Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Modification Found by RootKit


  • This topic is locked This topic is locked
28 replies to this topic

#1 nopolicies

nopolicies

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 15 May 2012 - 09:25 PM

I got this laptop because normal windows would not boot up, it only boots up in safemode and has internet connectivity using safemode with networking.

With Eset online scanner I removed a cryptic trojan variant and a downloader variant.

Then I ran a combofix- it said I have zeroaccess virus.. -- I was not able to run it on restart because of the boot up problems

Though I am able to get online.

Ran GMER and got this message: GMER has found system modifications caused by ROOTKIT activity.

other background info: because I was first chasing the Windows update error 0x8007043c - I had remove the other 2 virus scanners thinking the conflict between AVG and Mcafee was causing Windows to not start in normal mode.



HP Pavilion laptop
Windows Vista - SP1
Malware Malbytes
McAfee
AVG


DDS LOG:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_27
Run by Robin at 11:18:21 on 2012-05-15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.2570 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {F008AB3A-52B9-2B13-3681-4ED4FDA86549}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Toolbar BHO: {126b343d-7d49-40ed-acd5-c736f4052735} - c:\progra~1\festiv~2\bar\1.bin\3gbar.dll
BHO: HP Smart Print BHO: {1658d3a1-9e13-4196-a82a-d70d70880f36} - c:\program files\hewlett-packard\smartprint\QuickPrintBHO.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Search Assistant BHO: {b6f9d46b-1e99-4fce-b899-cbafe7586956} - c:\program files\festivebar_3g\bar\1.bin\3gSrcAs.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: FestiveBar: {9ae277e9-32f4-46d5-94f4-20201609d1d0} - c:\program files\festivebar_3g\bar\1.bin\3gbar.dll
TB: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [LMPDPSRV] c:\windows\system32\spool\drivers\w32x86\3\LMPDPSRV.EXE
mRun: [Upromise] c:\program files\upromise\Upromise.exe
mRun: [Upromise Update] c:\program files\upromise\UpromiseUa.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [FestiveBar Search Scope Monitor] "c:\progra~1\festiv~2\bar\1.bin\3gsrchmn.exe" /m=2 /w /h
mRun: [FestiveBar_3g Browser Plugin Loader] c:\progra~1\festiv~2\bar\1.bin\3gbrmon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia backup\uBBMonitor.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {7D492D61-303A-45C3-8A55-63449339943D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-the-nightshift-code/NightShiftCodeWeb.1.0.0.5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553557800} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/bejeweled2/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{3C7B2796-B527-4315-9A7E-B177C9898FC6} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{D0D07ABE-DDC7-4FB8-A70B-324BFB9C85C4} : DhcpNameServer = 68.87.71.230 68.87.73.246
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\robin\appdata\roaming\mozilla\firefox\profiles\6k0tqab2.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FestiveBar_3gService;FestiveBarService;c:\progra~1\festiv~2\bar\1.bin\3gbarsvc.exe --> c:\progra~1\festiv~2\bar\1.bin\3gbarsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-27 135664]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-13 81288]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsauxs.exe --> c:\program files\spyware doctor\pctsAuxs.exe [?]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctssvc.exe --> c:\program files\spyware doctor\pctsSvc.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-17 17:27:36 98816 ----a-w- c:\windows\sed.exe
2012-05-17 17:27:36 518144 ----a-w- c:\windows\SWREG.exe
2012-05-17 17:27:36 256000 ----a-w- c:\windows\PEV.exe
2012-05-17 17:27:36 208896 ----a-w- c:\windows\MBR.exe
2012-05-17 17:27:29 -------- d-s---w- C:\ComboFix
2012-05-17 12:46:33 -------- d-----w- c:\program files\ESET
2012-05-11 11:33:10 54016 ----a-w- c:\windows\system32\drivers\fgwsotc.sys
2012-05-11 07:45:05 -------- d-----w- c:\users\robin\appdata\local\ElevatedDiagnostics
2012-05-10 21:15:48 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-10 21:15:47 588728 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-05-10 21:15:47 43960 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-05-10 21:15:47 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-10 21:15:47 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-05-10 14:00:31 54016 ----a-w- c:\windows\system32\drivers\xeywcby.sys
2012-05-10 13:54:34 711240 ----a-w- c:\windows\is-3CPNJ.exe
2012-05-10 13:53:55 -------- d-----w- c:\users\robin\appdata\roaming\Malwarebytes
.
==================== Find3M ====================
.
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 11:19:23.02 ===============

Attached Files


Edited by nopolicies, 15 May 2012 - 09:29 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:19 PM

Posted 15 May 2012 - 11:27 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 nopolicies

nopolicies
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 16 May 2012 - 08:31 AM

Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG 2012
McAfee Security Scan Plus
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 27
Java™ 6 Update 2
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox 10.0. Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````





ComboFix 12-05-14.03 - Robin 05/16/2012 12:18:59.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.2275 [GMT -4:00]
Running from: c:\users\Robin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Spyware Doctor *Disabled/Updated* {F008AB3A-52B9-2B13-3681-4ED4FDA86549}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\program files\LP\B7B3\463B.tmp
c:\program files\LP\B7B3\D487.tmp
c:\users\Robin\Documents\~WRL0005.tmp
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\KBL.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))
.
.
2012-05-17 12:46 . 2012-05-17 12:46 -------- d-----w- c:\program files\ESET
2012-05-16 16:25 . 2012-05-16 16:25 -------- d-----w- c:\users\Robin\AppData\Local\temp
2012-05-16 16:25 . 2012-05-16 16:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-11 11:33 . 2012-05-11 11:33 54016 ----a-w- c:\windows\system32\drivers\fgwsotc.sys
2012-05-11 07:45 . 2012-05-11 07:45 -------- d-----w- c:\users\Robin\AppData\Local\ElevatedDiagnostics
2012-05-10 21:15 . 2012-05-10 21:15 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-10 21:15 . 2012-05-10 21:15 588728 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-05-10 21:15 . 2012-05-10 21:15 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-05-10 21:15 . 2012-05-10 21:15 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-10 21:15 . 2012-05-10 21:15 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-10 14:00 . 2012-05-10 14:00 54016 ----a-w- c:\windows\system32\drivers\xeywcby.sys
2012-05-10 13:54 . 2012-05-10 13:54 711240 ----a-w- c:\windows\is-3CPNJ.exe
2012-05-10 13:53 . 2012-05-10 13:53 -------- d-----w- c:\users\Robin\AppData\Roaming\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-10-11 12:43 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-10 21:15 . 2012-02-06 16:32 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 223984]
"LMPDPSRV"="c:\windows\system32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE" [2002-07-11 45056]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2011-1-6 331776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 18:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 15:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AGLORPOD
*NewlyCreated* - ECACHE
*Deregistered* - aglorpod
.
Contents of the 'Scheduled Tasks' folder
.
2010-11-15 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.14\DriverRobot.exe [2009-11-10 18:53]
.
2012-05-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-11 01:51]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 20:25]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 20:25]
.
2012-05-15 c:\windows\Tasks\User_Feed_Synchronization-{EA526738-931A-43F3-8EA6-75FB65E62E3F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {7D492D61-303A-45C3-8A55-63449339943D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-the-nightshift-code/NightShiftCodeWeb.1.0.0.5.cab
FF - ProfilePath - c:\users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\6k0tqab2.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-Upromise - c:\program files\Upromise\Upromise.exe
HKLM-Run-Upromise Update - c:\program files\Upromise\UpromiseUa.exe
HKLM-Run-FestiveBar Search Scope Monitor - c:\progra~1\FESTIV~2\bar\1.bin\3gsrchmn.exe
HKLM-Run-FestiveBar_3g Browser Plugin Loader - c:\progra~1\FESTIV~2\bar\1.bin\3gbrmon.exe
MSConfigStartUp-XllIIBttzPycAuv8234A - c:\windows\system32\bhhhYXXwjUV.exe
AddRemove-Advanced Registry Optimizer_is1 - c:\program files\Advanced Registry Optimizer\unins000.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-Spyware Doctor - c:\program files\Spyware Doctor\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-16 12:25
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MBAMSwissArmy]
"ImagePath"="\??\c:\windows\system32\drivers\mbamswissarmy.sys"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
.
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1035442124-823532070-865760131-1000\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:aa,59,92,38,14,96,08,00
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-16 12:27:06
ComboFix-quarantined-files.txt 2012-05-16 16:27
.
Pre-Run: 159,541,231,616 bytes free
Post-Run: 159,663,984,640 bytes free
.
- - End Of File - - AE7BAF7A76BC2FAA568896D83B08DF0B



Computer still will not start in normal mode

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:19 PM

Posted 16 May 2012 - 12:33 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 nopolicies

nopolicies
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 16 May 2012 - 12:52 PM

