Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans keep spamming me with ads


  • This topic is locked This topic is locked
20 replies to this topic

#1 The Gladstone

The Gladstone

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 21 June 2012 - 09:36 PM

My antivirus keeps detecting two trojans that I can't seem to get rid of. I ran a DDS scan and here are the logs

My system won't run GMER because it's a 64 bit. If you would like the logs from my other scans with malwarebytes and SuperAntiSpyware I can get them for you.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Josh at 22:23:53 on 2012-06-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2811.1497 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe
C:\ProgramData\HP Mouse Suite Config\hpwjd.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMwA4ADEANAAwADIAMAAxADAALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQgArADEALQBYAE8AOQArADEALQBGADkATQAyACsAMQA"&"prod=90"&"ver=9.0.894
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPMONI~1.LNK - C:\Program Files (x86)\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPWJDE~1.LNK - C:\ProgramData\HP Mouse Suite Config\hpwjd.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPWMSD~1.LNK - C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{75167292-3F76-425D-96C8-374A5616D6BF} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{75167292-3F76-425D-96C8-374A5616D6BF}\0235560786F6271602642756560275966496 : DhcpNameServer = 208.67.222.222
TCP: Interfaces\{75167292-3F76-425D-96C8-374A5616D6BF}\24279646765686561646 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{75167292-3F76-425D-96C8-374A5616D6BF}\275697E6F6C64637 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{75167292-3F76-425D-96C8-374A5616D6BF}\74275656E6F416B6D27657563747 : DhcpNameServer = 64.71.255.198
TCP: Interfaces\{75167292-3F76-425D-96C8-374A5616D6BF}\F44585D27457563747 : DhcpNameServer = 208.67.222.222 208.67.220.220 4.2.2.2
TCP: Interfaces\{75167292-3F76-425D-96C8-374A5616D6BF}\F494343413 : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMwA4ADEANAAwADIAMAAxADAALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQgArADEALQBYAE8AOQArADEALQBGADkATQAyACsAMQA"&"prod=90"&"ver=9.0.894
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\93b74pa5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf5cd7a79-87f5-45ce-9cbd-ca2b03e7141e%7D&mid=7bf00bddf58d239488a0c5f481ec43a3-a02703f07077a19be9159f751d22ed12fb2a9109&ds=AVG&v=11.1.0.7&lang=en&pr=pr&d=2012-06-07%2018%3A04%3A43&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-4-6 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-5 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-3-23 2321520]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-21 654408]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-3-21 624856]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-5-30 3048136]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-7 935480]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-21 136176]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" --> C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [?]
S2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe --> C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-21 136176]
S3 HP8207_8307;HP-HP8207_8307;C:\Windows\system32\DRIVERS\HP8207_8307.sys --> C:\Windows\system32\DRIVERS\HP8207_8307.sys [?]
S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-12 113120]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-06-22 01:45:29 -------- d-----w- C:\Users\Josh\AppData\Local\{0B4B1BC6-EF57-48D9-B5A1-2FEC13EC8E29}
2012-06-21 19:05:47 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2012-06-21 18:58:35 -------- d-----w- C:\Users\Josh\AppData\Roaming\SUPERAntiSpyware.com
2012-06-21 18:58:21 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-21 18:58:21 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-21 18:03:17 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07836390-B5FB-4908-9E11-DEB6A4D2C408}\gapaengine.dll
2012-06-21 18:02:40 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8A8700B1-7C4C-4DE6-B5F1-6CCDF425440F}\mpengine.dll
2012-06-21 17:52:38 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-21 17:52:20 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-06-21 17:30:25 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-21 17:30:22 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-21 17:30:21 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-21 17:30:19 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-21 17:30:19 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-21 17:30:19 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-21 17:29:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-21 17:29:54 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-21 17:29:53 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-21 17:29:52 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-21 17:29:21 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-21 17:29:20 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-21 17:29:19 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-21 17:29:19 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-21 17:29:19 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-21 17:29:19 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-21 17:28:54 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-21 17:28:53 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-21 17:28:51 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-21 14:45:09 -------- d-----w- C:\Users\Josh\AppData\Roaming\Malwarebytes
2012-06-21 14:44:58 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-21 14:44:56 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-21 14:44:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-21 14:05:41 -------- d-----w- C:\Users\Josh\AppData\Local\Google
2012-06-21 13:44:29 -------- d-----w- C:\Users\Josh\AppData\Local\{26513934-5992-45F2-AE99-08FD484BFD21}
2012-06-21 13:43:55 -------- d-----w- C:\Users\Josh\AppData\Local\{07319BC3-D918-49FC-881E-B453C4420244}
2012-06-21 04:20:46 -------- d-----w- C:\Users\Josh\AppData\Local\{9195D3B6-A8A6-4FEF-B5C8-15D251F6D8BA}
2012-06-21 01:28:30 -------- d-----w- C:\Users\Josh\AppData\Local\{B6D0401A-68E8-4633-83BD-64E43AF3359E}
2012-06-20 13:27:35 -------- d-----w- C:\Users\Josh\AppData\Local\{0092938B-41C2-4D74-B5BF-ED15A7515958}
2012-06-20 13:26:37 -------- d-----w- C:\Users\Josh\AppData\Local\{9708AB76-2C08-4044-9B9F-9331CC18D272}
2012-06-20 01:31:37 -------- d-----w- C:\Users\Josh\AppData\Local\{EB1DB4A1-5870-4533-B8CE-BB9ED9AC0280}
2012-06-19 17:45:19 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-19 13:31:11 -------- d-----w- C:\Users\Josh\AppData\Local\{7E6F9051-A5D8-4073-A14C-B5058CB1606A}
2012-06-19 01:05:48 -------- d-----w- C:\Users\Josh\AppData\Local\{5E7A72D9-3EAF-4B40-B4DC-E5643498F295}
2012-06-19 01:05:38 -------- d-----w- C:\Users\Josh\AppData\Local\{1BCF6BA5-BCC2-4B86-984E-36707007340E}
2012-06-18 13:04:26 -------- d-----w- C:\Users\Josh\AppData\Local\{0E678D3D-656F-4334-AF87-70A57C1484C3}
2012-06-18 11:24:57 -------- d-----w- C:\Users\Josh\AppData\Local\{12E82F8D-153E-40A2-BA5E-538055A65F77}
2012-06-18 05:55:49 -------- d-----w- C:\Users\Josh\AppData\Local\{CA1034FC-5628-4BD2-9E4E-D56CDAA0F6F6}
2012-06-17 23:39:29 -------- d-----w- C:\Users\Josh\AppData\Local\{99C3E040-33D6-460A-80D8-820BF254CD77}
2012-06-17 19:20:40 -------- d-----w- C:\Users\Josh\AppData\Local\{C23C93F0-C3DF-48C8-A927-CAEB4C4C451F}
2012-06-17 18:20:20 -------- d-----w- C:\Users\Josh\AppData\Local\{4DA6EEE7-1515-402F-A866-368E784B1D31}
2012-06-16 18:00:28 -------- d-----w- C:\Users\Josh\AppData\Local\{CD557BC7-EACC-434D-B2D3-B2B461AD5C8F}
2012-06-16 05:09:22 -------- d-----w- C:\Users\Josh\AppData\Local\{BF27FFA5-4DBA-4DD5-A5FD-3A3C9D203F7B}
2012-06-15 17:08:14 -------- d-----w- C:\Users\Josh\AppData\Local\{44D85DA5-27F7-458A-B6F3-FCA3817C0697}
2012-06-15 05:07:49 -------- d-----w- C:\Users\Josh\AppData\Local\{4B030BC0-5E13-4997-80AC-4E1E7EC8F97E}
2012-06-14 17:06:50 -------- d-----w- C:\Users\Josh\AppData\Local\{EECAD567-8123-4D4B-A044-9A3510634408}
2012-06-14 17:06:14 -------- d-----w- C:\Users\Josh\AppData\Local\{9D711020-EC0C-4312-A74C-F8EEA0519E3C}
2012-06-13 17:08:23 -------- d-----w- C:\Users\Josh\AppData\Local\{25370653-9EF4-4747-8524-473C2CC4026D}
2012-06-13 17:07:57 -------- d-----w- C:\Users\Josh\AppData\Local\{6488C2E1-9EB5-4666-81CC-6B1B7B7DC1E9}
2012-06-11 17:14:20 -------- d-----w- C:\Users\Josh\AppData\Local\{1C6C6590-4701-4B2E-AC95-4763E6A5C356}
2012-06-11 17:13:24 -------- d-----w- C:\Users\Josh\AppData\Local\{DC1E08CC-3EB3-434D-8E87-25727EBF71FD}
2012-06-11 03:41:34 -------- d-----w- C:\Users\Josh\AppData\Local\{C9D5F6B2-90F4-44EB-870F-FF62E92C5D94}
2012-06-10 15:41:00 -------- d-----w- C:\Users\Josh\AppData\Local\{86A7471E-260A-4837-9660-2E1F7377E319}
2012-06-10 15:40:49 -------- d-----w- C:\Users\Josh\AppData\Local\{A7D63303-CBB3-44C0-898A-C86E0906DE79}
2012-06-10 03:40:19 -------- d-----w- C:\Users\Josh\AppData\Local\{29E4B4D9-A205-49F5-BEC8-4F3C071AB994}
2012-06-09 15:39:54 -------- d-----w- C:\Users\Josh\AppData\Local\{1D9E0734-858A-47C0-955A-101275C52ADF}
2012-06-09 03:39:29 -------- d-----w- C:\Users\Josh\AppData\Local\{5B5798D9-8383-4E2A-B0B9-A774100105BB}
2012-06-09 03:39:14 -------- d-----w- C:\Users\Josh\AppData\Local\{7CC53943-CF79-44EC-A04A-08420E517674}
2012-06-08 15:38:47 -------- d-----w- C:\Users\Josh\AppData\Local\{39FC5A72-0F3F-47AF-8D7C-82FBC4C7EEF5}
2012-06-08 03:38:20 -------- d-----w- C:\Users\Josh\AppData\Local\{DC74ECA0-5349-4BC8-87C8-6F4B2169BC3B}
2012-06-08 03:38:08 -------- d-----w- C:\Users\Josh\AppData\Local\{0C3F1F41-585B-448B-85D8-113457C1349E}
2012-06-07 22:05:46 -------- d-----w- C:\Users\Josh\AppData\Roaming\AVG2012
