Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: keeps redirecting search engine links


  • This topic is locked This topic is locked
18 replies to this topic

#1 markp03

markp03

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 18 June 2012 - 10:17 PM

When i use a search engine and I click on a link I sometimes get redirected. Some times I see this at the beginning of the redirected link click.get-answers-fast. I have tried many different ma;ware removal tools like anti-malware bytes but it still persists. Any help would be appreciated. When I did a scan with GMER and all the options but files registry and services where grayed out and I could not select them.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by ADMIN at 21:55:36 on 2012-06-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.1858 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Users\ADMIN\AppData\Roaming\Smilebox\SmileboxTray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\mal\mal\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\mal\mal\mbamservice.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: MRI_DISABLED - No File
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: {37153479-1976-43C3-A1EE-557513977B64} - No File
uRun: [SmileboxTray] "C:\Users\ADMIN\AppData\Roaming\Smilebox\SmileboxTray.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\mal\mal\mbamgui.exe" /starttray
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{13F39138-B2C6-43B5-AAE3-93381A13DB8D} : DhcpNameServer = 40.10.1.201 40.10.1.202
TCP: Interfaces\{6F39C88C-CE33-412B-BA57-C4877EA54556} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6F39C88C-CE33-412B-BA57-C4877EA54556}\3496E64697 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{6F39C88C-CE33-412B-BA57-C4877EA54556}\45865605F657E646 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{6F39C88C-CE33-412B-BA57-C4877EA54556}\640594D28415 : DhcpNameServer = 192.168.130.10 192.168.130.29
TCP: Interfaces\{6F39C88C-CE33-412B-BA57-C4877EA54556}\65562796A7F6E602353484D2C4341313021326837302355636572756 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6F39C88C-CE33-412B-BA57-C4877EA54556}\D697177756374793238393 : DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: MRI_DISABLED - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: {37153479-1976-43C3-A1EE-557513977B64} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\mal\mal\mbamgui.exe" /starttray
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\3r7le1fj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\ADMIN\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-4-13 365568]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-5-14 514232]
R2 MBAMService;MBAMService;C:\mal\mal\mbamservice.exe [2012-6-18 654408]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-10 136176]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-10 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S4 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
S4 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
S4 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-3-30 26680]
S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-5-29 1751656]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-19 02:35:38 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-19 02:35:38 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-06-19 02:35:37 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-06-19 02:35:37 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-06-19 02:35:37 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-06-19 01:56:49 -------- d-----w- C:\$RECYCLE.BIN
2012-06-19 01:43:34 98816 ----a-w- C:\Windows\sed.exe
2012-06-19 01:43:34 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-19 01:43:34 256000 ----a-w- C:\Windows\PEV.exe
2012-06-19 01:43:34 208896 ----a-w- C:\Windows\MBR.exe
2012-06-19 01:27:04 388096 ----a-r- C:\Users\ADMIN\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-19 01:27:03 -------- d-----w- C:\hij
2012-06-19 01:23:09 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-19 01:01:20 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-19 01:01:19 -------- d-----w- C:\mal
2012-06-18 16:26:07 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E1DEFC77-1027-4ECC-AE4F-F60CC078981C}\mpengine.dll
2012-06-18 04:28:55 -------- d-----w- C:\Users\ADMIN\AppData\Roaming\SUPERAntiSpyware.com
2012-06-18 04:28:49 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-18 04:28:49 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-18 04:25:02 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-17 15:21:58 -------- d-----w- C:\Users\ADMIN\AppData\Roaming\Malwarebytes
2012-06-17 15:21:43 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-14 15:53:04 -------- d-----w- C:\Users\ADMIN\AppData\Local\{BF11B669-CFC8-4C51-8FA1-4F6EB439341D}
2012-06-14 15:52:52 -------- d-----w- C:\Users\ADMIN\AppData\Local\{E9719465-0EA6-492A-9D4F-B0AE727C62D7}
2012-06-13 12:53:13 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 12:53:13 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 12:53:13 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 12:53:08 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 12:53:07 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 12:53:04 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 12:53:03 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 12:53:02 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 12:53:01 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 12:52:58 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 12:52:58 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 12:52:52 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 12:52:52 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 12:52:52 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 12:52:52 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 12:52:52 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 12:52:51 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-13 03:14:23 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD6FF509-A99D-43DA-B086-32409162C375}\gapaengine.dll
2012-06-12 00:07:19 -------- d-----w- C:\Users\ADMIN\AppData\Local\{276F7768-F5FF-47EE-B952-57634FA3A62A}
2012-06-12 00:07:07 -------- d-----w- C:\Users\ADMIN\AppData\Local\{07001B04-C437-4306-B9CA-C074DC5DAE91}
2012-06-05 00:23:30 -------- d-----w- C:\Users\ADMIN\AppData\Local\{2964091E-F32C-4F93-981B-3FB543A619DD}
2012-06-05 00:23:19 -------- d-----w- C:\Users\ADMIN\AppData\Local\{3A951261-5461-4C3B-B748-D2BC65A4D8AC}
2012-05-29 23:33:47 -------- d-----w- C:\Users\ADMIN\AppData\Local\ElevatedDiagnostics
2012-05-20 15:40:33 -------- d-----w- C:\Users\ADMIN\AppData\Local\CRE
2012-05-20 15:40:21 -------- d-----w- C:\Program Files (x86)\uTorrentControl2
2012-05-20 15:40:09 -------- d-----w- C:\Program Files (x86)\uTorrent
2012-05-20 15:39:15 -------- d-----w- C:\Users\ADMIN\AppData\Roaming\uTorrent
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-06 12:36:46 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 12:36:46 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 21:56:15.88 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 18 June 2012 - 11:57 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 markp03

markp03
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 19 June 2012 - 05:46 PM

Hi Gringo, thanks for taking my "case". The computer is normal besides the redirecting


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox 11.0 Firefox out of Date!
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````




ComboFix 12-06-19.03 - ADMIN 06/19/2012 17:17:31.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2299 [GMT -5:00]
Running from: c:\users\ADMIN\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-19 22:25 . 2012-06-19 22:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-19 16:45 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43A1CCE4-25A3-4391-BD57-1A2758F19DBE}\mpengine.dll
2012-06-19 02:35 . 2012-06-19 02:35 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-19 02:35 . 2012-06-19 02:35 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-06-19 02:35 . 2012-06-19 02:35 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-06-19 02:35 . 2012-06-19 02:35 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-06-19 02:35 . 2012-06-19 02:35 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-06-19 01:27 . 2012-06-19 01:27 388096 ----a-r- c:\users\ADMIN\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-19 01:27 . 2012-06-19 01:27 -------- d-----w- C:\hij
2012-06-19 01:23 . 2012-06-19 01:23 -------- d-----w- c:\program files (x86)\ESET
2012-06-19 01:01 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-19 01:01 . 2012-06-19 01:01 -------- d-----w- C:\mal
2012-06-18 16:26 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-18 04:28 . 2012-06-18 04:28 -------- d-----w- c:\users\ADMIN\AppData\Roaming\SUPERAntiSpyware.com
2012-06-18 04:28 . 2012-06-18 04:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-18 04:28 . 2012-06-18 04:28 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-17 15:21 . 2012-06-17 15:21 -------- d-----w- c:\users\ADMIN\AppData\Roaming\Malwarebytes
2012-06-17 15:21 . 2012-06-17 15:21 -------- d-----w- c:\programdata\Malwarebytes
2012-06-13 12:53 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 12:53 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 12:53 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 12:53 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 12:53 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 12:53 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 12:53 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 12:53 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 12:53 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 12:52 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 12:52 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 12:52 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 12:52 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 12:52 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 12:52 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 12:52 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 12:52 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 03:14 . 2012-02-11 17:18 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD6FF509-A99D-43DA-B086-32409162C375}\gapaengine.dll
2012-05-29 23:33 . 2012-05-29 23:33 -------- d-----w- c:\users\ADMIN\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 12:36 . 2012-05-06 12:36 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 12:36 . 2011-07-29 01:56 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-30 11:35 . 2012-05-10 02:11 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-19_01.56.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-19 02:14 47984 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-19 16:35 53444 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-15 03:48 . 2012-06-19 02:12 1988 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-07-17 13:35 . 2012-06-19 16:35 9480 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3309654362-1017491583-4199694645-1001_UserData.bin
- 2012-06-19 01:56 . 2012-06-19 01:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-19 22:26 . 2012-06-19 22:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-19 22:26 . 2012-06-19 22:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-19 01:56 . 2012-06-19 01:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-29 01:40 . 2012-06-19 22:05 251826 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-06-19 01:07 662658 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-19 16:38 662658 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-19 01:07 122454 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-19 16:38 122454 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-06-19 22:25 392296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-19 01:55 392296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-17 13:50 . 2012-06-19 22:25 6676832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3309654362-1017491583-4199694645-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmileboxTray"="c:\users\ADMIN\AppData\Roaming\Smilebox\SmileboxTray.exe" [2012-05-15 325448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-20 880496]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-11 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\mal\mal\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-04-04 05:53 35736 ----a-w- c:\program files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Quick Launch]
2011-03-30 22:25 586808 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPConnectionManager]
2011-02-15 22:49 94264 ----a-w- c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPOSD]
2011-03-30 22:00 319544 ----a-w- c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-04-13 05:42 336384 ----a-w- c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R4 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-03-30 26680]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-01-14 1751656]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-13 365568]
S2 MBAMService;MBAMService;c:\mal\mal\mbamservice.exe [2012-04-04 654408]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 00:53]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 00:53]
.
2012-06-03 c:\windows\Tasks\HPCeeScheduleForADMIN-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\3r7le1fj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-06-19 17:39:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-19 22:39
ComboFix2.txt 2012-06-19 02:09
.
Pre-Run: 245,925,298,176 bytes free
Post-Run: 245,953,359,872 bytes free
.
- - End Of File - - C9B481BBC26B5476F9CC40B19EB64AD1

