Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by win32:Aluroot-C[Rtk]


  • This topic is locked This topic is locked
19 replies to this topic

#1 ldpetry

ldpetry

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:44 AM

Posted 21 June 2012 - 04:12 PM


Hi,
My computer is a Dell Inspiron Laptop with Win7, 32 bit, Home Premium.
It's been this way for a couple weeks. Had a friend trying to help me
through TeamViewer, but no luck, so he suggested starting over. I did
that in Feb, I really don't want to lose what I have now. Anywho, here's
what happened. I turned the laptop on, signed on, everything was going just
fine. I opened Mipony as I had files to finish downloading. Then Avast popups
saying it had updated, then it started popping up "Malicious URLS Blocked",
like 1 every second, I saw 8 and it just keep doing that until the Avast dashboard
opened and said to "Fix It" I tried, but it wouldn't let me, said my Win7 wasn't genuine,then the blue screen came on, shutting down my computer.
Then the option came up about start normally,
safe mode, ect. So I started normally, signed on, everything was fine until
the desktop came up, my screen is black but with icons. I can open any icon, go online, ect. for about 5 minutes then the blue screen pops up. I knew it was messed up when I saw the black screen. So my friend said to run Avast boot scan and delete all that came up.
Here's what came up:

File C:ProgramData\Avast software\Avast\arpot\Temp\01CD42A3F686C41A is infected by
win32:Aluroot-C[Rtk]
Deleted

File C:ProgramData\Avast software\Avast\arpot\Temp\1b76e4-afo-2.dat is infected by
win32:Aluroot-C[Rtk]

I ran the Avast boot scan again and the same 2 files come up to be deleted.
I also ran Malwarebytes, CCleaner,& SpyBot in safe mode, no infections showed up.

So I still have a black desktop with icons, as soon as I get there the Avast Malicious
popups start, here's the 2 that are popping up:

Object: http:\\newgenerationp.com/x/
URL: Mal
Process: c:\windows\system\svchost.exe

Object: http:\\oldschoolzzz.com/x/
URL: Mal
Process: c:\windows\system32\svchost.exe

Sorry for the book. Ok, so on to the logs.
Ran Defogger to step 5. Step 6 didn't appear.
All the others ran with no problems.
rubyrose

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.2.0
Run by Darlene at 15:24:25 on 2012-06-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3546.1657 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\ctfmon.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [360Amigo] "c:\program files\360amigo\360Amigo.exe" -autorun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with Mipony - file://c:\program files\mipony\browser\IEContext.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7B46C879-DEC0-4706-97A3-74443C30C21B} : DhcpNameServer = 192.168.2.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\darlene\appdata\roaming\mozilla\firefox\profiles\4by3on2e.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\users\darlene\appdata\roaming\mozilla\firefox\profiles\4by3on2e.default\extensions\coralietab@mozdev.org\plugins\npCoralIETab.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - d06f4fe50000000000000c607621f9cd
FF - user.js: extensions.BabylonToolbar_i.hardId - d06f4fe50000000000000c607621f9cd
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15484
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:19:40
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101368
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S1 AmgHips;AmgHips;c:\windows\system32\drivers\AmgHips.sys [2012-2-15 25248]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-13 612184]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-13 337880]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-13 20696]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-13 57688]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-20 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-13 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-4 654408]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-2-13 1153368]
S2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-2-13 3027840]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-2-14 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-13 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-15 22344]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-7 129976]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-26 1343400]
.
=============== Created Last 30 ================
.
2012-06-20 00:13:54 -------- d-----w- c:\users\darlene\appdata\local\ElevatedDiagnostics
2012-06-19 16:43:17 -------- d-----w- c:\program files\ESET
2012-06-04 22:55:11 711240 ----a-w- c:\windows\isRS-000.tmp
2012-06-01 15:21:18 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a3520729-525f-461c-93c5-848daff303e0}\mpengine.dll
2012-05-24 23:19:12 -------- d-----w- c:\users\darlene\appdata\local\Babylon
2012-05-24 23:19:10 -------- d-----w- c:\users\darlene\appdata\roaming\Babylon
.
==================== Find3M ====================
.
2012-05-17 22:06:46 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-17 22:06:46 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 02:36:11 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 15:25:24.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 22 June 2012 - 07:37 AM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.7.1.0_19.01.2012_17.24.26_log.txt
  • Post that log, please.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registery key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • TDSSKiller log
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 ldpetry

ldpetry
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:44 AM

Posted 22 June 2012 - 07:12 PM



Hello Bleeping*^#@%~,
Thanks for the welcome, your help & time. I ran the TDSSKiller, have a log for ya. After the machine rebooted, I was able to be in normal mode. Yeah!
No blue screen and shutting down every 5 minutes. But when the machine came up, I had this warning.

AVAST
Suspicious files found

Suspicious files have been detected(using a heuristic method).
This may be a sign of malware infection. Please allow the files to
be submitted to our virus lab for analysis.

Further Information

File Name
C:\Windows\Temp\619F.tmp
\??\C:\Windows\TEMP\619F.tmp

Actions to take

Ignore
Delete

I left it at Ignore and clicked OK.

So went to the next step, tried to disable my antivirus, antispyware. None of the instructions given matched Avast, so I tried to disable
as well as I could. Ran ComboFix and got this Warning.

Warning

ComboFix has detected the following real time scanner(s) to be active:

antivirus: avast!Antivirus
antispyware: avast!Antivirus

Antivirus and intrusion prevention programs are known to interfere with ComboFix's running,
This may lead to unpredictable results or possile machine damage.

Please disable these scanners before clicking 'OK'.