2012-06-07 22:05:19 -------- d-----w- C:\Users\Josh\AppData\Local\AVG Secure Search
2012-06-07 22:04:41 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-06-07 22:04:39 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-06-07 22:04:38 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-06-07 22:01:54 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-06-07 22:01:54 -------- d-----w- C:\ProgramData\AVG2012
2012-06-07 22:00:35 -------- d-----w- C:\Program Files (x86)\AVG
2012-06-07 21:56:45 -------- d-----w- C:\ProgramData\MFAData
2012-06-07 21:49:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-07 15:37:10 -------- d-----w- C:\Users\Josh\AppData\Local\{9F27D6B7-9373-44BE-B0B9-72BE67E48035}
2012-06-07 15:36:40 -------- d-----w- C:\Users\Josh\AppData\Local\{42DE7906-6BD7-4168-886A-E8EDD77394FC}
2012-06-06 14:24:29 -------- d-----w- C:\Users\Josh\AppData\Local\{C1586507-3BC2-41FA-BF11-5C01DFDD153A}
2012-06-06 14:23:49 -------- d-----w- C:\Users\Josh\AppData\Local\{2B5DD04A-0508-4AA2-AB2A-8F58284E2AEF}
2012-06-05 13:20:05 -------- d-----w- C:\Users\Josh\AppData\Local\{350FE0C7-2C2F-43F4-BDC1-DB40CF2B0EB1}
2012-06-05 13:19:25 -------- d-----w- C:\Users\Josh\AppData\Local\{F964F39D-464E-459E-A4D5-67C460778988}
2012-06-04 14:42:35 -------- d-----w- C:\Users\Josh\AppData\Local\{EFD37373-2837-4C84-9641-8ED5EEBE276B}
2012-06-04 14:42:23 -------- d-----w- C:\Users\Josh\AppData\Local\{9F1EAD92-7017-480A-9360-FA403C826266}
2012-06-04 08:20:43 -------- d-----w- C:\Users\Josh\AppData\Roaming\MotioninJoy
2012-06-04 08:20:38 328712 ----a-w- C:\Windows\System32\MijFrc.dll
2012-06-04 07:56:17 -------- d-----w- C:\Program Files (x86)\PCSX2
2012-06-03 20:25:44 -------- d-----w- C:\Users\Josh\AppData\Local\{3EF4BDE6-9703-4268-91D4-3DC5EA8ECE2B}
2012-06-03 08:25:11 -------- d-----w- C:\Users\Josh\AppData\Local\{C0F5F636-4C9C-4D6A-8C75-9C084892B329}
2012-06-03 08:24:58 -------- d-----w- C:\Users\Josh\AppData\Local\{95B84DE4-4CCD-4D87-8CEE-81E38ED7777F}
2012-06-01 21:11:45 -------- d-----w- C:\Users\Josh\AppData\Local\{4DAFB537-D0F2-48A3-A713-E98FB6E2E606}
2012-06-01 21:11:32 -------- d-----w- C:\Users\Josh\AppData\Local\{90EB7C04-1888-49D5-9DBB-93D5E45EB188}
2012-06-01 02:28:30 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-01 01:23:09 -------- d-----w- C:\Users\Josh\AppData\Local\{D349BC8F-68F2-4FA3-8296-689E9DA79CED}
2012-06-01 01:22:56 -------- d-----w- C:\Users\Josh\AppData\Local\{F94492E6-3818-4175-AF08-7FD0C490BDDA}
2012-05-31 13:22:26 -------- d-----w- C:\Users\Josh\AppData\Local\{83A41A1B-A0DD-44B6-8AA0-231C6CCF3A37}
2012-05-31 11:46:12 8955792 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{650F32A4-4DB0-4011-8E3F-6D7E9A3F5A87}\mpengine.dll
2012-05-31 01:21:57 -------- d-----w- C:\Users\Josh\AppData\Local\{C64BFB14-FB2C-4FF8-82FD-6E55804E1D4D}
2012-05-31 01:21:44 -------- d-----w- C:\Users\Josh\AppData\Local\{4F84A168-54F1-4F06-B743-AE2EE62BF830}
2012-05-30 17:59:30 4966600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-05-30 13:21:14 -------- d-----w- C:\Users\Josh\AppData\Local\{A272749B-BFFB-446A-A23A-A64472A43FA8}
2012-05-30 13:21:02 -------- d-----w- C:\Users\Josh\AppData\Local\{6DD9D0BB-AD89-4C9C-A1FA-4E45205426A7}
2012-05-30 01:20:31 -------- d-----w- C:\Users\Josh\AppData\Local\{096586D0-7CD4-47E7-A352-94D32454D18E}
2012-05-30 01:20:17 -------- d-----w- C:\Users\Josh\AppData\Local\{1894A2F4-B3B2-42B3-A974-DD9C7A4BEE5A}
2012-05-29 13:19:43 -------- d-----w- C:\Users\Josh\AppData\Local\{D877DF47-4EEA-4D1B-B601-20B1E0D2FBAA}
2012-05-29 01:19:01 -------- d-----w- C:\Users\Josh\AppData\Local\{54012A5B-B942-4887-9234-9C55A4A633AE}
2012-05-29 01:18:44 -------- d-----w- C:\Users\Josh\AppData\Local\{07053794-89A2-4922-957F-A9844BDC5803}
2012-05-28 13:17:35 -------- d-----w- C:\Users\Josh\AppData\Local\{9E41A51E-462A-46B3-81CC-6628CE1B47E1}
2012-05-28 13:16:55 -------- d-----w- C:\Users\Josh\AppData\Local\{264EFC4D-4756-4515-8685-6FA67F18F331}
2012-05-28 03:53:00 -------- d-----w- C:\Users\Josh\AppData\Local\{D4446F87-2E3E-4BF8-AB93-DFA5B752B147}
2012-05-28 01:26:23 -------- d-----w- C:\Users\Josh\AppData\Local\{BB7FCB0F-DADC-4B13-BEEC-C40B2158927A}
2012-05-28 01:21:06 -------- d-----w- C:\Users\Josh\AppData\Local\{3967F350-FF1B-4657-85C5-8C364D309707}
2012-05-28 01:16:31 -------- d-----w- C:\Users\Josh\AppData\Local\{1D23CD68-CABA-4966-87AE-E7ACA7AE86F9}
2012-05-28 00:59:26 -------- d-----w- C:\Users\Josh\AppData\Local\{39E077B6-8D81-4A67-95C3-61BBD0C29C46}
2012-05-28 00:52:59 -------- d-----w- C:\Users\Josh\AppData\Local\{7AAD17A9-EED7-4650-AFA0-98F06E10F424}
2012-05-28 00:41:30 -------- d-----w- C:\Users\Josh\AppData\Local\{6CEB1128-5AFE-4451-A2BB-F794CEFF71C8}
2012-05-28 00:26:57 -------- d-----w- C:\Users\Josh\AppData\Local\{5E786821-7130-4946-9403-20B268402DB5}
2012-05-28 00:07:52 -------- d-----w- C:\Users\Josh\AppData\Local\{67296CD3-BFEE-42A4-9CAC-7FA06A573645}
2012-05-27 19:26:30 -------- d-----w- C:\Users\Josh\AppData\Local\{AAC40843-807C-48F5-A00F-BF0768F0A26A}
2012-05-27 18:21:23 -------- d-----w- C:\Users\Josh\AppData\Local\{4C8E9C4A-BEA0-4530-891B-A47A5A1DDCF9}
2012-05-27 04:10:26 -------- d-----w- C:\Users\Josh\AppData\Local\{2AAA4165-2313-47A8-9500-8F14982A41A5}
2012-05-26 23:32:27 -------- d-----w- C:\Users\Josh\AppData\Local\{0832D774-E8F9-4798-92B4-5F7E1285493E}
2012-05-26 22:53:53 -------- d-----w- C:\Users\Josh\AppData\Local\{6C162C2D-BCBD-4A60-9352-0CFC47DB5F77}
2012-05-26 21:25:01 -------- d-----w- C:\Users\Josh\AppData\Local\{AF96D462-699B-44F6-9711-3A244717D81C}
2012-05-26 21:15:47 -------- d-----w- C:\Users\Josh\AppData\Local\{F917E427-FCDF-4896-B823-634A429BA820}
2012-05-26 20:03:21 -------- d-----w- C:\Users\Josh\AppData\Local\{AB4245FA-E51B-4574-9903-C576873D2852}
2012-05-26 04:22:14 -------- d-----w- C:\Users\Josh\AppData\Local\{EBA3A874-3E06-45BC-B7B3-68122478912D}
2012-05-26 01:19:29 -------- d-----w- C:\Users\Josh\AppData\Local\{2B9A2FA7-A4BC-4C78-B5BF-687DC3988B1A}
2012-05-25 13:18:31 -------- d-----w- C:\Users\Josh\AppData\Local\{06AB7199-FFAF-44B8-A1A5-5B4C4D398C3F}
2012-05-25 13:17:51 -------- d-----w- C:\Users\Josh\AppData\Local\{968178E4-34B0-4E6C-A926-258B07AFC23E}
2012-05-25 11:11:27 -------- d-----w- C:\Users\Josh\AppData\Local\{7215E3CA-FF41-4E52-8DDD-A6BE763382C4}
2012-05-25 11:04:53 -------- d-----w- C:\Users\Josh\AppData\Local\{993722B0-4C2D-488E-A835-2775337A0620}
2012-05-25 01:29:19 -------- d-----w- C:\Users\Josh\AppData\Local\{C3311400-6DA2-4AEB-B70D-30E269D834B0}
2012-05-24 20:24:42 -------- d-----w- C:\Users\Josh\AppData\Roaming\LolClient2
2012-05-24 13:15:12 -------- d-----w- C:\Users\Josh\AppData\Local\{75673365-EFD1-4170-9A19-93DBFBE7F362}
2012-05-24 13:14:32 -------- d-----w- C:\Users\Josh\AppData\Local\{F861D997-5F3E-4F27-8D8D-6C39E0E03420}
2012-05-24 03:25:15 -------- d-----w- C:\Users\Josh\AppData\Local\{E80CEC66-3E9D-443D-BCC8-D2398D98F108}
2012-05-23 22:48:03 -------- d-----w- C:\Users\Josh\AppData\Local\{74FD7F6E-BCA4-421C-8CA4-FA9B4592F1BD}
2012-05-23 10:47:26 -------- d-----w- C:\Users\Josh\AppData\Local\{3500C3B8-36DD-47C6-B532-9D5CD2F664B6}
2012-05-23 10:47:07 -------- d-----w- C:\Users\Josh\AppData\Local\{0127B658-641F-40D7-BA90-481B0275A02A}
.
==================== Find3M ====================
.
2012-06-21 18:12:02 328704 ----a-w- C:\Windows\System32\services.exe
2012-06-01 21:10:54 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-01 21:10:54 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-04 23:29:22 772504 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-04 23:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-20 19:30:49 98304 ----a-w- C:\Windows\SysWow64\CmdLineExt.dll
2012-04-19 08:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-07 02:27:44 2048104 ----a-w- C:\Windows\System32\RtPgEx64.dll
2012-04-07 02:27:44 1146984 ----a-w- C:\Windows\System32\RTSnMg64.cpl
2012-04-07 02:27:43 332392 ----a-w- C:\Windows\System32\RtlCPAPI64.dll
2012-04-07 02:27:43 2494056 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys
2012-04-07 02:27:42 149608 ----a-w- C:\Windows\System32\RtkCfg64.dll
2012-04-07 02:27:41 80488 ----a-w- C:\Windows\System32\RCoInst64.dll
2012-04-07 02:27:41 569960 ----a-w- C:\Windows\System32\RtkApi64.dll
2012-04-07 02:27:41 2625640 ----a-w- C:\Windows\System32\RtkAPO64.dll
2012-04-07 02:27:41 1215592 ----a-w- C:\Windows\System32\RTCOM64.dll
2012-04-07 02:27:33 200800 ----a-w- C:\Windows\System32\AERTAC64.dll
2012-04-07 02:27:23 1251944 ----a-w- C:\Windows\RtlExUpd.dll
2012-04-06 02:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-04-06 02:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-04-06 02:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-04-06 02:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-04-06 02:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-04-06 02:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-04-06 02:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-04-06 02:32:08 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-04-06 02:32:04 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll
2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-04-03 03:39:17 921 ----a-w- C:\Windows\QSFVExit.bat
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 22:24:47.38 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 The Gladstone

The Gladstone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 21 June 2012 - 10:20 PM

Alright, I'm gonna go to bed. I'll check this topic tomorrow.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:58 AM

Posted 22 June 2012 - 01:53 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 The Gladstone

The Gladstone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 22 June 2012 - 12:17 PM

Here are the security check logs. I'll put the combofix logs in the next post to make it easier to differentiate.