19:38:59.0170 1120 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
19:38:59.0232 1120 ============================================================
19:38:59.0232 1120 Current date / time: 2012/05/16 19:38:59.0232
19:38:59.0232 1120 SystemInfo:
19:38:59.0232 1120
19:38:59.0232 1120 OS Version: 6.0.6001 ServicePack: 1.0
19:38:59.0232 1120 Product type: Workstation
19:38:59.0232 1120 ComputerName: ROBIN-PC
19:38:59.0232 1120 UserName: Robin
19:38:59.0232 1120 Windows directory: C:\Windows
19:38:59.0232 1120 System windows directory: C:\Windows
19:38:59.0232 1120 Processor architecture: Intel x86
19:38:59.0232 1120 Number of processors: 2
19:38:59.0232 1120 Page size: 0x1000
19:38:59.0232 1120 Boot type: Safe boot with network
19:38:59.0232 1120 ============================================================
19:38:59.0606 1120 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:38:59.0606 1120 Drive \Device\Harddisk1\DR1 - Size: 0x7A7D1A00 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:38:59.0606 1120 ============================================================
19:38:59.0606 1120 \Device\Harddisk0\DR0:
19:38:59.0606 1120 MBR partitions:
19:38:59.0606 1120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BA3BF42
19:38:59.0606 1120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BA3BF81, BlocksNum 0x1788600
19:38:59.0606 1120 \Device\Harddisk1\DR1:
19:38:59.0606 1120 MBR partitions:
19:38:59.0606 1120 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3D3E4E
19:38:59.0606 1120 ============================================================
19:38:59.0622 1120 C: <-> \Device\Harddisk0\DR0\Partition0
19:38:59.0669 1120 D: <-> \Device\Harddisk0\DR0\Partition1
19:38:59.0669 1120 ============================================================
19:38:59.0669 1120 Initialize success
19:38:59.0669 1120 ============================================================
19:39:04.0630 1760 ============================================================
19:39:04.0630 1760 Scan started
19:39:04.0630 1760 Mode: Manual;
19:39:04.0630 1760 ============================================================
19:39:05.0035 1760 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:39:05.0035 1760 ACDaemon - ok
19:39:05.0191 1760 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
19:39:05.0207 1760 ACPI - ok
19:39:05.0254 1760 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:39:05.0269 1760 adp94xx - ok
19:39:05.0332 1760 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:39:05.0347 1760 adpahci - ok
19:39:05.0363 1760 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:39:05.0363 1760 adpu160m - ok
19:39:05.0394 1760 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:39:05.0394 1760 adpu320 - ok
19:39:05.0456 1760 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:39:05.0456 1760 AeLookupSvc - ok
19:39:05.0519 1760 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
19:39:05.0519 1760 AFD - ok
19:39:05.0566 1760 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:39:05.0566 1760 agp440 - ok
19:39:05.0612 1760 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:39:05.0612 1760 aic78xx - ok
19:39:05.0644 1760 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:39:05.0644 1760 ALG - ok
19:39:05.0659 1760 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:39:05.0675 1760 aliide - ok
19:39:05.0690 1760 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:39:05.0706 1760 amdagp - ok
19:39:05.0722 1760 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:39:05.0722 1760 amdide - ok
19:39:05.0768 1760 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:39:05.0768 1760 AmdK7 - ok
19:39:05.0784 1760 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
19:39:05.0800 1760 AmdK8 - ok
19:39:05.0815 1760 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:39:05.0815 1760 Appinfo - ok
19:39:05.0924 1760 Apple Mobile Device (a8aa9d47f971570a5162b862b80f87e8) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
19:39:05.0940 1760 Apple Mobile Device - ok
19:39:05.0956 1760 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:39:05.0971 1760 arc - ok
19:39:06.0002 1760 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:39:06.0002 1760 arcsas - ok
19:39:06.0018 1760 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:39:06.0018 1760 AsyncMac - ok
19:39:06.0034 1760 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
19:39:06.0034 1760 atapi - ok
19:39:06.0080 1760 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
19:39:06.0096 1760 AudioEndpointBuilder - ok
19:39:06.0096 1760 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
19:39:06.0112 1760 Audiosrv - ok
19:39:06.0408 1760 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
19:39:06.0533 1760 AVGIDSAgent - ok
19:39:06.0658 1760 AVGIDSDriver - ok
19:39:06.0673 1760 AVGIDSEH - ok
19:39:06.0689 1760 AVGIDSFilter - ok
19:39:06.0704 1760 AVGIDSShim - ok
19:39:06.0720 1760 Avgldx86 - ok
19:39:06.0720 1760 Avgmfx86 - ok
19:39:06.0736 1760 Avgrkx86 - ok
19:39:06.0751 1760 Avgtdix - ok
19:39:06.0829 1760 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:39:06.0845 1760 avgwd - ok
19:39:06.0938 1760 BCM43XV (694780100b291fe1c287aca17b3d4dcd) C:\Windows\system32\DRIVERS\bcmwl6.sys
19:39:06.0954 1760 BCM43XV - ok
19:39:06.0985 1760 BCM43XX (694780100b291fe1c287aca17b3d4dcd) C:\Windows\system32\DRIVERS\bcmwl6.sys
19:39:06.0985 1760 BCM43XX - ok
19:39:07.0016 1760 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:39:07.0016 1760 Beep - ok
19:39:07.0079 1760 BFE (d3e6d78285529962349a7f1617035938) C:\Windows\System32\bfe.dll
19:39:07.0094 1760 BFE - ok
19:39:07.0172 1760 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
19:39:07.0204 1760 BITS - ok
19:39:07.0235 1760 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:39:07.0235 1760 blbdrive - ok
19:39:07.0313 1760 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
19:39:07.0328 1760 Bonjour Service - ok
19:39:07.0360 1760 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
19:39:07.0360 1760 bowser - ok
19:39:07.0422 1760 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:39:07.0422 1760 BrFiltLo - ok
19:39:07.0438 1760 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:39:07.0438 1760 BrFiltUp - ok
19:39:07.0469 1760 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:39:07.0469 1760 Browser - ok
19:39:07.0500 1760 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:39:07.0500 1760 Brserid - ok
19:39:07.0516 1760 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:39:07.0531 1760 BrSerWdm - ok
19:39:07.0562 1760 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:39:07.0562 1760 BrUsbMdm - ok
19:39:07.0578 1760 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:39:07.0578 1760 BrUsbSer - ok
19:39:07.0594 1760 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:39:07.0594 1760 BTHMODEM - ok
19:39:07.0625 1760 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:39:07.0625 1760 cdfs - ok
19:39:07.0656 1760 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
19:39:07.0656 1760 cdrom - ok
19:39:07.0687 1760 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
19:39:07.0687 1760 CertPropSvc - ok
19:39:07.0703 1760 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:39:07.0718 1760 circlass - ok
19:39:07.0750 1760 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
19:39:07.0750 1760 CLFS - ok
19:39:07.0828 1760 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:39:07.0828 1760 clr_optimization_v2.0.50727_32 - ok
19:39:07.0906 1760 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:39:07.0906 1760 clr_optimization_v4.0.30319_32 - ok
19:39:07.0937 1760 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:39:07.0937 1760 CmBatt - ok
19:39:07.0968 1760 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:39:07.0968 1760 cmdide - ok
19:39:08.0062 1760 Com4Qlb (d8774ace03b46c9b01a49818055f9ad4) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
19:39:08.0062 1760 Com4Qlb - ok
19:39:08.0093 1760 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:39:08.0093 1760 Compbatt - ok
19:39:08.0093 1760 COMSysApp - ok
19:39:08.0108 1760 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:39:08.0108 1760 crcdisk - ok
19:39:08.0124 1760 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:39:08.0124 1760 Crusoe - ok
19:39:08.0171 1760 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
19:39:08.0171 1760 CryptSvc - ok
19:39:08.0249 1760 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
19:39:08.0296 1760 DcomLaunch - ok
19:39:08.0327 1760 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
19:39:08.0327 1760 DfsC - ok
19:39:08.0498 1760 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
19:39:08.0545 1760 DFSR - ok
19:39:08.0686 1760 DgiVecp - ok
19:39:08.0732 1760 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
19:39:08.0748 1760 Dhcp - ok
19:39:08.0779 1760 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
19:39:08.0779 1760 disk - ok
19:39:08.0810 1760 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
19:39:08.0810 1760 Dnscache - ok
19:39:08.0826 1760 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
19:39:08.0826 1760 dot3svc - ok
19:39:08.0873 1760 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:39:08.0873 1760 DPS - ok
19:39:08.0951 1760 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:39:08.0951 1760 drmkaud - ok
19:39:09.0013 1760 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
19:39:09.0029 1760 DXGKrnl - ok
19:39:09.0060 1760 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:39:09.0060 1760 E1G60 - ok
19:39:09.0091 1760 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:39:09.0091 1760 EapHost - ok
19:39:09.0138 1760 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
19:39:09.0154 1760 Ecache - ok
19:39:09.0200 1760 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:39:09.0232 1760 ehRecvr - ok
19:39:09.0247 1760 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:39:09.0247 1760 ehSched - ok
19:39:09.0263 1760 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:39:09.0263 1760 ehstart - ok
19:39:09.0310 1760 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:39:09.0341 1760 elxstor - ok
19:39:09.0388 1760 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
19:39:09.0403 1760 EMDMgmt - ok
19:39:09.0434 1760 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:39:09.0434 1760 ErrDev - ok
19:39:09.0497 1760 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
19:39:09.0512 1760 EventSystem - ok
19:39:09.0544 1760 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
19:39:09.0544 1760 exfat - ok
19:39:09.0559 1760 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
19:39:09.0559 1760 fastfat - ok
19:39:09.0590 1760 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:39:09.0590 1760 fdc - ok
19:39:09.0622 1760 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:39:09.0622 1760 fdPHost - ok
19:39:09.0653 1760 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:39:09.0653 1760 FDResPub - ok
19:39:09.0715 1760 FestiveBar_3gService - ok
19:39:09.0731 1760 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:39:09.0746 1760 FileInfo - ok
19:39:09.0762 1760 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:39:09.0762 1760 Filetrace - ok
19:39:09.0778 1760 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:39:09.0778 1760 flpydisk - ok
19:39:09.0793 1760 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
19:39:09.0809 1760 FltMgr - ok
19:39:09.0856 1760 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:39:09.0871 1760 FontCache3.0.0.0 - ok
19:39:09.0871 1760 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:39:09.0871 1760 Fs_Rec - ok
19:39:09.0902 1760 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:39:09.0902 1760 gagp30kx - ok
19:39:09.0980 1760 GameConsoleService (44d07e5a444692e9b6a5cdd7401b4402) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
19:39:09.0996 1760 GameConsoleService - ok
19:39:10.0012 1760 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:39:10.0012 1760 GEARAspiWDM - ok
19:39:10.0074 1760 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
19:39:10.0090 1760 gpsvc - ok
19:39:10.0152 1760 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
19:39:10.0168 1760 gupdate - ok
19:39:10.0199 1760 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
19:39:10.0199 1760 gupdatem - ok
19:39:10.0246 1760 gusvc (5467f1ff0af264566740f67e8b810735) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:39:10.0261 1760 gusvc - ok
19:39:10.0324 1760 HdAudAddService (7be40bb4cd16d8760e18ea981ff452ec) C:\Windows\system32\drivers\CHDART.sys
19:39:10.0324 1760 HdAudAddService - ok
19:39:10.0355 1760 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:39:10.0355 1760 HDAudBus - ok
19:39:10.0386 1760 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:39:10.0386 1760 HidBth - ok
19:39:10.0402 1760 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:39:10.0402 1760 HidIr - ok
19:39:10.0433 1760 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
19:39:10.0448 1760 hidserv - ok
19:39:10.0464 1760 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
19:39:10.0464 1760 HidUsb - ok
19:39:10.0495 1760 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:39:10.0495 1760 hkmsvc - ok
19:39:10.0542 1760 HP Health Check Service (0d26c438e2938a3e6bdd91173bc96ff0) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
19:39:10.0542 1760 HP Health Check Service - ok
19:39:10.0573 1760 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:39:10.0573 1760 HpCISSs - ok
19:39:10.0604 1760 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
19:39:10.0604 1760 HpqKbFiltr - ok
19:39:10.0620 1760 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
19:39:10.0620 1760 HpqRemHid - ok
19:39:10.0651 1760 hpqwmiex (04c1dcbb226c6ae647b794833ce3ceb6) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
19:39:10.0651 1760 hpqwmiex - ok
19:39:10.0714 1760 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:39:10.0729 1760 HSFHWAZL - ok
19:39:10.0807 1760 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:39:10.0838 1760 HSF_DPV - ok
19:39:10.0885 1760 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:39:10.0901 1760 HSXHWAZL - ok
19:39:10.0948 1760 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
19:39:10.0963 1760 HTTP - ok
19:39:10.0994 1760 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:39:10.0994 1760 i2omp - ok
19:39:11.0041 1760 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:39:11.0041 1760 i8042prt - ok
19:39:11.0072 1760 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:39:11.0088 1760 iaStorV - ok
19:39:11.0182 1760 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:39:11.0182 1760 IDriverT - ok
19:39:11.0291 1760 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:39:11.0306 1760 idsvc - ok
19:39:11.0338 1760 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:39:11.0338 1760 iirsp - ok
19:39:11.0384 1760 IKEEXT (68e8c415e102e5d79fd7e4a765b8cba4) C:\Windows\System32\ikeext.dll
19:39:11.0431 1760 IKEEXT - ok
19:39:11.0447 1760 IKFileSec - ok
19:39:11.0447 1760 IKSysFlt - ok
19:39:11.0478 1760 IKSysSec (a44cb3cf3af266665261a6e6c9cac27c) C:\Windows\system32\drivers\iksyssec.sys
19:39:11.0494 1760 IKSysSec - ok
19:39:11.0540 1760 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:39:11.0540 1760 intelide - ok
19:39:11.0587 1760 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:39:11.0587 1760 intelppm - ok
19:39:11.0603 1760 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:39:11.0618 1760 IPBusEnum - ok
19:39:11.0634 1760 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:39:11.0634 1760 IpFilterDriver - ok
19:39:11.0681 1760 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
19:39:11.0696 1760 iphlpsvc - ok
19:39:11.0696 1760 IpInIp - ok
19:39:11.0728 1760 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:39:11.0728 1760 IPMIDRV - ok
19:39:11.0759 1760 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:39:11.0759 1760 IPNAT - ok
19:39:11.0837 1760 iPod Service (62937a89470af8ff172f0980ca8aefc9) C:\Program Files\iPod\bin\iPodService.exe
19:39:11.0852 1760 iPod Service - ok
19:39:11.0884 1760 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:39:11.0884 1760 IRENUM - ok
19:39:11.0899 1760 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:39:11.0899 1760 isapnp - ok
19:39:11.0962 1760 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
19:39:11.0962 1760 iScsiPrt - ok
19:39:11.0977 1760 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:39:11.0977 1760 iteatapi - ok
19:39:12.0008 1760 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:39:12.0008 1760 iteraid - ok
19:39:12.0024 1760 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:39:12.0024 1760 kbdclass - ok
19:39:12.0040 1760 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
19:39:12.0040 1760 kbdhid - ok
19:39:12.0055 1760 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
19:39:12.0055 1760 KeyIso - ok
19:39:12.0118 1760 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
19:39:12.0133 1760 KSecDD - ok
19:39:12.0180 1760 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:39:12.0211 1760 KtmRm - ok
19:39:12.0242 1760 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll
19:39:12.0274 1760 LanmanServer - ok
19:39:12.0305 1760 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
19:39:12.0305 1760 LanmanWorkstation - ok
19:39:12.0352 1760 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:39:12.0352 1760 lltdio - ok
19:39:12.0398 1760 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:39:12.0398 1760 lltdsvc - ok
19:39:12.0430 1760 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:39:12.0430 1760 lmhosts - ok
19:39:12.0445 1760 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:39:12.0461 1760 LSI_FC - ok
19:39:12.0476 1760 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:39:12.0476 1760 LSI_SAS - ok
19:39:12.0523 1760 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:39:12.0523 1760 LSI_SCSI - ok
19:39:12.0554 1760 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:39:12.0554 1760 luafv - ok
19:39:12.0570 1760 MBAMSwissArmy - ok
19:39:12.0617 1760 McComponentHostService - ok
19:39:12.0632 1760 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:39:12.0648 1760 Mcx2Svc - ok
19:39:12.0664 1760 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:39:12.0664 1760 mdmxsdk - ok
19:39:12.0695 1760 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:39:12.0695 1760 megasas - ok
19:39:12.0757 1760 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:39:12.0773 1760 MegaSR - ok
19:39:12.0820 1760 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:39:12.0820 1760 MMCSS - ok
19:39:12.0835 1760 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:39:12.0835 1760 Modem - ok
19:39:12.0851 1760 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:39:12.0851 1760 monitor - ok
19:39:12.0866 1760 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:39:12.0866 1760 mouclass - ok
19:39:12.0882 1760 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:39:12.0882 1760 mouhid - ok
19:39:12.0898 1760 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:39:12.0898 1760 MountMgr - ok
19:39:12.0944 1760 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
19:39:12.0944 1760 MpFilter - ok
19:39:12.0976 1760 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:39:12.0976 1760 mpio - ok
19:39:12.0991 1760 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:39:12.0991 1760 MpNWMon - ok
19:39:13.0022 1760 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:39:13.0022 1760 mpsdrv - ok
19:39:13.0069 1760 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
19:39:13.0085 1760 MpsSvc - ok
19:39:13.0116 1760 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:39:13.0116 1760 Mraid35x - ok
19:39:13.0132 1760 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
19:39:13.0147 1760 MRxDAV - ok
19:39:13.0163 1760 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:39:13.0163 1760 mrxsmb - ok
19:39:13.0210 1760 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:39:13.0225 1760 mrxsmb10 - ok
19:39:13.0241 1760 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:39:13.0241 1760 mrxsmb20 - ok
19:39:13.0256 1760 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
19:39:13.0256 1760 msahci - ok
19:39:13.0288 1760 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:39:13.0288 1760 msdsm - ok
19:39:13.0319 1760 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:39:13.0319 1760 MSDTC - ok
19:39:13.0366 1760 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:39:13.0366 1760 Msfs - ok
19:39:13.0397 1760 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:39:13.0397 1760 msisadrv - ok
19:39:13.0444 1760 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:39:13.0444 1760 MSiSCSI - ok
19:39:13.0444 1760 msiserver - ok
19:39:13.0490 1760 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:39:13.0490 1760 MSKSSRV - ok
19:39:13.0584 1760 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
19:39:13.0584 1760 Suspicious file (NoAccess): c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe. md5: cfce43b70ca0cc4dcc8adb62b792b173
19:39:13.0584 1760 MsMpSvc ( LockedFile.Multi.Generic ) - warning
19:39:13.0584 1760 MsMpSvc - detected LockedFile.Multi.Generic (1)
19:39:13.0631 1760 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:39:13.0631 1760 MSPCLOCK - ok
19:39:13.0631 1760 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:39:13.0631 1760 MSPQM - ok
19:39:13.0678 1760 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
19:39:13.0678 1760 MsRPC - ok
19:39:13.0709 1760 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:39:13.0709 1760 mssmbios - ok
19:39:13.0740 1760 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:39:13.0740 1760 MSTEE - ok
19:39:13.0740 1760 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
19:39:13.0740 1760 Mup - ok
19:39:13.0787 1760 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
19:39:13.0802 1760 napagent - ok
19:39:13.0849 1760 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
19:39:13.0865 1760 NativeWifiP - ok
19:39:13.0912 1760 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
19:39:13.0927 1760 NDIS - ok
19:39:13.0943 1760 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:39:13.0943 1760 NdisTapi - ok
19:39:13.0958 1760 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:39:13.0958 1760 Ndisuio - ok