So I await your reply and here's at least the TDSSKiller log
rubyrose

16:41:05.0408 1188 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
16:41:06.0162 1188 ============================================================
16:41:06.0162 1188 Current date / time: 2012/06/22 16:41:06.0162
16:41:06.0162 1188 SystemInfo:
16:41:06.0162 1188
16:41:06.0162 1188 OS Version: 6.1.7601 ServicePack: 1.0
16:41:06.0162 1188 Product type: Workstation
16:41:06.0162 1188 ComputerName: PINKLADY2
16:41:06.0162 1188 UserName: Darlene
16:41:06.0162 1188 Windows directory: C:\Windows
16:41:06.0162 1188 System windows directory: C:\Windows
16:41:06.0163 1188 Processor architecture: Intel x86
16:41:06.0163 1188 Number of processors: 2
16:41:06.0163 1188 Page size: 0x1000
16:41:06.0163 1188 Boot type: Safe boot with network
16:41:06.0163 1188 ============================================================
16:41:07.0762 1188 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:41:07.0764 1188 ============================================================
16:41:07.0764 1188 \Device\Harddisk0\DR0:
16:41:07.0764 1188 MBR partitions:
16:41:07.0764 1188 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:41:07.0764 1188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
16:41:07.0764 1188 ============================================================
16:41:07.0803 1188 C: <-> \Device\Harddisk0\DR0\Partition1
16:41:07.0803 1188 ============================================================
16:41:07.0803 1188 Initialize success
16:41:07.0803 1188 ============================================================
16:41:33.0140 3840 ============================================================
16:41:33.0140 3840 Scan started
16:41:33.0140 3840 Mode: Manual; TDLFS;
16:41:33.0140 3840 ============================================================
16:41:36.0360 3840 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
16:41:36.0362 3840 !SASCORE - ok
16:41:36.0538 3840 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
16:41:36.0540 3840 1394ohci - ok
16:41:36.0596 3840 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
16:41:36.0600 3840 ACPI - ok
16:41:36.0625 3840 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
16:41:36.0626 3840 AcpiPmi - ok
16:41:36.0704 3840 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:41:36.0706 3840 AdobeARMservice - ok
16:41:36.0777 3840 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:41:36.0788 3840 AdobeFlashPlayerUpdateSvc - ok
16:41:36.0862 3840 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
16:41:36.0877 3840 adp94xx - ok
16:41:36.0908 3840 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
16:41:36.0912 3840 adpahci - ok
16:41:36.0927 3840 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
16:41:36.0932 3840 adpu320 - ok
16:41:36.0972 3840 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
16:41:36.0974 3840 AeLookupSvc - ok
16:41:37.0023 3840 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
16:41:37.0027 3840 AFD - ok
16:41:37.0044 3840 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
16:41:37.0046 3840 agp440 - ok
16:41:37.0083 3840 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
16:41:37.0084 3840 aic78xx - ok
16:41:37.0123 3840 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
16:41:37.0124 3840 ALG - ok
16:41:37.0157 3840 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
16:41:37.0157 3840 aliide - ok
16:41:37.0168 3840 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
16:41:37.0169 3840 amdagp - ok
16:41:37.0187 3840 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
16:41:37.0188 3840 amdide - ok
16:41:37.0199 3840 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
16:41:37.0200 3840 AmdK8 - ok
16:41:37.0215 3840 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
16:41:37.0216 3840 AmdPPM - ok
16:41:37.0244 3840 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
16:41:37.0246 3840 amdsata - ok
16:41:37.0293 3840 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
16:41:37.0330 3840 amdsbs - ok
16:41:37.0344 3840 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
16:41:37.0345 3840 amdxata - ok
16:41:37.0395 3840 AmgHips (81ef334cda7a222ce88f41b7697b86f4) C:\Windows\system32\Drivers\AmgHips.sys
16:41:37.0396 3840 AmgHips - ok
16:41:37.0413 3840 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
16:41:37.0414 3840 AppID - ok
16:41:37.0440 3840 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
16:41:37.0441 3840 AppIDSvc - ok
16:41:37.0474 3840 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
16:41:37.0476 3840 Appinfo - ok
16:41:37.0562 3840 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:41:37.0566 3840 Apple Mobile Device - ok
16:41:37.0607 3840 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
16:41:37.0609 3840 arc - ok
16:41:37.0658 3840 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
16:41:37.0660 3840 arcsas - ok
16:41:37.0697 3840 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
16:41:37.0698 3840 aswFsBlk - ok
16:41:37.0732 3840 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
16:41:37.0733 3840 aswMonFlt - ok
16:41:37.0783 3840 aswRdr (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys
16:41:37.0784 3840 aswRdr - ok
16:41:37.0835 3840 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
16:41:37.0853 3840 aswSnx - ok
16:41:37.0883 3840 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
16:41:37.0890 3840 aswSP - ok
16:41:37.0922 3840 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
16:41:37.0923 3840 aswTdi - ok
16:41:37.0955 3840 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:41:37.0956 3840 AsyncMac - ok
16:41:37.0977 3840 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
16:41:37.0977 3840 atapi - ok
16:41:38.0031 3840 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:41:38.0043 3840 AudioEndpointBuilder - ok
16:41:38.0058 3840 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:41:38.0062 3840 Audiosrv - ok
16:41:38.0138 3840 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:41:38.0141 3840 avast! Antivirus - ok
16:41:38.0182 3840 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
16:41:38.0203 3840 AxInstSV - ok
16:41:38.0264 3840 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
16:41:38.0269 3840 b06bdrv - ok
16:41:38.0375 3840 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:41:38.0404 3840 b57nd60x - ok
16:41:38.0599 3840 BCM43XX (f9ce9b5e049efc66b8e6c73c18ee8438) C:\Windows\system32\DRIVERS\bcmwl6.sys
16:41:38.0616 3840 BCM43XX - ok
16:41:38.0760 3840 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
16:41:38.0762 3840 BDESVC - ok
16:41:38.0820 3840 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:41:38.0821 3840 Beep - ok
16:41:38.0880 3840 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
16:41:38.0906 3840 BFE - ok
16:41:38.0955 3840 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
16:41:38.0997 3840 BITS - ok
16:41:39.0021 3840 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:41:39.0022 3840 blbdrive - ok
16:41:39.0130 3840 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:41:39.0139 3840 Bonjour Service - ok
16:41:39.0165 3840 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
16:41:39.0166 3840 bowser - ok
16:41:39.0186 3840 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
16:41:39.0187 3840 BrFiltLo - ok
16:41:39.0195 3840 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
16:41:39.0196 3840 BrFiltUp - ok
16:41:39.0222 3840 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
16:41:39.0224 3840 Browser - ok
16:41:39.0254 3840 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:41:39.0284 3840 Brserid - ok
16:41:39.0292 3840 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:41:39.0293 3840 BrSerWdm - ok
16:41:39.0308 3840 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:41:39.0309 3840 BrUsbMdm - ok
16:41:39.0315 3840 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:41:39.0316 3840 BrUsbSer - ok
16:41:39.0324 3840 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
16:41:39.0325 3840 BTHMODEM - ok
16:41:39.0374 3840 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
16:41:39.0376 3840 bthserv - ok
16:41:39.0411 3840 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:41:39.0412 3840 cdfs - ok
16:41:39.0456 3840 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
16:41:39.0458 3840 cdrom - ok
16:41:39.0474 3840 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:41:39.0475 3840 CertPropSvc - ok
16:41:39.0494 3840 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
16:41:39.0496 3840 circlass - ok
16:41:39.0522 3840 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:41:39.0525 3840 CLFS - ok
16:41:39.0576 3840 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:41:39.0581 3840 clr_optimization_v2.0.50727_32 - ok
16:41:39.0633 3840 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:41:39.0660 3840 clr_optimization_v4.0.30319_32 - ok
16:41:39.0678 3840 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:41:39.0679 3840 CmBatt - ok
16:41:39.0690 3840 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
16:41:39.0691 3840 cmdide - ok
16:41:39.0762 3840 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
16:41:39.0801 3840 CNG - ok
16:41:39.0817 3840 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:41:39.0818 3840 Compbatt - ok
16:41:39.0871 3840 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:41:39.0872 3840 CompositeBus - ok
16:41:39.0883 3840 COMSysApp - ok
16:41:39.0898 3840 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
16:41:39.0899 3840 crcdisk - ok
16:41:39.0948 3840 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
16:41:39.0953 3840 CryptSvc - ok
16:41:40.0002 3840 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
16:41:40.0003 3840 dc3d - ok
16:41:40.0045 3840 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:41:40.0052 3840 DcomLaunch - ok
16:41:40.0095 3840 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
16:41:40.0118 3840 defragsvc - ok
16:41:40.0145 3840 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
16:41:40.0147 3840 DfsC - ok
16:41:40.0193 3840 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
16:41:40.0197 3840 Dhcp - ok
16:41:40.0226 3840 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:41:40.0227 3840 discache - ok
16:41:40.0267 3840 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
16:41:40.0269 3840 Disk - ok
16:41:40.0306 3840 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
16:41:40.0337 3840 Dnscache - ok
16:41:40.0388 3840 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
16:41:40.0436 3840 dot3svc - ok
16:41:40.0453 3840 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
16:41:40.0469 3840 DPS - ok
16:41:40.0515 3840 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:41:40.0516 3840 drmkaud - ok
16:41:40.0576 3840 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
16:41:40.0588 3840 DXGKrnl - ok
16:41:40.0605 3840 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
16:41:40.0612 3840 EapHost - ok
16:41:40.0816 3840 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
16:41:40.0875 3840 ebdrv - ok
16:41:40.0977 3840 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
16:41:40.0979 3840 EFS - ok
16:41:41.0057 3840 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
16:41:41.0077 3840 ehRecvr - ok
16:41:41.0094 3840 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
16:41:41.0096 3840 ehSched - ok
16:41:41.0163 3840 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
16:41:41.0176 3840 elxstor - ok
16:41:41.0198 3840 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
16:41:41.0199 3840 ErrDev - ok
16:41:41.0249 3840 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
16:41:41.0263 3840 EventSystem - ok
16:41:41.0286 3840 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:41:41.0291 3840 exfat - ok
16:41:41.0316 3840 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:41:41.0332 3840 fastfat - ok
16:41:41.0408 3840 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
16:41:41.0430 3840 Fax - ok
16:41:41.0452 3840 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
16:41:41.0454 3840 fdc - ok
16:41:41.0467 3840 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
16:41:41.0468 3840 fdPHost - ok
16:41:41.0490 3840 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
16:41:41.0492 3840 FDResPub - ok
16:41:41.0511 3840 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:41:41.0512 3840 FileInfo - ok
16:41:41.0522 3840 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:41:41.0523 3840 Filetrace - ok
16:41:41.0528 3840 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
16:41:41.0529 3840 flpydisk - ok
16:41:41.0565 3840 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:41:41.0601 3840 FltMgr - ok
16:41:41.0687 3840 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
16:41:41.0702 3840 FontCache - ok
16:41:41.0799 3840 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:41:41.0812 3840 FontCache3.0.0.0 - ok
16:41:41.0837 3840 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:41:41.0839 3840 FsDepends - ok
16:41:41.0861 3840 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
16:41:41.0862 3840 Fs_Rec - ok
16:41:41.0886 3840 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
16:41:41.0889 3840 fvevol - ok
16:41:41.0927 3840 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
16:41:41.0929 3840 gagp30kx - ok
16:41:41.0977 3840 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:41:41.0978 3840 GEARAspiWDM - ok
16:41:42.0030 3840 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
16:41:42.0059 3840 gpsvc - ok
16:41:42.0129 3840 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:41:42.0145 3840 gupdate - ok
16:41:42.0153 3840 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:41:42.0154 3840 gupdatem - ok
16:41:42.0183 3840 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:41:42.0184 3840 hcw85cir - ok
16:41:42.0239 3840 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
16:41:42.0252 3840 HdAudAddService - ok
16:41:42.0305 3840 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:41:42.0307 3840 HDAudBus - ok
16:41:42.0312 3840 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
16:41:42.0313 3840 HidBatt - ok
16:41:42.0328 3840 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
16:41:42.0329 3840 HidBth - ok
16:41:42.0356 3840 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
16:41:42.0389 3840 HidIr - ok
16:41:42.0431 3840 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
16:41:42.0433 3840 hidserv - ok
16:41:42.0469 3840 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
16:41:42.0470 3840 HidUsb - ok
16:41:42.0489 3840 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
16:41:42.0496 3840 hkmsvc - ok
16:41:42.0552 3840 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
16:41:42.0581 3840 HomeGroupListener - ok
16:41:42.0620 3840 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
16:41:42.0623 3840 HomeGroupProvider - ok
16:41:42.0638 3840 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
16:41:42.0640 3840 HpSAMD - ok
16:41:42.0686 3840 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
16:41:42.0692 3840 HTTP - ok
16:41:42.0725 3840 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
16:41:42.0726 3840 hwpolicy - ok
16:41:42.0763 3840 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
16:41:42.0764 3840 i8042prt - ok