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Flash Player 11.2.202.235 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (13.0)
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

#5 The Gladstone

The Gladstone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 22 June 2012 - 12:19 PM

After running combofix it deleted the processes that seemed to be the most suspicious. The computer seems to be running well now. Is there anything else you need me to do?

ComboFix 12-06-21.03 - Josh 22/06/2012 12:49:48.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2811.1290 [GMT -4:00]
Running from: c:\users\Josh\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HPMonitor.exe.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpwjd.exe.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpwmsd.exe.lnk
c:\users\Josh\AppData\Roaming\Uninstal.exe
c:\windows\Installer\{1b81108d-9b49-108c-2c27-618018fcdd21}\@
c:\windows\Installer\{1b81108d-9b49-108c-2c27-618018fcdd21}\L\00000004.@
c:\windows\Installer\{1b81108d-9b49-108c-2c27-618018fcdd21}\L\1afb2d56
c:\windows\Installer\{1b81108d-9b49-108c-2c27-618018fcdd21}\L\201d3dde
c:\windows\Installer\{1b81108d-9b49-108c-2c27-618018fcdd21}\U\00000004.@
c:\windows\Installer\{1b81108d-9b49-108c-2c27-618018fcdd21}\U\000000cb.@
c:\windows\Tasks\At1.job
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 16:59 . 2012-06-22 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 19:05 . 2012-06-21 19:09 33096 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-06-21 18:58 . 2012-06-21 18:58 -------- d-----w- c:\users\Josh\AppData\Roaming\SUPERAntiSpyware.com
2012-06-21 18:58 . 2012-06-21 18:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-21 18:58 . 2012-06-21 18:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-21 18:03 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07836390-B5FB-4908-9E11-DEB6A4D2C408}\gapaengine.dll
2012-06-21 18:02 . 2012-06-18 07:12 9013136 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8A8700B1-7C4C-4DE6-B5F1-6CCDF425440F}\mpengine.dll
2012-06-21 17:52 . 2012-06-21 17:52 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-21 17:52 . 2012-06-21 17:53 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-21 17:30 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-21 17:30 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-21 17:30 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-21 17:30 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-21 17:30 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-21 17:30 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-21 17:29 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-21 17:29 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-21 17:29 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-21 17:29 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-21 17:29 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-21 17:29 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-21 17:29 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-21 17:29 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-21 17:29 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-21 17:29 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-21 17:28 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-21 17:28 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-21 17:28 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-21 14:45 . 2012-06-21 14:45 -------- d-----w- c:\users\Josh\AppData\Roaming\Malwarebytes
2012-06-21 14:44 . 2012-06-21 14:44 -------- d-----w- c:\programdata\Malwarebytes
2012-06-21 14:44 . 2012-06-21 14:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-21 14:44 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 14:05 . 2012-06-21 14:12 -------- d-----w- c:\users\Josh\AppData\Local\Google
2012-06-21 14:05 . 2012-06-21 14:12 -------- d-----w- c:\program files (x86)\Google
2012-06-19 17:45 . 2012-06-19 17:45 -------- d-----w- c:\program files (x86)\Oracle
2012-06-19 17:42 . 2012-06-19 17:42 -------- d-----w- c:\program files (x86)\Java
2012-06-11 05:30 . 2012-06-11 05:30 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-06-07 22:05 . 2012-06-07 22:05 -------- d-----w- c:\users\Josh\AppData\Roaming\AVG2012
2012-06-07 22:05 . 2012-06-07 22:05 -------- d-----w- c:\users\Josh\AppData\Local\AVG Secure Search
2012-06-07 22:04 . 2012-06-07 22:05 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-07 22:04 . 2012-06-07 22:04 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-06-07 22:04 . 2012-06-07 22:04 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-06-07 22:01 . 2012-06-22 00:05 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-07 22:01 . 2012-06-21 18:17 -------- d-----w- c:\programdata\AVG2012
2012-06-07 22:00 . 2012-06-07 22:00 -------- d-----w- c:\program files (x86)\AVG
2012-06-07 21:56 . 2012-06-22 00:05 -------- d-----w- c:\programdata\MFAData
2012-06-07 21:49 . 2012-06-07 21:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-04 08:20 . 2012-06-04 08:20 -------- d-----w- c:\users\Josh\AppData\Roaming\MotioninJoy
2012-06-04 08:20 . 2011-12-07 23:42 328712 ----a-w- c:\windows\system32\MijFrc.dll
2012-06-04 07:56 . 2012-06-04 08:20 -------- d-----w- c:\program files (x86)\PCSX2
2012-06-01 02:28 . 2012-06-01 02:28 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-05-30 17:59 . 2012-05-30 17:59 4966600 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-05-24 20:24 . 2012-05-24 20:24 -------- d-----w- c:\users\Josh\AppData\Roaming\LolClient2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 18:12 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-06-01 21:10 . 2012-04-11 18:12 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-01 21:10 . 2011-05-28 21:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 17:02 . 2012-05-31 11:46 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{650F32A4-4DB0-4011-8E3F-6D7E9A3F5A87}\mpengine.dll
2012-05-07 18:33 . 2012-03-09 20:22 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-07 18:32 . 2012-03-09 20:21 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-05-07 18:32 . 2012-03-09 20:21 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-04 23:29 . 2012-02-24 20:32 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-04 23:29 . 2010-09-01 23:28 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-23 19:54 . 2012-03-22 18:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-04-23 19:53 . 2012-03-22 18:37 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-04-23 19:53 . 2012-03-22 18:37 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-04-20 19:30 . 2011-07-24 19:15 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-07 02:27 . 2012-04-07 02:28 2048104 ----a-w- c:\windows\system32\RtPgEx64.dll
2012-04-07 02:27 . 2012-04-07 02:28 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
2012-04-07 02:27 . 2012-04-07 02:28 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2012-04-07 02:27 . 2012-04-07 02:28 2494056 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2012-04-07 02:27 . 2012-04-07 02:28 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2012-04-07 02:27 . 2012-04-07 02:28 569960 ----a-w- c:\windows\system32\RtkApi64.dll
2012-04-07 02:27 . 2012-04-07 02:28 2625640 ----a-w- c:\windows\system32\RtkAPO64.dll
2012-04-07 02:27 . 2012-04-07 02:28 80488 ----a-w- c:\windows\system32\RCoInst64.dll
2012-04-07 02:27 . 2012-04-07 02:28 1215592 ----a-w- c:\windows\system32\RTCOM64.dll
2012-04-07 02:27 . 2012-04-07 02:28 200800 ----a-w- c:\windows\system32\AERTAC64.dll
2012-04-07 02:27 . 2010-03-31 08:11 1251944 ----a-w- c:\windows\RtlExUpd.dll
2012-04-06 02:34 . 2012-04-06 02:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 02:34 . 2012-04-06 02:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 02:33 . 2012-04-06 02:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 02:33 . 2012-04-06 02:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 02:32 . 2012-04-06 02:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 02:32 . 2012-04-06 02:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-06 02:21 . 2012-05-16 19:54 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-05-16 19:54 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 01:35 . 2012-05-16 19:54 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-05-16 19:54 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-03 03:39 . 2012-04-03 03:39 921 ----a-w- c:\windows\QSFVExit.bat
2012-03-30 11:35 . 2012-05-15 22:29 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-07 22:04 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-07 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-05-23 3407496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-07 1104440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0AMwA4ADEANAAwADIAMAAxADAALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQgArADEALQBYAE8AOQArADEALQBGADkATQAyACsAMQA&prod=90&ver=9.0.894" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-21 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-21 136176]
R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2012-04-07 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-03-23 2321520]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-06 624856]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-07 935480]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-21 14:05]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-21 14:05]
.
2012-06-11 c:\windows\Tasks\HPCeeScheduleForJosh.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-04-07 6489704]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-02-05 995840]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\93b74pa5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf5cd7a79-87f5-45ce-9cbd-ca2b03e7141e%7D&mid=7bf00bddf58d239488a0c5f481ec43a3-a02703f07077a19be9159f751d22ed12fb2a9109&ds=AVG&v=11.1.0.7&lang=en&pr=pr&d=2012-06-07%2018%3A04%3A43&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-73948960.sys
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-HP Quick Launch - c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
HKLM-Run-HPWirelessAssistant - c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1639273734-1082684029-1186129129-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1f,75,43,ce,e3,b8,3f,80,e9,9b,be,46,aa,8b,13,8a,db,f5,a3,89,04,d2,27,
11,de,07,30,b9,8d,45,d4,af,31,3f,79,a5,13,fe,d5,c1,5c,35,92,32,a6,e4,02,bb,\
"??"=hex:62,67,65,76,95,f5,8c,ce,64,41,bc,4a,0f,1f,c5,87
.
[HKEY_USERS\S-1-5-21-1639273734-1082684029-1186129129-1000\Software\SecuROM\License information*]
"datasecu"=hex:1f,04,f5,df,d9,21,66,4a,87,1c,38,6c,3e,f3,d6,c1,2c,bf,82,a4,1e,
43,3b,e5,c8,e3,dd,49,52,e1,14,a4,d0,bd,29,d6,2a,9c,04,8c,45,0c,9f,ec,e9,b6,\
"rkeysecu"=hex:4b,b3,d4,12,64,7d,79,5e,14,ec,e7,22,de,8d,4a,6c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-06-22 13:14:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-22 17:14
.
Pre-Run: 98,151,858,176 bytes free
Post-Run: 98,176,778,240 bytes free
.
- - End Of File - - 16642DAAE855408725E90D6B8052013C

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:58 AM

Posted 22 June 2012 - 05:33 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 The Gladstone

The Gladstone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 22 June 2012 - 08:38 PM