19:39:13.0990 1760 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
19:39:13.0990 1760 NdisWan - ok
19:39:14.0005 1760 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:39:14.0005 1760 NDProxy - ok
19:39:14.0021 1760 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:39:14.0021 1760 NetBIOS - ok
19:39:14.0052 1760 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
19:39:14.0052 1760 netbt - ok
19:39:14.0068 1760 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
19:39:14.0083 1760 Netlogon - ok
19:39:14.0114 1760 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:39:14.0130 1760 Netman - ok
19:39:14.0161 1760 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:39:14.0192 1760 netprofm - ok
19:39:14.0255 1760 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:39:14.0270 1760 NetTcpPortSharing - ok
19:39:14.0286 1760 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:39:14.0286 1760 nfrd960 - ok
19:39:14.0317 1760 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:39:14.0333 1760 NisDrv - ok
19:39:14.0426 1760 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
19:39:14.0442 1760 NisSrv - ok
19:39:14.0489 1760 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:39:14.0489 1760 NlaSvc - ok
19:39:14.0504 1760 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
19:39:14.0504 1760 Npfs - ok
19:39:14.0520 1760 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:39:14.0520 1760 nsi - ok
19:39:14.0536 1760 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:39:14.0536 1760 nsiproxy - ok
19:39:14.0614 1760 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
19:39:14.0629 1760 Ntfs - ok
19:39:14.0660 1760 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:39:14.0660 1760 ntrigdigi - ok
19:39:14.0707 1760 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
19:39:14.0707 1760 NuidFltr - ok
19:39:14.0723 1760 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:39:14.0723 1760 Null - ok
19:39:14.0801 1760 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
19:39:14.0816 1760 NVENETFD - ok
19:39:15.0253 1760 nvlddmkm (b36c3b866b0d47e2e2856ec8fd746e39) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:39:15.0472 1760 nvlddmkm - ok
19:39:15.0628 1760 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:39:15.0628 1760 nvraid - ok
19:39:15.0659 1760 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
19:39:15.0659 1760 nvsmu - ok
19:39:15.0674 1760 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:39:15.0674 1760 nvstor - ok
19:39:15.0737 1760 nvsvc (cf672c71844a3b407eb86042829bce09) C:\Windows\system32\nvvsvc.exe
19:39:15.0752 1760 nvsvc - ok
19:39:15.0768 1760 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:39:15.0784 1760 nv_agp - ok
19:39:15.0784 1760 NwlnkFlt - ok
19:39:15.0784 1760 NwlnkFwd - ok
19:39:15.0830 1760 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
19:39:15.0830 1760 ohci1394 - ok
19:39:15.0893 1760 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:39:15.0893 1760 ose - ok
19:39:16.0189 1760 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:39:16.0298 1760 osppsvc - ok
19:39:16.0470 1760 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
19:39:16.0501 1760 p2pimsvc - ok
19:39:16.0517 1760 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
19:39:16.0517 1760 p2psvc - ok
19:39:16.0548 1760 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:39:16.0548 1760 Parport - ok
19:39:16.0564 1760 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
19:39:16.0579 1760 partmgr - ok
19:39:16.0595 1760 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:39:16.0595 1760 Parvdm - ok
19:39:16.0642 1760 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:39:16.0642 1760 PcaSvc - ok
19:39:16.0673 1760 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
19:39:16.0673 1760 pci - ok
19:39:16.0688 1760 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
19:39:16.0688 1760 pciide - ok
19:39:16.0720 1760 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:39:16.0720 1760 pcmcia - ok
19:39:16.0798 1760 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:39:16.0829 1760 PEAUTH - ok
19:39:16.0954 1760 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:39:16.0985 1760 pla - ok
19:39:17.0125 1760 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
19:39:17.0141 1760 PlugPlay - ok
19:39:17.0188 1760 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
19:39:17.0188 1760 PNRPAutoReg - ok
19:39:17.0203 1760 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
19:39:17.0219 1760 PNRPsvc - ok
19:39:17.0250 1760 Point32 (437827d69040c0c2565d47b024ed5372) C:\Windows\system32\DRIVERS\point32k.sys
19:39:17.0250 1760 Point32 - ok
19:39:17.0297 1760 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
19:39:17.0297 1760 PolicyAgent - ok
19:39:17.0344 1760 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:39:17.0344 1760 PptpMiniport - ok
19:39:17.0375 1760 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:39:17.0375 1760 Processor - ok
19:39:17.0406 1760 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
19:39:17.0422 1760 ProfSvc - ok
19:39:17.0453 1760 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
19:39:17.0453 1760 ProtectedStorage - ok
19:39:17.0484 1760 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
19:39:17.0484 1760 PSched - ok
19:39:17.0562 1760 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:39:17.0609 1760 ql2300 - ok
19:39:17.0640 1760 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:39:17.0640 1760 ql40xx - ok
19:39:17.0734 1760 QPCapSvc (ba396d1c71934e22679d3f4dac17e7ab) C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
19:39:17.0749 1760 QPCapSvc - ok
19:39:17.0765 1760 QPSched (4b455e8c41cad3219ccf53024dcad604) C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
19:39:17.0765 1760 QPSched - ok
19:39:17.0796 1760 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:39:17.0812 1760 QWAVE - ok
19:39:17.0827 1760 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:39:17.0827 1760 QWAVEdrv - ok
19:39:17.0827 1760 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:39:17.0827 1760 RasAcd - ok
19:39:17.0858 1760 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:39:17.0858 1760 RasAuto - ok
19:39:17.0890 1760 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:39:17.0890 1760 Rasl2tp - ok
19:39:17.0936 1760 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
19:39:17.0952 1760 RasMan - ok
19:39:17.0983 1760 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
19:39:17.0983 1760 RasPppoe - ok
19:39:18.0014 1760 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
19:39:18.0014 1760 RasSstp - ok
19:39:18.0030 1760 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
19:39:18.0030 1760 rdbss - ok
19:39:18.0046 1760 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:39:18.0046 1760 RDPCDD - ok
19:39:18.0092 1760 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:39:18.0108 1760 rdpdr - ok
19:39:18.0108 1760 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:39:18.0108 1760 RDPENCDD - ok
19:39:18.0139 1760 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
19:39:18.0155 1760 RDPWD - ok
19:39:18.0202 1760 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:39:18.0202 1760 RemoteAccess - ok
19:39:18.0233 1760 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
19:39:18.0233 1760 RemoteRegistry - ok
19:39:18.0342 1760 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
19:39:18.0358 1760 RichVideo - ok
19:39:18.0373 1760 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
19:39:18.0389 1760 rimmptsk - ok
19:39:18.0404 1760 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
19:39:18.0404 1760 rimsptsk - ok
19:39:18.0420 1760 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
19:39:18.0420 1760 rismxdp - ok
19:39:18.0451 1760 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:39:18.0451 1760 RpcLocator - ok
19:39:18.0498 1760 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
19:39:18.0514 1760 RpcSs - ok
19:39:18.0576 1760 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:39:18.0576 1760 rspndr - ok
19:39:18.0607 1760 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
19:39:18.0607 1760 SamSs - ok
19:39:18.0623 1760 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:39:18.0623 1760 sbp2port - ok
19:39:18.0654 1760 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
19:39:18.0654 1760 SCardSvr - ok
19:39:18.0716 1760 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
19:39:18.0732 1760 Schedule - ok
19:39:18.0763 1760 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
19:39:18.0763 1760 SCPolicySvc - ok
19:39:18.0794 1760 sdAuxService - ok
19:39:18.0841 1760 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
19:39:18.0841 1760 sdbus - ok
19:39:18.0841 1760 sdCoreService - ok
19:39:18.0872 1760 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:39:18.0872 1760 SDRSVC - ok
19:39:18.0904 1760 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:39:18.0904 1760 secdrv - ok
19:39:18.0935 1760 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:39:18.0935 1760 seclogon - ok
19:39:18.0950 1760 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
19:39:18.0966 1760 SENS - ok
19:39:18.0982 1760 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:39:18.0982 1760 Serenum - ok
19:39:19.0013 1760 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:39:19.0013 1760 Serial - ok
19:39:19.0044 1760 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:39:19.0044 1760 sermouse - ok
19:39:19.0091 1760 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:39:19.0091 1760 SessionEnv - ok
19:39:19.0106 1760 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:39:19.0106 1760 sffdisk - ok
19:39:19.0138 1760 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:39:19.0138 1760 sffp_mmc - ok
19:39:19.0153 1760 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:39:19.0153 1760 sffp_sd - ok
19:39:19.0169 1760 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:39:19.0169 1760 sfloppy - ok
19:39:19.0216 1760 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:39:19.0216 1760 SharedAccess - ok
19:39:19.0262 1760 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
19:39:19.0278 1760 ShellHWDetection - ok
19:39:19.0309 1760 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:39:19.0309 1760 sisagp - ok
19:39:19.0325 1760 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:39:19.0340 1760 SiSRaid2 - ok
19:39:19.0356 1760 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:39:19.0356 1760 SiSRaid4 - ok
19:39:19.0496 1760 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
19:39:19.0606 1760 slsvc - ok
19:39:19.0777 1760 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
19:39:19.0777 1760 SLUINotify - ok
19:39:19.0824 1760 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
19:39:19.0824 1760 Smb - ok
19:39:19.0840 1760 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:39:19.0840 1760 SNMPTRAP - ok
19:39:19.0855 1760 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:39:19.0855 1760 spldr - ok
19:39:19.0886 1760 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
19:39:19.0902 1760 Spooler - ok
19:39:19.0949 1760 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
19:39:19.0964 1760 srv - ok
19:39:19.0996 1760 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
19:39:19.0996 1760 srv2 - ok
19:39:20.0042 1760 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
19:39:20.0042 1760 srvnet - ok
19:39:20.0058 1760 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:39:20.0074 1760 SSDPSRV - ok
19:39:20.0120 1760 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:39:20.0120 1760 SstpSvc - ok
19:39:20.0183 1760 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
19:39:20.0183 1760 StillCam - ok
19:39:20.0245 1760 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
19:39:20.0292 1760 stisvc - ok
19:39:20.0323 1760 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:39:20.0323 1760 swenum - ok
19:39:20.0354 1760 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
19:39:20.0370 1760 swprv - ok
19:39:20.0386 1760 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:39:20.0386 1760 Symc8xx - ok
19:39:20.0417 1760 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:39:20.0417 1760 Sym_hi - ok
19:39:20.0448 1760 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:39:20.0448 1760 Sym_u3 - ok
19:39:20.0510 1760 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
19:39:20.0510 1760 SynTP - ok
19:39:20.0557 1760 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
19:39:20.0588 1760 SysMain - ok
19:39:20.0620 1760 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:39:20.0620 1760 TabletInputService - ok
19:39:20.0651 1760 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
19:39:20.0666 1760 TapiSrv - ok
19:39:20.0682 1760 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:39:20.0682 1760 TBS - ok
19:39:20.0760 1760 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
19:39:20.0776 1760 Tcpip - ok
19:39:20.0807 1760 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
19:39:20.0807 1760 Tcpip6 - ok
19:39:20.0838 1760 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
19:39:20.0838 1760 tcpipreg - ok
19:39:20.0869 1760 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:39:20.0869 1760 TDPIPE - ok
19:39:20.0885 1760 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:39:20.0885 1760 TDTCP - ok
19:39:20.0916 1760 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
19:39:20.0916 1760 tdx - ok
19:39:20.0932 1760 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
19:39:20.0932 1760 TermDD - ok
19:39:20.0978 1760 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
19:39:21.0010 1760 TermService - ok
19:39:21.0041 1760 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
19:39:21.0056 1760 Themes - ok
19:39:21.0088 1760 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:39:21.0088 1760 THREADORDER - ok
19:39:21.0103 1760 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:39:21.0103 1760 TrkWks - ok
19:39:21.0134 1760 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
19:39:21.0134 1760 TrustedInstaller - ok
19:39:21.0166 1760 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:39:21.0166 1760 tssecsrv - ok
19:39:21.0181 1760 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:39:21.0197 1760 tunmp - ok
19:39:21.0228 1760 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
19:39:21.0228 1760 tunnel - ok
19:39:21.0244 1760 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:39:21.0259 1760 uagp35 - ok
19:39:21.0290 1760 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
19:39:21.0290 1760 udfs - ok
19:39:21.0337 1760 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:39:21.0337 1760 UI0Detect - ok
19:39:21.0353 1760 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:39:21.0368 1760 uliagpkx - ok
19:39:21.0400 1760 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:39:21.0400 1760 uliahci - ok
19:39:21.0446 1760 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:39:21.0446 1760 UlSata - ok
19:39:21.0478 1760 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:39:21.0493 1760 ulsata2 - ok
19:39:21.0509 1760 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:39:21.0509 1760 umbus - ok
19:39:21.0540 1760 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:39:21.0556 1760 upnphost - ok
19:39:21.0602 1760 USBAAPL (c1ca131f4e3ed63d6bc89a35ffad4cda) C:\Windows\system32\Drivers\usbaapl.sys
19:39:21.0602 1760 USBAAPL - ok
19:39:21.0649 1760 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:39:21.0649 1760 usbccgp - ok
19:39:21.0665 1760 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:39:21.0665 1760 usbcir - ok
19:39:21.0696 1760 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
19:39:21.0712 1760 usbehci - ok
19:39:21.0727 1760 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
19:39:21.0743 1760 usbhub - ok
19:39:21.0758 1760 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
19:39:21.0758 1760 usbohci - ok
19:39:21.0790 1760 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:39:21.0790 1760 usbprint - ok
19:39:21.0821 1760 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:39:21.0821 1760 USBSTOR - ok
19:39:21.0852 1760 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:39:21.0852 1760 usbuhci - ok
19:39:21.0883 1760 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:39:21.0899 1760 usbvideo - ok
19:39:21.0914 1760 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
19:39:21.0914 1760 UxSms - ok
19:39:21.0961 1760 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
19:39:21.0992 1760 vds - ok
19:39:22.0024 1760 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:39:22.0024 1760 vga - ok
19:39:22.0055 1760 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:39:22.0055 1760 VgaSave - ok
19:39:22.0086 1760 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:39:22.0086 1760 viaagp - ok
19:39:22.0117 1760 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:39:22.0117 1760 ViaC7 - ok
19:39:22.0148 1760 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:39:22.0148 1760 viaide - ok
19:39:22.0180 1760 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:39:22.0180 1760 volmgr - ok
19:39:22.0211 1760 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
19:39:22.0226 1760 volmgrx - ok
19:39:22.0242 1760 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
19:39:22.0242 1760 volsnap - ok
19:39:22.0273 1760 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:39:22.0273 1760 vsmraid - ok
19:39:22.0351 1760 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
19:39:22.0367 1760 VSS - ok
19:39:22.0429 1760 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
19:39:22.0445 1760 W32Time - ok
19:39:22.0492 1760 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:39:22.0492 1760 WacomPen - ok
19:39:22.0523 1760 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:39:22.0523 1760 Wanarp - ok
19:39:22.0538 1760 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:39:22.0538 1760 Wanarpv6 - ok
19:39:22.0570 1760 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
19:39:22.0585 1760 wcncsvc - ok
19:39:22.0601 1760 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:39:22.0601 1760 WcsPlugInService - ok
19:39:22.0616 1760 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:39:22.0616 1760 Wd - ok
19:39:22.0663 1760 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:39:22.0679 1760 Wdf01000 - ok
19:39:22.0710 1760 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:39:22.0710 1760 WdiServiceHost - ok
19:39:22.0726 1760 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:39:22.0726 1760 WdiSystemHost - ok
19:39:22.0741 1760 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
19:39:22.0757 1760 WebClient - ok
19:39:22.0804 1760 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:39:22.0804 1760 Wecsvc - ok
19:39:22.0819 1760 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:39:22.0819 1760 wercplsupport - ok
19:39:22.0850 1760 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
19:39:22.0850 1760 WerSvc - ok
19:39:22.0913 1760 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:39:22.0928 1760 winachsf - ok
19:39:23.0006 1760 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:39:23.0006 1760 WinDefend - ok
19:39:23.0022 1760 WinHttpAutoProxySvc - ok
19:39:23.0100 1760 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
19:39:23.0100 1760 Winmgmt - ok
19:39:23.0194 1760 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:39:23.0225 1760 WinRM - ok
19:39:23.0303 1760 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
19:39:23.0318 1760 Wlansvc - ok
19:39:23.0350 1760 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:39:23.0350 1760 WmiAcpi - ok
19:39:23.0381 1760 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
19:39:23.0381 1760 wmiApSrv - ok
19:39:23.0490 1760 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:39:23.0506 1760 WMPNetworkSvc - ok
19:39:23.0537 1760 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
19:39:23.0552 1760 WPCSvc - ok
19:39:23.0584 1760 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
19:39:23.0584 1760 WPDBusEnum - ok
19:39:23.0646 1760 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
19:39:23.0662 1760 WpdUsb - ok
19:39:23.0755 1760 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:39:23.0786 1760 WPFFontCache_v0400 - ok
19:39:23.0818 1760 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:39:23.0818 1760 ws2ifsl - ok
19:39:23.0849 1760 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
19:39:23.0864 1760 wscsvc - ok
19:39:23.0864 1760 WSearch - ok
19:39:24.0005 1760 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
19:39:24.0052 1760 wuauserv - ok
19:39:24.0192 1760 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:39:24.0208 1760 WUDFRd - ok
19:39:24.0239 1760 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:39:24.0239 1760 wudfsvc - ok
19:39:24.0301 1760 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
19:39:24.0301 1760 XAudio - ok
19:39:24.0332 1760 XAudioService (cda0bc78672b50c43649ff34e1fd0ff8) C:\Windows\system32\DRIVERS\xaudio.exe
19:39:24.0348 1760 XAudioService - ok
19:39:24.0410 1760 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
19:39:24.0457 1760 \Device\Harddisk0\DR0 - ok
19:39:24.0457 1760 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
19:39:24.0504 1760 \Device\Harddisk1\DR1 - ok
19:39:24.0504 1760 Boot (0x1200) (3f5d149d7ddb8178fbe60fefeb39f18c) \Device\Harddisk0\DR0\Partition0
19:39:24.0504 1760 \Device\Harddisk0\DR0\Partition0 - ok
19:39:24.0520 1760 Boot (0x1200) (3258f6e412459fa7c5f25e1b07131cbb) \Device\Harddisk0\DR0\Partition1
19:39:24.0520 1760 \Device\Harddisk0\DR0\Partition1 - ok
19:39:24.0520 1760 Boot (0x1200) (f93c1656068d40f8370e88079fa08708) \Device\Harddisk1\DR1\Partition0
19:39:24.0520 1760 \Device\Harddisk1\DR1\Partition0 - ok
19:39:24.0520 1760 ============================================================
19:39:24.0520 1760 Scan finished
19:39:24.0520 1760 ============================================================
19:39:24.0535 0708 Detected object count: 1
19:39:24.0535 0708 Actual detected object count: 1
19:39:57.0545 0708 MsMpSvc ( LockedFile.Multi.Generic ) - skipped by user
19:39:57.0545 0708 MsMpSvc ( LockedFile.Multi.Generic ) - User select action: Skip