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 19 June 2012 - 06:16 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 markp03

markp03
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 19 June 2012 - 07:26 PM

19:06:51.0527 7808 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
19:06:51.0950 7808 ============================================================
19:06:51.0950 7808 Current date / time: 2012/06/19 19:06:51.0950
19:06:51.0950 7808 SystemInfo:
19:06:51.0950 7808
19:06:51.0950 7808 OS Version: 6.1.7601 ServicePack: 1.0
19:06:51.0950 7808 Product type: Workstation
19:06:51.0950 7808 ComputerName: ADMIN-HP
19:06:51.0951 7808 UserName: ADMIN
19:06:51.0951 7808 Windows directory: C:\Windows
19:06:51.0951 7808 System windows directory: C:\Windows
19:06:51.0951 7808 Running under WOW64
19:06:51.0951 7808 Processor architecture: Intel x64
19:06:51.0951 7808 Number of processors: 2
19:06:51.0951 7808 Page size: 0x1000
19:06:51.0951 7808 Boot type: Normal boot
19:06:51.0951 7808 ============================================================
19:06:52.0386 7808 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:06:52.0401 7808 ============================================================
19:06:52.0401 7808 \Device\Harddisk0\DR0:
19:06:52.0402 7808 MBR partitions:
19:06:52.0402 7808 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
19:06:52.0402 7808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23828800
19:06:52.0402 7808 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2388C800, BlocksNum 0x1B6E000
19:06:52.0402 7808 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
19:06:52.0402 7808 ============================================================
19:06:52.0434 7808 C: <-> \Device\Harddisk0\DR0\Partition1
19:06:52.0482 7808 D: <-> \Device\Harddisk0\DR0\Partition2
19:06:52.0482 7808 ============================================================
19:06:52.0482 7808 Initialize success
19:06:52.0482 7808 ============================================================
19:06:57.0343 6884 ============================================================
19:06:57.0343 6884 Scan started
19:06:57.0343 6884 Mode: Manual;
19:06:57.0343 6884 ============================================================
19:06:57.0742 6884 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:06:57.0746 6884 !SASCORE - ok
19:06:57.0943 6884 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:06:57.0948 6884 1394ohci - ok
19:06:58.0001 6884 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:06:58.0006 6884 ACPI - ok
19:06:58.0031 6884 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:06:58.0032 6884 AcpiPmi - ok
19:06:58.0156 6884 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:06:58.0157 6884 AdobeARMservice - ok
19:06:58.0217 6884 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:06:58.0224 6884 adp94xx - ok
19:06:58.0284 6884 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:06:58.0289 6884 adpahci - ok
19:06:58.0322 6884 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:06:58.0325 6884 adpu320 - ok
19:06:58.0374 6884 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:06:58.0376 6884 AeLookupSvc - ok
19:06:58.0434 6884 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:06:58.0441 6884 AFD - ok
19:06:58.0485 6884 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:06:58.0487 6884 agp440 - ok
19:06:58.0530 6884 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:06:58.0533 6884 ALG - ok
19:06:58.0569 6884 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:06:58.0570 6884 aliide - ok
19:06:58.0643 6884 AMD External Events Utility (715b02b892c5ba46471efc8dcd2ae934) C:\Windows\system32\atiesrxx.exe
19:06:58.0646 6884 AMD External Events Utility - ok
19:06:58.0702 6884 AMD FUEL Service - ok
19:06:58.0784 6884 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:06:58.0785 6884 amdide - ok
19:06:58.0828 6884 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
19:06:58.0830 6884 amdiox64 - ok
19:06:58.0874 6884 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:06:58.0876 6884 AmdK8 - ok
19:06:59.0376 6884 amdkmdag (7054d5d028b6ca727d0575192d633fa9) C:\Windows\system32\DRIVERS\atikmdag.sys
19:06:59.0578 6884 amdkmdag - ok
19:06:59.0728 6884 amdkmdap (1cd2bc11467fd5fc7be9827a9f3d8566) C:\Windows\system32\DRIVERS\atikmpag.sys
19:06:59.0735 6884 amdkmdap - ok
19:06:59.0775 6884 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:06:59.0776 6884 AmdPPM - ok
19:06:59.0803 6884 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:06:59.0807 6884 amdsata - ok
19:06:59.0840 6884 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:06:59.0844 6884 amdsbs - ok
19:06:59.0865 6884 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:06:59.0867 6884 amdxata - ok
19:06:59.0888 6884 amd_sata (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\DRIVERS\amd_sata.sys
19:06:59.0889 6884 amd_sata - ok
19:06:59.0910 6884 amd_xata (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\DRIVERS\amd_xata.sys
19:06:59.0911 6884 amd_xata - ok
19:06:59.0975 6884 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
19:06:59.0976 6884 androidusb - ok
19:07:00.0021 6884 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:07:00.0023 6884 AppID - ok
19:07:00.0056 6884 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:07:00.0058 6884 AppIDSvc - ok
19:07:00.0074 6884 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:07:00.0076 6884 Appinfo - ok
19:07:00.0185 6884 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:07:00.0187 6884 arc - ok
19:07:00.0211 6884 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:07:00.0213 6884 arcsas - ok
19:07:00.0401 6884 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:07:00.0403 6884 aspnet_state - ok
19:07:00.0440 6884 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:07:00.0442 6884 AsyncMac - ok
19:07:00.0462 6884 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:07:00.0464 6884 atapi - ok
19:07:00.0549 6884 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
19:07:00.0553 6884 AtiHDAudioService - ok
19:07:00.0615 6884 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:07:00.0623 6884 AudioEndpointBuilder - ok
19:07:00.0633 6884 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:07:00.0638 6884 AudioSrv - ok
19:07:00.0698 6884 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:07:00.0700 6884 AxInstSV - ok
19:07:00.0739 6884 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:07:00.0746 6884 b06bdrv - ok
19:07:00.0778 6884 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:07:00.0782 6884 b57nd60a - ok
19:07:00.0882 6884 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:07:00.0900 6884 BCM43XX - ok
19:07:00.0932 6884 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:07:00.0934 6884 BDESVC - ok
19:07:01.0000 6884 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:07:01.0001 6884 Beep - ok
19:07:01.0105 6884 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:07:01.0116 6884 BFE - ok
19:07:01.0191 6884 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
19:07:01.0204 6884 BITS - ok
19:07:01.0263 6884 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
19:07:01.0265 6884 blbdrive - ok
19:07:01.0295 6884 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:07:01.0297 6884 bowser - ok
19:07:01.0320 6884 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:07:01.0321 6884 BrFiltLo - ok
19:07:01.0348 6884 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:07:01.0349 6884 BrFiltUp - ok
19:07:01.0372 6884 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:07:01.0374 6884 BridgeMP - ok
19:07:01.0400 6884 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:07:01.0402 6884 Browser - ok
19:07:01.0437 6884 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:07:01.0441 6884 Brserid - ok
19:07:01.0454 6884 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:07:01.0456 6884 BrSerWdm - ok
19:07:01.0479 6884 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:07:01.0481 6884 BrUsbMdm - ok
19:07:01.0499 6884 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:07:01.0500 6884 BrUsbSer - ok
19:07:01.0529 6884 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:07:01.0531 6884 BTHMODEM - ok
19:07:01.0597 6884 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:07:01.0600 6884 bthserv - ok
19:07:01.0633 6884 catchme - ok
19:07:01.0666 6884 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:07:01.0668 6884 cdfs - ok
19:07:01.0721 6884 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:07:01.0724 6884 cdrom - ok
19:07:01.0764 6884 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:07:01.0766 6884 CertPropSvc - ok
19:07:01.0818 6884 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:07:01.0820 6884 circlass - ok
19:07:01.0857 6884 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:07:01.0863 6884 CLFS - ok
19:07:01.0900 6884 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:07:01.0901 6884 clr_optimization_v2.0.50727_32 - ok
19:07:01.0946 6884 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:07:01.0948 6884 clr_optimization_v2.0.50727_64 - ok
19:07:02.0046 6884 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:07:02.0048 6884 clr_optimization_v4.0.30319_32 - ok
19:07:02.0065 6884 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:07:02.0067 6884 clr_optimization_v4.0.30319_64 - ok
19:07:02.0102 6884 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
19:07:02.0104 6884 clwvd - ok
19:07:02.0126 6884 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:07:02.0128 6884 CmBatt - ok
19:07:02.0162 6884 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:07:02.0164 6884 cmdide - ok
19:07:02.0217 6884 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:07:02.0224 6884 CNG - ok
19:07:02.0246 6884 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:07:02.0247 6884 Compbatt - ok
19:07:02.0323 6884 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:07:02.0325 6884 CompositeBus - ok
19:07:02.0342 6884 COMSysApp - ok
