ok
10:45:49.0724 4644 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:45:49.0724 4644 SCPolicySvc - ok
10:45:49.0817 4644 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
10:45:49.0849 4644 SDRSVC - ok
10:45:49.0864 4644 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:45:49.0880 4644 secdrv - ok
10:45:49.0911 4644 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
10:45:49.0911 4644 seclogon - ok
10:45:49.0958 4644 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
10:45:49.0958 4644 SENS - ok
10:45:49.0974 4644 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
10:45:49.0989 4644 Serenum - ok
10:45:50.0021 4644 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
10:45:50.0099 4644 Serial - ok
10:45:50.0130 4644 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:45:50.0146 4644 sermouse - ok
10:45:50.0192 4644 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
10:45:50.0192 4644 SessionEnv - ok
10:45:50.0224 4644 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
10:45:50.0224 4644 sffdisk - ok
10:45:50.0239 4644 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
10:45:50.0255 4644 sffp_mmc - ok
10:45:50.0271 4644 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
10:45:50.0286 4644 sffp_sd - ok
10:45:50.0364 4644 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
10:45:50.0364 4644 sfloppy - ok
10:45:50.0411 4644 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
10:45:50.0411 4644 SharedAccess - ok
10:45:50.0442 4644 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
10:45:50.0474 4644 ShellHWDetection - ok
10:45:50.0505 4644 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
10:45:50.0521 4644 sisagp - ok
10:45:50.0552 4644 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
10:45:50.0567 4644 SiSRaid2 - ok
10:45:50.0583 4644 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
10:45:50.0599 4644 SiSRaid4 - ok
10:45:50.0864 4644 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
10:45:50.0927 4644 slsvc - ok
10:45:51.0036 4644 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
10:45:51.0052 4644 SLUINotify - ok
10:45:51.0083 4644 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:45:51.0114 4644 Smb - ok
10:45:51.0130 4644 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
10:45:51.0161 4644 SNMPTRAP - ok
10:45:51.0177 4644 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:45:51.0177 4644 spldr - ok
10:45:51.0208 4644 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
10:45:51.0208 4644 Spooler - ok
10:45:51.0239 4644 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:45:51.0255 4644 srv - ok
10:45:51.0271 4644 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:45:51.0286 4644 srv2 - ok
10:45:51.0302 4644 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:45:51.0302 4644 srvnet - ok
10:45:51.0317 4644 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
10:45:51.0317 4644 SSDPSRV - ok
10:45:51.0349 4644 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
10:45:51.0349 4644 SstpSvc - ok
10:45:51.0458 4644 STacSV (c5003d42cc88c1f5d54ed9af28d6ed7b) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\STacSV.exe
10:45:51.0458 4644 STacSV - ok
10:45:51.0489 4644 STHDA (591e0da800f1a5833a0ff6c865c395ea) C:\Windows\system32\drivers\stwrt.sys
10:45:51.0505 4644 STHDA - ok
10:45:51.0536 4644 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
10:45:51.0567 4644 stisvc - ok
10:45:51.0630 4644 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:45:51.0630 4644 swenum - ok
10:45:51.0677 4644 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
10:45:51.0708 4644 swprv - ok
10:45:51.0771 4644 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:45:51.0786 4644 Symc8xx - ok
10:45:51.0833 4644 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:45:51.0833 4644 Sym_hi - ok
10:45:51.0849 4644 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:45:51.0864 4644 Sym_u3 - ok
10:45:51.0927 4644 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
10:45:51.0942 4644 SysMain - ok
10:45:51.0958 4644 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
10:45:52.0005 4644 TabletInputService - ok
10:45:52.0036 4644 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
10:45:52.0036 4644 TapiSrv - ok
10:45:52.0067 4644 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
10:45:52.0067 4644 TBS - ok
10:45:52.0146 4644 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
10:45:52.0161 4644 Tcpip - ok
10:45:52.0161 4644 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
10:45:52.0177 4644 Tcpip6 - ok
10:45:52.0239 4644 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
10:45:52.0239 4644 tcpipreg - ok
10:45:52.0255 4644 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:45:52.0271 4644 TDPIPE - ok