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-16 19:42:16
-----------------------------
19:42:16.073 OS Version: Windows 6.0.6001 Service Pack 1
19:42:16.073 Number of processors: 2 586 0x6802
19:42:16.073 ComputerName: ROBIN-PC UserName: Robin
19:42:16.744 Initialize success
19:42:52.031 AVAST engine defs: 12051600
19:43:02.888 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
19:43:02.888 Disk 0 Vendor: WDC_WD2500BEVS-60UST0 01.01A01 Size: 238475MB BusType: 3
19:43:02.935 Disk 0 MBR read successfully
19:43:02.935 Disk 0 MBR scan
19:43:02.951 Disk 0 unknown MBR code
19:43:02.951 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226423 MB offset 63
19:43:02.998 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12048 MB offset 463716225
19:43:02.998 Disk 0 scanning sectors +488392065
19:43:03.060 Disk 0 scanning C:\Windows\system32\drivers
19:43:12.779 Service scanning
19:43:34.385 Modules scanning
19:43:37.224 Disk 0 trace - called modules:
19:43:37.240 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys ndis.sys nvmfdx32.sys tcpip.sys NETIO.SYS
19:43:37.240 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85390500]
19:43:37.255 3 CLASSPNP.SYS[8a3b2745] -> nt!IofCallDriver -> [0x8531e918]
19:43:37.255 5 acpi.sys[806156a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x853108a8]
19:43:37.864 AVAST engine scan C:\Windows
19:43:41.311 AVAST engine scan C:\Windows\system32
19:46:50.508 AVAST engine scan C:\Windows\system32\drivers
19:47:02.130 AVAST engine scan C:\Users\Robin
19:48:13.718 AVAST engine scan C:\ProgramData
19:49:24.698 Scan finished successfully
19:52:28.342 Disk 0 MBR has been saved successfully to "C:\Users\Robin\Desktop\MBR.dat"
19:52:28.388 The log file has been saved successfully to "C:\Users\Robin\Desktop\aswMBR.txt"