16:41:42.0828 3840 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
16:41:42.0835 3840 iaStorV - ok
16:41:42.0983 3840 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:41:43.0000 3840 idsvc - ok
16:41:43.0609 3840 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:41:43.0796 3840 igfx - ok
16:41:43.0948 3840 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
16:41:43.0949 3840 iirsp - ok
16:41:44.0028 3840 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
16:41:44.0045 3840 IKEEXT - ok
16:41:44.0085 3840 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
16:41:44.0086 3840 intelide - ok
16:41:44.0127 3840 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:41:44.0129 3840 intelppm - ok
16:41:44.0141 3840 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
16:41:44.0143 3840 IPBusEnum - ok
16:41:44.0195 3840 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:41:44.0196 3840 IpFilterDriver - ok
16:41:44.0254 3840 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
16:41:44.0290 3840 iphlpsvc - ok
16:41:44.0298 3840 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
16:41:44.0300 3840 IPMIDRV - ok
16:41:44.0310 3840 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:41:44.0311 3840 IPNAT - ok
16:41:44.0445 3840 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
16:41:44.0463 3840 iPod Service - ok
16:41:44.0502 3840 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:41:44.0503 3840 IRENUM - ok
16:41:44.0523 3840 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
16:41:44.0524 3840 isapnp - ok
16:41:44.0558 3840 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
16:41:44.0605 3840 iScsiPrt - ok
16:41:44.0634 3840 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:41:44.0635 3840 kbdclass - ok
16:41:44.0657 3840 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
16:41:44.0658 3840 kbdhid - ok
16:41:44.0688 3840 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:41:44.0690 3840 KeyIso - ok
16:41:44.0712 3840 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
16:41:44.0713 3840 KSecDD - ok
16:41:44.0752 3840 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
16:41:44.0757 3840 KSecPkg - ok
16:41:44.0800 3840 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
16:41:44.0834 3840 KtmRm - ok
16:41:44.0892 3840 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
16:41:44.0907 3840 LanmanServer - ok
16:41:44.0955 3840 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
16:41:44.0958 3840 LanmanWorkstation - ok
16:41:45.0003 3840 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:41:45.0004 3840 lltdio - ok
16:41:45.0038 3840 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
16:41:45.0053 3840 lltdsvc - ok
16:41:45.0081 3840 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
16:41:45.0083 3840 lmhosts - ok
16:41:45.0121 3840 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
16:41:45.0123 3840 LSI_FC - ok
16:41:45.0167 3840 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
16:41:45.0169 3840 LSI_SAS - ok
16:41:45.0189 3840 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
16:41:45.0190 3840 LSI_SAS2 - ok
16:41:45.0205 3840 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
16:41:45.0206 3840 LSI_SCSI - ok
16:41:45.0239 3840 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:41:45.0241 3840 luafv - ok
16:41:45.0276 3840 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
16:41:45.0277 3840 MBAMProtector - ok
16:41:45.0393 3840 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:41:45.0422 3840 MBAMService - ok
16:41:45.0459 3840 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
16:41:45.0462 3840 Mcx2Svc - ok
16:41:45.0527 3840 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
16:41:45.0528 3840 megasas - ok
16:41:45.0555 3840 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
16:41:45.0558 3840 MegaSR - ok
16:41:45.0603 3840 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:41:45.0605 3840 MMCSS - ok
16:41:45.0653 3840 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:41:45.0654 3840 Modem - ok
16:41:45.0681 3840 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:41:45.0682 3840 monitor - ok
16:41:45.0707 3840 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:41:45.0708 3840 mouclass - ok
16:41:45.0715 3840 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:41:45.0716 3840 mouhid - ok
16:41:45.0739 3840 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
16:41:45.0740 3840 mountmgr - ok
16:41:45.0807 3840 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:41:45.0813 3840 MozillaMaintenance - ok
16:41:45.0872 3840 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
16:41:45.0878 3840 mpio - ok
16:41:45.0910 3840 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:41:45.0911 3840 mpsdrv - ok
16:41:45.0994 3840 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
16:41:46.0035 3840 MpsSvc - ok
16:41:46.0102 3840 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
16:41:46.0104 3840 MRxDAV - ok
16:41:46.0136 3840 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:41:46.0142 3840 mrxsmb - ok
16:41:46.0196 3840 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:41:46.0242 3840 mrxsmb10 - ok
16:41:46.0292 3840 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:41:46.0294 3840 mrxsmb20 - ok
16:41:46.0310 3840 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
16:41:46.0310 3840 msahci - ok
16:41:46.0333 3840 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
16:41:46.0335 3840 msdsm - ok
16:41:46.0387 3840 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
16:41:46.0404 3840 MSDTC - ok
16:41:46.0466 3840 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:41:46.0467 3840 Msfs - ok
16:41:46.0476 3840 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:41:46.0477 3840 mshidkmdf - ok
16:41:46.0495 3840 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
16:41:46.0496 3840 msisadrv - ok
16:41:46.0558 3840 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
16:41:46.0565 3840 MSiSCSI - ok
16:41:46.0569 3840 msiserver - ok
16:41:46.0630 3840 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:41:46.0631 3840 MSKSSRV - ok
16:41:46.0648 3840 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:41:46.0649 3840 MSPCLOCK - ok
16:41:46.0654 3840 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:41:46.0655 3840 MSPQM - ok
16:41:46.0700 3840 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:41:46.0716 3840 MsRPC - ok
16:41:46.0736 3840 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
16:41:46.0737 3840 mssmbios - ok
16:41:46.0754 3840 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:41:46.0755 3840 MSTEE - ok
16:41:46.0760 3840 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
16:41:46.0761 3840 MTConfig - ok
16:41:46.0774 3840 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:41:46.0776 3840 Mup - ok
16:41:46.0810 3840 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
16:41:46.0815 3840 napagent - ok
16:41:46.0882 3840 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:41:46.0893 3840 NativeWifiP - ok
16:41:46.0953 3840 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
16:41:46.0961 3840 NDIS - ok
16:41:46.0976 3840 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:41:46.0978 3840 NdisCap - ok
16:41:47.0003 3840 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:41:47.0004 3840 NdisTapi - ok
16:41:47.0018 3840 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
16:41:47.0020 3840 Ndisuio - ok
16:41:47.0044 3840 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
16:41:47.0055 3840 NdisWan - ok
16:41:47.0067 3840 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
16:41:47.0069 3840 NDProxy - ok
16:41:47.0085 3840 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:41:47.0086 3840 NetBIOS - ok
16:41:47.0113 3840 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
16:41:47.0116 3840 NetBT - ok
16:41:47.0143 3840 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:41:47.0145 3840 Netlogon - ok
16:41:47.0197 3840 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
16:41:47.0207 3840 Netman - ok
16:41:47.0241 3840 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
16:41:47.0247 3840 netprofm - ok
16:41:47.0338 3840 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:41:47.0343 3840 NetTcpPortSharing - ok
16:41:47.0371 3840 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
16:41:47.0372 3840 nfrd960 - ok
16:41:47.0400 3840 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
16:41:47.0445 3840 NlaSvc - ok
16:41:47.0464 3840 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:41:47.0465 3840 Npfs - ok
16:41:47.0476 3840 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
16:41:47.0480 3840 nsi - ok
16:41:47.0493 3840 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:41:47.0493 3840 nsiproxy - ok
16:41:47.0613 3840 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
16:41:47.0643 3840 Ntfs - ok
16:41:47.0704 3840 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys
16:41:47.0705 3840 NuidFltr - ok
16:41:47.0733 3840 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:41:47.0734 3840 Null - ok
16:41:47.0777 3840 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
16:41:47.0779 3840 nvraid - ok
16:41:47.0805 3840 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
16:41:47.0810 3840 nvstor - ok
16:41:47.0831 3840 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
16:41:47.0833 3840 nv_agp - ok
16:41:47.0842 3840 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
16:41:47.0843 3840 ohci1394 - ok
16:41:47.0895 3840 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:41:47.0919 3840 p2pimsvc - ok
16:41:47.0977 3840 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
16:41:48.0001 3840 p2psvc - ok
16:41:48.0026 3840 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
16:41:48.0028 3840 Parport - ok
16:41:48.0056 3840 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
16:41:48.0057 3840 partmgr - ok
16:41:48.0071 3840 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
16:41:48.0072 3840 Parvdm - ok
16:41:48.0103 3840 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
16:41:48.0133 3840 PcaSvc - ok
16:41:48.0166 3840 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
16:41:48.0181 3840 pci - ok
16:41:48.0199 3840 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
16:41:48.0200 3840 pciide - ok
16:41:48.0232 3840 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
16:41:48.0236 3840 pcmcia - ok
16:41:48.0292 3840 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
16:41:48.0293 3840 pcouffin - ok
16:41:48.0324 3840 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:41:48.0326 3840 pcw - ok
16:41:48.0379 3840 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:41:48.0399 3840 PEAUTH - ok
16:41:48.0554 3840 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
16:41:48.0606 3840 pla - ok
16:41:48.0760 3840 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
16:41:48.0766 3840 PlugPlay - ok
16:41:49.0046 3840 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
16:41:49.0063 3840 PNRPAutoReg - ok
16:41:49.0150 3840 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:41:49.0154 3840 PNRPsvc - ok
16:41:49.0226 3840 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys
16:41:49.0228 3840 Point32 - ok
16:41:49.0264 3840 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
16:41:49.0282 3840 PolicyAgent - ok
16:41:49.0319 3840 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
16:41:49.0335 3840 Power - ok
16:41:49.0370 3840 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:41:49.0371 3840 PptpMiniport - ok
16:41:49.0393 3840 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
16:41:49.0394 3840 Processor - ok
16:41:49.0436 3840 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
16:41:49.0462 3840 ProfSvc - ok
16:41:49.0488 3840 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:41:49.0489 3840 ProtectedStorage - ok
16:41:49.0532 3840 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:41:49.0534 3840 Psched - ok
16:41:49.0674 3840 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
16:41:49.0707 3840 ql2300 - ok
16:41:49.0855 3840 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
16:41:49.0857 3840 ql40xx - ok
16:41:49.0915 3840 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
16:41:49.0944 3840 QWAVE - ok
16:41:49.0983 3840 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:41:49.0984 3840 QWAVEdrv - ok
16:41:49.0997 3840 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:41:49.0998 3840 RasAcd - ok
16:41:50.0026 3840 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:41:50.0028 3840 RasAgileVpn - ok
16:41:50.0084 3840 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
16:41:50.0091 3840 RasAuto - ok
16:41:50.0116 3840 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:41:50.0118 3840 Rasl2tp - ok
16:41:50.0171 3840 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
16:41:50.0207 3840 RasMan - ok
16:41:50.0215 3840 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:41:50.0217 3840 RasPppoe - ok
16:41:50.0251 3840 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:41:50.0253 3840 RasSstp - ok
16:41:50.0292 3840 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
16:41:50.0295 3840 rdbss - ok
16:41:50.0311 3840 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
16:41:50.0312 3840 rdpbus - ok
16:41:50.0322 3840 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:41:50.0322 3840 RDPCDD - ok
16:41:50.0348 3840 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:41:50.0348 3840 RDPENCDD - ok
16:41:50.0383 3840 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:41:50.0384 3840 RDPREFMP - ok
16:41:50.0421 3840 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
16:41:50.0424 3840 RDPWD - ok
16:41:50.0451 3840 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
16:41:50.0467 3840 rdyboost - ok
16:41:50.0494 3840 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
16:41:50.0497 3840 RemoteAccess - ok
16:41:50.0524 3840 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
16:41:50.0537 3840 RemoteRegistry - ok
16:41:50.0567 3840 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
16:41:50.0570 3840 RpcEptMapper - ok
16:41:50.0622 3840 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
16:41:50.0624 3840 RpcLocator - ok
16:41:50.0655 3840 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:41:50.0660 3840 RpcSs - ok
16:41:50.0696 3840 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:41:50.0698 3840 rspndr - ok
16:41:50.0745 3840 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
16:41:50.0748 3840 RTL8167 - ok
16:41:50.0776 3840 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:41:50.0778 3840 SamSs - ok
16:41:50.0858 3840 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:41:50.0858 3840 SASDIFSV - ok
16:41:50.0876 3840 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:41:50.0878 3840 SASKUTIL - ok
16:41:50.0907 3840 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
16:41:50.0909 3840 sbp2port - ok
16:41:51.0047 3840 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
16:41:51.0078 3840 SBSDWSCService - ok
16:41:51.0110 3840 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
16:41:51.0126 3840 SCardSvr - ok
16:41:51.0150 3840 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
16:41:51.0151 3840 scfilter - ok
16:41:51.0222 3840 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
16:41:51.0245 3840 Schedule - ok