Here are the TDSS logs

21:34:41.0179 5960 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
21:34:41.0667 5960 ============================================================
21:34:41.0667 5960 Current date / time: 2012/06/22 21:34:41.0667
21:34:41.0667 5960 SystemInfo:
21:34:41.0667 5960
21:34:41.0668 5960 OS Version: 6.1.7601 ServicePack: 1.0
21:34:41.0668 5960 Product type: Workstation
21:34:41.0668 5960 ComputerName: RARGLEBLARGLE
21:34:41.0668 5960 UserName: Josh
21:34:41.0668 5960 Windows directory: C:\Windows
21:34:41.0668 5960 System windows directory: C:\Windows
21:34:41.0668 5960 Running under WOW64
21:34:41.0668 5960 Processor architecture: Intel x64
21:34:41.0668 5960 Number of processors: 2
21:34:41.0668 5960 Page size: 0x1000
21:34:41.0668 5960 Boot type: Normal boot
21:34:41.0668 5960 ============================================================
21:34:44.0062 5960 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:34:44.0068 5960 ============================================================
21:34:44.0068 5960 \Device\Harddisk0\DR0:
21:34:44.0069 5960 MBR partitions:
21:34:44.0069 5960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:34:44.0069 5960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23889800
21:34:44.0069 5960 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x238ED800, BlocksNum 0x1B0D000
21:34:44.0069 5960 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
21:34:44.0069 5960 ============================================================
21:34:44.0104 5960 C: <-> \Device\Harddisk0\DR0\Partition1
21:34:44.0253 5960 D: <-> \Device\Harddisk0\DR0\Partition2
21:34:44.0263 5960 E: <-> \Device\Harddisk0\DR0\Partition3
21:34:44.0264 5960 ============================================================
21:34:44.0264 5960 Initialize success
21:34:44.0264 5960 ============================================================
21:35:03.0504 2716 ============================================================
21:35:03.0504 2716 Scan started
21:35:03.0504 2716 Mode: Manual;
21:35:03.0504 2716 ============================================================
21:35:04.0717 2716 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:35:04.0719 2716 !SASCORE - ok
21:35:05.0039 2716 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:35:05.0069 2716 1394ohci - ok
21:35:05.0154 2716 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:35:05.0159 2716 ACPI - ok
21:35:05.0184 2716 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:35:05.0202 2716 AcpiPmi - ok
21:35:05.0318 2716 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:35:05.0347 2716 adp94xx - ok
21:35:05.0399 2716 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:35:05.0407 2716 adpahci - ok
21:35:05.0454 2716 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:35:05.0496 2716 adpu320 - ok
21:35:05.0538 2716 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:35:05.0540 2716 AeLookupSvc - ok
21:35:05.0699 2716 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
21:35:05.0703 2716 AERTFilters - ok
21:35:05.0827 2716 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:35:05.0854 2716 AFD - ok
21:35:05.0909 2716 AgereModemAudio - ok
21:35:06.0000 2716 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys
21:35:06.0022 2716 AgereSoftModem - ok
21:35:06.0134 2716 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:35:06.0138 2716 agp440 - ok
21:35:06.0189 2716 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:35:06.0192 2716 ALG - ok
21:35:06.0217 2716 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:35:06.0218 2716 aliide - ok
21:35:06.0268 2716 AMD External Events Utility (29c151492510640343b00b63996e4070) C:\Windows\system32\atiesrxx.exe
21:35:06.0272 2716 AMD External Events Utility - ok
21:35:06.0464 2716 AMD FUEL Service - ok
21:35:06.0526 2716 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:35:06.0528 2716 amdide - ok
21:35:06.0592 2716 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
21:35:06.0595 2716 amdiox64 - ok
21:35:06.0637 2716 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:35:06.0648 2716 AmdK8 - ok
21:35:07.0336 2716 amdkmdag (2c9c4824664c61351ff1e0169262d026) C:\Windows\system32\DRIVERS\atikmdag.sys
21:35:07.0538 2716 amdkmdag - ok
21:35:07.0909 2716 amdkmdap (ef7382689d3b17ac2983202e7a40ab45) C:\Windows\system32\DRIVERS\atikmpag.sys
21:35:07.0938 2716 amdkmdap - ok
21:35:08.0002 2716 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:35:08.0003 2716 AmdPPM - ok
21:35:08.0048 2716 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
21:35:08.0049 2716 amdsata - ok
21:35:08.0184 2716 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:35:08.0203 2716 amdsbs - ok
21:35:08.0217 2716 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
21:35:08.0218 2716 amdxata - ok
21:35:08.0511 2716 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
21:35:08.0515 2716 AODDriver4.01 - ok
21:35:08.0593 2716 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:35:08.0597 2716 AppID - ok
21:35:08.0702 2716 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:35:08.0708 2716 AppIDSvc - ok
21:35:08.0792 2716 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:35:08.0793 2716 Appinfo - ok
21:35:08.0959 2716 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:35:09.0006 2716 arc - ok
21:35:09.0038 2716 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:35:09.0055 2716 arcsas - ok
21:35:09.0112 2716 aspnet_state - ok
21:35:09.0136 2716 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:35:09.0178 2716 AsyncMac - ok
21:35:09.0249 2716 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:35:09.0259 2716 atapi - ok
21:35:09.0402 2716 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
21:35:09.0405 2716 AtiHDAudioService - ok
21:35:09.0521 2716 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
21:35:09.0547 2716 AtiHdmiService - ok
21:35:09.0601 2716 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:35:09.0603 2716 AtiPcie - ok
21:35:09.0814 2716 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:35:09.0825 2716 AudioEndpointBuilder - ok
21:35:09.0856 2716 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:35:09.0863 2716 AudioSrv - ok
21:35:09.0999 2716 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
21:35:10.0045 2716 Avgfwfd - ok
21:35:10.0379 2716 avgfws (3f246752bc1309f71a737c6a90dd5295) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
21:35:10.0417 2716 avgfws - ok
21:35:11.0479 2716 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
21:35:11.0546 2716 AVGIDSAgent - ok
21:35:11.0898 2716 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
21:35:11.0902 2716 AVGIDSDriver - ok
21:35:11.0913 2716 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
21:35:11.0914 2716 AVGIDSFilter - ok
21:35:11.0927 2716 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
21:35:11.0929 2716 AVGIDSHA - ok
21:35:12.0024 2716 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
21:35:12.0038 2716 Avgldx64 - ok
21:35:12.0066 2716 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
21:35:12.0069 2716 Avgmfx64 - ok
21:35:12.0099 2716 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
21:35:12.0109 2716 Avgrkx64 - ok
21:35:12.0135 2716 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
21:35:12.0144 2716 Avgtdia - ok
21:35:12.0303 2716 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
21:35:12.0306 2716 avgwd - ok
21:35:12.0468 2716 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:35:12.0472 2716 AxInstSV - ok
21:35:12.0559 2716 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:35:12.0581 2716 b06bdrv - ok
21:35:12.0856 2716 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:35:12.0873 2716 b57nd60a - ok
21:35:13.0244 2716 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:35:13.0317 2716 BCM43XX - ok
21:35:13.0584 2716 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:35:13.0586 2716 BDESVC - ok
21:35:13.0721 2716 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:35:13.0741 2716 Beep - ok
21:35:14.0592 2716 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:35:14.0622 2716 BFE - ok
21:35:14.0834 2716 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:35:14.0846 2716 BITS - ok
21:35:15.0183 2716 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:35:15.0204 2716 blbdrive - ok
21:35:15.0267 2716 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:35:15.0271 2716 bowser - ok
21:35:15.0307 2716 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:35:15.0311 2716 BrFiltLo - ok
21:35:15.0327 2716 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:35:15.0329 2716 BrFiltUp - ok
21:35:15.0411 2716 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:35:15.0414 2716 BridgeMP - ok
21:35:15.0439 2716 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:35:15.0442 2716 Browser - ok
21:35:15.0487 2716 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:35:15.0498 2716 Brserid - ok
21:35:15.0519 2716 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:35:15.0523 2716 BrSerWdm - ok
21:35:15.0536 2716 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:35:15.0538 2716 BrUsbMdm - ok
21:35:15.0552 2716 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:35:15.0566 2716 BrUsbSer - ok
21:35:15.0608 2716 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:35:15.0613 2716 BTHMODEM - ok
21:35:15.0695 2716 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:35:15.0725 2716 bthserv - ok
21:35:15.0746 2716 catchme - ok
21:35:15.0769 2716 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:35:15.0773 2716 cdfs - ok
21:35:15.0829 2716 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:35:15.0845 2716 cdrom - ok
21:35:15.0964 2716 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:35:15.0966 2716 CertPropSvc - ok
21:35:15.0993 2716 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:35:15.0995 2716 circlass - ok
21:35:16.0042 2716 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:35:16.0049 2716 CLFS - ok
21:35:16.0135 2716 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:35:16.0143 2716 clr_optimization_v2.0.50727_32 - ok
21:35:16.0215 2716 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:35:16.0243 2716 clr_optimization_v2.0.50727_64 - ok
21:35:16.0507 2716 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:35:16.0526 2716 clr_optimization_v4.0.30319_32 - ok
21:35:17.0042 2716 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:35:17.0052 2716 clr_optimization_v4.0.30319_64 - ok
21:35:17.0097 2716 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:35:17.0163 2716 CmBatt - ok
21:35:17.0198 2716 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:35:17.0205 2716 cmdide - ok
21:35:17.0298 2716 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:35:17.0311 2716 CNG - ok
21:35:17.0401 2716 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:35:17.0403 2716 Compbatt - ok
21:35:17.0479 2716 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:35:17.0485 2716 CompositeBus - ok
21:35:17.0505 2716 COMSysApp - ok
21:35:17.0545 2716 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:35:17.0547 2716 crcdisk - ok
21:35:17.0635 2716 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
21:35:17.0638 2716 CryptSvc - ok
21:35:17.0714 2716 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:35:17.0723 2716 DcomLaunch - ok
21:35:17.0806 2716 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:35:17.0833 2716 defragsvc - ok
21:35:17.0871 2716 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:35:17.0874 2716 DfsC - ok
21:35:17.0982 2716 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:35:17.0989 2716 Dhcp - ok
21:35:18.0031 2716 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:35:18.0037 2716 discache - ok
21:35:18.0085 2716 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:35:18.0089 2716 Disk - ok
21:35:18.0149 2716 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:35:18.0154 2716 Dnscache - ok
21:35:18.0288 2716 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:35:18.0326 2716 dot3svc - ok
21:35:18.0421 2716 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:35:18.0434 2716 DPS - ok