10:45:52.0286 4644 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:45:52.0302 4644 TDTCP - ok
10:45:52.0317 4644 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:45:52.0364 4644 tdx - ok
10:45:52.0380 4644 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:45:52.0411 4644 TermDD - ok
10:45:52.0458 4644 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
10:45:52.0474 4644 TermService - ok
10:45:52.0505 4644 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
10:45:52.0505 4644 Themes - ok
10:45:52.0536 4644 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:45:52.0536 4644 THREADORDER - ok
10:45:52.0552 4644 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
10:45:52.0567 4644 TrkWks - ok
10:45:52.0614 4644 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
10:45:52.0630 4644 TrustedInstaller - ok
10:45:52.0646 4644 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:45:52.0661 4644 tssecsrv - ok
10:45:52.0677 4644 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:45:52.0692 4644 tunmp - ok
10:45:52.0739 4644 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:45:52.0771 4644 tunnel - ok
10:45:52.0786 4644 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
10:45:52.0817 4644 uagp35 - ok
10:45:52.0864 4644 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:45:52.0880 4644 udfs - ok
10:45:52.0911 4644 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
10:45:52.0942 4644 UI0Detect - ok
10:45:53.0005 4644 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
10:45:53.0036 4644 uliagpkx - ok
10:45:53.0099 4644 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
10:45:53.0161 4644 uliahci - ok
10:45:53.0177 4644 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:45:53.0192 4644 UlSata - ok
10:45:53.0224 4644 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:45:53.0255 4644 ulsata2 - ok
10:45:53.0271 4644 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:45:53.0302 4644 umbus - ok
10:45:53.0317 4644 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
10:45:53.0364 4644 UmRdpService - ok
10:45:53.0427 4644 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
10:45:53.0427 4644 UnlockerDriver5 - ok
10:45:53.0474 4644 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
10:45:53.0505 4644 upnphost - ok
10:45:53.0536 4644 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
10:45:53.0567 4644 USBAAPL - ok
10:45:53.0614 4644 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:45:53.0646 4644 usbccgp - ok
10:45:53.0661 4644 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:45:53.0692 4644 usbcir - ok
10:45:53.0724 4644 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:45:53.0739 4644 usbehci - ok
10:45:53.0771 4644 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:45:53.0786 4644 usbhub - ok
10:45:53.0896 4644 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:45:53.0911 4644 usbohci - ok
10:45:53.0927 4644 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:45:53.0942 4644 usbprint - ok
10:45:53.0958 4644 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:45:53.0989 4644 usbscan - ok
10:45:53.0989 4644 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:45:54.0036 4644 USBSTOR - ok
10:45:54.0099 4644 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:45:54.0114 4644 usbuhci - ok
10:45:54.0161 4644 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
10:45:54.0177 4644 usb_rndisx - ok
10:45:54.0208 4644 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
10:45:54.0224 4644 UxSms - ok
10:45:54.0286 4644 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
10:45:54.0317 4644 vds - ok
10:45:54.0364 4644 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:45:54.0380 4644 vga - ok
10:45:54.0396 4644 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:45:54.0411 4644 VgaSave - ok
10:45:54.0458 4644 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
10:45:54.0474 4644 viaagp - ok
10:45:54.0505 4644 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
10:45:54.0521 4644 ViaC7 - ok
10:45:54.0536 4644 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
10:45:54.0536 4644 viaide - ok
10:45:54.0567 4644 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:45:54.0567 4644 volmgr - ok
10:45:54.0614 4644 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:45:54.0630 4644 volmgrx - ok
10:45:54.0646 4644 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:45:54.0646 4644 volsnap - ok
10:45:54.0692 4644 Vsdatant (6983d0bcac64c2d7460c2125f804f118) C:\Windows\system32\DRIVERS\vsdatant.sys
10:45:54.0692 4644 Vsdatant - ok
10:45:54.0755 4644 vsmon - ok
10:45:54.0802 4644 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