19:07:02.0372 6884 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:07:02.0374 6884 crcdisk - ok
19:07:02.0431 6884 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:07:02.0435 6884 CryptSvc - ok
19:07:02.0481 6884 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:07:02.0490 6884 DcomLaunch - ok
19:07:02.0534 6884 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:07:02.0539 6884 defragsvc - ok
19:07:02.0593 6884 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:07:02.0595 6884 DfsC - ok
19:07:02.0625 6884 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:07:02.0630 6884 Dhcp - ok
19:07:02.0651 6884 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:07:02.0652 6884 discache - ok
19:07:02.0716 6884 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:07:02.0718 6884 Disk - ok
19:07:02.0761 6884 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:07:02.0765 6884 Dnscache - ok
19:07:02.0822 6884 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:07:02.0826 6884 dot3svc - ok
19:07:02.0840 6884 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:07:02.0843 6884 DPS - ok
19:07:02.0903 6884 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:07:02.0904 6884 drmkaud - ok
19:07:02.0959 6884 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:07:02.0972 6884 DXGKrnl - ok
19:07:03.0007 6884 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:07:03.0009 6884 EapHost - ok
19:07:03.0159 6884 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:07:03.0229 6884 ebdrv - ok
19:07:03.0336 6884 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:07:03.0340 6884 EFS - ok
19:07:03.0435 6884 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:07:03.0449 6884 ehRecvr - ok
19:07:03.0471 6884 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:07:03.0473 6884 ehSched - ok
19:07:03.0577 6884 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:07:03.0586 6884 elxstor - ok
19:07:03.0620 6884 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:07:03.0621 6884 ErrDev - ok
19:07:03.0704 6884 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:07:03.0709 6884 EventSystem - ok
19:07:03.0741 6884 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:07:03.0744 6884 exfat - ok
19:07:03.0765 6884 ezSharedSvc - ok
19:07:03.0809 6884 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:07:03.0813 6884 fastfat - ok
19:07:03.0869 6884 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:07:03.0880 6884 Fax - ok
19:07:03.0901 6884 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:07:03.0903 6884 fdc - ok
19:07:03.0914 6884 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:07:03.0916 6884 fdPHost - ok
19:07:03.0933 6884 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:07:03.0935 6884 FDResPub - ok
19:07:03.0964 6884 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:07:03.0966 6884 FileInfo - ok
19:07:03.0979 6884 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:07:03.0981 6884 Filetrace - ok
19:07:04.0000 6884 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:07:04.0002 6884 flpydisk - ok
19:07:04.0027 6884 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:07:04.0032 6884 FltMgr - ok
19:07:04.0080 6884 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:07:04.0093 6884 FontCache - ok
19:07:04.0224 6884 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:07:04.0226 6884 FontCache3.0.0.0 - ok
19:07:04.0275 6884 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:07:04.0277 6884 FsDepends - ok
19:07:04.0315 6884 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:07:04.0316 6884 Fs_Rec - ok
19:07:04.0400 6884 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:07:04.0403 6884 fvevol - ok
19:07:04.0432 6884 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:07:04.0434 6884 gagp30kx - ok
19:07:04.0490 6884 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:07:04.0500 6884 gpsvc - ok
19:07:04.0635 6884 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:07:04.0638 6884 gupdate - ok
19:07:04.0663 6884 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:07:04.0665 6884 gupdatem - ok
19:07:04.0691 6884 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:07:04.0693 6884 hcw85cir - ok
19:07:04.0728 6884 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:07:04.0732 6884 HdAudAddService - ok
19:07:04.0804 6884 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:07:04.0807 6884 HDAudBus - ok
19:07:04.0833 6884 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:07:04.0834 6884 HidBatt - ok
19:07:04.0852 6884 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:07:04.0855 6884 HidBth - ok
19:07:04.0908 6884 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:07:04.0910 6884 HidIr - ok
19:07:04.0933 6884 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:07:04.0935 6884 hidserv - ok
19:07:04.0984 6884 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
19:07:04.0985 6884 HidUsb - ok
19:07:05.0053 6884 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:07:05.0056 6884 hkmsvc - ok
19:07:05.0074 6884 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:07:05.0079 6884 HomeGroupListener - ok
19:07:05.0111 6884 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:07:05.0116 6884 HomeGroupProvider - ok
19:07:05.0255 6884 HP Health Check Service (45a12cacb97b4f15858fcfd59355a1e9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
19:07:05.0258 6884 HP Health Check Service - ok
19:07:05.0356 6884 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
19:07:05.0362 6884 HPClientSvc - ok
19:07:05.0510 6884 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
19:07:05.0527 6884 hpCMSrv - ok
19:07:05.0563 6884 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
19:07:05.0565 6884 HPDrvMntSvc.exe - ok
19:07:05.0629 6884 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
19:07:05.0639 6884 hpqwmiex - ok
19:07:05.0779 6884 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:07:05.0781 6884 HpSAMD - ok
19:07:05.0982 6884 HPSLPSVC (d4f91cf4de215d6f14a06087d46725e4) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
19:07:06.0003 6884 HPSLPSVC - ok
19:07:06.0065 6884 HPWMISVC (ead185acdcfd81bf2172cd6f36277d50) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
19:07:06.0066 6884 HPWMISVC - ok
19:07:06.0121 6884 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:07:06.0132 6884 HTTP - ok
19:07:06.0166 6884 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:07:06.0167 6884 hwpolicy - ok
19:07:06.0205 6884 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:07:06.0208 6884 i8042prt - ok
19:07:06.0258 6884 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:07:06.0263 6884 iaStorV - ok
19:07:06.0413 6884 IconMan_R (2c3cc41fefcb77e2826886e6b7ef93ae) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
19:07:06.0437 6884 IconMan_R - ok
19:07:06.0614 6884 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:07:06.0631 6884 idsvc - ok
19:07:06.0750 6884 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:07:06.0752 6884 iirsp - ok
19:07:06.0820 6884 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:07:06.0834 6884 IKEEXT - ok
19:07:06.0869 6884 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:07:06.0870 6884 intelide - ok
19:07:06.0904 6884 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
19:07:06.0906 6884 intelppm - ok
19:07:06.0990 6884 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:07:06.0994 6884 IPBusEnum - ok
19:07:07.0020 6884 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:07:07.0022 6884 IpFilterDriver - ok
19:07:07.0058 6884 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:07:07.0067 6884 iphlpsvc - ok
19:07:07.0101 6884 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:07:07.0103 6884 IPMIDRV - ok
19:07:07.0121 6884 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:07:07.0124 6884 IPNAT - ok
19:07:07.0148 6884 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:07:07.0149 6884 IRENUM - ok
19:07:07.0160 6884 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:07:07.0162 6884 isapnp - ok
19:07:07.0232 6884 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:07:07.0237 6884 iScsiPrt - ok
19:07:07.0260 6884 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:07:07.0262 6884 kbdclass - ok
19:07:07.0283 6884 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:07:07.0284 6884 kbdhid - ok
19:07:07.0340 6884 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:07:07.0342 6884 KeyIso - ok
19:07:07.0356 6884 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:07:07.0359 6884 KSecDD - ok
19:07:07.0383 6884 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:07:07.0386 6884 KSecPkg - ok
19:07:07.0427 6884 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:07:07.0428 6884 ksthunk - ok
19:07:07.0509 6884 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:07:07.0518 6884 KtmRm - ok
19:07:07.0572 6884 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:07:07.0580 6884 LanmanServer - ok
19:07:07.0637 6884 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:07:07.0644 6884 LanmanWorkstation - ok
19:07:07.0695 6884 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:07:07.0697 6884 lltdio - ok
19:07:07.0729 6884 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:07:07.0734 6884 lltdsvc - ok
19:07:07.0751 6884 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:07:07.0753 6884 lmhosts - ok
19:07:07.0810 6884 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:07:07.0813 6884 LSI_FC - ok
19:07:07.0848 6884 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:07:07.0850 6884 LSI_SAS - ok
19:07:07.0870 6884 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:07:07.0871 6884 LSI_SAS2 - ok
19:07:07.0896 6884 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:07:07.0898 6884 LSI_SCSI - ok
19:07:07.0957 6884 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:07:07.0960 6884 luafv - ok
19:07:08.0020 6884 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
19:07:08.0021 6884 MBAMProtector - ok
19:07:08.0142 6884 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\mal\mal\mbamservice.exe