21:35:18.0513 2716 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:35:18.0514 2716 drmkaud - ok
21:35:18.0639 2716 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:35:18.0672 2716 DXGKrnl - ok
21:35:18.0721 2716 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:35:18.0724 2716 EapHost - ok
21:35:19.0141 2716 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:35:19.0264 2716 ebdrv - ok
21:35:19.0418 2716 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:35:19.0419 2716 EFS - ok
21:35:19.0585 2716 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:35:19.0717 2716 ehRecvr - ok
21:35:20.0074 2716 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:35:20.0143 2716 ehSched - ok
21:35:20.0602 2716 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:35:20.0619 2716 elxstor - ok
21:35:20.0671 2716 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:35:20.0673 2716 ErrDev - ok
21:35:20.0802 2716 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:35:20.0808 2716 EventSystem - ok
21:35:20.0816 2716 ewusbnet - ok
21:35:20.0825 2716 ew_hwusbdev - ok
21:35:20.0864 2716 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:35:20.0872 2716 exfat - ok
21:35:20.0894 2716 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:35:20.0896 2716 fastfat - ok
21:35:20.0967 2716 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:35:20.0976 2716 Fax - ok
21:35:20.0995 2716 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:35:21.0004 2716 fdc - ok
21:35:21.0034 2716 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:35:21.0038 2716 fdPHost - ok
21:35:21.0064 2716 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:35:21.0073 2716 FDResPub - ok
21:35:21.0092 2716 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:35:21.0094 2716 FileInfo - ok
21:35:21.0112 2716 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:35:21.0135 2716 Filetrace - ok
21:35:21.0148 2716 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:35:21.0150 2716 flpydisk - ok
21:35:21.0209 2716 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:35:21.0213 2716 FltMgr - ok
21:35:21.0446 2716 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:35:21.0470 2716 FontCache - ok
21:35:21.0565 2716 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:35:21.0566 2716 FontCache3.0.0.0 - ok
21:35:21.0597 2716 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:35:21.0599 2716 FsDepends - ok
21:35:21.0677 2716 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:35:21.0683 2716 Fs_Rec - ok
21:35:21.0792 2716 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:35:21.0795 2716 fvevol - ok
21:35:21.0852 2716 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:35:21.0867 2716 gagp30kx - ok
21:35:22.0015 2716 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:35:22.0018 2716 GamesAppService - ok
21:35:22.0267 2716 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:35:22.0278 2716 gpsvc - ok
21:35:22.0484 2716 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:35:22.0486 2716 gupdate - ok
21:35:22.0492 2716 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:35:22.0494 2716 gupdatem - ok
21:35:22.0586 2716 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:35:22.0589 2716 hcw85cir - ok
21:35:22.0765 2716 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:35:22.0824 2716 HdAudAddService - ok
21:35:22.0855 2716 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:35:22.0858 2716 HDAudBus - ok
21:35:22.0982 2716 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:35:22.0985 2716 HidBatt - ok
21:35:23.0075 2716 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:35:23.0096 2716 HidBth - ok
21:35:23.0129 2716 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:35:23.0162 2716 HidIr - ok
21:35:23.0205 2716 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:35:23.0224 2716 hidserv - ok
21:35:23.0294 2716 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:35:23.0295 2716 HidUsb - ok
21:35:23.0353 2716 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:35:23.0355 2716 hkmsvc - ok
21:35:23.0408 2716 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:35:23.0413 2716 HomeGroupListener - ok
21:35:23.0462 2716 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:35:23.0467 2716 HomeGroupProvider - ok
21:35:23.0636 2716 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:35:23.0638 2716 HP Support Assistant Service - ok
21:35:23.0772 2716 HP Wireless Assistant Service - ok
21:35:23.0833 2716 HP8207_8307 (3015b37029ad15c67ebca5053c422f90) C:\Windows\system32\DRIVERS\HP8207_8307.sys
21:35:23.0836 2716 HP8207_8307 - ok
21:35:23.0924 2716 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:35:23.0925 2716 HPDrvMntSvc.exe - ok
21:35:23.0986 2716 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
21:35:24.0016 2716 hpqwmiex - ok
21:35:24.0108 2716 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:35:24.0110 2716 HpSAMD - ok
21:35:24.0157 2716 HPWMISVC - ok
21:35:24.0244 2716 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:35:24.0255 2716 HTTP - ok
21:35:24.0273 2716 huawei_enumerator - ok
21:35:24.0301 2716 hwdatacard - ok
21:35:24.0350 2716 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:35:24.0351 2716 hwpolicy - ok
21:35:24.0423 2716 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:35:24.0425 2716 i8042prt - ok
21:35:24.0494 2716 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:35:24.0504 2716 iaStorV - ok
21:35:24.0802 2716 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:35:24.0819 2716 IDriverT - ok
21:35:25.0162 2716 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:35:25.0217 2716 idsvc - ok
21:35:26.0527 2716 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:35:26.0703 2716 igfx - ok
21:35:26.0849 2716 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:35:26.0887 2716 iirsp - ok
21:35:26.0976 2716 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:35:26.0987 2716 IKEEXT - ok
21:35:27.0137 2716 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
21:35:27.0222 2716 IntcAzAudAddService - ok
21:35:27.0367 2716 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:35:27.0386 2716 intelide - ok
21:35:27.0425 2716 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:35:27.0432 2716 intelppm - ok
21:35:27.0459 2716 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:35:27.0514 2716 IPBusEnum - ok
21:35:27.0586 2716 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:35:27.0631 2716 IpFilterDriver - ok
21:35:27.0785 2716 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:35:27.0794 2716 iphlpsvc - ok
21:35:27.0843 2716 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:35:27.0862 2716 IPMIDRV - ok
21:35:27.0905 2716 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:35:27.0932 2716 IPNAT - ok
21:35:28.0037 2716 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:35:28.0051 2716 IRENUM - ok
21:35:28.0099 2716 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:35:28.0105 2716 isapnp - ok
21:35:28.0238 2716 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:35:28.0285 2716 iScsiPrt - ok
21:35:28.0351 2716 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:35:28.0361 2716 kbdclass - ok
21:35:28.0440 2716 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:35:28.0446 2716 kbdhid - ok
21:35:28.0484 2716 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:35:28.0487 2716 KeyIso - ok
21:35:28.0535 2716 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:35:28.0536 2716 KSecDD - ok
21:35:28.0723 2716 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:35:28.0725 2716 KSecPkg - ok
21:35:28.0771 2716 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:35:28.0781 2716 ksthunk - ok
21:35:28.0866 2716 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:35:28.0877 2716 KtmRm - ok
21:35:28.0951 2716 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:35:28.0955 2716 LanmanServer - ok
21:35:29.0020 2716 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:35:29.0025 2716 LanmanWorkstation - ok
21:35:29.0138 2716 LightScribeService (47269f0de1e5089c6f23bc1ec48cfc31) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:35:29.0140 2716 LightScribeService - ok
21:35:29.0178 2716 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:35:29.0182 2716 lltdio - ok
21:35:29.0241 2716 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:35:29.0252 2716 lltdsvc - ok
21:35:29.0263 2716 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:35:29.0266 2716 lmhosts - ok
21:35:29.0314 2716 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:35:29.0338 2716 LSI_FC - ok
21:35:29.0357 2716 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:35:29.0360 2716 LSI_SAS - ok
21:35:29.0421 2716 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:35:29.0424 2716 LSI_SAS2 - ok
21:35:29.0447 2716 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:35:29.0457 2716 LSI_SCSI - ok
21:35:29.0484 2716 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:35:29.0487 2716 luafv - ok
21:35:29.0560 2716 mbamchameleon (08aa34bc5f95f4fdd58dd7528a9c63cc) C:\Windows\system32\drivers\mbamchameleon.sys
21:35:29.0563 2716 mbamchameleon - ok
21:35:29.0692 2716 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:35:29.0697 2716 MBAMProtector - ok
21:35:29.0763 2716 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:35:29.0784 2716 MBAMService - ok
21:35:29.0865 2716 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
21:35:29.0869 2716 McComponentHostService - ok
21:35:29.0957 2716 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:35:29.0975 2716 Mcx2Svc - ok
21:35:30.0002 2716 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:35:30.0004 2716 megasas - ok
21:35:30.0043 2716 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:35:30.0048 2716 MegaSR - ok
21:35:30.0076 2716 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:35:30.0078 2716 MMCSS - ok
21:35:30.0102 2716 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:35:30.0104 2716 Modem - ok
21:35:30.0182 2716 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:35:30.0183 2716 monitor - ok
21:35:30.0247 2716 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:35:30.0248 2716 mouclass - ok
21:35:30.0285 2716 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:35:30.0286 2716 mouhid - ok
21:35:30.0351 2716 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:35:30.0352 2716 mountmgr - ok
21:35:30.0516 2716 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:35:30.0519 2716 MozillaMaintenance - ok
21:35:30.0581 2716 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
21:35:30.0584 2716 MpFilter - ok
21:35:30.0636 2716 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:35:30.0647 2716 mpio - ok
21:35:30.0771 2716 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:35:30.0823 2716 mpsdrv - ok
21:35:31.0092 2716 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:35:31.0105 2716 MpsSvc - ok
21:35:31.0214 2716 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:35:31.0235 2716 MRxDAV - ok
21:35:31.0266 2716 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:35:31.0272 2716 mrxsmb - ok
21:35:31.0323 2716 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:35:31.0327 2716 mrxsmb10 - ok
21:35:31.0393 2716 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:35:31.0407 2716 mrxsmb20 - ok
21:35:31.0463 2716 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:35:31.0468 2716 msahci - ok
21:35:31.0518 2716 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:35:31.0523 2716 msdsm - ok
21:35:31.0602 2716 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:35:31.0606 2716 MSDTC - ok
21:35:31.0633 2716 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:35:31.0635 2716 Msfs - ok
21:35:31.0688 2716 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:35:31.0701 2716 mshidkmdf - ok
21:35:31.0744 2716 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:35:31.0745 2716 msisadrv - ok
21:35:31.0773 2716 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:35:31.0777 2716 MSiSCSI - ok
21:35:31.0785 2716 msiserver - ok
21:35:31.0831 2716 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:35:31.0832 2716 MSKSSRV - ok