16:41:51.0268 3840 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:41:51.0269 3840 SCPolicySvc - ok
16:41:51.0291 3840 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
16:41:51.0294 3840 SDRSVC - ok
16:41:51.0325 3840 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:41:51.0326 3840 secdrv - ok
16:41:51.0347 3840 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
16:41:51.0350 3840 seclogon - ok
16:41:51.0392 3840 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
16:41:51.0394 3840 SENS - ok
16:41:51.0413 3840 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
16:41:51.0416 3840 SensrSvc - ok
16:41:51.0440 3840 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
16:41:51.0441 3840 Serenum - ok
16:41:51.0519 3840 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
16:41:51.0521 3840 Serial - ok
16:41:51.0526 3840 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
16:41:51.0527 3840 sermouse - ok
16:41:51.0584 3840 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
16:41:51.0591 3840 SessionEnv - ok
16:41:51.0602 3840 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
16:41:51.0603 3840 sffdisk - ok
16:41:51.0613 3840 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
16:41:51.0614 3840 sffp_mmc - ok
16:41:51.0624 3840 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
16:41:51.0625 3840 sffp_sd - ok
16:41:51.0644 3840 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
16:41:51.0677 3840 sfloppy - ok
16:41:51.0757 3840 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
16:41:51.0777 3840 SharedAccess - ok
16:41:51.0828 3840 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
16:41:51.0868 3840 ShellHWDetection - ok
16:41:51.0891 3840 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
16:41:51.0892 3840 sisagp - ok
16:41:51.0922 3840 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
16:41:51.0924 3840 SiSRaid2 - ok
16:41:51.0937 3840 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
16:41:51.0938 3840 SiSRaid4 - ok
16:41:51.0952 3840 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:41:51.0953 3840 Smb - ok
16:41:52.0017 3840 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
16:41:52.0019 3840 SNMPTRAP - ok
16:41:52.0034 3840 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:41:52.0035 3840 spldr - ok
16:41:52.0100 3840 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
16:41:52.0135 3840 Spooler - ok
16:41:52.0362 3840 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
16:41:52.0433 3840 sppsvc - ok
16:41:52.0555 3840 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
16:41:52.0558 3840 sppuinotify - ok
16:41:52.0617 3840 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
16:41:52.0637 3840 srv - ok
16:41:52.0681 3840 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
16:41:52.0690 3840 srv2 - ok
16:41:52.0713 3840 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
16:41:52.0720 3840 srvnet - ok
16:41:52.0748 3840 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
16:41:52.0763 3840 SSDPSRV - ok
16:41:52.0785 3840 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
16:41:52.0788 3840 SstpSvc - ok
16:41:52.0827 3840 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
16:41:52.0828 3840 stexstor - ok
16:41:52.0900 3840 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
16:41:52.0914 3840 StiSvc - ok
16:41:52.0928 3840 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
16:41:52.0929 3840 swenum - ok
16:41:52.0957 3840 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
16:41:52.0973 3840 swprv - ok
16:41:53.0085 3840 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
16:41:53.0118 3840 SysMain - ok
16:41:53.0130 3840 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
16:41:53.0133 3840 TabletInputService - ok
16:41:53.0160 3840 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
16:41:53.0174 3840 TapiSrv - ok
16:41:53.0192 3840 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
16:41:53.0195 3840 TBS - ok
16:41:53.0347 3840 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
16:41:53.0374 3840 Tcpip - ok
16:41:53.0415 3840 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
16:41:53.0423 3840 TCPIP6 - ok
16:41:53.0454 3840 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
16:41:53.0455 3840 tcpipreg - ok
16:41:53.0488 3840 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
16:41:53.0489 3840 TDPIPE - ok
16:41:53.0520 3840 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
16:41:53.0521 3840 TDTCP - ok
16:41:53.0543 3840 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
16:41:53.0544 3840 tdx - ok
16:41:53.0805 3840 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
16:41:53.0853 3840 TeamViewer7 - ok
16:41:53.0957 3840 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
16:41:53.0958 3840 TermDD - ok
16:41:54.0007 3840 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
16:41:54.0030 3840 TermService - ok
16:41:54.0055 3840 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
16:41:54.0058 3840 Themes - ok
16:41:54.0091 3840 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:41:54.0092 3840 THREADORDER - ok
16:41:54.0122 3840 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
16:41:54.0125 3840 TrkWks - ok
16:41:54.0410 3840 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
16:41:54.0423 3840 TrustedInstaller - ok
16:41:54.0447 3840 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:41:54.0448 3840 tssecsrv - ok
16:41:54.0483 3840 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
16:41:54.0484 3840 TsUsbFlt - ok
16:41:54.0494 3840 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
16:41:54.0496 3840 TsUsbGD - ok
16:41:54.0528 3840 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
16:41:54.0530 3840 tunnel - ok
16:41:54.0537 3840 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
16:41:54.0539 3840 uagp35 - ok
16:41:54.0564 3840 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
16:41:54.0576 3840 udfs - ok
16:41:54.0615 3840 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
16:41:54.0618 3840 UI0Detect - ok
16:41:54.0631 3840 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
16:41:54.0632 3840 uliagpkx - ok
16:41:54.0671 3840 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
16:41:54.0672 3840 umbus - ok
16:41:54.0676 3840 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
16:41:54.0677 3840 UmPass - ok
16:41:54.0729 3840 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
16:41:54.0734 3840 upnphost - ok
16:41:54.0765 3840 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
16:41:54.0767 3840 USBAAPL - ok
16:41:54.0793 3840 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
16:41:54.0795 3840 usbccgp - ok
16:41:54.0803 3840 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
16:41:54.0805 3840 usbcir - ok
16:41:54.0827 3840 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
16:41:54.0829 3840 usbehci - ok
16:41:54.0865 3840 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
16:41:54.0876 3840 usbhub - ok
16:41:54.0894 3840 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
16:41:54.0895 3840 usbohci - ok
16:41:54.0922 3840 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
16:41:54.0923 3840 usbprint - ok
16:41:54.0938 3840 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:41:54.0940 3840 USBSTOR - ok
16:41:54.0969 3840 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:41:54.0970 3840 usbuhci - ok
16:41:55.0047 3840 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
16:41:55.0051 3840 usbvideo - ok
16:41:55.0081 3840 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
16:41:55.0084 3840 UxSms - ok
16:41:55.0120 3840 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:41:55.0122 3840 VaultSvc - ok
16:41:55.0145 3840 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
16:41:55.0147 3840 vdrvroot - ok
16:41:55.0192 3840 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
16:41:55.0205 3840 vds - ok
16:41:55.0227 3840 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:41:55.0228 3840 vga - ok
16:41:55.0243 3840 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:41:55.0244 3840 VgaSave - ok
16:41:55.0257 3840 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
16:41:55.0259 3840 vhdmp - ok
16:41:55.0280 3840 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
16:41:55.0282 3840 viaagp - ok
16:41:55.0289 3840 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
16:41:55.0291 3840 ViaC7 - ok
16:41:55.0317 3840 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
16:41:55.0319 3840 viaide - ok
16:41:55.0341 3840 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
16:41:55.0343 3840 volmgr - ok
16:41:55.0380 3840 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:41:55.0383 3840 volmgrx - ok
16:41:55.0417 3840 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
16:41:55.0421 3840 volsnap - ok
16:41:55.0474 3840 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
16:41:55.0479 3840 vsmraid - ok
16:41:55.0568 3840 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
16:41:55.0595 3840 VSS - ok
16:41:55.0633 3840 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
16:41:55.0634 3840 vwifibus - ok
16:41:55.0648 3840 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
16:41:55.0650 3840 vwififlt - ok
16:41:55.0684 3840 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
16:41:55.0716 3840 W32Time - ok
16:41:55.0737 3840 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
16:41:55.0738 3840 WacomPen - ok
16:41:55.0760 3840 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:41:55.0761 3840 WANARP - ok
16:41:55.0765 3840 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:41:55.0766 3840 Wanarpv6 - ok
16:41:55.0880 3840 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
16:41:55.0917 3840 WatAdminSvc - ok
16:41:56.0041 3840 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
16:41:56.0087 3840 wbengine - ok
16:41:56.0128 3840 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
16:41:56.0151 3840 WbioSrvc - ok
16:41:56.0208 3840 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
16:41:56.0229 3840 wcncsvc - ok
16:41:56.0260 3840 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
16:41:56.0263 3840 WcsPlugInService - ok
16:41:56.0301 3840 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
16:41:56.0302 3840 Wd - ok
16:41:56.0347 3840 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:41:56.0385 3840 Wdf01000 - ok
16:41:56.0428 3840 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:41:56.0436 3840 WdiServiceHost - ok
16:41:56.0440 3840 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:41:56.0443 3840 WdiSystemHost - ok
16:41:56.0463 3840 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
16:41:56.0467 3840 WebClient - ok
16:41:56.0535 3840 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
16:41:56.0539 3840 Wecsvc - ok
16:41:56.0591 3840 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
16:41:56.0594 3840 wercplsupport - ok
16:41:56.0627 3840 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
16:41:56.0630 3840 WerSvc - ok
16:41:56.0660 3840 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:41:56.0661 3840 WfpLwf - ok
16:41:56.0680 3840 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:41:56.0681 3840 WIMMount - ok
16:41:56.0763 3840 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
16:41:56.0780 3840 WinDefend - ok
16:41:56.0790 3840 WinHttpAutoProxySvc - ok
16:41:56.0878 3840 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
16:41:56.0893 3840 Winmgmt - ok
16:41:56.0992 3840 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
16:41:57.0019 3840 WinRM - ok
16:41:57.0090 3840 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
16:41:57.0091 3840 WinUsb - ok
16:41:57.0179 3840 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
16:41:57.0197 3840 Wlansvc - ok
16:41:57.0230 3840 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:41:57.0230 3840 WmiAcpi - ok
16:41:57.0295 3840 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
16:41:57.0312 3840 wmiApSrv - ok
16:41:57.0440 3840 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:41:57.0477 3840 WMPNetworkSvc - ok
16:41:57.0506 3840 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
16:41:57.0509 3840 WPCSvc - ok
16:41:57.0524 3840 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
16:41:57.0528 3840 WPDBusEnum - ok
16:41:57.0570 3840 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:41:57.0571 3840 ws2ifsl - ok
16:41:57.0589 3840 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
16:41:57.0594 3840 wscsvc - ok
16:41:57.0601 3840 WSearch - ok
16:41:57.0747 3840 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
16:41:57.0780 3840 wuauserv - ok
16:41:57.0918 3840 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
16:41:57.0920 3840 WudfPf - ok
16:41:57.0952 3840 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:41:57.0957 3840 WUDFRd - ok
16:41:58.0011 3840 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
16:41:58.0014 3840 wudfsvc - ok
16:41:58.0077 3840 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
16:41:58.0093 3840 WwanSvc - ok
16:41:58.0122 3840 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:41:58.0149 3840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
16:41:58.0149 3840 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
16:41:58.0178 3840 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:41:58.0178 3840 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:41:58.0224 3840 Boot (0x1200) (424c26b5cab51be0fa25465f1947ae93) \Device\Harddisk0\DR0\Partition0
16:41:58.0226 3840 \Device\Harddisk0\DR0\Partition0 - ok
16:41:58.0236 3840 Boot (0x1200) (af79402fb71d563a9d856453934084f1) \Device\Harddisk0\DR0\Partition1
16:41:58.0238 3840 \Device\Harddisk0\DR0\Partition1 - ok
16:41:58.0238 3840 ============================================================
16:41:58.0238 3840 Scan finished
16:41:58.0238 3840 ============================================================
16:41:58.0251 3824 Detected object count: 2
16:41:58.0251 3824 Actual detected object count: 2
16:48:29.0962 3824 \Device\Harddisk0\DR0\# - copied to quarantine
16:48:29.0962 3824 \Device\Harddisk0\DR0 - copied to quarantine
16:48:30.0046 3824 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
16:48:30.0059 3824 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:48:30.0062 3824 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
16:48:30.0077 3824 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:48:30.0088 3824 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:48:30.0089 3824 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
16:48:30.0090 3824 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
16:48:30.0093 3824 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
16:48:30.0095 3824 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:48:30.0098 3824 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:48:30.0099 3824 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
16:48:30.0101 3824 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
16:48:30.0146 3824 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
16:48:30.0147 3824 \Device\Harddisk0\DR0 - ok
16:48:30.0154 3824 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
16:48:30.0154 3824 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:48:30.0154 3824 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:48:36.0213 3212 Deinitialize success