19:07:08.0155 6884 MBAMService - ok
19:07:08.0230 6884 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:07:08.0233 6884 Mcx2Svc - ok
19:07:08.0257 6884 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:07:08.0259 6884 megasas - ok
19:07:08.0291 6884 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:07:08.0296 6884 MegaSR - ok
19:07:08.0436 6884 Microsoft SharePoint Workspace Audit Service - ok
19:07:08.0505 6884 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:07:08.0509 6884 MMCSS - ok
19:07:08.0533 6884 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:07:08.0536 6884 Modem - ok
19:07:08.0571 6884 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:07:08.0572 6884 monitor - ok
19:07:08.0647 6884 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:07:08.0649 6884 mouclass - ok
19:07:08.0680 6884 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
19:07:08.0683 6884 mouhid - ok
19:07:08.0723 6884 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:07:08.0725 6884 mountmgr - ok
19:07:08.0809 6884 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
19:07:08.0814 6884 MpFilter - ok
19:07:08.0837 6884 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:07:08.0840 6884 mpio - ok
19:07:08.0867 6884 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:07:08.0870 6884 mpsdrv - ok
19:07:08.0966 6884 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:07:08.0979 6884 MpsSvc - ok
19:07:09.0004 6884 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:07:09.0007 6884 MRxDAV - ok
19:07:09.0073 6884 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:07:09.0076 6884 mrxsmb - ok
19:07:09.0105 6884 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:07:09.0110 6884 mrxsmb10 - ok
19:07:09.0127 6884 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:07:09.0130 6884 mrxsmb20 - ok
19:07:09.0179 6884 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:07:09.0181 6884 msahci - ok
19:07:09.0212 6884 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:07:09.0215 6884 msdsm - ok
19:07:09.0241 6884 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:07:09.0247 6884 MSDTC - ok
19:07:09.0333 6884 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:07:09.0335 6884 Msfs - ok
19:07:09.0369 6884 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:07:09.0371 6884 mshidkmdf - ok
19:07:09.0406 6884 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:07:09.0407 6884 msisadrv - ok
19:07:09.0478 6884 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:07:09.0482 6884 MSiSCSI - ok
19:07:09.0486 6884 msiserver - ok
19:07:09.0506 6884 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:07:09.0507 6884 MSKSSRV - ok
19:07:09.0637 6884 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:07:09.0638 6884 MsMpSvc - ok
19:07:09.0663 6884 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:07:09.0665 6884 MSPCLOCK - ok
19:07:09.0709 6884 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:07:09.0710 6884 MSPQM - ok
19:07:09.0746 6884 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:07:09.0751 6884 MsRPC - ok
19:07:09.0784 6884 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:07:09.0785 6884 mssmbios - ok
19:07:09.0806 6884 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:07:09.0807 6884 MSTEE - ok
19:07:09.0838 6884 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:07:09.0839 6884 MTConfig - ok
19:07:09.0855 6884 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:07:09.0857 6884 Mup - ok
19:07:09.0889 6884 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:07:09.0897 6884 napagent - ok
19:07:09.0958 6884 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:07:09.0963 6884 NativeWifiP - ok
19:07:10.0036 6884 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
19:07:10.0051 6884 NDIS - ok
19:07:10.0089 6884 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:07:10.0091 6884 NdisCap - ok
19:07:10.0113 6884 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:07:10.0114 6884 NdisTapi - ok
19:07:10.0121 6884 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:07:10.0123 6884 Ndisuio - ok
19:07:10.0132 6884 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:07:10.0134 6884 NdisWan - ok
19:07:10.0142 6884 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:07:10.0144 6884 NDProxy - ok
19:07:10.0188 6884 Net Driver HPZ12 (d4f51e88c71bf8f06ea1be320b0bb75b) C:\Windows\system32\HPZinw12.dll
19:07:10.0190 6884 Net Driver HPZ12 - ok
19:07:10.0196 6884 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:07:10.0197 6884 NetBIOS - ok
19:07:10.0225 6884 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:07:10.0228 6884 NetBT - ok
19:07:10.0268 6884 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:07:10.0270 6884 Netlogon - ok
19:07:10.0358 6884 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:07:10.0368 6884 Netman - ok
19:07:10.0503 6884 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:07:10.0507 6884 NetMsmqActivator - ok
19:07:10.0515 6884 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:07:10.0518 6884 NetPipeActivator - ok
19:07:10.0571 6884 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:07:10.0578 6884 netprofm - ok
19:07:10.0597 6884 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:07:10.0599 6884 NetTcpActivator - ok
19:07:10.0605 6884 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:07:10.0607 6884 NetTcpPortSharing - ok
19:07:10.0666 6884 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:07:10.0668 6884 nfrd960 - ok
19:07:10.0720 6884 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:07:10.0723 6884 NisDrv - ok
19:07:10.0841 6884 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
19:07:10.0846 6884 NisSrv - ok
19:07:10.0896 6884 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:07:10.0902 6884 NlaSvc - ok
19:07:10.0927 6884 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:07:10.0929 6884 Npfs - ok
19:07:10.0949 6884 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:07:10.0952 6884 nsi - ok
19:07:10.0958 6884 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:07:10.0959 6884 nsiproxy - ok
19:07:11.0066 6884 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:07:11.0087 6884 Ntfs - ok
19:07:11.0219 6884 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:07:11.0220 6884 Null - ok
19:07:11.0260 6884 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
19:07:11.0267 6884 NVENETFD - ok
19:07:11.0296 6884 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:07:11.0299 6884 nvraid - ok
19:07:11.0318 6884 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:07:11.0322 6884 nvstor - ok
19:07:11.0388 6884 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:07:11.0397 6884 nv_agp - ok
19:07:11.0424 6884 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:07:11.0425 6884 ohci1394 - ok
19:07:11.0561 6884 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:07:11.0565 6884 ose - ok
19:07:11.0927 6884 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:07:12.0053 6884 osppsvc - ok
19:07:12.0160 6884 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:07:12.0167 6884 p2pimsvc - ok
19:07:12.0206 6884 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:07:12.0213 6884 p2psvc - ok
19:07:12.0291 6884 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:07:12.0295 6884 Parport - ok
19:07:12.0333 6884 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:07:12.0335 6884 partmgr - ok
19:07:12.0392 6884 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:07:12.0397 6884 PcaSvc - ok
19:07:12.0419 6884 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:07:12.0422 6884 pci - ok
19:07:12.0443 6884 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:07:12.0444 6884 pciide - ok
19:07:12.0468 6884 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:07:12.0471 6884 pcmcia - ok
19:07:12.0536 6884 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:07:12.0538 6884 pcw - ok
19:07:12.0568 6884 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:07:12.0577 6884 PEAUTH - ok
19:07:12.0663 6884 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:07:12.0666 6884 PerfHost - ok
19:07:12.0761 6884 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:07:12.0780 6884 pla - ok
19:07:12.0814 6884 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:07:12.0820 6884 PlugPlay - ok
19:07:12.0863 6884 Pml Driver HPZ12 (9a80707d8b6c1806531bfd7399b3cc76) C:\Windows\system32\HPZipm12.dll
19:07:12.0865 6884 Pml Driver HPZ12 - ok
19:07:12.0934 6884 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:07:12.0938 6884 PNRPAutoReg - ok
19:07:12.0971 6884 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:07:12.0976 6884 PNRPsvc - ok
19:07:13.0036 6884 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:07:13.0044 6884 PolicyAgent - ok
19:07:13.0114 6884 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:07:13.0121 6884 Power - ok
19:07:13.0220 6884 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:07:13.0223 6884 PptpMiniport - ok
19:07:13.0258 6884 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:07:13.0261 6884 Processor - ok
19:07:13.0304 6884 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:07:13.0308 6884 ProfSvc - ok
19:07:13.0341 6884 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:07:13.0343 6884 ProtectedStorage - ok
19:07:13.0384 6884 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:07:13.0387 6884 Psched - ok
19:07:13.0467 6884 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:07:13.0487 6884 ql2300 - ok
19:07:13.0625 6884 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:07:13.0628 6884 ql40xx - ok
19:07:13.0654 6884 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:07:13.0660 6884 QWAVE - ok
19:07:13.0689 6884 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:07:13.0691 6884 QWAVEdrv - ok
19:07:13.0708 6884 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:07:13.0709 6884 RasAcd - ok
19:07:13.0742 6884 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:07:13.0743 6884 RasAgileVpn - ok