I am in safemode and I am using a flash drive to move the log files back and forth

Edited by nopolicies, 16 May 2012 - 12:53 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:19 PM

Posted 17 May 2012 - 01:08 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\windows\system32\drivers\fgwsotc.sys
c:\windows\system32\drivers\xeywcby.sys

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 nopolicies

nopolicies
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 17 May 2012 - 06:30 AM

ComboFix 12-05-14.03 - Robin 05/17/2012 13:13:52.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.2472 [GMT -4:00]
Running from: c:\users\Robin\Desktop\ComboFix.exe
Command switches used :: c:\users\Robin\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Spyware Doctor *Disabled/Updated* {F008AB3A-52B9-2B13-3681-4ED4FDA86549}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\fgwsotc.sys"
"c:\windows\system32\drivers\xeywcby.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\fgwsotc.sys
c:\windows\system32\drivers\xeywcby.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-04-17 to 2012-05-17 )))))))))))))))))))))))))))))))
.
.
2012-05-17 17:21 . 2012-05-17 17:21 -------- d-----w- c:\users\Robin\AppData\Local\temp
2012-05-17 17:21 . 2012-05-17 17:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-17 12:46 . 2012-05-17 12:46 -------- d-----w- c:\program files\ESET
2012-05-11 07:45 . 2012-05-11 07:45 -------- d-----w- c:\users\Robin\AppData\Local\ElevatedDiagnostics
2012-05-10 21:15 . 2012-05-10 21:15 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-10 21:15 . 2012-05-10 21:15 588728 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-05-10 21:15 . 2012-05-10 21:15 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-05-10 21:15 . 2012-05-10 21:15 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-10 21:15 . 2012-05-10 21:15 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-10 13:54 . 2012-05-10 13:54 711240 ----a-w- c:\windows\is-3CPNJ.exe
2012-05-10 13:53 . 2012-05-10 13:53 -------- d-----w- c:\users\Robin\AppData\Roaming\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-10-11 12:43 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-10 21:15 . 2012-02-06 16:32 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"DriverUpdaterPro"="c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe" [2009-10-30 2765824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [BU]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 223984]
"LMPDPSRV"="c:\windows\system32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE" [2002-07-11 45056]
"Upromise"="c:\program files\Upromise\Upromise.exe" [BU]
"Upromise Update"="c:\program files\Upromise\UpromiseUa.exe" [BU]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"FestiveBar Search Scope Monitor"="c:\progra~1\FESTIV~2\bar\1.bin\3gsrchmn.exe" [BU]
"FestiveBar_3g Browser Plugin Loader"="c:\progra~1\FESTIV~2\bar\1.bin\3gbrmon.exe" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2011-1-6 331776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 18:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 15:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XllIIBttzPycAuv8234A]
c:\windows\system32\bhhhYXXwjUV.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 97255519
*NewlyCreated* - ASWMBR
*NewlyCreated* - ECACHE
*Deregistered* - 97255519
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2010-11-15 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.14\DriverRobot.exe [2009-11-10 18:53]
.
2012-05-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-11 01:51]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 20:25]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 20:25]
.
2012-05-15 c:\windows\Tasks\User_Feed_Synchronization-{EA526738-931A-43F3-8EA6-75FB65E62E3F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {7D492D61-303A-45C3-8A55-63449339943D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-the-nightshift-code/NightShiftCodeWeb.1.0.0.5.cab
FF - ProfilePath - c:\users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\6k0tqab2.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-17 13:21
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
.
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1035442124-823532070-865760131-1000\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:aa,59,92,38,14,96,08,00
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-17 13:23:43
ComboFix-quarantined-files.txt 2012-05-17 17:23
ComboFix2.txt 2012-05-16 16:27
.
Pre-Run: 159,469,322,240 bytes free
Post-Run: 159,556,571,136 bytes free
.
- - End Of File - - 9FA71484DF7F7438D3505C81194E90E4


Status: I am getting further in the startup process before it restarts and sends me to safemode

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:19 PM

Posted 17 May 2012 - 11:58 AM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 nopolicies

nopolicies
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 17 May 2012 - 08:27 PM

Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 16-05-2012
Ran by SYSTEM at 18-05-2012 07:27:26
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1033512 2008-01-18] (Synaptics, Inc.)
HKLM\...\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [468264 2007-12-19] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [202032 2007-09-19] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554320 2007-09-04] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" [218408 2007-08-16] (CyberLink Corp.)
HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2008-06-01] (Hewlett-Packard)
HKLM\...\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [x]
HKLM\...\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [480560 2007-09-13] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [311296 2007-01-08] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1037736 2007-08-31] (Microsoft Corporation)
HKLM\...\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [223984 2008-01-10] (Yahoo! Inc.)
HKLM\...\Run: [LMPDPSRV] C:\Windows\system32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE [45056 2002-07-11] (DeviceGuys)
HKLM\...\Run: [Upromise] C:\Program Files\Upromise\Upromise.exe [x]
HKLM\...\Run: [Upromise Update] C:\Program Files\Upromise\UpromiseUa.exe [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13556256 2008-12-03] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-12-03] (NVIDIA Corporation)
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [] [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [981680 2012-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2416480 2012-01-24] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [FestiveBar Search Scope Monitor] "C:\PROGRA~1\FESTIV~2\bar\1.bin\3gsrchmn.exe" /m=2 /w /h [x]
HKLM\...\Run: [FestiveBar_3g Browser Plugin Loader] C:\PROGRA~1\FESTIV~2\bar\1.bin\3gbrmon.exe [x]
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard)
HKU\Robin\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard)
HKU\Robin\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Robin\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Robin\...\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 [1347584 2007-08-29] (AWS Convergence Technologies, Inc.)
HKU\Robin\...\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t [2765824 2009-10-30] (iXi Tools)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard)
HKU\Robin\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783136 2007-10-01] (Hewlett-Packard)
HKU\Robin\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\Robin\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Robin\...\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 [1347584 2007-08-29] (AWS Convergence Technologies, Inc.)
HKU\Robin\...\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t [2765824 2009-10-30] (iXi Tools)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

================================ Services (Whitelisted) ==================

2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [132424 2008-11-07] (Apple Inc.)
2 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe" [4433248 2011-10-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
3 Com4Qlb; "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe" [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)
3 GameConsoleService; "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [181800 2007-07-23] (WildTangent, Inc.)
2 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [135168 2006-05-02] (Hewlett-Packard Development Company, L.P.)
2 QPCapSvc; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [271760 2007-12-19] ()
2 QPSched; "C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [112016 2007-12-19] ()
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [272024 2007-01-09] ()
2 FestiveBar_3gService; C:\PROGRA~1\FESTIV~2\bar\1.bin\3gbarsvc.exe [x]
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
3 McComponentHostService; "C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe" [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [x]
3 sdAuxService; C:\Program Files\Spyware Doctor\pctsAuxs.exe [x]
3 sdCoreService; C:\Program Files\Spyware Doctor\pctsSvc.exe [x]

========================== Drivers (Whitelisted) =============

3 BCM43XV; C:\Windows\System32\DRIVERS\bcmwl6.sys [1205240 2008-05-04] (Broadcom Corporation)
3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [176640 2007-09-09] (Conexant Systems Inc.)
3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)
3 HSFHWAZL; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [200704 2008-01-20] (Conexant Systems, Inc.)
3 IKSysSec; C:\Windows\System32\drivers\iksyssec.sys [81288 2008-08-25] (PCTools Research Pty Ltd.)
1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [65024 2011-04-27] (Microsoft Corporation)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
3 nvsmu; C:\Windows\System32\DRIVERS\nvsmu.sys [12032 2007-02-16] (NVIDIA Corporation)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [x]
0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [x]
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [x]
3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [x]
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [x]
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [x]
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [x]
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [x]
2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
1 eabfiltr; [x]
3 IKFileSec; C:\Windows\System32\drivers\ikfilesec.sys [x]
3 IKSysFlt; C:\Windows\System32\drivers\iksysflt.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-17 09:29 - 2012-05-17 09:29 - 0010597 ____A C:\Users\Robin\Desktop\combofix2.txt
2012-05-17 09:29 - 2012-05-17 09:29 - 0010597 ____A C:\Documents and Settings\Robin\Desktop\combofix2.txt
2012-05-17 09:27 - 2012-05-17 09:13 - 0000000 ____D C:\Windows\ERDNT
2012-05-17 09:27 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-05-17 09:27 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-05-17 09:27 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-17 09:27 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-17 09:27 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-17 09:27 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-05-17 09:27 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-05-17 09:27 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-05-17 09:26 - 2012-05-17 09:23 - 0000000 ____D C:\Qoobox
2012-05-17 09:23 - 2012-05-17 09:23 - 4492858 ____R (Swearware) C:\Users\Robin\Desktop\ComboFix.exe
2012-05-17 09:23 - 2012-05-17 09:23 - 4492858 ____R (Swearware) C:\Documents and Settings\Robin\Desktop\ComboFix.exe
2012-05-17 09:23 - 2012-05-17 09:23 - 0010597 ____A C:\ComboFix.txt
2012-05-17 09:23 - 2012-05-17 09:23 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-17 09:12 - 2012-05-17 09:23 - 0000000 ____D C:\ComboFix
2012-05-17 04:46 - 2012-05-17 04:46 - 0000000 ____D C:\Program Files\ESET
2012-05-16 15:52 - 2012-05-16 15:52 - 0001995 ____A C:\Users\Robin\Desktop\aswMBR.txt
2012-05-16 15:52 - 2012-05-16 15:52 - 0001995 ____A C:\Documents and Settings\Robin\Desktop\aswMBR.txt
2012-05-16 15:52 - 2012-05-16 15:52 - 0000512 ____A C:\Users\Robin\Desktop\MBR.dat
2012-05-16 15:52 - 2012-05-16 15:52 - 0000512 ____A C:\Documents and Settings\Robin\Desktop\MBR.dat
2012-05-16 15:41 - 2012-05-16 15:41 - 0059893 ____A C:\Users\Robin\Desktop\tdsslog.txt
2012-05-16 15:41 - 2012-05-16 15:41 - 0059893 ____A C:\Documents and Settings\Robin\Desktop\tdsslog.txt
2012-05-16 15:38 - 2012-05-16 15:41 - 0119870 ____A C:\TDSSKiller.2.7.35.0_16.05.2012_19.38.59_log.txt
2012-05-16 15:37 - 2012-05-16 09:32 - 4731392 ____A (AVAST Software) C:\Users\Robin\Desktop\aswMBR.exe
2012-05-16 15:37 - 2012-05-16 09:32 - 4731392 ____A (AVAST Software) C:\Documents and Settings\Robin\Desktop\aswMBR.exe
2012-05-16 15:37 - 2012-05-16 09:32 - 2126424 ____A (Kaspersky Lab ZAO) C:\Users\Robin\Desktop\tdsskiller.exe
2012-05-16 15:37 - 2012-05-16 09:32 - 2126424 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Robin\Desktop\tdsskiller.exe
2012-05-16 08:29 - 2012-05-16 08:29 - 0011063 ____A C:\Users\Robin\Desktop\combofixlog.txt
2012-05-16 08:29 - 2012-05-16 08:29 - 0011063 ____A C:\Documents and Settings\Robin\Desktop\combofixlog.txt
2012-05-16 08:25 - 2012-05-17 09:21 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-16 08:17 - 2012-05-16 08:17 - 0001200 ____A C:\Users\Robin\Desktop\checkup.txt
2012-05-16 08:17 - 2012-05-16 08:17 - 0001200 ____A C:\Documents and Settings\Robin\Desktop\checkup.txt
2012-05-16 08:16 - 2012-05-16 05:10 - 0879714 ____A C:\Users\Robin\Desktop\SecurityCheck.exe
2012-05-16 08:16 - 2012-05-16 05:10 - 0879714 ____A C:\Documents and Settings\Robin\Desktop\SecurityCheck.exe
2012-05-15 21:16 - 2012-05-15 21:16 - 0005753 ____A C:\Users\Robin\Desktop\gmerlog.log
2012-05-15 21:16 - 2012-05-15 21:16 - 0005753 ____A C:\Documents and Settings\Robin\Desktop\gmerlog.log
2012-05-15 08:56 - 2012-05-15 08:56 - 0000584 ____A C:\Windows\System32\avgrep.txt
2012-05-15 08:56 - 2012-05-15 08:56 - 0000358 ____A C:\Windows\System32\commonpub.log
2012-05-15 08:56 - 2012-05-15 08:56 - 0000000 ____A C:\Windows\System32\commonpub.log.lock
2012-05-15 08:55 - 2012-05-15 08:56 - 0013210 ____A C:\Windows\System32\avgui.log
2012-05-15 08:55 - 2012-05-15 08:56 - 0003608 ____A C:\Windows\System32\avgui_idp_Robin.log
2012-05-15 08:55 - 2012-05-15 08:55 - 0000000 ____A C:\Windows\System32\avgui_idp_Robin.log.lock
2012-05-15 07:25 - 2012-05-15 07:25 - 0000000 ____D C:\Users\Robin\Desktop\gmer
2012-05-15 07:25 - 2012-05-15 07:25 - 0000000 ____D C:\Documents and Settings\Robin\Desktop\gmer
2012-05-15 07:23 - 2012-05-15 07:23 - 0013740 ____A C:\Users\Robin\Desktop\dds.txt
2012-05-15 07:23 - 2012-05-15 07:23 - 0013740 ____A C:\Documents and Settings\Robin\Desktop\dds.txt
2012-05-15 07:23 - 2012-05-15 07:23 - 0006343 ____A C:\Users\Robin\Desktop\attach.txt
2012-05-15 07:23 - 2012-05-15 07:23 - 0006343 ____A C:\Documents and Settings\Robin\Desktop\attach.txt
2012-05-15 07:17 - 2012-05-15 07:17 - 0000472 ____A C:\Users\Robin\Desktop\defogger_disable.log
2012-05-15 07:17 - 2012-05-15 07:17 - 0000472 ____A C:\Documents and Settings\Robin\Desktop\defogger_disable.log
2012-05-15 07:17 - 2012-05-15 07:17 - 0000000 ____A C:\Users\Robin\defogger_reenable
2012-05-15 07:17 - 2012-05-15 07:17 - 0000000 ____A C:\Documents and Settings\Robin\defogger_reenable
2012-05-15 06:56 - 2012-05-15 04:49 - 0607260 ____R (Swearware) C:\Users\Robin\Desktop\dds.scr
2012-05-15 06:56 - 2012-05-15 04:49 - 0607260 ____R (Swearware) C:\Documents and Settings\Robin\Desktop\dds.scr
2012-05-15 06:56 - 2012-05-15 04:48 - 0050477 ____A C:\Users\Robin\Desktop\Defogger.exe
2012-05-15 06:56 - 2012-05-15 04:48 - 0050477 ____A C:\Documents and Settings\Robin\Desktop\Defogger.exe
2012-05-11 01:46 - 2012-05-11 01:46 - 0000162 ___AH C:\Users\Robin\My Documents\~$LogIns.docx
2012-05-11 01:46 - 2012-05-11 01:46 - 0000162 ___AH C:\Users\Robin\Documents\~$LogIns.docx
2012-05-11 01:46 - 2012-05-11 01:46 - 0000162 ___AH C:\Documents and Settings\Robin\My Documents\~$LogIns.docx
2012-05-11 01:46 - 2012-05-11 01:46 - 0000162 ___AH C:\Documents and Settings\Robin\Documents\~$LogIns.docx
2012-05-10 23:45 - 2012-05-10 23:45 - 0000000 ____D C:\Users\Robin\Local Settings\ElevatedDiagnostics
2012-05-10 23:45 - 2012-05-10 23:45 - 0000000 ____D C:\Users\Robin\Local Settings\Application Data\ElevatedDiagnostics
2012-05-10 23:45 - 2012-05-10 23:45 - 0000000 ____D C:\Users\Robin\AppData\Local\ElevatedDiagnostics
2012-05-10 23:45 - 2012-05-10 23:45 - 0000000 ____D C:\Documents and Settings\Robin\Local Settings\ElevatedDiagnostics
2012-05-10 23:45 - 2012-05-10 23:45 - 0000000 ____D C:\Documents and Settings\Robin\Local Settings\Application Data\ElevatedDiagnostics
2012-05-10 23:45 - 2012-05-10 23:45 - 0000000 ____D C:\Documents and Settings\Robin\AppData\Local\ElevatedDiagnostics
2012-05-10 23:43 - 2012-05-10 23:43 - 0347424 ____A (Microsoft Corporation) C:\Users\Robin\Downloads\MicrosoftFixit.wu.LB.782601386208498.1.1.Run.exe
2012-05-10 23:43 - 2012-05-10 23:43 - 0347424 ____A (Microsoft Corporation) C:\Documents and Settings\Robin\Downloads\MicrosoftFixit.wu.LB.782601386208498.1.1.Run.exe
2012-05-10 21:29 - 2012-05-15 08:56 - 0036266 ____A C:\Windows\System32\commonpriv.log
2012-05-10 21:29 - 2012-05-10 21:29 - 0000000 ____A C:\Windows\System32\commonpriv.log.lock
2012-05-10 13:15 - 2012-05-10 13:15 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-10 13:15 - 2012-05-10 13:15 - 0000000 ____D C:\Users\All Users\Application Data\Mozilla
2012-05-10 13:15 - 2012-05-10 13:15 - 0000000 ____D C:\ProgramData\Mozilla
2012-05-10 13:15 - 2012-05-10 13:15 - 0000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-05-10 13:15 - 2012-05-10 13:15 - 0000000 ____D C:\Documents and Settings\All Users\Mozilla
2012-05-10 13:15 - 2012-05-10 13:15 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2012-05-10 05:54 - 2012-05-10 05:54 - 0711240 ____A C:\Windows\is-3CPNJ.exe
2012-05-10 05:54 - 2012-05-10 05:54 - 0010498 ____A C:\Windows\is-3CPNJ.msg
2012-05-10 05:54 - 2012-05-10 05:54 - 0000441 ____A C:\Windows\is-3CPNJ.lst
2012-05-10 05:53 - 2012-05-10 05:53 - 0000000 ____D C:\Users\Robin\Application Data\Malwarebytes
2012-05-10 05:53 - 2012-05-10 05:53 - 0000000 ____D C:\Users\Robin\AppData\Roaming\Malwarebytes
2012-05-10 05:53 - 2012-05-10 05:53 - 0000000 ____D C:\Documents and Settings\Robin\Application Data\Malwarebytes
2012-05-10 05:53 - 2012-05-10 05:53 - 0000000 ____D C:\Documents and Settings\Robin\AppData\Roaming\Malwarebytes
2012-05-05 12:39 - 2012-05-05 12:39 - 0000162 ___AH C:\Users\Robin\My Documents\~$bbie's Wish List 2012.docx
2012-05-05 12:39 - 2012-05-05 12:39 - 0000162 ___AH C:\Users\Robin\Documents\~$bbie's Wish List 2012.docx
2012-05-05 12:39 - 2012-05-05 12:39 - 0000162 ___AH C:\Documents and Settings\Robin\My Documents\~$bbie's Wish List 2012.docx
2012-05-05 12:39 - 2012-05-05 12:39 - 0000162 ___AH C:\Documents and Settings\Robin\Documents\~$bbie's Wish List 2012.docx
2012-05-05 12:38 - 2012-05-05 12:38 - 0000162 ___AH C:\Users\Robin\My Documents\~$ok List.docx
2012-05-05 12:38 - 2012-05-05 12:38 - 0000162 ___AH C:\Users\Robin\Documents\~$ok List.docx
2012-05-05 12:38 - 2012-05-05 12:38 - 0000162 ___AH C:\Documents and Settings\Robin\My Documents\~$ok List.docx
2012-05-05 12:38 - 2012-05-05 12:38 - 0000162 ___AH C:\Documents and Settings\Robin\Documents\~$ok List.docx
2012-05-03 05:32 - 2012-05-17 13:35 - 268435456 __ASH C:\Windows\System32\temppf.sys
2012-04-27 10:17 - 2012-04-27 10:17 - 0013277 ____A C:\Users\Robin\Downloads\Swedish Chef.jpg
2012-04-27 10:17 - 2012-04-27 10:17 - 0013277 ____A C:\Documents and Settings\Robin\Downloads\Swedish Chef.jpg
2012-04-23 14:27 - 2012-04-23 14:27 - 0195067 ____A C:\Users\Robin\My Documents\For sale sign.docx
2012-04-23 14:27 - 2012-04-23 14:27 - 0195067 ____A C:\Users\Robin\Documents\For sale sign.docx
2012-04-23 14:27 - 2012-04-23 14:27 - 0195067 ____A C:\Documents and Settings\Robin\My Documents\For sale sign.docx
2012-04-23 14:27 - 2012-04-23 14:27 - 0195067 ____A C:\Documents and Settings\Robin\Documents\For sale sign.docx