10:45:54.0849 4644 vsmraid - ok
10:45:54.0927 4644 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
10:45:54.0974 4644 VSS - ok
10:45:55.0021 4644 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
10:45:55.0021 4644 W32Time - ok
10:45:55.0099 4644 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:45:55.0114 4644 WacomPen - ok
10:45:55.0146 4644 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:45:55.0177 4644 Wanarp - ok
10:45:55.0177 4644 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:45:55.0177 4644 Wanarpv6 - ok
10:45:55.0239 4644 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
10:45:55.0333 4644 wbengine - ok
10:45:55.0380 4644 WcesComm (779f9c90d3fe9c70b6ffd8ef035f3e83) C:\Windows\WindowsMobile\wcescomm.dll
10:45:55.0396 4644 WcesComm - ok
10:45:55.0458 4644 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
10:45:55.0505 4644 wcncsvc - ok
10:45:55.0536 4644 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
10:45:55.0552 4644 WcsPlugInService - ok
10:45:55.0567 4644 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
10:45:55.0583 4644 Wd - ok
10:45:55.0661 4644 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:45:55.0677 4644 Wdf01000 - ok
10:45:55.0708 4644 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:45:55.0708 4644 WdiServiceHost - ok
10:45:55.0708 4644 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:45:55.0724 4644 WdiSystemHost - ok
10:45:55.0755 4644 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
10:45:55.0771 4644 WebClient - ok
10:45:55.0786 4644 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
10:45:55.0817 4644 Wecsvc - ok
10:45:55.0849 4644 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
10:45:55.0864 4644 wercplsupport - ok
10:45:55.0880 4644 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
10:45:55.0880 4644 WerSvc - ok
10:45:55.0942 4644 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
10:45:55.0974 4644 WinDefend - ok
10:45:55.0974 4644 WinHttpAutoProxySvc - ok
10:45:56.0005 4644 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
10:45:56.0005 4644 Winmgmt - ok
10:45:56.0130 4644 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
10:45:56.0192 4644 WinRM - ok
10:45:56.0255 4644 winusb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
10:45:56.0286 4644 winusb - ok
10:45:56.0333 4644 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
10:45:56.0380 4644 Wlansvc - ok
10:45:56.0521 4644 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:45:56.0536 4644 wlidsvc - ok
10:45:56.0646 4644 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
10:45:56.0646 4644 WmiAcpi - ok
10:45:56.0677 4644 WmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\System32\wbem\WmiApSrv.exe
10:45:56.0708 4644 WmiApSrv - ok
10:45:56.0771 4644 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:45:57.0052 4644 WMPNetworkSvc - ok
10:45:57.0067 4644 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
10:45:57.0099 4644 WPCSvc - ok
10:45:57.0130 4644 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
10:45:57.0146 4644 WPDBusEnum - ok
10:45:57.0192 4644 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
10:45:57.0208 4644 WpdUsb - ok
10:45:57.0302 4644 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:45:57.0302 4644 WPFFontCache_v0400 - ok
10:45:57.0333 4644 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:45:57.0349 4644 ws2ifsl - ok
10:45:57.0380 4644 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
10:45:57.0396 4644 wscsvc - ok
10:45:57.0396 4644 WSearch - ok
10:45:57.0505 4644 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
10:45:57.0536 4644 wuauserv - ok
10:45:57.0614 4644 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:45:57.0646 4644 WUDFRd - ok
10:45:57.0677 4644 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
10:45:57.0692 4644 wudfsvc - ok
10:45:57.0724 4644 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:45:58.0177 4644 \Device\Harddisk0\DR0 - ok
10:45:58.0177 4644 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
10:45:58.0349 4644 \Device\Harddisk1\DR1 - ok
10:45:58.0364 4644 Boot (0x1200) (7aa4e8ec846a99bceb88fa541d3bbfca) \Device\Harddisk0\DR0\Partition0
10:45:58.0364 4644 \Device\Harddisk0\DR0\Partition0 - ok
10:45:58.0364 4644 Boot (0x1200) (a117f2182f95afbddd8f311f6259b127) \Device\Harddisk1\DR1\Partition0
10:45:58.0364 4644 \Device\Harddisk1\DR1\Partition0 - ok
10:45:58.0364 4644 ============================================================
10:45:58.0364 4644 Scan finished
10:45:58.0364 4644 ============================================================
10:45:58.0380 4112 Detected object count: 0
10:45:58.0380 4112 Actual detected object count: 0
10:52:14.0309 5448 Deinitialize success