19:07:13.0790 6884 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:07:13.0793 6884 RasAuto - ok
19:07:13.0817 6884 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:07:13.0819 6884 Rasl2tp - ok
19:07:13.0846 6884 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:07:13.0851 6884 RasMan - ok
19:07:13.0864 6884 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:07:13.0867 6884 RasPppoe - ok
19:07:13.0873 6884 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:07:13.0875 6884 RasSstp - ok
19:07:13.0890 6884 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:07:13.0894 6884 rdbss - ok
19:07:13.0919 6884 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:07:13.0920 6884 rdpbus - ok
19:07:13.0942 6884 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:07:13.0945 6884 RDPCDD - ok
19:07:13.0972 6884 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:07:13.0973 6884 RDPENCDD - ok
19:07:13.0996 6884 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:07:13.0998 6884 RDPREFMP - ok
19:07:14.0080 6884 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:07:14.0086 6884 RDPWD - ok
19:07:14.0112 6884 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:07:14.0116 6884 rdyboost - ok
19:07:14.0146 6884 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:07:14.0149 6884 RemoteAccess - ok
19:07:14.0232 6884 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:07:14.0236 6884 RemoteRegistry - ok
19:07:14.0274 6884 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
19:07:14.0276 6884 RimUsb - ok
19:07:14.0300 6884 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:07:14.0302 6884 RpcEptMapper - ok
19:07:14.0374 6884 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:07:14.0376 6884 RpcLocator - ok
19:07:14.0407 6884 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
19:07:14.0412 6884 RpcSs - ok
19:07:14.0446 6884 RSPCIESTOR (d5c3e1629a3f7f0857d27949252b94ce) C:\Windows\system32\DRIVERS\RtsPStor.sys
19:07:14.0451 6884 RSPCIESTOR - ok
19:07:14.0537 6884 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:07:14.0539 6884 rspndr - ok
19:07:14.0593 6884 RTL8167 (a73ed14670220307874ad6bc2f279349) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:07:14.0599 6884 RTL8167 - ok
19:07:14.0671 6884 RTL8192Ce (5fa2f4f658fca7816a5ff6980b95c5f9) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
19:07:14.0685 6884 RTL8192Ce - ok
19:07:14.0716 6884 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:07:14.0718 6884 SamSs - ok
19:07:14.0833 6884 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:07:14.0834 6884 SASDIFSV - ok
19:07:14.0842 6884 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:07:14.0843 6884 SASKUTIL - ok
19:07:14.0876 6884 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:07:14.0879 6884 sbp2port - ok
19:07:14.0912 6884 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:07:14.0917 6884 SCardSvr - ok
19:07:14.0942 6884 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:07:14.0944 6884 scfilter - ok
19:07:14.0986 6884 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:07:15.0001 6884 Schedule - ok
19:07:15.0030 6884 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:07:15.0031 6884 SCPolicySvc - ok
19:07:15.0111 6884 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
19:07:15.0114 6884 sdbus - ok
19:07:15.0134 6884 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:07:15.0139 6884 SDRSVC - ok
19:07:15.0155 6884 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:07:15.0156 6884 secdrv - ok
19:07:15.0170 6884 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:07:15.0172 6884 seclogon - ok
19:07:15.0233 6884 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:07:15.0236 6884 SENS - ok
19:07:15.0246 6884 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:07:15.0249 6884 SensrSvc - ok
19:07:15.0267 6884 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
19:07:15.0269 6884 Serenum - ok
19:07:15.0290 6884 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
19:07:15.0293 6884 Serial - ok
19:07:15.0319 6884 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:07:15.0320 6884 sermouse - ok
19:07:15.0389 6884 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:07:15.0396 6884 SessionEnv - ok
19:07:15.0422 6884 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:07:15.0424 6884 sffdisk - ok
19:07:15.0457 6884 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:07:15.0458 6884 sffp_mmc - ok
19:07:15.0475 6884 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:07:15.0476 6884 sffp_sd - ok
19:07:15.0525 6884 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:07:15.0526 6884 sfloppy - ok
19:07:15.0569 6884 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:07:15.0576 6884 SharedAccess - ok
19:07:15.0668 6884 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:07:15.0676 6884 ShellHWDetection - ok
19:07:15.0749 6884 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:07:15.0751 6884 SiSRaid2 - ok
19:07:15.0782 6884 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:07:15.0784 6884 SiSRaid4 - ok
19:07:15.0917 6884 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:07:15.0919 6884 SkypeUpdate - ok
19:07:15.0957 6884 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:07:15.0959 6884 Smb - ok
19:07:16.0006 6884 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:07:16.0008 6884 SNMPTRAP - ok
19:07:16.0075 6884 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:07:16.0077 6884 spldr - ok
19:07:16.0123 6884 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:07:16.0132 6884 Spooler - ok
19:07:16.0265 6884 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:07:16.0348 6884 sppsvc - ok
19:07:16.0482 6884 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:07:16.0485 6884 sppuinotify - ok
19:07:16.0588 6884 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:07:16.0594 6884 srv - ok
19:07:16.0611 6884 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:07:16.0617 6884 srv2 - ok
19:07:16.0669 6884 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:07:16.0673 6884 SrvHsfHDA - ok
19:07:16.0799 6884 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:07:16.0817 6884 SrvHsfV92 - ok
19:07:17.0010 6884 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:07:17.0020 6884 SrvHsfWinac - ok
19:07:17.0063 6884 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:07:17.0066 6884 srvnet - ok
19:07:17.0116 6884 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
19:07:17.0119 6884 ssadbus - ok
19:07:17.0161 6884 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
19:07:17.0163 6884 ssadmdfl - ok
19:07:17.0226 6884 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
19:07:17.0229 6884 ssadmdm - ok
19:07:17.0278 6884 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:07:17.0283 6884 SSDPSRV - ok
19:07:17.0292 6884 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:07:17.0295 6884 SstpSvc - ok
19:07:17.0439 6884 STacSV (293a556e04f815477ae93e07b35065e6) C:\Program Files\IDT\WDM\STacSV64.exe
19:07:17.0444 6884 STacSV - ok
19:07:17.0474 6884 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:07:17.0476 6884 stexstor - ok
19:07:17.0515 6884 STHDA (aa3c0336514c239a171f00a6902b59b8) C:\Windows\system32\DRIVERS\stwrt64.sys
19:07:17.0522 6884 STHDA - ok
19:07:17.0563 6884 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
19:07:17.0564 6884 StillCam - ok
19:07:17.0679 6884 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:07:17.0691 6884 stisvc - ok
19:07:17.0770 6884 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:07:17.0772 6884 swenum - ok
19:07:17.0819 6884 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:07:17.0827 6884 swprv - ok
19:07:17.0971 6884 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
19:07:17.0990 6884 SynTP - ok
19:07:18.0137 6884 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:07:18.0160 6884 SysMain - ok
19:07:18.0299 6884 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:07:18.0303 6884 TabletInputService - ok
19:07:18.0318 6884 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:07:18.0324 6884 TapiSrv - ok
19:07:18.0332 6884 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:07:18.0335 6884 TBS - ok
19:07:18.0461 6884 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:07:18.0487 6884 Tcpip - ok
19:07:18.0712 6884 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:07:18.0727 6884 TCPIP6 - ok
19:07:19.0042 6884 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:07:19.0044 6884 tcpipreg - ok
19:07:19.0060 6884 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:07:19.0062 6884 TDPIPE - ok
19:07:19.0090 6884 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:07:19.0092 6884 TDTCP - ok
19:07:19.0108 6884 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:07:19.0111 6884 tdx - ok
19:07:19.0176 6884 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:07:19.0178 6884 TermDD - ok
19:07:19.0228 6884 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:07:19.0238 6884 TermService - ok
19:07:19.0274 6884 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:07:19.0277 6884 Themes - ok
19:07:19.0309 6884 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:07:19.0311 6884 THREADORDER - ok
19:07:19.0334 6884 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:07:19.0338 6884 TrkWks - ok
19:07:19.0425 6884 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:07:19.0428 6884 TrustedInstaller - ok
19:07:19.0443 6884 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:07:19.0445 6884 tssecsrv - ok
19:07:19.0488 6884 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:07:19.0489 6884 TsUsbFlt - ok
19:07:19.0552 6884 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:07:19.0554 6884 TsUsbGD - ok
19:07:19.0577 6884 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:07:19.0579 6884 tunnel - ok
19:07:19.0614 6884 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:07:19.0616 6884 uagp35 - ok
19:07:19.0642 6884 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:07:19.0647 6884 udfs - ok