21:35:31.0962 2716 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:35:31.0963 2716 MsMpSvc - ok
21:35:31.0998 2716 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:35:31.0999 2716 MSPCLOCK - ok
21:35:32.0025 2716 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:35:32.0026 2716 MSPQM - ok
21:35:32.0202 2716 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:35:32.0208 2716 MsRPC - ok
21:35:32.0273 2716 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:35:32.0274 2716 mssmbios - ok
21:35:32.0296 2716 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:35:32.0313 2716 MSTEE - ok
21:35:32.0343 2716 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:35:32.0421 2716 MTConfig - ok
21:35:32.0445 2716 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:35:32.0484 2716 Mup - ok
21:35:32.0592 2716 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:35:32.0599 2716 napagent - ok
21:35:32.0688 2716 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:35:32.0698 2716 NativeWifiP - ok
21:35:32.0857 2716 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:35:32.0871 2716 NDIS - ok
21:35:32.0969 2716 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:35:32.0974 2716 NdisCap - ok
21:35:32.0997 2716 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:35:33.0009 2716 NdisTapi - ok
21:35:33.0245 2716 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:35:33.0286 2716 Ndisuio - ok
21:35:33.0383 2716 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:35:33.0392 2716 NdisWan - ok
21:35:33.0443 2716 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:35:33.0461 2716 NDProxy - ok
21:35:33.0502 2716 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:35:33.0516 2716 NetBIOS - ok
21:35:33.0735 2716 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:35:33.0754 2716 NetBT - ok
21:35:33.0928 2716 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:35:33.0931 2716 Netlogon - ok
21:35:33.0995 2716 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:35:34.0001 2716 Netman - ok
21:35:34.0118 2716 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:35:34.0127 2716 netprofm - ok
21:35:34.0305 2716 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:35:34.0337 2716 NetTcpPortSharing - ok
21:35:35.0086 2716 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
21:35:35.0198 2716 netw5v64 - ok
21:35:35.0698 2716 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:35:35.0701 2716 nfrd960 - ok
21:35:35.0843 2716 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:35:35.0846 2716 NisDrv - ok
21:35:36.0064 2716 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
21:35:36.0075 2716 NisSrv - ok
21:35:36.0234 2716 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:35:36.0242 2716 NlaSvc - ok
21:35:36.0326 2716 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:35:36.0328 2716 Npfs - ok
21:35:36.0373 2716 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:35:36.0383 2716 nsi - ok
21:35:36.0413 2716 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:35:36.0414 2716 nsiproxy - ok
21:35:37.0080 2716 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:35:37.0138 2716 Ntfs - ok
21:35:37.0280 2716 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:35:37.0289 2716 Null - ok
21:35:37.0334 2716 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:35:37.0354 2716 nvraid - ok
21:35:37.0375 2716 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:35:37.0393 2716 nvstor - ok
21:35:37.0463 2716 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:35:37.0468 2716 nv_agp - ok
21:35:37.0637 2716 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:35:37.0685 2716 odserv - ok
21:35:37.0730 2716 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:35:37.0732 2716 ohci1394 - ok
21:35:37.0770 2716 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:35:37.0829 2716 ose - ok
21:35:37.0903 2716 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:35:37.0910 2716 p2pimsvc - ok
21:35:37.0937 2716 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:35:37.0968 2716 p2psvc - ok
21:35:38.0101 2716 PanService (77cdc6c43d8c3e05d0e21b36eaabebae) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
21:35:38.0114 2716 PanService - ok
21:35:38.0250 2716 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:35:38.0253 2716 Parport - ok
21:35:38.0325 2716 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:35:38.0327 2716 partmgr - ok
21:35:38.0386 2716 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:35:38.0392 2716 PcaSvc - ok
21:35:38.0435 2716 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:35:38.0438 2716 pci - ok
21:35:38.0457 2716 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:35:38.0458 2716 pciide - ok
21:35:38.0488 2716 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:35:38.0492 2716 pcmcia - ok
21:35:38.0519 2716 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:35:38.0520 2716 pcw - ok
21:35:38.0562 2716 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:35:38.0572 2716 PEAUTH - ok
21:35:38.0702 2716 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:35:38.0705 2716 PerfHost - ok
21:35:39.0286 2716 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:35:39.0349 2716 pla - ok
21:35:39.0443 2716 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:35:39.0449 2716 PlugPlay - ok
21:35:39.0484 2716 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:35:39.0487 2716 PNRPAutoReg - ok
21:35:39.0539 2716 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:35:39.0545 2716 PNRPsvc - ok
21:35:39.0608 2716 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:35:39.0616 2716 PolicyAgent - ok
21:35:39.0775 2716 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:35:39.0782 2716 Power - ok
21:35:39.0872 2716 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:35:39.0874 2716 PptpMiniport - ok
21:35:39.0913 2716 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:35:39.0925 2716 Processor - ok
21:35:40.0060 2716 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
21:35:40.0077 2716 ProfSvc - ok
21:35:40.0118 2716 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:35:40.0121 2716 ProtectedStorage - ok
21:35:40.0190 2716 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:35:40.0193 2716 Psched - ok
21:35:40.0568 2716 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:35:40.0599 2716 ql2300 - ok
21:35:40.0928 2716 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:35:40.0932 2716 ql40xx - ok
21:35:40.0967 2716 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:35:41.0020 2716 QWAVE - ok
21:35:41.0040 2716 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:35:41.0043 2716 QWAVEdrv - ok
21:35:41.0056 2716 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:35:41.0057 2716 RasAcd - ok
21:35:41.0081 2716 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:35:41.0083 2716 RasAgileVpn - ok
21:35:41.0135 2716 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:35:41.0207 2716 RasAuto - ok
21:35:41.0268 2716 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:35:41.0272 2716 Rasl2tp - ok
21:35:41.0333 2716 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:35:41.0339 2716 RasMan - ok
21:35:41.0357 2716 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:35:41.0359 2716 RasPppoe - ok
21:35:41.0383 2716 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:35:41.0385 2716 RasSstp - ok
21:35:41.0756 2716 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:35:41.0779 2716 rdbss - ok
21:35:41.0820 2716 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:35:41.0823 2716 rdpbus - ok
21:35:41.0859 2716 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:35:41.0860 2716 RDPCDD - ok
21:35:41.0883 2716 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:35:41.0884 2716 RDPENCDD - ok
21:35:41.0906 2716 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:35:41.0907 2716 RDPREFMP - ok
21:35:41.0983 2716 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:35:41.0986 2716 RDPWD - ok
21:35:42.0259 2716 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:35:42.0264 2716 rdyboost - ok
21:35:42.0558 2716 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:35:42.0598 2716 RemoteAccess - ok
21:35:42.0826 2716 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:35:42.0848 2716 RemoteRegistry - ok
21:35:42.0879 2716 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:35:42.0884 2716 RpcEptMapper - ok
21:35:42.0987 2716 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:35:43.0027 2716 RpcLocator - ok
21:35:43.0266 2716 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:35:43.0273 2716 RpcSs - ok
21:35:43.0354 2716 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:35:43.0356 2716 rspndr - ok
21:35:43.0771 2716 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys
21:35:43.0775 2716 RSUSBSTOR - ok
21:35:44.0433 2716 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:35:44.0478 2716 RTL8167 - ok
21:35:45.0674 2716 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
21:35:45.0676 2716 RtVOsdService - ok
21:35:45.0727 2716 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:35:45.0729 2716 SamSs - ok
21:35:45.0880 2716 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:35:45.0908 2716 SASDIFSV - ok
21:35:46.0111 2716 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:35:46.0172 2716 SASKUTIL - ok
21:35:46.0424 2716 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:35:46.0426 2716 sbp2port - ok
21:35:46.0464 2716 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:35:46.0486 2716 SCardSvr - ok
21:35:46.0518 2716 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
21:35:46.0519 2716 SCDEmu - ok
21:35:46.0582 2716 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:35:46.0583 2716 scfilter - ok
21:35:46.0855 2716 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:35:46.0882 2716 Schedule - ok
21:35:46.0926 2716 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:35:46.0928 2716 SCPolicySvc - ok
21:35:46.0971 2716 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
21:35:46.0973 2716 sdbus - ok
21:35:47.0054 2716 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:35:47.0075 2716 SDRSVC - ok
21:35:47.0111 2716 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:35:47.0112 2716 secdrv - ok
21:35:47.0132 2716 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:35:47.0134 2716 seclogon - ok
21:35:47.0183 2716 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:35:47.0188 2716 SENS - ok
21:35:47.0243 2716 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:35:47.0246 2716 SensrSvc - ok
21:35:47.0314 2716 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:35:47.0333 2716 Serenum - ok
21:35:47.0389 2716 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:35:47.0392 2716 Serial - ok
21:35:47.0495 2716 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:35:47.0497 2716 sermouse - ok
21:35:47.0555 2716 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:35:47.0559 2716 SessionEnv - ok
21:35:47.0638 2716 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:35:47.0639 2716 sffdisk - ok
21:35:47.0676 2716 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:35:47.0678 2716 sffp_mmc - ok
21:35:47.0707 2716 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:35:47.0708 2716 sffp_sd - ok
21:35:47.0808 2716 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:35:47.0811 2716 sfloppy - ok
21:35:48.0198 2716 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:35:48.0219 2716 SharedAccess - ok
21:35:48.0302 2716 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:35:48.0323 2716 ShellHWDetection - ok
21:35:48.0375 2716 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:35:48.0377 2716 SiSRaid2 - ok
21:35:48.0422 2716 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:35:48.0429 2716 SiSRaid4 - ok
21:35:49.0346 2716 Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:35:49.0369 2716 Skype C2C Service - ok
21:35:49.0694 2716 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:35:49.0697 2716 SkypeUpdate - ok