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-17 10:55:41
-----------------------------
10:55:41.577 OS Version: Windows 6.0.6002 Service Pack 2
10:55:41.577 Number of processors: 4 586 0xF0B
10:55:41.577 ComputerName: NEWESTSOB UserName: bsny
10:55:43.628 Initialize success
10:56:01.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:56:01.828 Disk 0 Vendor: Intel___ 1.0. Size: 715402MB BusType: 8
10:56:01.828 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
10:56:01.828 Disk 1 Vendor: Intel___ 1.0. Size: 157066MB BusType: 8
10:56:01.859 Disk 0 MBR read successfully
10:56:01.859 Disk 0 MBR scan
10:56:01.859 Disk 0 Windows VISTA default MBR code
10:56:01.875 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 715400 MB offset 2048
10:56:01.875 Disk 0 scanning sectors +1465141248
10:56:01.953 Disk 0 scanning C:\Windows\system32\drivers
10:56:10.774 Service scanning
10:56:18.484 Service MpKslb48731fa c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{20E5A3C9-898F-47C3-9478-678D9C952CA9}\MpKslb48731fa.sys **LOCKED** 32
10:56:26.297 Modules scanning
10:56:35.036 Disk 0 trace - called modules:
10:56:35.553 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:56:35.568 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f7a968]
10:56:35.568 3 CLASSPNP.SYS[8bdd88b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86395028]
10:56:35.568 Scan finished successfully
10:57:10.962 Disk 0 MBR has been saved successfully to "C:\Users\bsny\Desktop\MBR.dat"
10:57:11.259 The log file has been saved successfully to "C:\Users\bsny\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 17 May 2012 - 12:00 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 bsny