19:07:19.0732 6884 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:07:19.0736 6884 UI0Detect - ok
19:07:19.0779 6884 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:07:19.0781 6884 uliagpkx - ok
19:07:19.0824 6884 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:07:19.0826 6884 umbus - ok
19:07:19.0836 6884 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:07:19.0837 6884 UmPass - ok
19:07:19.0871 6884 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:07:19.0879 6884 upnphost - ok
19:07:19.0908 6884 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:07:19.0910 6884 usbccgp - ok
19:07:19.0937 6884 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:07:19.0939 6884 usbcir - ok
19:07:19.0958 6884 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:07:19.0959 6884 usbehci - ok
19:07:19.0973 6884 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:07:19.0978 6884 usbhub - ok
19:07:19.0991 6884 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:07:19.0993 6884 usbohci - ok
19:07:20.0017 6884 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
19:07:20.0018 6884 usbprint - ok
19:07:20.0031 6884 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:07:20.0033 6884 USBSTOR - ok
19:07:20.0095 6884 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:07:20.0096 6884 usbuhci - ok
19:07:20.0124 6884 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
19:07:20.0128 6884 usbvideo - ok
19:07:20.0158 6884 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:07:20.0160 6884 UxSms - ok
19:07:20.0196 6884 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:07:20.0198 6884 VaultSvc - ok
19:07:20.0269 6884 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:07:20.0271 6884 vdrvroot - ok
19:07:20.0303 6884 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:07:20.0311 6884 vds - ok
19:07:20.0333 6884 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:07:20.0335 6884 vga - ok
19:07:20.0347 6884 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:07:20.0348 6884 VgaSave - ok
19:07:20.0377 6884 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:07:20.0380 6884 vhdmp - ok
19:07:20.0414 6884 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:07:20.0415 6884 viaide - ok
19:07:20.0440 6884 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:07:20.0442 6884 volmgr - ok
19:07:20.0527 6884 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:07:20.0532 6884 volmgrx - ok
19:07:20.0549 6884 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:07:20.0555 6884 volsnap - ok
19:07:20.0589 6884 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:07:20.0591 6884 vsmraid - ok
19:07:20.0687 6884 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:07:20.0710 6884 VSS - ok
19:07:20.0840 6884 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:07:20.0842 6884 vwifibus - ok
19:07:20.0856 6884 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:07:20.0858 6884 vwififlt - ok
19:07:20.0912 6884 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:07:20.0919 6884 W32Time - ok
19:07:20.0994 6884 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:07:20.0996 6884 WacomPen - ok
19:07:21.0041 6884 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:07:21.0044 6884 WANARP - ok
19:07:21.0061 6884 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:07:21.0062 6884 Wanarpv6 - ok
19:07:21.0214 6884 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:07:21.0232 6884 WatAdminSvc - ok
19:07:21.0317 6884 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:07:21.0337 6884 wbengine - ok
19:07:21.0531 6884 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:07:21.0537 6884 WbioSrvc - ok
19:07:21.0564 6884 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:07:21.0572 6884 wcncsvc - ok
19:07:21.0579 6884 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:07:21.0583 6884 WcsPlugInService - ok
19:07:21.0660 6884 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:07:21.0661 6884 Wd - ok
19:07:21.0773 6884 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:07:21.0800 6884 Wdf01000 - ok
19:07:21.0825 6884 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:07:21.0828 6884 WdiServiceHost - ok
19:07:21.0832 6884 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:07:21.0836 6884 WdiSystemHost - ok
19:07:21.0864 6884 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:07:21.0870 6884 WebClient - ok
19:07:21.0907 6884 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:07:21.0913 6884 Wecsvc - ok
19:07:21.0923 6884 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:07:21.0927 6884 wercplsupport - ok
19:07:21.0940 6884 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:07:21.0944 6884 WerSvc - ok
19:07:22.0089 6884 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:07:22.0090 6884 WfpLwf - ok
19:07:22.0116 6884 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:07:22.0117 6884 WIMMount - ok
19:07:22.0188 6884 WinDefend - ok
19:07:22.0210 6884 WinHttpAutoProxySvc - ok
19:07:22.0274 6884 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:07:22.0277 6884 Winmgmt - ok
19:07:22.0455 6884 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:07:22.0510 6884 WinRM - ok
19:07:22.0671 6884 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:07:22.0674 6884 WinUsb - ok
19:07:22.0736 6884 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:07:22.0751 6884 Wlansvc - ok
19:07:22.0816 6884 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:07:22.0818 6884 wlcrasvc - ok
19:07:23.0041 6884 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:07:23.0088 6884 wlidsvc - ok
19:07:23.0203 6884 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:07:23.0204 6884 WmiAcpi - ok
19:07:23.0270 6884 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:07:23.0274 6884 wmiApSrv - ok
19:07:23.0335 6884 WMPNetworkSvc - ok
19:07:23.0429 6884 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:07:23.0434 6884 WPCSvc - ok
19:07:23.0453 6884 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:07:23.0460 6884 WPDBusEnum - ok
19:07:23.0482 6884 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:07:23.0483 6884 ws2ifsl - ok
19:07:23.0511 6884 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:07:23.0514 6884 wscsvc - ok
19:07:23.0580 6884 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
19:07:23.0581 6884 WSDPrintDevice - ok
19:07:23.0585 6884 WSearch - ok
19:07:23.0756 6884 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:07:23.0913 6884 wuauserv - ok
19:07:24.0072 6884 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:07:24.0074 6884 WudfPf - ok
19:07:24.0097 6884 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:07:24.0101 6884 WUDFRd - ok
19:07:24.0146 6884 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:07:24.0150 6884 wudfsvc - ok
19:07:24.0163 6884 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:07:24.0168 6884 WwanSvc - ok
19:07:24.0222 6884 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:07:24.0469 6884 \Device\Harddisk0\DR0 - ok
19:07:24.0497 6884 Boot (0x1200) (4edf01fa8a2c4b9e4db79e6a6bd195ca) \Device\Harddisk0\DR0\Partition0
19:07:24.0499 6884 \Device\Harddisk0\DR0\Partition0 - ok
19:07:24.0512 6884 Boot (0x1200) (51418e2fd63022a71047db2e2144a830) \Device\Harddisk0\DR0\Partition1
19:07:24.0514 6884 \Device\Harddisk0\DR0\Partition1 - ok
19:07:24.0557 6884 Boot (0x1200) (f6715dd1153783c31dba1806354fcd74) \Device\Harddisk0\DR0\Partition2
19:07:24.0559 6884 \Device\Harddisk0\DR0\Partition2 - ok
19:07:24.0574 6884 Boot (0x1200) (00fff4e28134f6f30a11bbad2f40114e) \Device\Harddisk0\DR0\Partition3
19:07:24.0575 6884 \Device\Harddisk0\DR0\Partition3 - ok
19:07:24.0576 6884 ============================================================
19:07:24.0576 6884 Scan finished
19:07:24.0576 6884 ============================================================
19:07:24.0593 7396 Detected object count: 0
19:07:24.0593 7396 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-19 19:10:21
-----------------------------
19:10:21.612 OS Version: Windows x64 6.1.7601 Service Pack 1
19:10:21.612 Number of processors: 2 586 0x100
19:10:21.616 ComputerName: ADMIN-HP UserName: ADMIN
19:10:22.300 Initialize success
19:12:47.975 AVAST engine defs: 12061901
19:12:56.997 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
19:12:57.002 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 305245MB BusType: 11
19:12:57.025 Disk 0 MBR read successfully
19:12:57.031 Disk 0 MBR scan
19:12:57.041 Disk 0 Windows 7 default MBR code
19:12:57.049 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:12:57.064 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 290897 MB offset 409600
19:12:57.098 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14044 MB offset 596166656
19:12:57.115 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
19:12:57.154 Disk 0 scanning C:\Windows\system32\drivers
19:13:08.548 Service scanning
19:13:37.539 Modules scanning
19:13:37.562 Disk 0 trace - called modules:
19:13:37.926 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
19:13:37.938 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004613060]
19:13:37.952 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa8004112040]
19:13:37.959 5 amd_xata.sys[fffff8800114d8f7] -> nt!IofCallDriver -> \Device\00000064[0xfffffa800410e060]
19:13:38.958 AVAST engine scan C:\Windows
19:13:41.865 AVAST engine scan C:\Windows\system32
19:16:32.078 AVAST engine scan C:\Windows\system32\drivers
19:16:44.047 AVAST engine scan C:\Users\ADMIN
19:21:57.278 AVAST engine scan C:\ProgramData
19:23:24.902 Scan finished successfully
19:24:03.298 Disk 0 MBR has been saved successfully to "C:\Users\ADMIN\Desktop\Logs\MBR.dat"
19:24:03.318 The log file has been saved successfully to "C:\Users\ADMIN\Desktop\Logs\aswMBR.txt"
19:24:28.073 Disk 0 MBR has been saved successfully to "C:\Users\ADMIN\Desktop\Logs\MBR.dat"
19:24:28.079 The log file has been saved successfully to "C:\Users\ADMIN\Desktop\Logs\aswMBR1.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 19 June 2012 - 09:04 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 markp03