#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 22 June 2012 - 09:59 PM

Try the instructions in this LINK to disable avast. If that doesn't work, run ComboFix from the Safe Mode.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 ldpetry

ldpetry
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:44 AM

Posted 23 June 2012 - 11:14 AM


Good Afternoon Bleeping*^#@%~,
I thought there is where I should have gone to disable Avast after I sent the email, but wanted to know for sure.
I also received overnight Window updates with a message my computer would restart in 10 minutes, ect. I've seen
that message before, so I clicked for it to wait. I ran ComboFix again in normal mode. Here's the ComboFix log.
I'll await your response.
rubyrose

ComboFix 12-06-23.05 - Darlene 06/23/2012 11:40:34.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3546.2142 [GMT -4:00]
Running from: c:\users\Darlene\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Darlene\AppData\Roaming\inst.exe
c:\users\Darlene\AppData\Roaming\vso_ts_preview.xml
c:\windows\isRS-000.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 15:53 . 2012-06-23 15:54 -------- d-----w- c:\users\Darlene\AppData\Local\temp
2012-06-23 15:53 . 2012-06-23 15:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 22:47 . 2012-06-22 22:47 -------- d-----w- c:\users\Darlene\AppData\Local\Macromedia
2012-06-22 21:33 . 2012-06-22 21:33 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50F65370-AA69-4E63-921C-BAEE761563CF}\offreg.dll
2012-06-22 20:59 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50F65370-AA69-4E63-921C-BAEE761563CF}\mpengine.dll
2012-06-22 20:54 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 20:54 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 20:54 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 20:54 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 20:53 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 20:53 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 20:48 . 2012-06-22 20:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-20 00:13 . 2012-06-20 00:13 -------- d-----w- c:\users\Darlene\AppData\Local\ElevatedDiagnostics
2012-06-19 16:43 . 2012-06-19 16:43 -------- d-----w- c:\program files\ESET
2012-05-24 23:19 . 2012-05-24 23:19 237 ----a-w- C:\user.js
2012-05-24 23:19 . 2012-05-24 23:19 -------- d-----w- c:\users\Darlene\AppData\Local\Babylon
2012-05-24 23:19 . 2012-05-24 23:19 -------- d-----w- c:\users\Darlene\AppData\Roaming\Babylon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-22 20:52 . 2012-02-14 09:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 20:52 . 2012-02-14 09:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 19:56 . 2012-02-16 01:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 04:39 . 2012-05-10 21:02 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 21:02 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 02:36 . 2012-05-10 21:02 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:23 . 2012-05-10 21:02 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-07 22:55 . 2012-02-13 10:11 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"360Amigo"="c:\program files\360Amigo\360Amigo.exe" [2012-02-16 5334816]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-21 3905408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 17:19 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-13 136176]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-13 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-07 129976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-26 1343400]
S1 AmgHips;AmgHips;c:\windows\system32\Drivers\AmgHips.sys [2012-02-16 25248]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-02-16 47360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-13 09:59]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-13 09:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Darlene\AppData\Roaming\Mozilla\Firefox\Profiles\4by3on2e.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - user.js: extensions.BabylonToolbar_i.id - d06f4fe50000000000000c607621f9cd
FF - user.js: extensions.BabylonToolbar_i.hardId - d06f4fe50000000000000c607621f9cd
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15484
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:19
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101368
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-23 12:04:23
ComboFix-quarantined-files.txt 2012-06-23 16:04
.
Pre-Run: 149,026,390,016 bytes free
Post-Run: 148,926,050,304 bytes free
.
- - End Of File - - 6F2D1A3860382951B727F3F4F506ADBE

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 23 June 2012 - 01:23 PM

Great! Please do this now:

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information, C:\_OTL\MovedFiles or C:\Qoobox
  • Make sure that everything else is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 ldpetry

ldpetry
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:44 AM

Posted 23 June 2012 - 02:38 PM


Here's the MBAM log.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.23.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Darlene :: PINKLADY2 [administrator]

Protection: Disabled

6/23/2012 2:59:49 PM
mbam-log-2012-06-23 (14-59-49).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 274060
Time elapsed: 29 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\TDSSKiller_Quarantine\22.06.2012_16.41.06\mbr0000\tdlfs0000\tsk0001.dta (Trojan.Agent.CR) -> Quarantined and deleted successfully.

(end)

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 23 June 2012 - 10:47 PM

How is your computer running now? Please do this next:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please go to www.java.com and press the "Free Java Download" button near the center of the page. Follow the prompts to install the latest version.

Posted Image Go to thisLINK to run an online scannner from ESET.
  • Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If you are using Internet Explorer, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Please include the following in your next post:
  • How is the computer running?
  • ESET log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 ldpetry

ldpetry
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:44 AM

Posted 24 June 2012 - 02:57 PM


Good Afternoon,
1. My computer is running great! But when I saw the online scan it scares me.
2. Here's the log, maybe it's not as bad as think, fingers crossed.
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e2eee4f3608a494dab548c33bb424496
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-24 07:51:19
# local_time=2012-06-24 03:51:19 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=5893 16776573 100 94 0 92107664 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=88892
# found=9
# cleaned=0
# scan_time=4627
C:\TDSSKiller_Quarantine\22.06.2012_16.41.06\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.06.2012_16.41.06\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.06.2012_16.41.06\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.06.2012_16.41.06\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan (unable to clean) 00000000000000000000000000000000 I
C:\TDSSKiller_Quarantine\22.06.2012_16.41.06\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Darlene\AppData\Local\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Darlene\Documents\Programs\Corel.PaintShop.Photo.Pro.X4.CORE.edi\keygen.exe a variant of Win32/Keygen.AU application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Darlene\Documents\Programs\Winrar.3.93\keygen\Keygen.rar a variant of Win32/Keygen.AI application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Darlene\Documents\Programs\Winrar.3.93\setup\Winrar.3.93.rar a variant of Win32/Keygen.AI application (unable to clean) 00000000000000000000000000000000 I

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 24 June 2012 - 07:24 PM

That isn't as bad as it seems, all of the detections from C:\TDSSKiller_Quarantine have already been dealt with.

Your Babylon toolbar was targeted because it's considered adware, installs toolbars or has other unclear objectives. If you no longer want that app, uninstall it via Control Panel > Programs > Uninstall a program.

These are a concern:

C:\Users\Darlene\Documents\Programs\Corel.PaintShop.Photo.Pro.X4.CORE.edi\keygen.exe
C:\Users\Darlene\Documents\Programs\Winrar.3.93\keygen\Keygen.rar
C:\Users\Darlene\Documents\Programs\Winrar.3.93\setup\Winrar.3.93.rar

These types of files are not only illegal, but they are a major source of malware.

Please run this to remove those threats:

Posted Image Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Files
    C:\Users\Darlene\Documents\Programs\Corel.PaintShop.Photo.Pro.X4.CORE.edi\keygen.exe
    C:\Users\Darlene\Documents\Programs\Winrar.3.93\keygen\Keygen.rar
    C:\Users\Darlene\Documents\Programs\Winrar.3.93\setup\Winrar.3.93.rar
    :Commands
    [EmptyTemp]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please include the following in your next post:
  • OTM log

Edited by RPMcMurphy, 24 June 2012 - 07:25 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 ldpetry

ldpetry
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:44 AM

Posted 24 June 2012 - 09:19 PM


Here ya go. I had to follow the "Note" instructions.
I couldn't find the Babylon toolbar as it didn't appear in the Control Panel > Programs > Uninstall a program.
I have never used it, can you suggest any other places to look for it.
rubyrose

All processes killed
========== FILES ==========
C:\Users\Darlene\Documents\Programs\Corel.PaintShop.Photo.Pro.X4.CORE.edi\keygen.exe moved successfully.
C:\Users\Darlene\Documents\Programs\Winrar.3.93\keygen\Keygen.rar moved successfully.
C:\Users\Darlene\Documents\Programs\Winrar.3.93\setup\Winrar.3.93.rar moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Darlene
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 7659600 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 63575139 bytes
->Google Chrome cache emptied: 6532939 bytes
->Flash cache emptied: 967 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 106759683 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 554 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 176.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 06242012_220345

Edited by rubyrose, 24 June 2012 - 09:33 PM.