bsny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 17 May 2012 - 01:01 PM

OTL logfile created on: 5/17/2012 12:35:45 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\bsny\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 64.89% Memory free
6.72 Gb Paging File | 5.41 Gb Available in Paging File | 80.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 310.34 Gb Free Space | 44.42% Space Free | Partition Type: NTFS
Drive E: | 153.38 Gb Total Space | 152.94 Gb Free Space | 99.71% Space Free | Partition Type: NTFS

Computer Name: NEWESTSOB | User Name: bsny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\bsny\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files\AirPrint\airprint.exe (Apple Inc.)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
PRC - C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Intel\Intel Desktop Utilities\iptray.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\d374b09ce3f31ebd3e4cb3c64ca91a42\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1ee6b56dc9985fbbdeb373b611ac4fb3\System.Runtime.Serialization.Formatters.Soap.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef684a2ee2f7276eec3973a0654d2bd4\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\System32\atitmpxx.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\Logitech\SetPoint\khalwrapper.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\HPFaxUtilities.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\Alerts.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\HPAppTools.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\AppConstants.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\Enumeration.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\HPToolkit.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\HPStreamsInterface.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\HPTools.dll ()
MOD - C:\Program Files\HP\ToolboxFX\bin\NativeUtils.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (vsmon) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AirPrint) -- C:\Program Files\AirPrint\airprint.exe (Apple Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\stacsv.exe (IDT, Inc.)
SRV - (IduService) Intel® -- C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe (Intel® Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (nvlddmkm) -- system32\DRIVERS\nvlddmkm.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\bsny\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (aswMBR) -- C:\Users\bsny\AppData\Local\Temp\aswMBR.sys File not found
DRV - (MpKslb48731fa) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{20E5A3C9-898F-47C3-9478-678D9C952CA9}\MpKslb48731fa.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (UnlockerDriver5) -- C:\Program Files\Unlocker\UnlockerDriver5.sys ()
DRV - (dsNcAdpt) -- C:\Windows\System32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (osaio) -- C:\Windows\System32\drivers\osaio.sys (OSA Technologies, An Avocent Company)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (HECI) Intel® -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (HPFXFAX) -- C:\Windows\System32\drivers\hpfxfax.sys (Hewlett Packard)
DRV - (HPFXBULK) -- C:\Windows\System32\drivers\hpfxbulk.sys (Hewlett Packard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-787507470-465419288-3816637775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-787507470-465419288-3816637775-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-787507470-465419288-3816637775-1000\..\SearchScopes,DefaultScope = {1CAFCD93-57EC-4384-A699-045BCB6F884F}
IE - HKU\S-1-5-21-787507470-465419288-3816637775-1000\..\SearchScopes\{1CAFCD93-57EC-4384-A699-045BCB6F884F}: "URL" = http://findgala.com/?&uid=5709&q={searchTerms}
IE - HKU\S-1-5-21-787507470-465419288-3816637775-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-787507470-465419288-3816637775-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/05/15 13:17:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/15 14:14:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/02/15 20:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bsny\AppData\Roaming\Mozilla\Extensions
[2012/05/11 16:47:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bsny\AppData\Roaming\Mozilla\Firefox\Profiles\t92cs2d4.default\extensions
[2012/05/14 10:43:14 | 000,001,210 | ---- | M] () -- C:\Users\bsny\AppData\Roaming\Mozilla\Firefox\Profiles\t92cs2d4.default\searchplugins\search.xml
[2012/02/15 20:01:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/11 16:47:14 | 000,336,277 | ---- | M] () (No name found) -- C:\USERS\BSNY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\T92CS2D4.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012/05/15 14:14:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/15 14:14:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/15 14:14:14 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/25 18:01:11 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-787507470-465419288-3816637775-1000\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ipTray.exe] C:\Program Files\Intel\Intel Desktop Utilities\ipTray.exe (Intel® Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O7 - HKU\S-1-5-21-787507470-465419288-3816637775-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-787507470-465419288-3816637775-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-787507470-465419288-3816637775-1000\..Trusted Domains: smithnephew.net ([owa] https in Local intranet)