============ 3 Months Modified Files and Folders ===============

2012-05-18 07:27 - 2012-05-18 07:27 - 0000000 ____D C:\FRST
2012-05-18 03:23 - 2009-03-14 12:57 - 2461776 ____A C:\Windows\ntbtlog.txt
2012-05-17 13:39 - 2006-11-02 02:33 - 0706760 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-17 13:35 - 2012-05-03 05:32 - 268435456 __ASH C:\Windows\System32\temppf.sys
2012-05-17 13:24 - 2009-02-13 14:28 - 0000000 ____D C:\Program Files\Spyware Doctor
2012-05-17 13:22 - 2010-02-11 08:47 - 0007620 ____A C:\Users\Robin\Local Settings\d3d9caps.dat
2012-05-17 13:22 - 2010-02-11 08:47 - 0007620 ____A C:\Users\Robin\Local Settings\Application Data\d3d9caps.dat
2012-05-17 13:22 - 2010-02-11 08:47 - 0007620 ____A C:\Users\Robin\AppData\Local\d3d9caps.dat
2012-05-17 13:22 - 2010-02-11 08:47 - 0007620 ____A C:\Documents and Settings\Robin\Local Settings\d3d9caps.dat
2012-05-17 13:22 - 2010-02-11 08:47 - 0007620 ____A C:\Documents and Settings\Robin\Local Settings\Application Data\d3d9caps.dat
2012-05-17 13:22 - 2010-02-11 08:47 - 0007620 ____A C:\Documents and Settings\Robin\AppData\Local\d3d9caps.dat
2012-05-17 12:34 - 2006-11-02 05:01 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-17 09:39 - 2006-11-02 03:18 - 0000000 _SHDC C:\Windows\$NtUninstallKB3255$
2012-05-17 09:29 - 2012-05-17 09:29 - 0010597 ____A C:\Users\Robin\Desktop\combofix2.txt
2012-05-17 09:29 - 2012-05-17 09:29 - 0010597 ____A C:\Documents and Settings\Robin\Desktop\combofix2.txt
2012-05-17 09:23 - 2012-05-17 09:26 - 0000000 ____D C:\Qoobox
2012-05-17 09:23 - 2012-05-17 09:23 - 4492858 ____R (Swearware) C:\Users\Robin\Desktop\ComboFix.exe
2012-05-17 09:23 - 2012-05-17 09:23 - 4492858 ____R (Swearware) C:\Documents and Settings\Robin\Desktop\ComboFix.exe
2012-05-17 09:23 - 2012-05-17 09:23 - 0010597 ____A C:\ComboFix.txt
2012-05-17 09:23 - 2012-05-17 09:23 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-17 09:23 - 2012-05-17 09:12 - 0000000 ____D C:\ComboFix
2012-05-17 09:21 - 2012-05-16 08:25 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-17 09:21 - 2006-11-02 02:23 - 0000215 ____A C:\Windows\system.ini
2012-05-17 09:13 - 2012-05-17 09:27 - 0000000 ____D C:\Windows\ERDNT
2012-05-17 04:46 - 2012-05-17 04:46 - 0000000 ____D C:\Program Files\ESET
2012-05-17 04:38 - 2008-05-04 05:44 - 1367824 ____A C:\Windows\WindowsUpdate.log
2012-05-16 15:52 - 2012-05-16 15:52 - 0001995 ____A C:\Users\Robin\Desktop\aswMBR.txt
2012-05-16 15:52 - 2012-05-16 15:52 - 0001995 ____A C:\Documents and Settings\Robin\Desktop\aswMBR.txt
2012-05-16 15:52 - 2012-05-16 15:52 - 0000512 ____A C:\Users\Robin\Desktop\MBR.dat
2012-05-16 15:52 - 2012-05-16 15:52 - 0000512 ____A C:\Documents and Settings\Robin\Desktop\MBR.dat
2012-05-16 15:41 - 2012-05-16 15:41 - 0059893 ____A C:\Users\Robin\Desktop\tdsslog.txt
2012-05-16 15:41 - 2012-05-16 15:41 - 0059893 ____A C:\Documents and Settings\Robin\Desktop\tdsslog.txt
2012-05-16 15:41 - 2012-05-16 15:38 - 0119870 ____A C:\TDSSKiller.2.7.35.0_16.05.2012_19.38.59_log.txt
2012-05-16 09:32 - 2012-05-16 15:37 - 4731392 ____A (AVAST Software) C:\Users\Robin\Desktop\aswMBR.exe
2012-05-16 09:32 - 2012-05-16 15:37 - 4731392 ____A (AVAST Software) C:\Documents and Settings\Robin\Desktop\aswMBR.exe
2012-05-16 09:32 - 2012-05-16 15:37 - 2126424 ____A (Kaspersky Lab ZAO) C:\Users\Robin\Desktop\tdsskiller.exe
2012-05-16 09:32 - 2012-05-16 15:37 - 2126424 ____A (Kaspersky Lab ZAO) C:\Documents and Settings\Robin\Desktop\tdsskiller.exe
2012-05-16 08:29 - 2012-05-16 08:29 - 0011063 ____A C:\Users\Robin\Desktop\combofixlog.txt
2012-05-16 08:29 - 2012-05-16 08:29 - 0011063 ____A C:\Documents and Settings\Robin\Desktop\combofixlog.txt
2012-05-16 08:28 - 2006-11-02 05:01 - 0032570 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-16 08:27 - 2006-11-02 03:18 - 0000000 ___RD C:\users\Public
2012-05-16 08:25 - 2006-11-02 03:18 - 0000000 ___SD C:\Windows\Downloaded Program Files
2012-05-16 08:17 - 2012-05-16 08:17 - 0001200 ____A C:\Users\Robin\Desktop\checkup.txt
2012-05-16 08:17 - 2012-05-16 08:17 - 0001200 ____A C:\Documents and Settings\Robin\Desktop\checkup.txt
2012-05-16 07:26 - 2009-02-16 13:53 - 0027839 ____A C:\Users\All Users\nvModes.001
2012-05-16 07:26 - 2009-02-16 13:53 - 0027839 ____A C:\Users\All Users\Application Data\nvModes.001
2012-05-16 07:26 - 2009-02-16 13:53 - 0027839 ____A C:\ProgramData\nvModes.001
2012-05-16 07:26 - 2009-02-16 13:53 - 0027839 ____A C:\Documents and Settings\All Users\nvModes.001
2012-05-16 07:26 - 2009-02-16 13:53 - 0027839 ____A C:\Documents and Settings\All Users\Application Data\nvModes.001
2012-05-16 05:10 - 2012-05-16 08:16 - 0879714 ____A C:\Users\Robin\Desktop\SecurityCheck.exe
2012-05-16 05:10 - 2012-05-16 08:16 - 0879714 ____A C:\Documents and Settings\Robin\Desktop\SecurityCheck.exe
2012-05-15 21:16 - 2012-05-15 21:16 - 0005753 ____A C:\Users\Robin\Desktop\gmerlog.log
2012-05-15 21:16 - 2012-05-15 21:16 - 0005753 ____A C:\Documents and Settings\Robin\Desktop\gmerlog.log
2012-05-15 08:56 - 2012-05-15 08:56 - 0000584 ____A C:\Windows\System32\avgrep.txt
2012-05-15 08:56 - 2012-05-15 08:56 - 0000358 ____A C:\Windows\System32\commonpub.log
2012-05-15 08:56 - 2012-05-15 08:56 - 0000000 ____A C:\Windows\System32\commonpub.log.lock
2012-05-15 08:56 - 2012-05-15 08:55 - 0013210 ____A C:\Windows\System32\avgui.log
2012-05-15 08:56 - 2012-05-15 08:55 - 0003608 ____A C:\Windows\System32\avgui_idp_Robin.log
2012-05-15 08:56 - 2012-05-10 21:29 - 0036266 ____A C:\Windows\System32\commonpriv.log
2012-05-15 08:56 - 2011-10-11 08:15 - 0000000 ____D C:\Users\All Users\AVG2012
2012-05-15 08:56 - 2011-10-11 08:15 - 0000000 ____D C:\Users\All Users\Application Data\AVG2012
2012-05-15 08:56 - 2011-10-11 08:15 - 0000000 ____D C:\ProgramData\AVG2012
2012-05-15 08:56 - 2011-10-11 08:15 - 0000000 ____D C:\Documents and Settings\All Users\AVG2012
2012-05-15 08:56 - 2011-10-11 08:15 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2012
2012-05-15 08:55 - 2012-05-15 08:55 - 0000000 ____A C:\Windows\System32\avgui_idp_Robin.log.lock
2012-05-15 08:54 - 2010-08-14 17:01 - 0000000 ____D C:\Users\Robin\Local Settings\CrashDumps
2012-05-15 08:54 - 2010-08-14 17:01 - 0000000 ____D C:\Users\Robin\Local Settings\Application Data\CrashDumps
2012-05-15 08:54 - 2010-08-14 17:01 - 0000000 ____D C:\Users\Robin\AppData\Local\CrashDumps
2012-05-15 08:54 - 2010-08-14 17:01 - 0000000 ____D C:\Documents and Settings\Robin\Local Settings\CrashDumps
2012-05-15 08:54 - 2010-08-14 17:01 - 0000000 ____D C:\Documents and Settings\Robin\Local Settings\Application Data\CrashDumps
2012-05-15 08:54 - 2010-08-14 17:01 - 0000000 ____D C:\Documents and Settings\Robin\AppData\Local\CrashDumps
2012-05-15 08:49 - 2006-11-02 04:52 - 0043407 ____A C:\Windows\setupact.log
2012-05-15 07:25 - 2012-05-15 07:25 - 0000000 ____D C:\Users\Robin\Desktop\gmer
2012-05-15 07:25 - 2012-05-15 07:25 - 0000000 ____D C:\Documents and Settings\Robin\Desktop\gmer
2012-05-15 07:23 - 2012-05-15 07:23 - 0013740 ____A C:\Users\Robin\Desktop\dds.txt
2012-05-15 07:23 - 2012-05-15 07:23 - 0013740 ____A C:\Documents and Settings\Robin\Desktop\dds.txt
2012-05-15 07:23 - 2012-05-15 07:23 - 0006343 ____A C:\Users\Robin\Desktop\attach.txt
2012-05-15 07:23 - 2012-05-15 07:23 - 0006343 ____A C:\Documents and Settings\Robin\Desktop\attach.txt
2012-05-15 07:17 - 2012-05-15 07:17 - 0000472 ____A C:\Users\Robin\Desktop\defogger_disable.log
2012-05-15 07:17 - 2012-05-15 07:17 - 0000472 ____A C:\Documents and Settings\Robin\Desktop\defogger_disable.log
2012-05-15 07:17 - 2012-05-15 07:17 - 0000000 ____A C:\Users\Robin\defogger_reenable
2012-05-15 07:17 - 2012-05-15 07:17 - 0000000 ____A C:\Documents and Settings\Robin\defogger_reenable
2012-05-15 07:17 - 2008-05-28 19:25 - 0000000 ____D C:\users\Robin
2012-05-15 04:49 - 2012-05-15 06:56 - 0607260 ____R (Swearware) C:\Users\Robin\Desktop\dds.scr
2012-05-15 04:49 - 2012-05-15 06:56 - 0607260 ____R (Swearware) C:\Documents and Settings\Robin\Desktop\dds.scr
2012-05-15 04:48 - 2012-05-15 06:56 - 0050477 ____A C:\Users\Robin\Desktop\Defogger.exe
2012-05-15 04:48 - 2012-05-15 06:56 - 0050477 ____A C:\Documents and Settings\Robin\Desktop\Defogger.exe
2012-05-14 21:35 - 2011-10-11 06:14 - 0000418 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{EA526738-931A-43F3-8EA6-75FB65E62E3F}.job
2012-05-11 03:33 - 2008-04-24 18:02 - 0000000 ____D C:\Windows\Downloaded Installations
2012-05-11 01:46 - 2012-05-11 01:46 - 0000162 ___AH C:\Users\Robin\My Documents\~$LogIns.docx
2012-05-11 01:46 - 2012-05-11 01:46 - 0000162 ___AH C:\Users\Robin\Documents\~$LogIns.docx
2012-05-11 01:46 - 2012-05-11 01:46 - 0000162 ___AH C:\Documents and Settings\Robin\My Documents\~$LogIns.docx
2012-05-11 01:46 - 2012-05-11 01:46 - 0000162 ___AH C:\Documents and Settings\Robin\Documents\~$LogIns.docx
2012-05-10 23:45 - 2012-05-10 23:45 - 0000000 ____D C:\Users\Robin\Local Settings\ElevatedDiagnostics
2012-05-10 23:45 - 2012-05-10 23:45 - 0000000 ____D C:\Users\Robin\Local Settings\Application Data\ElevatedDiagnostics
2012-05-10 23:45 - 2012-05-10 23:45 - 0000000 ____D C:\Users\Robin\AppData\Local\ElevatedDiagnostics
2012-05-10 23:45 - 2012-05-10 23:45 - 0000000 ____D C:\Documents and Settings\Robin\Local Settings\ElevatedDiagnostics
2012-05-10 23:45 - 2012-05-10 23:45 - 0000000 ____D C:\Documents and Settings\Robin\Local Settings\Application Data\ElevatedDiagnostics
2012-05-10 23:45 - 2012-05-10 23:45 - 0000000 ____D C:\Documents and Settings\Robin\AppData\Local\ElevatedDiagnostics
2012-05-10 23:43 - 2012-05-10 23:43 - 0347424 ____A (Microsoft Corporation) C:\Users\Robin\Downloads\MicrosoftFixit.wu.LB.782601386208498.1.1.Run.exe
2012-05-10 23:43 - 2012-05-10 23:43 - 0347424 ____A (Microsoft Corporation) C:\Documents and Settings\Robin\Downloads\MicrosoftFixit.wu.LB.782601386208498.1.1.Run.exe
2012-05-10 23:22 - 2009-02-13 14:28 - 0000000 ____D C:\Program Files\Registry Mechanic
2012-05-10 21:29 - 2012-05-10 21:29 - 0000000 ____A C:\Windows\System32\commonpriv.log.lock
2012-05-10 13:23 - 2011-10-11 08:03 - 0000000 ____D C:\Users\All Users\MFAData