21:35:49.0862 2716 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:35:49.0864 2716 Smb - ok
21:35:49.0890 2716 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:35:49.0893 2716 SNMPTRAP - ok
21:35:49.0912 2716 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:35:49.0914 2716 spldr - ok
21:35:49.0994 2716 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:35:50.0004 2716 Spooler - ok
21:35:50.0309 2716 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:35:50.0358 2716 sppsvc - ok
21:35:50.0515 2716 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:35:50.0523 2716 sppuinotify - ok
21:35:50.0869 2716 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:35:50.0876 2716 srv - ok
21:35:50.0921 2716 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:35:50.0926 2716 srv2 - ok
21:35:50.0973 2716 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:35:50.0977 2716 SrvHsfHDA - ok
21:35:51.0072 2716 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:35:51.0107 2716 SrvHsfV92 - ok
21:35:52.0172 2716 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:35:52.0183 2716 SrvHsfWinac - ok
21:35:52.0216 2716 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:35:52.0219 2716 srvnet - ok
21:35:52.0266 2716 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:35:52.0271 2716 SSDPSRV - ok
21:35:52.0294 2716 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:35:52.0296 2716 SstpSvc - ok
21:35:52.0371 2716 Steam Client Service - ok
21:35:52.0402 2716 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:35:52.0403 2716 stexstor - ok
21:35:52.0584 2716 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:35:52.0596 2716 stisvc - ok
21:35:52.0637 2716 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:35:52.0638 2716 swenum - ok
21:35:52.0696 2716 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:35:52.0705 2716 swprv - ok
21:35:52.0793 2716 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
21:35:52.0798 2716 SynTP - ok
21:35:53.0249 2716 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:35:53.0285 2716 SysMain - ok
21:35:53.0407 2716 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:35:53.0412 2716 TabletInputService - ok
21:35:53.0458 2716 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:35:53.0465 2716 TapiSrv - ok
21:35:53.0584 2716 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:35:53.0616 2716 TBS - ok
21:35:54.0555 2716 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:35:54.0603 2716 Tcpip - ok
21:35:54.0946 2716 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:35:54.0962 2716 TCPIP6 - ok
21:35:55.0030 2716 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:35:55.0032 2716 tcpipreg - ok
21:35:55.0056 2716 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:35:55.0057 2716 TDPIPE - ok
21:35:55.0099 2716 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:35:55.0100 2716 TDTCP - ok
21:35:55.0198 2716 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:35:55.0200 2716 tdx - ok
21:35:55.0303 2716 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:35:55.0305 2716 TermDD - ok
21:35:55.0354 2716 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:35:55.0366 2716 TermService - ok
21:35:55.0465 2716 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:35:55.0467 2716 Themes - ok
21:35:55.0558 2716 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:35:55.0562 2716 THREADORDER - ok
21:35:55.0594 2716 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:35:55.0599 2716 TrkWks - ok
21:35:55.0673 2716 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:35:55.0708 2716 TrustedInstaller - ok
21:35:55.0762 2716 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:35:55.0764 2716 tssecsrv - ok
21:35:55.0826 2716 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:35:55.0827 2716 TsUsbFlt - ok
21:35:55.0878 2716 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:35:55.0880 2716 tunnel - ok
21:35:55.0944 2716 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:35:55.0946 2716 uagp35 - ok
21:35:55.0997 2716 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:35:56.0004 2716 udfs - ok
21:35:56.0039 2716 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:35:56.0044 2716 UI0Detect - ok
21:35:56.0095 2716 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:35:56.0097 2716 uliagpkx - ok
21:35:56.0192 2716 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:35:56.0196 2716 umbus - ok
21:35:56.0223 2716 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:35:56.0224 2716 UmPass - ok
21:35:56.0270 2716 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:35:56.0288 2716 upnphost - ok
21:35:56.0373 2716 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:35:56.0374 2716 usbccgp - ok
21:35:56.0476 2716 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:35:56.0478 2716 usbcir - ok
21:35:56.0503 2716 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:35:56.0520 2716 usbehci - ok
21:35:56.0685 2716 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:35:56.0689 2716 usbhub - ok
21:35:56.0712 2716 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:35:56.0714 2716 usbohci - ok
21:35:56.0851 2716 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:35:56.0874 2716 usbprint - ok
21:35:56.0962 2716 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:35:56.0964 2716 USBSTOR - ok
21:35:57.0002 2716 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:35:57.0005 2716 usbuhci - ok
21:35:57.0106 2716 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:35:57.0109 2716 usbvideo - ok
21:35:57.0170 2716 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:35:57.0193 2716 UxSms - ok
21:35:57.0233 2716 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:35:57.0235 2716 VaultSvc - ok
21:35:57.0340 2716 VBoxNetAdp (9304501324486866f91b3ae4c420f206) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:35:57.0343 2716 VBoxNetAdp - ok
21:35:57.0352 2716 VBoxNetFlt - ok
21:35:57.0450 2716 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:35:57.0454 2716 vdrvroot - ok
21:35:57.0530 2716 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:35:57.0540 2716 vds - ok
21:35:57.0577 2716 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:35:57.0579 2716 vga - ok
21:35:57.0613 2716 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:35:57.0614 2716 VgaSave - ok
21:35:57.0777 2716 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:35:57.0781 2716 vhdmp - ok
21:35:57.0846 2716 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:35:57.0849 2716 viaide - ok
21:35:57.0897 2716 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:35:57.0898 2716 volmgr - ok
21:35:57.0968 2716 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:35:57.0975 2716 volmgrx - ok
21:35:58.0004 2716 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:35:58.0009 2716 volsnap - ok
21:35:58.0056 2716 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:35:58.0059 2716 vsmraid - ok
21:35:58.0248 2716 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:35:58.0273 2716 VSS - ok
21:35:58.0481 2716 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
21:35:58.0510 2716 vToolbarUpdater11.1.0 - ok
21:35:58.0626 2716 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:35:58.0631 2716 vwifibus - ok
21:35:58.0699 2716 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:35:58.0703 2716 vwififlt - ok
21:35:58.0771 2716 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:35:58.0781 2716 W32Time - ok
21:35:58.0817 2716 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:35:58.0819 2716 WacomPen - ok
21:35:58.0947 2716 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:35:58.0949 2716 WANARP - ok
21:35:58.0965 2716 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:35:58.0966 2716 Wanarpv6 - ok
21:35:59.0103 2716 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:35:59.0164 2716 WatAdminSvc - ok
21:35:59.0438 2716 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:35:59.0517 2716 wbengine - ok
21:35:59.0864 2716 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:35:59.0884 2716 WbioSrvc - ok
21:35:59.0937 2716 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:35:59.0961 2716 wcncsvc - ok
21:36:00.0001 2716 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:36:00.0037 2716 WcsPlugInService - ok
21:36:00.0092 2716 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:36:00.0093 2716 Wd - ok
21:36:00.0170 2716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:36:00.0190 2716 Wdf01000 - ok
21:36:00.0216 2716 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:36:00.0219 2716 WdiServiceHost - ok
21:36:00.0226 2716 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:36:00.0229 2716 WdiSystemHost - ok
21:36:00.0291 2716 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:36:00.0363 2716 WebClient - ok
21:36:00.0454 2716 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:36:00.0470 2716 Wecsvc - ok
21:36:00.0882 2716 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:36:00.0887 2716 wercplsupport - ok
21:36:00.0913 2716 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:36:00.0916 2716 WerSvc - ok
21:36:01.0009 2716 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:36:01.0011 2716 WfpLwf - ok
21:36:01.0039 2716 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:36:01.0040 2716 WIMMount - ok
21:36:01.0095 2716 WinDefend - ok
21:36:01.0107 2716 WinHttpAutoProxySvc - ok
21:36:01.0340 2716 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:36:01.0347 2716 Winmgmt - ok
21:36:01.0594 2716 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:36:01.0643 2716 WinRM - ok
21:36:01.0893 2716 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:36:01.0908 2716 Wlansvc - ok
21:36:02.0307 2716 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:36:02.0327 2716 wlidsvc - ok
21:36:02.0477 2716 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:36:02.0478 2716 WmiAcpi - ok
21:36:02.0623 2716 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:36:02.0683 2716 wmiApSrv - ok
21:36:02.0717 2716 WMPNetworkSvc - ok
21:36:02.0748 2716 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:36:02.0752 2716 WPCSvc - ok
21:36:02.0824 2716 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:36:02.0828 2716 WPDBusEnum - ok
21:36:02.0849 2716 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:36:02.0851 2716 ws2ifsl - ok
21:36:02.0884 2716 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:36:02.0887 2716 wscsvc - ok
21:36:02.0896 2716 WSearch - ok
21:36:03.0515 2716 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:36:03.0558 2716 wuauserv - ok
21:36:03.0794 2716 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:36:03.0796 2716 WudfPf - ok
21:36:03.0863 2716 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:36:03.0866 2716 WUDFRd - ok
21:36:03.0916 2716 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:36:03.0922 2716 wudfsvc - ok
21:36:03.0975 2716 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:36:03.0981 2716 WwanSvc - ok
21:36:04.0119 2716 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
21:36:04.0128 2716 yukonw7 - ok
21:36:04.0157 2716 MBR (0x1B8) (dc8363864b8a890d0c0895b891606506) \Device\Harddisk0\DR0
21:36:04.0748 2716 \Device\Harddisk0\DR0 - ok
21:36:04.0778 2716 Boot (0x1200) (e499d0317ea5e09abc8ecfcf309adaf1) \Device\Harddisk0\DR0\Partition0
21:36:04.0780 2716 \Device\Harddisk0\DR0\Partition0 - ok
21:36:04.0817 2716 Boot (0x1200) (8d51b1bbea57f3b7ca09d708f592b0e1) \Device\Harddisk0\DR0\Partition1
21:36:04.0819 2716 \Device\Harddisk0\DR0\Partition1 - ok
21:36:04.0846 2716 Boot (0x1200) (1f0945b04bd6049f886379fbd7dd1ef9) \Device\Harddisk0\DR0\Partition2
21:36:04.0847 2716 \Device\Harddisk0\DR0\Partition2 - ok
21:36:04.0867 2716 Boot (0x1200) (a5d4946b78c92d4c6c37144457246c0b) \Device\Harddisk0\DR0\Partition3
21:36:04.0868 2716 \Device\Harddisk0\DR0\Partition3 - ok
21:36:04.0869 2716 ============================================================
21:36:04.0869 2716 Scan finished
21:36:04.0869 2716 ============================================================
21:36:04.0889 5576 Detected object count: 0
21:36:04.0889 5576 Actual detected object count: 0