O15 - HKU\S-1-5-21-787507470-465419288-3816637775-1000\..Trusted Domains: smithnephew.net ([sales] https in Local intranet)
O16 - DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} https://sales.smithnephew.net/crystalreportviewers/activeXViewer/activexviewer.cab (Crystal Report Viewer Control 9)
O16 - DPF: {80146C90-4B10-407A-9301-13A98FC91189} http://www.fedex.com/downloads/woas/woas.CAB (woas.OutlookAccessControl)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {934CC260-C5AA-43C4-A657-7B70C5B3DAE1} https://sales.smithnephew.net/crystalreportviewers/activeXViewer/activexviewer.cab (Crystal Report Web Report Source Control 9)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://snuguk.smith-nephew.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{557D811D-059C-448A-901D-D4DF039F3A82}: DhcpNameServer = 10.0.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\bsny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\bsny\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0ab41efc-6d4d-11dd-93ac-000d88f2ca00}\Shell - "" = AutoRun
O33 - MountPoints2\{0ab41efc-6d4d-11dd-93ac-000d88f2ca00}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{80b3cee9-1f40-11e0-b3b3-000d88f2ca00}\Shell\AutoRun\command - "" = Setup_FlipShare.exe
O33 - MountPoints2\{80b3cee9-1f40-11e0-b3b3-000d88f2ca00}\Shell\Setup FlipShare\command - "" = Setup_FlipShare.exe
O33 - MountPoints2\{8b87359f-def2-11df-94a7-000d88f2ca00}\Shell - "" = AutoRun
O33 - MountPoints2\{8b87359f-def2-11df-94a7-000d88f2ca00}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{8b8736b5-def2-11df-94a7-000d88f2ca00}\Shell - "" = AutoRun
O33 - MountPoints2\{8b8736b5-def2-11df-94a7-000d88f2ca00}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a
O33 - MountPoints2\{a94607aa-caf0-11de-aaec-000d88f2ca00}\Shell - "" = AutoRun
O33 - MountPoints2\{a94607aa-caf0-11de-aaec-000d88f2ca00}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{a94607b9-caf0-11de-aaec-000d88f2ca00}\Shell - "" = AutoRun
O33 - MountPoints2\{a94607b9-caf0-11de-aaec-000d88f2ca00}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/17 12:30:57 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\bsny\Desktop\OTL.exe
[2012/05/17 10:55:18 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\bsny\Desktop\aswMBR.exe
[2012/05/17 10:44:32 | 002,126,424 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\bsny\Desktop\tdsskiller.exe
[2012/05/16 07:31:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/05/16 07:23:57 | 004,495,419 | R--- | C] (Swearware) -- C:\Users\bsny\Desktop\ComboFix.exe
[2012/05/15 14:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/05/15 14:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/15 14:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/15 13:01:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012/05/15 11:49:17 | 000,000,000 | ---D | C] -- C:\Users\bsny\Desktop\gmer
[2012/05/15 11:28:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\bsny\Desktop\dds.scr
[2012/05/15 10:34:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/05/15 10:34:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/05/15 10:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/05/15 10:32:57 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/05/15 10:32:57 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/05/15 10:32:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/05/15 09:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/15 09:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/15 09:44:29 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\bsny\Desktop\ccsetup318.exe
[2012/05/15 08:47:28 | 000,000,000 | --SD | C] -- C:\CommyFix1033C
[2012/05/15 08:47:01 | 000,000,000 | --SD | C] -- C:\CommyFix12836C
[2012/05/15 08:02:26 | 000,000,000 | --SD | C] -- C:\CommyFix
[2012/05/15 07:57:21 | 004,494,798 | R--- | C] (Swearware) -- C:\Users\bsny\Desktop\CommyFix.exe
[2012/05/14 12:59:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/14 12:59:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/14 12:59:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/14 12:59:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/14 12:58:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/14 12:34:08 | 000,000,000 | ---D | C] -- C:\Users\bsny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2012/05/09 19:19:53 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/09 19:19:53 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/09 19:19:52 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/09 19:19:52 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/09 19:19:52 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/05/09 19:19:47 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/09 19:19:47 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/09 19:19:47 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/03 18:42:37 | 000,000,000 | ---D | C] -- C:\Users\bsny\AppData\Local\Win
[2012/04/29 12:58:41 | 000,000,000 | ---D | C] -- C:\Download
[2012/04/29 12:57:47 | 000,000,000 | ---D | C] -- C:\Users\bsny\AppData\Roaming\Samsung
[2012/04/29 12:57:40 | 000,000,000 | ---D | C] -- C:\AllShare
[2012/04/29 12:56:57 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2012/04/29 11:50:12 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