2012-05-10 13:23 - 2011-10-11 08:03 - 0000000 ____D C:\Users\All Users\Application Data\MFAData
2012-05-10 13:23 - 2011-10-11 08:03 - 0000000 ____D C:\ProgramData\MFAData
2012-05-10 13:23 - 2011-10-11 08:03 - 0000000 ____D C:\Documents and Settings\All Users\MFAData
2012-05-10 13:23 - 2011-10-11 08:03 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2012-05-10 13:15 - 2012-05-10 13:15 - 0000000 ____D C:\Users\All Users\Mozilla
2012-05-10 13:15 - 2012-05-10 13:15 - 0000000 ____D C:\Users\All Users\Application Data\Mozilla
2012-05-10 13:15 - 2012-05-10 13:15 - 0000000 ____D C:\ProgramData\Mozilla
2012-05-10 13:15 - 2012-05-10 13:15 - 0000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-05-10 13:15 - 2012-05-10 13:15 - 0000000 ____D C:\Documents and Settings\All Users\Mozilla
2012-05-10 13:15 - 2012-05-10 13:15 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Mozilla
2012-05-10 13:15 - 2011-04-07 07:07 - 0000000 ____D C:\Program Files\Mozilla Firefox
2012-05-10 12:51 - 2009-12-16 20:02 - 0000000 ____D C:\Users\All Users\Norton
2012-05-10 12:51 - 2009-12-16 20:02 - 0000000 ____D C:\Users\All Users\Application Data\Norton
2012-05-10 12:51 - 2009-12-16 20:02 - 0000000 ____D C:\ProgramData\Norton
2012-05-10 12:51 - 2009-12-16 20:02 - 0000000 ____D C:\Documents and Settings\All Users\Norton
2012-05-10 12:51 - 2009-12-16 20:02 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Norton
2012-05-10 05:54 - 2012-05-10 05:54 - 0711240 ____A C:\Windows\is-3CPNJ.exe
2012-05-10 05:54 - 2012-05-10 05:54 - 0010498 ____A C:\Windows\is-3CPNJ.msg
2012-05-10 05:54 - 2012-05-10 05:54 - 0000441 ____A C:\Windows\is-3CPNJ.lst
2012-05-10 05:54 - 2011-10-11 04:35 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-05-10 05:53 - 2012-05-10 05:53 - 0000000 ____D C:\Users\Robin\Application Data\Malwarebytes
2012-05-10 05:53 - 2012-05-10 05:53 - 0000000 ____D C:\Users\Robin\AppData\Roaming\Malwarebytes
2012-05-10 05:53 - 2012-05-10 05:53 - 0000000 ____D C:\Documents and Settings\Robin\Application Data\Malwarebytes
2012-05-10 05:53 - 2012-05-10 05:53 - 0000000 ____D C:\Documents and Settings\Robin\AppData\Roaming\Malwarebytes
2012-05-05 12:39 - 2012-05-05 12:39 - 0000162 ___AH C:\Users\Robin\My Documents\~$bbie's Wish List 2012.docx
2012-05-05 12:39 - 2012-05-05 12:39 - 0000162 ___AH C:\Users\Robin\Documents\~$bbie's Wish List 2012.docx
2012-05-05 12:39 - 2012-05-05 12:39 - 0000162 ___AH C:\Documents and Settings\Robin\My Documents\~$bbie's Wish List 2012.docx
2012-05-05 12:39 - 2012-05-05 12:39 - 0000162 ___AH C:\Documents and Settings\Robin\Documents\~$bbie's Wish List 2012.docx
2012-05-05 12:38 - 2012-05-05 12:38 - 0000162 ___AH C:\Users\Robin\My Documents\~$ok List.docx
2012-05-05 12:38 - 2012-05-05 12:38 - 0000162 ___AH C:\Users\Robin\Documents\~$ok List.docx
2012-05-05 12:38 - 2012-05-05 12:38 - 0000162 ___AH C:\Documents and Settings\Robin\My Documents\~$ok List.docx
2012-05-05 12:38 - 2012-05-05 12:38 - 0000162 ___AH C:\Documents and Settings\Robin\Documents\~$ok List.docx
2012-05-03 08:31 - 2006-11-02 02:22 - 51118080 ____A C:\Windows\System32\config\software_previous
2012-05-03 08:31 - 2006-11-02 02:22 - 21495808 ____A C:\Windows\System32\config\system_previous
2012-05-03 08:30 - 2011-10-11 08:15 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-05-03 08:30 - 2011-10-10 05:44 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-05-03 08:30 - 2010-08-23 09:57 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-03 08:30 - 2008-09-21 19:54 - 0000000 ____D C:\Users\Robin\Local Settings\Microsoft Help
2012-05-03 08:30 - 2008-09-21 19:54 - 0000000 ____D C:\Users\Robin\Local Settings\Application Data\Microsoft Help
2012-05-03 08:30 - 2008-09-21 19:54 - 0000000 ____D C:\Users\Robin\AppData\Local\Microsoft Help
2012-05-03 08:30 - 2008-09-21 19:54 - 0000000 ____D C:\Documents and Settings\Robin\Local Settings\Microsoft Help
2012-05-03 08:30 - 2008-09-21 19:54 - 0000000 ____D C:\Documents and Settings\Robin\Local Settings\Application Data\Microsoft Help
2012-05-03 08:30 - 2008-09-21 19:54 - 0000000 ____D C:\Documents and Settings\Robin\AppData\Local\Microsoft Help
2012-05-03 08:30 - 2008-05-28 19:39 - 0000000 ____D C:\Users\Robin\Local Settings\QuickPlay
2012-05-03 08:30 - 2008-05-28 19:39 - 0000000 ____D C:\Users\Robin\Local Settings\Application Data\QuickPlay
2012-05-03 08:30 - 2008-05-28 19:39 - 0000000 ____D C:\Users\Robin\AppData\Local\QuickPlay
2012-05-03 08:30 - 2008-05-28 19:39 - 0000000 ____D C:\Documents and Settings\Robin\Local Settings\QuickPlay
2012-05-03 08:30 - 2008-05-28 19:39 - 0000000 ____D C:\Documents and Settings\Robin\Local Settings\Application Data\QuickPlay
2012-05-03 08:30 - 2008-05-28 19:39 - 0000000 ____D C:\Documents and Settings\Robin\AppData\Local\QuickPlay
2012-05-03 08:30 - 2008-04-24 17:58 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-03 08:30 - 2008-04-24 17:58 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-05-03 08:30 - 2008-04-24 17:58 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-05-03 08:30 - 2008-04-24 17:58 - 0000000 ____D C:\Documents and Settings\All Users\Microsoft Help
2012-05-03 08:30 - 2008-04-24 17:58 - 0000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-05-03 08:30 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\System32\spool
2012-05-03 08:30 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\System32\Msdtc
2012-05-03 08:30 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\registration
2012-05-03 08:26 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\System32\LogFiles
2012-05-03 08:26 - 2006-11-02 02:22 - 38010880 ____A C:\Windows\System32\config\components_previous
2012-05-03 08:26 - 2006-11-02 02:22 - 0262144 ____A C:\Windows\System32\config\sam_previous
2012-05-03 05:32 - 2009-03-23 17:52 - 0000868 ____A C:\Windows\Tasks\Google Software Updater.job
2012-05-02 20:07 - 2006-11-02 02:22 - 0524288 ____A C:\Windows\System32\config\default_previous
2012-05-02 20:07 - 2006-11-02 02:22 - 0262144 ____A C:\Windows\System32\config\security_previous
2012-05-02 17:32 - 2009-02-16 13:53 - 0027839 ____A C:\Users\All Users\nvModes.dat
2012-05-02 17:32 - 2009-02-16 13:53 - 0027839 ____A C:\Users\All Users\Application Data\nvModes.dat
2012-05-02 17:32 - 2009-02-16 13:53 - 0027839 ____A C:\ProgramData\nvModes.dat
2012-05-02 17:32 - 2009-02-16 13:53 - 0027839 ____A C:\Documents and Settings\All Users\nvModes.dat
2012-05-02 17:32 - 2009-02-16 13:53 - 0027839 ____A C:\Documents and Settings\All Users\Application Data\nvModes.dat
2012-05-02 04:22 - 2011-10-17 08:49 - 0000000 ____D C:\Users\Robin\Application Data\HpUpdate
2012-05-02 04:22 - 2011-10-17 08:49 - 0000000 ____D C:\Users\Robin\AppData\Roaming\HpUpdate
2012-05-02 04:22 - 2011-10-17 08:49 - 0000000 ____D C:\Documents and Settings\Robin\Application Data\HpUpdate
2012-05-02 04:22 - 2011-10-17 08:49 - 0000000 ____D C:\Documents and Settings\Robin\AppData\Roaming\HpUpdate
2012-04-28 10:02 - 2008-07-28 18:01 - 0000021 ____A C:\Users\Public\Documents\hpqp.txt
2012-04-28 10:02 - 2008-07-28 18:01 - 0000021 ____A C:\Users\All Users\Documents\hpqp.txt
2012-04-28 10:02 - 2008-07-28 18:01 - 0000021 ____A C:\Documents and Settings\Public\Documents\hpqp.txt
2012-04-28 10:02 - 2008-07-28 18:01 - 0000021 ____A C:\Documents and Settings\All Users\Documents\hpqp.txt
2012-04-27 10:17 - 2012-04-27 10:17 - 0013277 ____A C:\Users\Robin\Downloads\Swedish Chef.jpg
2012-04-27 10:17 - 2012-04-27 10:17 - 0013277 ____A C:\Documents and Settings\Robin\Downloads\Swedish Chef.jpg
2012-04-27 07:03 - 2008-07-21 18:58 - 0000000 ____D C:\Users\Robin\Local Settings\WeatherBug
2012-04-27 07:03 - 2008-07-21 18:58 - 0000000 ____D C:\Users\Robin\Local Settings\Application Data\WeatherBug
2012-04-27 07:03 - 2008-07-21 18:58 - 0000000 ____D C:\Users\Robin\AppData\Local\WeatherBug
2012-04-27 07:03 - 2008-07-21 18:58 - 0000000 ____D C:\Documents and Settings\Robin\Local Settings\WeatherBug
2012-04-27 07:03 - 2008-07-21 18:58 - 0000000 ____D C:\Documents and Settings\Robin\Local Settings\Application Data\WeatherBug
2012-04-27 07:03 - 2008-07-21 18:58 - 0000000 ____D C:\Documents and Settings\Robin\AppData\Local\WeatherBug
2012-04-23 14:27 - 2012-04-23 14:27 - 0195067 ____A C:\Users\Robin\My Documents\For sale sign.docx
2012-04-23 14:27 - 2012-04-23 14:27 - 0195067 ____A C:\Users\Robin\Documents\For sale sign.docx
2012-04-23 14:27 - 2012-04-23 14:27 - 0195067 ____A C:\Documents and Settings\Robin\My Documents\For sale sign.docx
2012-04-23 14:27 - 2012-04-23 14:27 - 0195067 ____A C:\Documents and Settings\Robin\Documents\For sale sign.docx
2012-04-12 07:57 - 2008-01-20 18:47 - 0514366 ____A C:\Windows\PFRO.log
2012-04-04 11:56 - 2011-10-11 04:43 - 0022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-02 11:24 - 2010-07-18 07:11 - 0000000 ____D C:\Users\Robin\My Documents\APUS
2012-04-02 11:24 - 2010-07-18 07:11 - 0000000 ____D C:\Users\Robin\Documents\APUS
2012-04-02 11:24 - 2010-07-18 07:11 - 0000000 ____D C:\Documents and Settings\Robin\My Documents\APUS
2012-04-02 11:24 - 2010-07-18 07:11 - 0000000 ____D C:\Documents and Settings\Robin\Documents\APUS
2012-03-27 08:29 - 2012-03-27 08:29 - 0124744 ____A C:\Users\Robin\My Documents\Robbie's Wish List 2012.docx
2012-03-27 08:29 - 2012-03-27 08:29 - 0124744 ____A C:\Users\Robin\Documents\Robbie's Wish List 2012.docx
2012-03-27 08:29 - 2012-03-27 08:29 - 0124744 ____A C:\Documents and Settings\Robin\My Documents\Robbie's Wish List 2012.docx
2012-03-27 08:29 - 2012-03-27 08:29 - 0124744 ____A C:\Documents and Settings\Robin\Documents\Robbie's Wish List 2012.docx
2012-02-24 18:47 - 2012-02-24 18:47 - 0015895 ____A C:\Users\Robin\My Documents\Robins A Nice mom by Carolina 2-24-12.docx
2012-02-24 18:47 - 2012-02-24 18:47 - 0015895 ____A C:\Users\Robin\Documents\Robins A Nice mom by Carolina 2-24-12.docx
2012-02-24 18:47 - 2012-02-24 18:47 - 0015895 ____A C:\Documents and Settings\Robin\My Documents\Robins A Nice mom by Carolina 2-24-12.docx
2012-02-24 18:47 - 2012-02-24 18:47 - 0015895 ____A C:\Documents and Settings\Robin\Documents\Robins A Nice mom by Carolina 2-24-12.docx