#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 24 June 2012 - 11:00 PM

Please do this:

Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the OTL.txt log only (I don't need to see Extras.txt) and paste them into your next post.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 ldpetry

ldpetry
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:44 AM

Posted 25 June 2012 - 01:08 AM


Hello RPMcMurphy,
I ran the OTL scan. But first I wanted to ask about 3 problems things I found in My Documents.
I have 3 folders that now have a lock on them, they are My Music, My Pictures, and My Videos.
Also in My Documents I have 3 things that read "desktop.ini" just in My Documents and 1 in My Pando Packages folder.
Other than that, my computer is running great! Here's the OTL scan.
rubyrose

OTL logfile created on: 6/25/2012 1:54:19 AM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Darlene\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 74.10% Memory free
6.92 Gb Paging File | 5.87 Gb Available in Paging File | 84.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 137.50 Gb Free Space | 29.53% Space Free | Partition Type: NTFS

Computer Name: PINKLADY2 | User Name: Darlene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/25 01:53:02 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Darlene\Desktop\OTL.exe
PRC - [2012/06/21 14:27:46 | 003,905,408 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/15 21:24:16 | 005,334,816 | ---- | M] (360Amigo) -- C:\Program Files\360Amigo\360Amigo.exe
PRC - [2012/01/19 07:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 17:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/25 01:48:19 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/06/25 01:48:17 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/02/16 00:28:20 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/02/16 00:28:16 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/06/24 13:32:07 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/02/26 04:00:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/19 07:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Darlene\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/03/06 19:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/03/06 19:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/02/15 21:24:20 | 000,025,248 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\AmgHips.sys -- (AmgHips)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/18 09:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/11/20 17:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 F5 19 FB 22 06 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {5B745D70-9711-42AE-A635-1377C90E56BE}
IE - HKCU\..\SearchScopes\{5B745D70-9711-42AE-A635-1377C90E56BE}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/20 19:33:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/24 13:32:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/24 13:32:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/02/13 06:11:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darlene\AppData\Roaming\Mozilla\Extensions
[2012/06/22 16:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darlene\AppData\Roaming\Mozilla\Firefox\Profiles\4by3on2e.default\extensions
[2012/05/17 18:02:31 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Darlene\AppData\Roaming\Mozilla\Firefox\Profiles\4by3on2e.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/02/13 07:25:55 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Darlene\AppData\Roaming\Mozilla\Firefox\Profiles\4by3on2e.default\extensions\coralietab@mozdev.org
[2012/05/19 19:57:08 | 000,000,000 | ---D | M] (RapidShare Extension) -- C:\Users\Darlene\AppData\Roaming\Mozilla\Firefox\Profiles\4by3on2e.default\extensions\RapidShare_Extension_for_Firefox@mozilla.org
[2012/05/19 19:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darlene\AppData\Roaming\Mozilla\Firefox\Profiles\4by3on2e.default\extensions\RapidShare_Extension_for_Firefox@mozilla.org\chrome
[2012/05/19 19:57:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darlene\AppData\Roaming\Mozilla\Firefox\Profiles\4by3on2e.default\extensions\RapidShare_Extension_for_Firefox@mozilla.org\defaults
[2012/02/13 06:11:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/20 19:33:51 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/04/30 00:15:48 | 000,081,104 | ---- | M] () (No name found) -- C:\USERS\DARLENE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4BY3ON2E.DEFAULT\EXTENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI
[2012/02/13 07:25:55 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\DARLENE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4BY3ON2E.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/06/22 16:24:59 | 000,109,964 | ---- | M] () (No name found) -- C:\USERS\DARLENE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4BY3ON2E.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2012/02/13 07:25:55 | 000,012,488 | ---- | M] () (No name found) -- C:\USERS\DARLENE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4BY3ON2E.DEFAULT\EXTENSIONS\OPENINIE@WITTERSWORLD.COM.XPI
[2012/06/24 13:32:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/05/24 19:19:15 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/06/24 13:32:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/24 13:32:04 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_197.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U2 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: avast! WebRep = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/06/23 11:54:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [360Amigo] C:\Program files\360Amigo\360Amigo.exe (360Amigo)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B46C879-DEC0-4706-97A3-74443C30C21B}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/25 01:52:52 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Darlene\Desktop\OTL.exe
[2012/06/24 22:03:45 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/06/24 22:01:19 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Darlene\Desktop\OTM.exe
[2012/06/24 14:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/24 14:10:27 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Darlene\Desktop\esetsmartinstaller_enu.exe
[2012/06/24 14:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/24 13:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/06/24 13:57:23 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/24 13:57:07 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/24 13:57:07 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/24 13:38:51 | 000,893,936 | ---- | C] (Oracle Corporation) -- C:\Users\Darlene\Desktop\jxpiinstall.exe
[2012/06/23 12:04:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/23 12:04:42 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\temp
[2012/06/23 11:53:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/23 11:38:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/23 11:38:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/23 11:38:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/23 11:17:31 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/23 11:17:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/23 11:17:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/23 11:17:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/23 11:17:25 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/23 11:17:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/23 11:17:22 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/22 18:58:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/22 18:57:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/22 18:47:11 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\Macromedia
[2012/06/22 17:02:36 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/22 17:02:34 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/22 17:02:34 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/22 17:02:34 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/22 16:54:24 | 004,565,820 | R--- | C] (Swearware) -- C:\Users\Darlene\Desktop\ComboFix.exe
[2012/06/22 16:54:16 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/22 16:54:16 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/22 16:54:08 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/22 16:54:08 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/22 16:54:08 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/22 16:53:55 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/22 16:53:55 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/22 16:48:29 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/22 16:40:47 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Darlene\Desktop\TDSSKiller.exe
[2012/06/21 15:22:33 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Darlene\Desktop\dds.scr
[2012/06/19 20:13:54 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\ElevatedDiagnostics
[2012/06/04 19:00:00 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/02/15 22:50:55 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Darlene\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/06/25 01:55:06 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 01:55:06 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 01:53:02 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Darlene\Desktop\OTL.exe
[2012/06/25 01:52:20 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/25 01:52:20 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/25 01:48:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/25 01:47:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/25 01:47:33 | 2788,970,496 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/25 00:18:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/24 22:01:28 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Darlene\Desktop\OTM.exe
[2012/06/24 14:10:42 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Darlene\Desktop\esetsmartinstaller_enu.exe
[2012/06/24 13:57:00 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/24 13:56:59 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/24 13:39:13 | 000,893,936 | ---- | M] (Oracle Corporation) -- C:\Users\Darlene\Desktop\jxpiinstall.exe
[2012/06/23 14:54:32 | 000,268,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/23 11:54:07 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/23 11:38:03 | 004,565,820 | R--- | M] (Swearware) -- C:\Users\Darlene\Desktop\ComboFix.exe
[2012/06/22 18:47:24 | 000,126,976 | ---- | M] () -- C:\Users\Darlene\Desktop\ResetTeaTimer.exe
[2012/06/22 18:39:42 | 000,000,000 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/06/22 17:23:29 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/22 16:52:01 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/22 16:52:01 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/22 16:40:31 | 002,109,806 | ---- | M] () -- C:\Users\Darlene\Desktop\tdsskiller.zip
[2012/06/22 16:25:19 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/21 15:34:37 | 000,294,216 | ---- | M] () -- C:\Users\Darlene\Desktop\gmer.zip
[2012/06/21 15:22:41 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Darlene\Desktop\dds.scr
[2012/06/21 15:17:25 | 000,000,000 | ---- | M] () -- C:\Users\Darlene\defogger_reenable
[2012/06/21 15:02:01 | 000,050,477 | ---- | M] () -- C:\Users\Darlene\Desktop\Defogger.exe
[2012/06/20 21:11:20 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Darlene\Desktop\TDSSKiller.exe
[2012/06/04 22:29:31 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/04 18:55:11 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/02 18:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/02 18:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/02 18:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/02 18:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/02 18:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

========== Files Created - No Company Name ==========

[2012/06/23 11:38:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/23 11:38:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/23 11:38:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/23 11:38:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/23 11:38:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/22 18:47:21 | 000,126,976 | ---- | C] () -- C:\Users\Darlene\Desktop\ResetTeaTimer.exe
[2012/06/22 16:40:15 | 002,109,806 | ---- | C] () -- C:\Users\Darlene\Desktop\tdsskiller.zip
[2012/06/21 15:36:22 | 000,302,592 | ---- | C] () -- C:\Users\Darlene\Desktop\gmer.exe
[2012/06/21 15:34:36 | 000,294,216 | ---- | C] () -- C:\Users\Darlene\Desktop\gmer.zip
[2012/06/21 15:17:25 | 000,000,000 | ---- | C] () -- C:\Users\Darlene\defogger_reenable
[2012/06/21 15:02:00 | 000,050,477 | ---- | C] () -- C:\Users\Darlene\Desktop\Defogger.exe
[2012/02/15 22:50:55 | 000,007,887 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\pcouffin.cat
[2012/02/15 22:50:55 | 000,001,144 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\pcouffin.inf
[2012/02/15 21:24:20 | 000,025,248 | ---- | C] () -- C:\Windows\System32\drivers\AmgHips.sys
[2011/06/10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/02/11 20:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 20:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 20:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 19:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

< End of report >

#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 AM

Posted 25 June 2012 - 03:03 PM

Some of the tools I used reset some settings back to their defaults and that is why you are seeing the lock icon on folders. This LINK explains the icon and guides you through removing it if you wish to do so.

Those desktop.ini icons should disappear when we uninstall ComboFix once we finish up. Please do this next:

Posted Image Open Notepad Go to Start> All Programs> Accessories> Notepad ( this will only work with Notepad ) and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Firefox::

Firefox::
FF - ProfilePath - c:\users\Darlene\AppData\Roaming\Mozilla\Firefox\Profiles\4by3on2e.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - user.js: extensions.BabylonToolbar_i.id - d06f4fe50000000000000c607621f9cd
FF - user.js: extensions.BabylonToolbar_i.hardId - d06f4fe50000000000000c607621f9cd
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15484
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:19
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101368
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
File::
C:\Program Files\mozilla firefox\searchplugins\babylon.xml
C:\Users\Darlene\AppData\Local\Babylon\Setup\Setup.exe
Folder::
c:\users\Darlene\AppData\Local\Babylon
c:\users\Darlene\AppData\Roaming\Babylon
Save this as CFScript to your desktop.