markp03
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 19 June 2012 - 09:25 PM

OTL logfile created on: 6/19/2012 9:16:52 PM - Run 2
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\ADMIN\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 29.96% Memory free
6.96 Gb Paging File | 3.85 Gb Available in Paging File | 55.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.08 Gb Total Space | 227.88 Gb Free Space | 80.22% Space Free | Partition Type: NTFS
Drive D: | 13.71 Gb Total Space | 1.53 Gb Free Space | 11.18% Space Free | Partition Type: NTFS

Computer Name: ADMIN-HP | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ADMIN\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\ADMIN\Desktop\aswMBR.exe (AVAST Software)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Users\ADMIN\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
PRC - C:\mal\mal\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\mal\mal\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\mal\mal\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{35CEFA14-9662-4F9D-A8EA-0B77B42F1EFC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{35CEFA14-9662-4F9D-A8EA-0B77B42F1EFC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001\..\SearchScopes\{35CEFA14-9662-4F9D-A8EA-0B77B42F1EFC}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@e-academy.com/Host SDM Plugin; version=1.0.0.0: C:\Users\ADMIN\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/18 21:35:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/12 09:47:49 | 000,000,000 | ---D | M]

[2011/07/24 21:57:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN\AppData\Roaming\Mozilla\Extensions
[2012/06/14 14:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\3r7le1fj.default\extensions
[2012/06/12 22:16:29 | 000,000,000 | ---D | M] (CompTool0234 Community Toolbar) -- C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\3r7le1fj.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}
[2012/06/12 22:16:55 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\3r7le1fj.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011/09/07 14:29:12 | 000,000,925 | ---- | M] () -- C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\3r7le1fj.default\searchplugins\conduit.xml
[2012/06/18 21:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/12 22:16:55 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3R7LE1FJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[1832/11/28 23:30:07 | 000,004,813 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3R7LE1FJ.DEFAULT\EXTENSIONS\RAYZBQXZFI@RAYZBQXZFI.ORG.XPI
[2012/06/18 21:35:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/18 21:35:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/18 21:35:35 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: NPAPI plugin to host SDM ActiveX (Enabled) = C:\Users\ADMIN\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