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2008-12-12 04:13] - [2008-10-28 22:29] - 2927104 ____A (Microsoft Corporation) 4F554999D7D5F05DAAEBBA7B5BA1089D

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll
[2008-01-20 18:24] - [2008-01-20 18:24] - 0627200 ____A (Microsoft Corporation) B974D9F06DC7D1908E825DC201681269

C:\Windows\System32\userinit.exe
[2008-01-20 18:24] - [2008-01-20 18:24] - 0025088 ____A (Microsoft Corporation) 0E135526E9785D085BCD9AEDE6FBCBF9

C:\Windows\System32\Drivers\volsnap.sys
[2008-01-20 18:23] - [2008-01-20 18:23] - 0227896 ____A (Microsoft Corporation) D8B4A53DD2769F226B3EB374374987C9


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3006.31 MB
Available physical RAM: 2481.42 MB
Total Pagefile: 2727.84 MB
Available Pagefile: 2546.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.55 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:221.12 GB) (Free:149.57 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.77 GB) (Free:2.01 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:1.91 GB) (Free:1.91 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 1528 KB
Disk 1 Online 1960 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 221 GB 32 KB
Partition 2 Primary 12 GB 221 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 221 GB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D HP_RECOVERY NTFS Partition 12 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1960 MB 32 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F FAT32 Removable 1960 MB Healthy

======================================================================================================
==========================================================
TDL4: custom:26000022 <===== ATTENTION!


==========================================================

Last Boot: 2012-05-02 16:26

======================= End Of Log ==========================

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:19 PM

Posted 17 May 2012 - 09:01 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

TDL4: custom:26000022 <===== ATTENTION!
CMD: bootrec /FixMbr


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 nopolicies

nopolicies
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 17 May 2012 - 09:53 PM

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 16-05-2012
Ran by SYSTEM at 2012-05-18 09:53:57 Run:1
Running from F:\

==============================================


The operation completed successfully.
The operation completed successfully.

========= bootrec /FixMbr =========

˙ţT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:19 PM

Posted 17 May 2012 - 10:06 PM

how are things doing now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 nopolicies

nopolicies
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 17 May 2012 - 10:11 PM

It has opened up in normal mode now.. :thumbup2:

What is next?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:19 PM

Posted 17 May 2012 - 10:19 PM

run combofix once more - in normal mode


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 nopolicies

nopolicies
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 17 May 2012 - 11:18 PM

ComboFix 12-05-14.03 - Robin 05/18/2012 12:02:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.1707 [GMT -4:00]
Running from: c:\users\Robin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-18 to 2012-05-18 )))))))))))))))))))))))))))))))
.
.
2012-05-18 16:11 . 2012-05-18 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-17 17:23 . 2012-05-18 16:11 -------- d-----w- c:\users\Robin\AppData\Local\temp
2012-05-17 12:46 . 2012-05-17 12:46 -------- d-----w- c:\program files\ESET
2012-05-11 07:45 . 2012-05-11 07:45 -------- d-----w- c:\users\Robin\AppData\Local\ElevatedDiagnostics
2012-05-10 21:15 . 2012-05-10 21:15 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-10 21:15 . 2012-05-10 21:15 588728 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-05-10 21:15 . 2012-05-10 21:15 43960 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-05-10 21:15 . 2012-05-10 21:15 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-10 21:15 . 2012-05-10 21:15 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-10 13:54 . 2012-05-10 13:54 711240 ----a-w- c:\windows\is-3CPNJ.exe
2012-05-10 13:53 . 2012-05-10 13:53 -------- d-----w- c:\users\Robin\AppData\Roaming\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-10-11 12:43 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-10 21:15 . 2012-02-06 16:32 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"DriverUpdaterPro"="c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe" [2009-10-30 2765824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [BU]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 223984]
"LMPDPSRV"="c:\windows\system32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE" [2002-07-11 45056]
"Upromise"="c:\program files\Upromise\Upromise.exe" [BU]
"Upromise Update"="c:\program files\Upromise\UpromiseUa.exe" [BU]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"FestiveBar Search Scope Monitor"="c:\progra~1\FESTIV~2\bar\1.bin\3gsrchmn.exe" [BU]
"FestiveBar_3g Browser Plugin Loader"="c:\progra~1\FESTIV~2\bar\1.bin\3gbrmon.exe" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2011-1-6 331776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 18:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 15:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XllIIBttzPycAuv8234A]
c:\windows\system32\bhhhYXXwjUV.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
Contents of the 'Scheduled Tasks' folder
.
2010-11-15 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.14\DriverRobot.exe [2009-11-10 18:53]
.
2012-05-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-11 01:51]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 20:25]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 20:25]
.
2012-05-18 c:\windows\Tasks\User_Feed_Synchronization-{EA526738-931A-43F3-8EA6-75FB65E62E3F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
DPF: {7D492D61-303A-45C3-8A55-63449339943D} - hxxp://aolsvc.aol.com/onlinegames/free-trial-the-nightshift-code/NightShiftCodeWeb.1.0.0.5.cab
FF - ProfilePath - c:\users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\6k0tqab2.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: general.useragent.extra.brc -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-18 12:11
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1035442124-823532070-865760131-1000\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:aa,59,92,38,14,96,08,00
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-18 12:12:54
ComboFix-quarantined-files.txt 2012-05-18 16:12
ComboFix2.txt 2012-05-17 17:23
ComboFix3.txt 2012-05-16 16:27
.
Pre-Run: 154,530,320,384 bytes free
Post-Run: 154,498,887,680 bytes free
.
- - End Of File - - 8CA6F050229DE0F622AA3340CD0C30A8

Edited by nopolicies, 17 May 2012 - 11:18 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users