Then disable your security programs and drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#15 ldpetry

ldpetry
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:44 AM

Posted 25 June 2012 - 07:00 PM


Hi,
Well, I copy and saved the CFScript to the desktop. Then dragged it to ComboFix, I had a box appear
stating there was a newer verison of ComboFix, did I want to update it. I clicked "NO". I hope that
was ok, if not let me know what we need to do next.
rubyrose

ComboFix 12-06-23.05 - Darlene 06/25/2012 17:50:20.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3546.2733 [GMT -4:00]
Running from: c:\users\Darlene\Desktop\ComboFix.exe
Command switches used :: c:\users\Darlene\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\mozilla firefox\searchplugins\babylon.xml"
"c:\users\Darlene\AppData\Local\Babylon\Setup\Setup.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\mozilla firefox\searchplugins\babylon.xml
c:\users\Darlene\AppData\Local\Babylon
c:\users\Darlene\AppData\Local\Babylon\Setup\bab033.tbinst.dat
c:\users\Darlene\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
c:\users\Darlene\AppData\Local\Babylon\Setup\Babylon.dat
c:\users\Darlene\AppData\Local\Babylon\Setup\HtmlScreens\common.js
c:\users\Darlene\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
c:\users\Darlene\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
c:\users\Darlene\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
c:\users\Darlene\AppData\Local\Babylon\Setup\HtmlScreens\page2.js
c:\users\Darlene\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\users\Darlene\AppData\Local\Babylon\Setup\HtmlScreens\page9.html
c:\users\Darlene\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
c:\users\Darlene\AppData\Local\Babylon\Setup\HtmlScreens\title2.png
c:\users\Darlene\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\users\Darlene\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.19.zpb
c:\users\Darlene\AppData\Local\Babylon\Setup\Setup.exe
c:\users\Darlene\AppData\Local\Babylon\Setup\SetupStrings.dat
c:\users\Darlene\AppData\Local\Babylon\Setup\sqlite3.dll
c:\users\Darlene\AppData\Roaming\Babylon
c:\users\Darlene\AppData\Roaming\Babylon\log_file.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-05-25 to 2012-06-25 )))))))))))))))))))))))))))))))
.
.
2012-06-25 22:03 . 2012-06-25 22:03 -------- d-----w- c:\users\Darlene\AppData\Local\temp
2012-06-25 22:03 . 2012-06-25 22:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-25 02:03 . 2012-06-25 02:03 -------- d-----w- C:\_OTM
2012-06-24 18:11 . 2012-06-24 18:11 -------- d-----w- c:\program files\ESET
2012-06-24 18:00 . 2012-06-24 18:00 -------- d-----w- c:\program files\Common Files\Java
2012-06-24 17:57 . 2012-06-24 17:57 -------- d-----w- c:\program files\Oracle
2012-06-24 17:32 . 2012-06-24 17:32 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-24 17:32 . 2012-06-24 17:32 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-22 22:47 . 2012-06-22 22:47 -------- d-----w- c:\users\Darlene\AppData\Local\Macromedia
2012-06-22 21:02 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-22 21:02 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-22 21:02 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-22 21:02 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-22 21:02 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-22 21:02 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-22 21:02 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-22 21:02 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-22 21:02 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-22 21:02 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-22 20:59 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{50F65370-AA69-4E63-921C-BAEE761563CF}\mpengine.dll
2012-06-22 20:54 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 20:54 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 20:54 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 20:54 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 20:54 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 20:54 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 20:54 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 20:53 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 20:53 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 20:48 . 2012-06-22 20:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-20 00:13 . 2012-06-20 00:13 -------- d-----w- c:\users\Darlene\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-22 20:52 . 2012-02-14 09:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-22 20:52 . 2012-02-14 09:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 23:29 . 2012-02-13 11:38 772504 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-04 23:29 . 2012-02-13 11:38 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 19:56 . 2012-02-16 01:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 04:39 . 2012-05-10 21:02 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 21:02 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-10 21:02 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-24 17:32 . 2012-02-13 10:11 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-23_15.54.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-20 21:20 . 2012-06-25 17:29 24234 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-06-25 17:29 42270 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-06-23 15:17 . 2012-05-17 22:25 73216 c:\windows\System32\mshtmled.dll
- 2012-04-13 00:17 . 2012-02-28 01:08 66048 c:\windows\System32\migration\WininetPlugin.dll
+ 2012-06-23 15:17 . 2012-05-17 22:31 66048 c:\windows\System32\migration\WininetPlugin.dll
- 2012-04-13 00:17 . 2012-02-28 01:08 65024 c:\windows\System32\jsproxy.dll
+ 2012-06-23 15:17 . 2012-05-17 22:31 65024 c:\windows\System32\jsproxy.dll
+ 2012-02-13 12:24 . 2012-06-25 21:29 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:34 . 2012-06-23 19:40 92944 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-23 20:04 . 2012-06-23 20:04 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\2b97ccae44726f13c418f1406180c3e8\System.Web.DynamicData.Design.ni.dll
+ 2012-06-23 20:03 . 2012-06-23 20:03 95232 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\be06f4f309e2225a832c344a9f995e69\Microsoft.MediaCenter.ITVVM.ni.dll
+ 2012-02-15 01:36 . 2012-06-25 05:49 7968 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-563358541-991325847-2769734058-1000_UserData.bin
- 2012-06-22 20:49 . 2012-06-22 20:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-25 17:27 . 2012-06-25 17:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-22 20:49 . 2012-06-22 20:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-25 17:27 . 2012-06-25 17:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-16 05:55 . 2012-06-25 21:28 228700 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-06-23 15:17 . 2012-05-17 22:33 231936 c:\windows\System32\url.dll
- 2012-04-13 00:17 . 2012-02-28 01:09 231936 c:\windows\System32\url.dll
- 2009-07-14 02:05 . 2012-06-23 15:22 624178 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2012-06-25 17:31 624178 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2012-06-23 15:22 106522 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2012-06-25 17:31 106522 c:\windows\System32\perfc009.dat
- 2012-04-13 00:17 . 2012-02-28 01:06 716800 c:\windows\System32\jscript.dll
+ 2012-06-23 15:17 . 2012-05-17 22:29 716800 c:\windows\System32\jscript.dll
+ 2012-06-24 17:57 . 2012-05-04 23:29 227720 c:\windows\System32\javaws.exe
+ 2012-06-24 17:57 . 2012-06-24 17:57 174064 c:\windows\System32\javaw.exe
+ 2012-06-24 17:57 . 2012-06-24 17:56 174064 c:\windows\System32\java.exe
+ 2012-06-23 15:17 . 2012-05-17 22:29 142848 c:\windows\System32\ieUnatt.exe
- 2012-02-16 01:44 . 2012-02-16 01:44 142848 c:\windows\System32\ieUnatt.exe
+ 2012-06-23 15:17 . 2012-05-17 22:20 176640 c:\windows\System32\ieui.dll
- 2012-04-13 00:17 . 2012-02-28 00:59 176640 c:\windows\System32\ieui.dll
- 2009-07-14 04:33 . 2012-05-14 19:51 268184 c:\windows\System32\FNTCACHE.DAT
+ 2009-07-14 04:33 . 2012-06-23 18:54 268184 c:\windows\System32\FNTCACHE.DAT
+ 2012-02-13 12:24 . 2012-06-25 21:29 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-13 12:24 . 2012-06-23 15:18 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-03-02 04:03 . 2012-06-23 19:33 139904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-03-02 04:03 . 2012-05-15 01:33 139904 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 04:47 . 2012-06-25 06:09 230752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2012-06-19 22:32 230752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-22 21:02 . 2012-04-23 22:35 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
- 2012-04-12 07:24 . 2012-01-26 23:33 630784 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2012-06-24 18:00 . 2012-06-24 18:00 179200 c:\windows\Installer\1cb8c0.msi
+ 2012-06-24 17:57 . 2012-06-24 17:57 461312 c:\windows\Installer\1cb8bb.msi
+ 2012-06-23 16:02 . 2012-06-23 16:02 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\44752ffa92ebb7170951a41898d8b9c6\WindowsFormsIntegration.ni.dll
+ 2012-06-23 16:02 . 2012-06-23 16:02 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll
+ 2012-06-23 16:02 . 2012-06-23 16:02 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\a730931e386537e3c229e049c9a6d271\System.Messaging.ni.dll
+ 2012-06-23 16:02 . 2012-06-23 16:02 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\c7d60a49e43964b1ae17e9a080376c6d\System.Configuration.Install.ni.dll
+ 2012-06-23 16:02 . 2012-06-23 16:02 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\cb90e8f4f8a6b23eb9f56c7e2e866bcf\Microsoft.VisualBasic.Compatibility.Data.ni.dll
+ 2012-06-23 20:04 . 2012-06-23 20:04 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
+ 2012-06-23 20:04 . 2012-06-23 20:04 245248 c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\f3e052584df9c614407da662dd3c3df3\TaskScheduler.ni.dll
+ 2012-06-23 20:04 . 2012-06-23 20:04 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\06e4119a0a3484bb0ca667a16145ce74\System.Web.Routing.ni.dll
+ 2012-06-23 20:04 . 2012-06-23 20:04 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\4f13c2c06fb97f6659473f02802b377b\System.Web.Extensions.Design.ni.dll
+ 2012-06-23 20:04 . 2012-06-23 20:04 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\bc239944bca7cc6b6ddb473259183c7d\System.Web.Entity.ni.dll
+ 2012-06-23 20:04 . 2012-06-23 20:04 301568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\3701488fb9e601ebe963db25b784d684\System.Web.Entity.Design.ni.dll
+ 2012-06-23 20:04 . 2012-06-23 20:04 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\a09cc9877f51f16a4610b702155e8b70\System.Web.DynamicData.ni.dll
+ 2012-06-23 20:04 . 2012-06-23 20:04 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\c6aad1edcc51862ceb26b6b65dad1490\System.Web.Abstractions.ni.dll
+ 2012-06-23 18:57 . 2012-06-23 18:57 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
+ 2012-06-23 20:02 . 2012-06-23 20:02 593408 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\2b4d6976393bf5643a4ef2d8dffdf75b\System.Messaging.ni.dll