========== Files - Modified Within 30 Days ==========

[2012/05/17 12:40:00 | 000,000,402 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3CED420D-38B6-4560-94E3-67B78EC53E7F}.job
[2012/05/17 12:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/17 12:31:02 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\bsny\Desktop\OTL.exe
[2012/05/17 12:26:20 | 000,000,390 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0D672E5B-A514-4E7E-817C-3E94FAE1F10D}.job
[2012/05/17 10:57:11 | 000,000,512 | ---- | M] () -- C:\Users\bsny\Desktop\MBR.dat
[2012/05/17 10:55:20 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\bsny\Desktop\aswMBR.exe
[2012/05/17 10:44:44 | 002,126,424 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\bsny\Desktop\tdsskiller.exe
[2012/05/17 10:41:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/17 07:11:57 | 000,002,032 | ---- | M] () -- C:\Users\bsny\AppData\Local\d3d9caps.dat
[2012/05/16 07:46:50 | 000,609,534 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/16 07:46:50 | 000,106,074 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/16 07:40:23 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 07:40:22 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 07:38:24 | 000,002,743 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/05/16 07:24:15 | 004,495,419 | R--- | M] (Swearware) -- C:\Users\bsny\Desktop\ComboFix.exe
[2012/05/16 07:19:20 | 000,879,714 | ---- | M] () -- C:\Users\bsny\Desktop\SecurityCheck.exe
[2012/05/15 14:20:01 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/15 13:03:22 | 000,415,859 | ---- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/05/15 11:47:24 | 000,294,216 | ---- | M] () -- C:\Users\bsny\Desktop\gmer.zip
[2012/05/15 11:31:29 | 000,000,000 | ---- | M] () -- C:\Users\bsny\defogger_reenable
[2012/05/15 11:28:46 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\bsny\Desktop\dds.scr
[2012/05/15 10:32:39 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/05/15 10:32:39 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/05/15 09:51:45 | 000,209,258 | ---- | M] () -- C:\Users\bsny\Documents\cc_20120515_094843.reg
[2012/05/15 09:45:15 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/15 09:44:32 | 003,654,896 | ---- | M] (Piriform Ltd) -- C:\Users\bsny\Desktop\ccsetup318.exe
[2012/05/15 07:59:49 | 001,012,656 | ---- | M] () -- C:\Users\bsny\Desktop\iExplore.exe
[2012/05/15 07:57:34 | 004,494,798 | R--- | M] (Swearware) -- C:\Users\bsny\Desktop\CommyFix.exe
[2012/05/14 21:46:35 | 001,012,656 | ---- | M] () -- C:\Users\bsny\Desktop\rkill.com
[2012/05/14 12:33:34 | 001,665,985 | ---- | M] () -- C:\Users\bsny\Desktop\Unlocker1.9.1.exe
[2012/05/14 12:19:53 | 000,000,104 | ---- | M] () -- C:\Users\bsny\Desktop\Computer.lnk
[2012/05/14 12:17:36 | 000,162,844 | ---- | M] () -- C:\Users\bsny\Desktop\JavaRa-1.16-5-5-12.zip
[2012/05/14 10:42:46 | 000,000,288 | ---- | M] () -- C:\Users\bsny\AppData\Roaming\931F16B5.reg
[2012/05/10 08:57:36 | 000,358,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/03 11:54:54 | 000,211,968 | ---- | M] () -- C:\Users\bsny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/03 11:42:52 | 000,058,950 | ---- | M] () -- C:\Users\bsny\Desktop\larsonhip2.pdf
[2012/05/03 11:42:07 | 000,060,229 | ---- | M] () -- C:\Users\bsny\Desktop\larsonhip1.pdf
[2012/04/29 11:50:12 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/29 11:50:12 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/26 09:12:00 | 000,091,550 | ---- | M] () -- C:\Users\bsny\Desktop\wmc 041812 dart hip arth.pdf
[2012/04/22 13:47:02 | 005,389,708 | ---- | M] () -- C:\Users\bsny\Documents\tel_man_37_32_26GD6Useries.pdf