O1 HOSTS File: ([2012/06/19 17:26:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O3 - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\mal\mal\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001..\Run: [SmileboxTray] C:\Users\ADMIN\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13F39138-B2C6-43B5-AAE3-93381A13DB8D}: DhcpNameServer = 40.10.1.201 40.10.1.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F39C88C-CE33-412B-BA57-C4877EA54556}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/19 21:15:16 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\ADMIN\Desktop\OTL.exe
[2012/06/19 17:43:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/18 21:55:06 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\ADMIN\Desktop\dds.scr
[2012/06/18 20:43:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/18 20:43:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/18 20:43:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/18 20:43:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/18 20:43:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/18 20:38:16 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\Desktop\Logs
[2012/06/18 20:36:50 | 004,562,361 | R--- | C] (Swearware) -- C:\Users\ADMIN\Desktop\ComboFix.exe
[2012/06/18 20:35:24 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\ADMIN\Desktop\aswMBR.exe
[2012/06/18 20:35:12 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\ADMIN\Desktop\tdsskiller.exe
[2012/06/18 20:27:05 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/18 20:27:03 | 000,000,000 | ---D | C] -- C:\hij
[2012/06/18 20:23:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/18 20:17:25 | 021,869,488 | ---- | C] (Oracle Corporation) -- C:\Users\ADMIN\Desktop\jre-7u5-windows-x64.exe
[2012/06/18 20:15:33 | 002,322,184 | ---- | C] (ESET) -- C:\Users\ADMIN\Desktop\esetsmartinstaller_enu.exe
[2012/06/18 20:01:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/18 20:01:19 | 000,000,000 | ---D | C] -- C:\mal
[2012/06/17 23:28:55 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/17 23:28:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/06/17 23:28:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/17 23:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/17 10:21:58 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Malwarebytes
[2012/06/17 10:21:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/14 10:53:04 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{BF11B669-CFC8-4C51-8FA1-4F6EB439341D}
[2012/06/14 10:52:52 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{E9719465-0EA6-492A-9D4F-B0AE727C62D7}
[2012/06/14 06:07:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/14 06:07:34 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/14 06:07:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/14 06:07:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/14 06:07:30 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/14 06:07:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/14 06:07:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/14 06:07:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/14 06:07:26 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/14 06:07:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/14 06:07:25 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/14 06:07:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/14 06:07:24 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 07:53:13 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 07:53:13 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 07:53:13 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 07:53:03 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 07:53:02 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 07:53:01 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 07:52:58 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 07:52:52 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 07:52:52 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/11 19:07:19 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{276F7768-F5FF-47EE-B952-57634FA3A62A}
[2012/06/11 19:07:07 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{07001B04-C437-4306-B9CA-C074DC5DAE91}
[2012/06/09 21:33:10 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\Desktop\temp
[2012/06/04 19:23:30 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{2964091E-F32C-4F93-981B-3FB543A619DD}
[2012/06/04 19:23:19 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\{3A951261-5461-4C3B-B748-D2BC65A4D8AC}
[2012/05/29 18:33:47 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\ElevatedDiagnostics
[1 C:\Users\ADMIN\Desktop\*.tmp files -> C:\Users\ADMIN\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/19 21:15:11 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\ADMIN\Desktop\OTL.exe
[2012/06/19 20:56:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/19 17:51:01 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/19 17:51:01 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/19 17:48:00 | 000,782,702 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/19 17:48:00 | 000,662,658 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/19 17:48:00 | 000,122,454 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/19 17:43:46 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/19 17:43:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/19 17:43:29 | 2801,979,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/19 17:26:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/19 17:15:44 | 004,562,361 | R--- | M] (Swearware) -- C:\Users\ADMIN\Desktop\ComboFix.exe
[2012/06/18 21:57:18 | 000,302,592 | ---- | M] () -- C:\Users\ADMIN\Desktop\y2964374.exe
[2012/06/18 21:55:07 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\ADMIN\Desktop\dds.scr
[2012/06/18 21:45:25 | 000,201,030 | ---- | M] () -- C:\Users\ADMIN\Desktop\lspfix.zip
[2012/06/18 20:35:33 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\ADMIN\Desktop\aswMBR.exe
[2012/06/18 20:35:21 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\ADMIN\Desktop\tdsskiller.exe
[2012/06/18 20:27:05 | 000,002,943 | ---- | M] () -- C:\Users\ADMIN\Desktop\HiJackThis.lnk
[2012/06/18 20:26:02 | 001,402,880 | ---- | M] () -- C:\Users\ADMIN\Desktop\HijackThis.msi
[2012/06/18 20:18:05 | 021,869,488 | ---- | M] (Oracle Corporation) -- C:\Users\ADMIN\Desktop\jre-7u5-windows-x64.exe
[2012/06/18 20:15:49 | 000,881,475 | ---- | M] () -- C:\Users\ADMIN\Desktop\SecurityCheck.exe
[2012/06/18 20:15:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\ADMIN\Desktop\esetsmartinstaller_enu.exe
[2012/06/17 23:28:54 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/14 06:27:17 | 000,422,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/11 20:00:25 | 000,002,304 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/04 21:37:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/06/02 21:11:21 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForADMIN-HP$.job
[2012/06/02 10:28:37 | 000,844,680 | ---- | M] () -- C:\Users\ADMIN\Documents\MPLSHalfMarathon_CourseMap_2012 1.pdf
[2012/06/02 10:23:32 | 000,762,583 | ---- | M] () -- C:\Users\ADMIN\Documents\2012MM Race GuideFinal.pdf
[1 C:\Users\ADMIN\Desktop\*.tmp files -> C:\Users\ADMIN\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/18 21:57:17 | 000,302,592 | ---- | C] () -- C:\Users\ADMIN\Desktop\y2964374.exe
[2012/06/18 21:45:31 | 000,201,030 | ---- | C] () -- C:\Users\ADMIN\Desktop\lspfix.zip
[2012/06/18 20:43:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/18 20:43:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/18 20:43:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/18 20:43:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/18 20:43:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/18 20:27:05 | 000,002,943 | ---- | C] () -- C:\Users\ADMIN\Desktop\HiJackThis.lnk
[2012/06/18 20:26:05 | 001,402,880 | ---- | C] () -- C:\Users\ADMIN\Desktop\HijackThis.msi
[2012/06/18 20:15:48 | 000,881,475 | ---- | C] () -- C:\Users\ADMIN\Desktop\SecurityCheck.exe
[2012/06/17 23:28:54 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/06/04 21:37:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012/06/02 10:28:41 | 000,844,680 | ---- | C] () -- C:\Users\ADMIN\Documents\MPLSHalfMarathon_CourseMap_2012 1.pdf
[2012/06/02 10:23:41 | 000,762,583 | ---- | C] () -- C:\Users\ADMIN\Documents\2012MM Race GuideFinal.pdf
[2011/07/29 12:05:30 | 000,171,908 | ---- | C] () -- C:\Windows\hpoins49.dat
[2011/07/29 12:05:30 | 000,001,241 | ---- | C] () -- C:\Windows\hpomdl49.dat
[2011/05/29 02:49:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/29 02:46:47 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/05/29 02:42:00 | 000,796,852 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/29 02:32:05 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/05/14 00:28:02 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/03/21 21:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/03 23:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2010/12/16 21:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:EA029835

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 20 June 2012 - 01:52 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
    O3 - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:EA029835    
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
    [2012/06/12 22:16:55 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\3r7le1fj.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2011/09/07 14:29:12 | 000,000,925 | ---- | M] () -- C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\3r7le1fj.default\searchplugins\conduit.xml
    [1832/11/28 23:30:07 | 000,004,813 | ---- | M] () (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3R7LE1FJ.DEFAULT\EXTENSIONS\RAYZBQXZFI@RAYZBQXZFI.ORG.XPI
    O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O4 - HKU\S-1-5-21-3309654362-1017491583-4199694645-1001..\Run: [SmileboxTray] C:\Users\ADMIN\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 markp03

markp03
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 20 June 2012 - 05:39 PM

The redirecting is still happening.


========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3309654362-1017491583-4199694645-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37153479-1976-43C3-A1EE-557513977B64} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43C3-A1EE-557513977B64}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\ProgramData\Temp:EA029835 deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ deleted successfully.
C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-3309654362-1017491583-4199694645-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Prefs.js: "Coupons.com Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" removed from keyword.URL
C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\3r7le1fj.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\3r7le1fj.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully.
C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\3r7le1fj.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\3r7le1fj.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\3r7le1fj.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\3r7le1fj.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\3r7le1fj.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\3r7le1fj.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\3r7le1fj.default\searchplugins\conduit.xml moved successfully.
C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\3r7le1fj.default\extensions\rayzbqxzfi@rayzbqxzfi.org.xpi moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.
File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-21-3309654362-1017491583-4199694645-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.
File C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-21-3309654362-1017491583-4199694645-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SmileboxTray deleted successfully.
C:\Users\ADMIN\AppData\Roaming\Smilebox\SmileboxTray.exe moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\ADMIN\Desktop\cmd.bat deleted successfully.
C:\Users\ADMIN\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: ADMIN
->Java cache emptied: 3058860 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 3.00 mb


[EMPTYFLASH]

User: ADMIN
->Flash cache emptied: 12487 bytes

User: All Users

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.50.0 log created on 06202012_173751

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 20 June 2012 - 09:06 PM

Greetings

In which browsers are the redirecting happening - please verify all that are installed


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 markp03

markp03
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 20 June 2012 - 09:39 PM

I have IE, Firefox, and chrome
It appears only chrome is affected, I would have mentioned that early but I thought I had used another browser and got redirected. I might have been mistaken.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 20 June 2012 - 09:55 PM

Greetings


It may have been - we have been doing some cleaning


I would like you to uninstall chrome and if asked about user data or settings the remove that also


restart the computer and reinstall chrome - check things out and report back to me



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 markp03

markp03
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 20 June 2012 - 11:03 PM

Well it seems to be gone. No redirects yet. Thank you gringo!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 AM

Posted 20 June 2012 - 11:15 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 markp03

markp03
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 21 June 2012 - 09:50 PM

µTorrent
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3) MUI
Adobe Shockwave Player 11.5
AMD System Monitor
AMD VISION Engine Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Energy Star Digital Logo
ESET Online Scanner v3
ESU for Microsoft Windows 7
Evernote v. 4.2.2
Google Chrome
Google Update Helper
HiJackThis
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
HPAsset component for HP Active Support Library
IDT Audio
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyScribe
PlayReady PC Runtime x86
PS_AIO_07_C310_SW_Min
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Recovery Manager
Scan
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype™ 5.9
Smilebox
Snagit 10.0.1
Toolbox
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
uTorrentControl2 Toolbar
VitalSource Bookshelf
VLC media player 1.1.11
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users