+ 2012-06-23 18:57 . 2012-06-23 18:57 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\912a0776c2bfd35ff76bd0b8ba977ed4\System.Drawing.Design.ni.dll
+ 2012-06-23 18:57 . 2012-06-23 18:57 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\498d2033c60fe5b777cf923b71b25972\System.Configuration.Install.ni.dll
+ 2012-06-23 20:04 . 2012-06-23 20:04 723456 c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\95728bff8fc3071e53352204e87a3a81\napsnap.ni.dll
+ 2012-06-23 20:04 . 2012-06-23 20:04 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\029ac1d25c3be266af0a49eef06ff6e7\napinit.ni.dll
+ 2012-06-23 20:03 . 2012-06-23 20:03 287232 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\1e03b7c2539c5376f0665a4aba04efbd\MMCFxCommon.ni.dll
+ 2012-06-23 20:03 . 2012-06-23 20:03 229888 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\b82fa34c1f76810e14180eb626fdd026\Microsoft.MediaCenter.iTv.ni.dll
+ 2012-06-23 20:03 . 2012-06-23 20:03 561664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\622b582866fca37f113bd97ae4c6d1f6\Microsoft.ManagementConsole.ni.dll
+ 2012-06-23 20:03 . 2012-06-23 20:03 371712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcplayerinterop\bb62b376c2ea0c66913d6bc2a3391ed9\mcplayerinterop.ni.dll
+ 2012-06-23 20:03 . 2012-06-23 20:03 515584 c:\windows\assembly\NativeImages_v2.0.50727_32\mcGlidHostObj\9158e9c3e95b609b7dd5199ee6c676e4\mcGlidHostObj.ni.dll
+ 2012-06-23 20:03 . 2012-06-23 20:03 553472 c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\02577b78c6ed2f9bda301de888dccad8\EventViewer.ni.dll
+ 2012-06-23 20:02 . 2012-06-23 20:02 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost\778542790c617b0394213b0a542e3ef2\ehExtHost.ni.exe
+ 2012-06-23 20:02 . 2012-06-23 20:02 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\1af22c8ecb0834c7bef76b2e669c04f3\AspNetMMCExt.ni.dll
- 2012-04-12 07:24 . 2012-01-26 23:33 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-22 21:02 . 2012-04-23 22:35 630784 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-06-23 15:17 . 2012-05-17 22:35 1129472 c:\windows\System32\wininet.dll
+ 2012-06-23 15:17 . 2012-05-17 22:36 1103872 c:\windows\System32\urlmon.dll
+ 2009-07-14 02:03 . 2012-06-23 18:53 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:03 . 2012-06-23 15:16 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-06-23 15:17 . 2012-05-17 22:45 1800192 c:\windows\System32\jscript9.dll
+ 2012-06-23 15:17 . 2012-05-17 22:27 1793024 c:\windows\System32\iertutil.dll
+ 2012-06-23 15:17 . 2012-05-17 22:48 9737728 c:\windows\System32\ieframe.dll
- 2009-07-14 04:34 . 2012-06-04 22:19 7226337 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2012-06-23 18:57 7226337 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2012-02-15 01:29 . 2012-06-05 03:54 5047124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-563358541-991325847-2769734058-1000-12288.dat
+ 2012-02-15 01:29 . 2012-06-23 18:53 5047124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-563358541-991325847-2769734058-1000-12288.dat
- 2012-05-10 21:03 . 2012-01-04 02:51 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2012-06-22 21:02 . 2012-03-21 22:32 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
- 2010-11-20 21:29 . 2010-11-20 21:29 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2012-06-22 21:02 . 2012-03-21 22:32 4927488 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2012-06-23 16:02 . 2012-06-23 16:02 4587008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\7f0476e4df01ca2219f7db531408e91c\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-06-23 16:02 . 2012-06-23 16:02 1060864 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\f87f8bc0bc9563096150f23f6c220e7b\System.Printing.ni.dll
+ 2012-06-23 16:02 . 2012-06-23 16:02 1880064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\e899cda47704280f54949c69b78c55cc\System.Deployment.ni.dll
+ 2012-06-23 16:02 . 2012-06-23 16:02 3757568 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\36299fad6b7b591cfb6bd9e50dbd33df\System.Activities.Presentation.ni.dll
+ 2012-06-23 16:02 . 2012-06-23 16:02 2906624 c:\windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\442af6f7c8b447bdec3ad8d23da89c5a\ReachFramework.ni.dll
+ 2012-06-23 16:02 . 2012-06-23 16:02 1641984 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\cf455da9b8fedf66767c1a7ab3eea9c9\PresentationUI.ni.dll
+ 2012-06-23 16:02 . 2012-06-23 16:02 1136640 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\40e4b755f030a61f0b2e729258fc6d2a\Microsoft.VisualBasic.Compatibility.ni.dll
+ 2012-06-23 16:02 . 2012-06-23 16:02 1838080 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\09c2f8f606e09d85cfe6e0ad89fbe729\Microsoft.VisualBasic.ni.dll
+ 2012-06-23 20:04 . 2012-06-23 20:04 1358336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
+ 2012-06-23 18:57 . 2012-06-23 18:57 1917952 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\5832334164c5f9a9eb2f9ef59bd651f7\System.Workflow.Runtime.ni.dll
+ 2012-06-23 18:57 . 2012-06-23 18:57 4516352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\cfb739be21092d5b8f7b4fde529e6aaa\System.Workflow.ComponentModel.ni.dll
+ 2012-06-23 18:57 . 2012-06-23 18:57 2994688 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\a815fffab98375c1919df68b5b292725\System.Workflow.Activities.ni.dll
+ 2012-06-23 18:57 . 2012-06-23 18:57 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
+ 2012-06-23 20:04 . 2012-06-23 20:04 2209792 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\4a90802e36dee6e10d9bf54832cbf549\System.Web.Mobile.ni.dll
+ 2012-06-23 20:04 . 2012-06-23 20:04 2404352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c45efc7ec92c1da8e67eb597559ec39c\System.Web.Extensions.ni.dll
+ 2012-06-23 18:57 . 2012-06-23 18:57 1044480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\991dbe40be5b114ed705bb5b48e6b330\System.Printing.ni.dll
+ 2012-06-23 18:56 . 2012-06-23 18:56 1591808 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
+ 2012-06-23 18:56 . 2012-06-23 18:56 1806848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
+ 2012-06-23 18:57 . 2012-06-23 18:57 2157056 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\5b680cb77fc661ec022b0405925e63b0\ReachFramework.ni.dll
+ 2012-06-23 18:56 . 2012-06-23 18:56 1658368 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\163517c8a195fb48f7ef6ee17c585bdb\PresentationUI.ni.dll
+ 2012-06-23 20:04 . 2012-06-23 20:04 2623488 c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\c1ee01ff40acce2918c5319332bfca20\Narrator.ni.exe
+ 2012-06-23 20:03 . 2012-06-23 20:03 1545216 c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\21abde8efab609732b2ade3f05234e79\MMCEx.ni.dll
+ 2012-06-23 20:03 . 2012-06-23 20:03 6438912 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\0e7da0df83f0619e3b0e0a7d7ee05fa3\MIGUIControls.ni.dll
+ 2012-06-23 20:03 . 2012-06-23 20:03 1670144 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
+ 2012-06-23 20:03 . 2012-06-23 20:03 1704960 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\62b096899a5799828ebaed3c2830630d\Microsoft.PowerShell.GPowerShell.ni.dll
+ 2012-06-23 20:03 . 2012-06-23 20:03 1681920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\373b67cd52725684575294b60ff6e201\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-06-23 20:03 . 2012-06-23 20:03 3724288 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\05db6110ae5ca613dfec740324040159\Microsoft.PowerShell.Editor.ni.dll
+ 2012-06-23 20:03 . 2012-06-23 20:03 1125376 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\c4b526ec652ac5c2ddbd5562dcad51bc\Microsoft.MediaCenter.Bml.ni.dll
+ 2012-06-23 20:02 . 2012-06-23 20:02 6499840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\8ce1d10f94b40f054017865757552f2d\Microsoft.MediaCenter.UI.ni.dll
+ 2012-06-23 20:02 . 2012-06-23 20:02 1009664 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\7fab1ec8f5ed6a55a8a73b2c590bd7cd\Microsoft.MediaCenter.ni.dll
+ 2012-06-23 20:03 . 2012-06-23 20:03 1361408 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\4d381048e3b9c0914c0f72c6aa0a599d\Microsoft.Ink.ni.dll
+ 2012-06-23 20:03 . 2012-06-23 20:03 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3893fa9a19b52dee8b2cc424840d5d08\Microsoft.Build.Tasks.ni.dll
+ 2012-06-23 20:03 . 2012-06-23 20:03 1970176 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\1d2250044b1ecff755e26ed12f6d27cb\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-06-23 20:02 . 2012-06-23 20:02 2035712 c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\3a4e56a8d1075cf0af0619c383b3e592\mcstore.ni.dll
+ 2012-06-22 21:02 . 2012-03-21 22:32 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-05-10 21:03 . 2012-01-04 02:51 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-11-20 21:29 . 2010-11-20 21:29 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-22 21:02 . 2012-03-21 22:32 4927488 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-06-23 15:17 . 2012-05-17 23:11 12314624 c:\windows\System32\mshtml.dll
+ 2009-07-14 04:41 . 2012-06-25 21:29 10141696 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2012-06-23 15:18 10141696 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-15 01:29 . 2012-06-25 06:09 10754200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-563358541-991325847-2769734058-1000-8192.dat
+ 2012-06-24 17:56 . 2012-06-24 17:56 17379328 c:\windows\Installer\1cb8b7.msi
+ 2012-06-23 18:56 . 2012-06-23 18:56 12436480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
+ 2012-06-23 18:57 . 2012-06-23 18:57 11833344 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
+ 2012-06-23 18:57 . 2012-06-23 18:57 10580480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c144f89b1f8f292d6940a1b2f8ffbec\System.Design.ni.dll
+ 2012-06-23 18:56 . 2012-06-23 18:56 14340608 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
+ 2012-06-23 18:56 . 2012-06-23 18:56 12237824 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
+ 2012-06-23 20:03 . 2012-06-23 20:03 18686464 c:\windows\assembly\NativeImages_v2.0.50727_32\ehshell\4403edce7ecc88254b0ff907eda750ea\ehshell.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"360Amigo"="c:\program files\360Amigo\360Amigo.exe" [2012-02-16 5334816]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-21 3905408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-13 136176]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-02-13 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-24 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-26 1343400]
S1 AmgHips;AmgHips;c:\windows\system32\Drivers\AmgHips.sys [2012-02-16 25248]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-02-16 47360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-13 09:59]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-13 09:59]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Darlene\AppData\Roaming\Mozilla\Firefox\Profiles\4by3on2e.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-25 18:10:40
ComboFix-quarantined-files.txt 2012-06-25 22:10
ComboFix2.txt 2012-06-23 16:04
.
Pre-Run: 147,647,700,992 bytes free
Post-Run: 147,351,941,120 bytes free
.
- - End Of File - - B0221BC650F0709EC13778C6B83DE167




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users