========== Files Created - No Company Name ==========

[2012/05/17 10:57:10 | 000,000,512 | ---- | C] () -- C:\Users\bsny\Desktop\MBR.dat
[2012/05/16 07:19:11 | 000,879,714 | ---- | C] () -- C:\Users\bsny\Desktop\SecurityCheck.exe
[2012/05/15 14:19:54 | 000,001,842 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/15 13:02:08 | 000,415,859 | ---- | C] () -- C:\Windows\System32\drivers\vsconfig.xml
[2012/05/15 11:47:22 | 000,294,216 | ---- | C] () -- C:\Users\bsny\Desktop\gmer.zip
[2012/05/15 11:31:29 | 000,000,000 | ---- | C] () -- C:\Users\bsny\defogger_reenable
[2012/05/15 09:48:57 | 000,209,258 | ---- | C] () -- C:\Users\bsny\Documents\cc_20120515_094843.reg
[2012/05/15 09:45:15 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/15 07:59:48 | 001,012,656 | ---- | C] () -- C:\Users\bsny\Desktop\iExplore.exe
[2012/05/14 21:46:34 | 001,012,656 | ---- | C] () -- C:\Users\bsny\Desktop\rkill.com
[2012/05/14 12:59:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/14 12:59:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/14 12:59:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/14 12:59:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/14 12:59:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/14 12:33:29 | 001,665,985 | ---- | C] () -- C:\Users\bsny\Desktop\Unlocker1.9.1.exe
[2012/05/14 12:19:53 | 000,000,104 | ---- | C] () -- C:\Users\bsny\Desktop\Computer.lnk
[2012/05/14 12:17:36 | 000,162,844 | ---- | C] () -- C:\Users\bsny\Desktop\JavaRa-1.16-5-5-12.zip
[2012/05/14 10:42:46 | 000,000,288 | ---- | C] () -- C:\Users\bsny\AppData\Roaming\931F16B5.reg
[2012/05/03 11:42:51 | 000,058,950 | ---- | C] () -- C:\Users\bsny\Desktop\larsonhip2.pdf
[2012/05/03 11:42:07 | 000,060,229 | ---- | C] () -- C:\Users\bsny\Desktop\larsonhip1.pdf
[2012/04/29 11:50:25 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/26 09:12:00 | 000,091,550 | ---- | C] () -- C:\Users\bsny\Desktop\wmc 041812 dart hip arth.pdf
[2012/04/22 13:47:02 | 005,389,708 | ---- | C] () -- C:\Users\bsny\Documents\tel_man_37_32_26GD6Useries.pdf
[2012/04/13 13:41:58 | 000,000,451 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/12/14 17:31:15 | 000,010,534 | -HS- | C] () -- C:\Users\bsny\AppData\Local\e0su74g1od2yoy
[2011/12/14 17:31:15 | 000,010,534 | -HS- | C] () -- C:\ProgramData\e0su74g1od2yoy
[2011/05/13 15:01:54 | 000,234,142 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/12/10 19:27:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB56944$] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 17 May 2012 - 01:09 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/static/m/cab/2.8.1/GarminAxControl.CAB (Reg Error: Key error.)
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:CB0AACC9
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:D1B5B4F1  
    IE - HKU\S-1-5-21-787507470-465419288-3816637775-1000\..\SearchScopes,DefaultScope = {1CAFCD93-57EC-4384-A699-045BCB6F884F}
    IE - HKU\S-1-5-21-787507470-465419288-3816637775-1000\..\SearchScopes\{1CAFCD93-57EC-4384-A699-045BCB6F884F}: "URL" = http://findgala.com/?&uid=5709&q={searchTerms}
    [2011/12/14 17:31:15 | 000,010,534 | -HS- | C] () -- C:\Users\bsny\AppData\Local\e0su74g1od2yoy
    [2011/12/14 17:31:15 | 000,010,534 | -HS- | C] () -- C:\ProgramData\e0su74g1od2yoy
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 bsny

bsny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 17 May 2012 - 01:39 PM

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
HKEY_USERS\S-1-5-21-787507470-465419288-3816637775-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-787507470-465419288-3816637775-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CAFCD93-57EC-4384-A699-045BCB6F884F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CAFCD93-57EC-4384-A699-045BCB6F884F}\ not found.
C:\Users\bsny\AppData\Local\e0su74g1od2yoy moved successfully.
C:\ProgramData\e0su74g1od2yoy moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\bsny\Desktop\cmd.bat deleted successfully.
C:\Users\bsny\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: bsny
->Java cache emptied: 28263031 bytes

User: Default

User: Default User

User: Dummy account

User: Guest
->Java cache emptied: 12118713 bytes

User: kraftykat!
->Java cache emptied: 27 bytes

User: Public

Total Java Files Cleaned = 39.00 mb


[EMPTYFLASH]

User: All Users

User: bsny
->Flash cache emptied: 664 bytes

User: Default

User: Default User

User: Dummy account

User: Guest
->Flash cache emptied: 2146 bytes

User: kraftykat!
->Flash cache emptied: 5967 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.43.0 log created on 05172012_133722

#10 bsny

bsny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 17 May 2012 - 01:40 PM

Gringo:

So, I'll go ahead to see if the redirector is still active in Mozilla and IE, and report back?

Thanks,

bsny

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 17 May 2012 - 02:32 PM

yes let me know please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 bsny

bsny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 17 May 2012 - 04:37 PM

Progress, Gringo. IE seems to be working normally and the search bar is not redirected. Firefox searchbar, though, is still redirected to findgala.

Recycle bin is working normally -- no longer getting the corrupted error message upon bootup.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 17 May 2012 - 09:59 PM

Greetings


Lets uninstall firefox and if asked about user data or settings then please remove those also


restart the computer and reinstall firefox and check for Findgala


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 bsny

bsny
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 17 May 2012 - 10:14 PM

Gringo:

Uninstalled Firefox 10, rebooted, installed Firefox 12 -- findgala remains. There were no prompts about user data or settings.

bsny

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 17 May 2012 - 10:21 PM

rerun OTL for me please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users