#8 The Gladstone

The Gladstone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 22 June 2012 - 09:14 PM

Here is the aswMBR log

21:34:41.0179 5960 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
21:34:41.0667 5960 ============================================================
21:34:41.0667 5960 Current date / time: 2012/06/22 21:34:41.0667
21:34:41.0667 5960 SystemInfo:
21:34:41.0667 5960
21:34:41.0668 5960 OS Version: 6.1.7601 ServicePack: 1.0
21:34:41.0668 5960 Product type: Workstation
21:34:41.0668 5960 ComputerName: RARGLEBLARGLE
21:34:41.0668 5960 UserName: Josh
21:34:41.0668 5960 Windows directory: C:\Windows
21:34:41.0668 5960 System windows directory: C:\Windows
21:34:41.0668 5960 Running under WOW64
21:34:41.0668 5960 Processor architecture: Intel x64
21:34:41.0668 5960 Number of processors: 2
21:34:41.0668 5960 Page size: 0x1000
21:34:41.0668 5960 Boot type: Normal boot
21:34:41.0668 5960 ============================================================
21:34:44.0062 5960 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:34:44.0068 5960 ============================================================
21:34:44.0068 5960 \Device\Harddisk0\DR0:
21:34:44.0069 5960 MBR partitions:
21:34:44.0069 5960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:34:44.0069 5960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23889800
21:34:44.0069 5960 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x238ED800, BlocksNum 0x1B0D000
21:34:44.0069 5960 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
21:34:44.0069 5960 ============================================================
21:34:44.0104 5960 C: <-> \Device\Harddisk0\DR0\Partition1
21:34:44.0253 5960 D: <-> \Device\Harddisk0\DR0\Partition2
21:34:44.0263 5960 E: <-> \Device\Harddisk0\DR0\Partition3
21:34:44.0264 5960 ============================================================
21:34:44.0264 5960 Initialize success
21:34:44.0264 5960 ============================================================
21:35:03.0504 2716 ============================================================
21:35:03.0504 2716 Scan started
21:35:03.0504 2716 Mode: Manual;
21:35:03.0504 2716 ============================================================
21:35:04.0717 2716 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:35:04.0719 2716 !SASCORE - ok
21:35:05.0039 2716 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:35:05.0069 2716 1394ohci - ok
21:35:05.0154 2716 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:35:05.0159 2716 ACPI - ok
21:35:05.0184 2716 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:35:05.0202 2716 AcpiPmi - ok
21:35:05.0318 2716 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:35:05.0347 2716 adp94xx - ok
21:35:05.0399 2716 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:35:05.0407 2716 adpahci - ok
21:35:05.0454 2716 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:35:05.0496 2716 adpu320 - ok
21:35:05.0538 2716 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:35:05.0540 2716 AeLookupSvc - ok
21:35:05.0699 2716 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
21:35:05.0703 2716 AERTFilters - ok
21:35:05.0827 2716 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:35:05.0854 2716 AFD - ok
21:35:05.0909 2716 AgereModemAudio - ok
21:35:06.0000 2716 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys
21:35:06.0022 2716 AgereSoftModem - ok
21:35:06.0134 2716 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:35:06.0138 2716 agp440 - ok
21:35:06.0189 2716 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:35:06.0192 2716 ALG - ok
21:35:06.0217 2716 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:35:06.0218 2716 aliide - ok
21:35:06.0268 2716 AMD External Events Utility (29c151492510640343b00b63996e4070) C:\Windows\system32\atiesrxx.exe
21:35:06.0272 2716 AMD External Events Utility - ok
21:35:06.0464 2716 AMD FUEL Service - ok
21:35:06.0526 2716 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:35:06.0528 2716 amdide - ok
21:35:06.0592 2716 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
21:35:06.0595 2716 amdiox64 - ok
21:35:06.0637 2716 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:35:06.0648 2716 AmdK8 - ok
21:35:07.0336 2716 amdkmdag (2c9c4824664c61351ff1e0169262d026) C:\Windows\system32\DRIVERS\atikmdag.sys
21:35:07.0538 2716 amdkmdag - ok
21:35:07.0909 2716 amdkmdap (ef7382689d3b17ac2983202e7a40ab45) C:\Windows\system32\DRIVERS\atikmpag.sys
21:35:07.0938 2716 amdkmdap - ok
21:35:08.0002 2716 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:35:08.0003 2716 AmdPPM - ok
21:35:08.0048 2716 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
21:35:08.0049 2716 amdsata - ok
21:35:08.0184 2716 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:35:08.0203 2716 amdsbs - ok
21:35:08.0217 2716 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
21:35:08.0218 2716 amdxata - ok
21:35:08.0511 2716 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
21:35:08.0515 2716 AODDriver4.01 - ok
21:35:08.0593 2716 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:35:08.0597 2716 AppID - ok
21:35:08.0702 2716 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:35:08.0708 2716 AppIDSvc - ok
21:35:08.0792 2716 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:35:08.0793 2716 Appinfo - ok
21:35:08.0959 2716 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:35:09.0006 2716 arc - ok
21:35:09.0038 2716 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:35:09.0055 2716 arcsas - ok
21:35:09.0112 2716 aspnet_state - ok
21:35:09.0136 2716 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:35:09.0178 2716 AsyncMac - ok
21:35:09.0249 2716 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:35:09.0259 2716 atapi - ok
21:35:09.0402 2716 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
21:35:09.0405 2716 AtiHDAudioService - ok
21:35:09.0521 2716 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
21:35:09.0547 2716 AtiHdmiService - ok
21:35:09.0601 2716 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:35:09.0603 2716 AtiPcie - ok
21:35:09.0814 2716 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:35:09.0825 2716 AudioEndpointBuilder - ok
21:35:09.0856 2716 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:35:09.0863 2716 AudioSrv - ok
21:35:09.0999 2716 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
21:35:10.0045 2716 Avgfwfd - ok
21:35:10.0379 2716 avgfws (3f246752bc1309f71a737c6a90dd5295) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
21:35:10.0417 2716 avgfws - ok
21:35:11.0479 2716 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
21:35:11.0546 2716 AVGIDSAgent - ok
21:35:11.0898 2716 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
21:35:11.0902 2716 AVGIDSDriver - ok
21:35:11.0913 2716 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
21:35:11.0914 2716 AVGIDSFilter - ok
21:35:11.0927 2716 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
21:35:11.0929 2716 AVGIDSHA - ok
21:35:12.0024 2716 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
21:35:12.0038 2716 Avgldx64 - ok
21:35:12.0066 2716 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
21:35:12.0069 2716 Avgmfx64 - ok
21:35:12.0099 2716 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
21:35:12.0109 2716 Avgrkx64 - ok
21:35:12.0135 2716 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
21:35:12.0144 2716 Avgtdia - ok
21:35:12.0303 2716 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
21:35:12.0306 2716 avgwd - ok
21:35:12.0468 2716 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:35:12.0472 2716 AxInstSV - ok
21:35:12.0559 2716 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:35:12.0581 2716 b06bdrv - ok
21:35:12.0856 2716 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:35:12.0873 2716 b57nd60a - ok
21:35:13.0244 2716 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
21:35:13.0317 2716 BCM43XX - ok
21:35:13.0584 2716 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:35:13.0586 2716 BDESVC - ok
21:35:13.0721 2716 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:35:13.0741 2716 Beep - ok
21:35:14.0592 2716 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:35:14.0622 2716 BFE - ok
21:35:14.0834 2716 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:35:14.0846 2716 BITS - ok
21:35:15.0183 2716 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:35:15.0204 2716 blbdrive - ok
21:35:15.0267 2716 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:35:15.0271 2716 bowser - ok
21:35:15.0307 2716 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:35:15.0311 2716 BrFiltLo - ok
21:35:15.0327 2716 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:35:15.0329 2716 BrFiltUp - ok
21:35:15.0411 2716 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:35:15.0414 2716 BridgeMP - ok
21:35:15.0439 2716 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:35:15.0442 2716 Browser - ok
21:35:15.0487 2716 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:35:15.0498 2716 Brserid - ok
21:35:15.0519 2716 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:35:15.0523 2716 BrSerWdm - ok
21:35:15.0536 2716 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:35:15.0538 2716 BrUsbMdm - ok
21:35:15.0552 2716 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:35:15.0566 2716 BrUsbSer - ok
21:35:15.0608 2716 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:35:15.0613 2716 BTHMODEM - ok
21:35:15.0695 2716 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:35:15.0725 2716 bthserv - ok
21:35:15.0746 2716 catchme - ok
21:35:15.0769 2716 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:35:15.0773 2716 cdfs - ok
21:35:15.0829 2716 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:35:15.0845 2716 cdrom - ok
21:35:15.0964 2716 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:35:15.0966 2716 CertPropSvc - ok
21:35:15.0993 2716 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:35:15.0995 2716 circlass - ok
21:35:16.0042 2716 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:35:16.0049 2716 CLFS - ok
21:35:16.0135 2716 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:35:16.0143 2716 clr_optimization_v2.0.50727_32 - ok
21:35:16.0215 2716 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:35:16.0243 2716 clr_optimization_v2.0.50727_64 - ok
21:35:16.0507 2716 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:35:16.0526 2716 clr_optimization_v4.0.30319_32 - ok
21:35:17.0042 2716 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:35:17.0052 2716 clr_optimization_v4.0.30319_64 - ok
21:35:17.0097 2716 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:35:17.0163 2716 CmBatt - ok
21:35:17.0198 2716 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:35:17.0205 2716 cmdide - ok
21:35:17.0298 2716 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:35:17.0311 2716 CNG - ok
21:35:17.0401 2716 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:35:17.0403 2716 Compbatt - ok
21:35:17.0479 2716 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:35:17.0485 2716 CompositeBus - ok
21:35:17.0505 2716 COMSysApp - ok
21:35:17.0545 2716 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:35:17.0547 2716 crcdisk - ok
21:35:17.0635 2716 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
21:35:17.0638 2716 CryptSvc - ok
21:35:17.0714 2716 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:35:17.0723 2716 DcomLaunch - ok
21:35:17.0806 2716 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:35:17.0833 2716 defragsvc - ok
21:35:17.0871 2716 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:35:17.0874 2716 DfsC - ok
21:35:17.0982 2716 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:35:17.0989 2716 Dhcp - ok
21:35:18.0031 2716 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:35:18.0037 2716 discache - ok
21:35:18.0085 2716 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:35:18.0089 2716 Disk - ok
21:35:18.0149 2716 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:35:18.0154 2716 Dnscache - ok
21:35:18.0288 2716 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:35:18.0326 2716 dot3svc - ok
21:35:18.0421 2716 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:35:18.0434 2716 DPS - ok
21:35:18.0513 2716 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:35:18.0514 2716 drmkaud - ok
21:35:18.0639 2716 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:35:18.0672 2716 DXGKrnl - ok
21:35:18.0721 2716 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:35:18.0724 2716 EapHost - ok
21:35:19.0141 2716 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:35:19.0264 2716 ebdrv - ok
21:35:19.0418 2716 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:35:19.0419 2716 EFS - ok
21:35:19.0585 2716 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:35:19.0717 2716 ehRecvr - ok
21:35:20.0074 2716 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:35:20.0143 2716 ehSched - ok
21:35:20.0602 2716 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:35:20.0619 2716 elxstor - ok
21:35:20.0671 2716 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:35:20.0673 2716 ErrDev - ok
21:35:20.0802 2716 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:35:20.0808 2716 EventSystem - ok
21:35:20.0816 2716 ewusbnet - ok
21:35:20.0825 2716 ew_hwusbdev - ok
21:35:20.0864 2716 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:35:20.0872 2716 exfat - ok
21:35:20.0894 2716 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:35:20.0896 2716 fastfat - ok
21:35:20.0967 2716 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:35:20.0976 2716 Fax - ok
21:35:20.0995 2716 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:35:21.0004 2716 fdc - ok
21:35:21.0034 2716 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:35:21.0038 2716 fdPHost - ok
21:35:21.0064 2716 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:35:21.0073 2716 FDResPub - ok
21:35:21.0092 2716 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:35:21.0094 2716 FileInfo - ok
21:35:21.0112 2716 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:35:21.0135 2716 Filetrace - ok
21:35:21.0148 2716 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:35:21.0150 2716 flpydisk - ok
21:35:21.0209 2716 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:35:21.0213 2716 FltMgr - ok
21:35:21.0446 2716 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:35:21.0470 2716 FontCache - ok
21:35:21.0565 2716 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:35:21.0566 2716 FontCache3.0.0.0 - ok
21:35:21.0597 2716 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:35:21.0599 2716 FsDepends - ok
21:35:21.0677 2716 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:35:21.0683 2716 Fs_Rec - ok
21:35:21.0792 2716 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:35:21.0795 2716 fvevol - ok
21:35:21.0852 2716 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:35:21.0867 2716 gagp30kx - ok
21:35:22.0015 2716 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:35:22.0018 2716 GamesAppService - ok
21:35:22.0267 2716 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:35:22.0278 2716 gpsvc - ok
21:35:22.0484 2716 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:35:22.0486 2716 gupdate - ok
21:35:22.0492 2716 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:35:22.0494 2716 gupdatem - ok
21:35:22.0586 2716 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:35:22.0589 2716 hcw85cir - ok
21:35:22.0765 2716 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:35:22.0824 2716 HdAudAddService - ok
21:35:22.0855 2716 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:35:22.0858 2716 HDAudBus - ok
21:35:22.0982 2716 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:35:22.0985 2716 HidBatt - ok
21:35:23.0075 2716 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:35:23.0096 2716 HidBth - ok
21:35:23.0129 2716 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:35:23.0162 2716 HidIr - ok
21:35:23.0205 2716 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:35:23.0224 2716 hidserv - ok
21:35:23.0294 2716 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:35:23.0295 2716 HidUsb - ok
21:35:23.0353 2716 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:35:23.0355 2716 hkmsvc - ok
21:35:23.0408 2716 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:35:23.0413 2716 HomeGroupListener - ok
21:35:23.0462 2716 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:35:23.0467 2716 HomeGroupProvider - ok
21:35:23.0636 2716 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:35:23.0638 2716 HP Support Assistant Service - ok
21:35:23.0772 2716 HP Wireless Assistant Service - ok
21:35:23.0833 2716 HP8207_8307 (3015b37029ad15c67ebca5053c422f90) C:\Windows\system32\DRIVERS\HP8207_8307.sys
21:35:23.0836 2716 HP8207_8307 - ok
21:35:23.0924 2716 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:35:23.0925 2716 HPDrvMntSvc.exe - ok
21:35:23.0986 2716 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
21:35:24.0016 2716 hpqwmiex - ok
21:35:24.0108 2716 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:35:24.0110 2716 HpSAMD - ok
21:35:24.0157 2716 HPWMISVC - ok
21:35:24.0244 2716 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:35:24.0255 2716 HTTP - ok
21:35:24.0273 2716 huawei_enumerator - ok
21:35:24.0301 2716 hwdatacard - ok
21:35:24.0350 2716 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:35:24.0351 2716 hwpolicy - ok
21:35:24.0423 2716 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:35:24.0425 2716 i8042prt - ok
21:35:24.0494 2716 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:35:24.0504 2716 iaStorV - ok
21:35:24.0802 2716 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:35:24.0819 2716 IDriverT - ok
21:35:25.0162 2716 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:35:25.0217 2716 idsvc - ok
21:35:26.0527 2716 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:35:26.0703 2716 igfx - ok
21:35:26.0849 2716 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:35:26.0887 2716 iirsp - ok
21:35:26.0976 2716 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:35:26.0987 2716 IKEEXT - ok
21:35:27.0137 2716 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
21:35:27.0222 2716 IntcAzAudAddService - ok
21:35:27.0367 2716 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:35:27.0386 2716 intelide - ok
21:35:27.0425 2716 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:35:27.0432 2716 intelppm - ok
21:35:27.0459 2716 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:35:27.0514 2716 IPBusEnum - ok
21:35:27.0586 2716 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:35:27.0631 2716 IpFilterDriver - ok
21:35:27.0785 2716 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:35:27.0794 2716 iphlpsvc - ok
21:35:27.0843 2716 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:35:27.0862 2716 IPMIDRV - ok
21:35:27.0905 2716 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:35:27.0932 2716 IPNAT - ok
21:35:28.0037 2716 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:35:28.0051 2716 IRENUM - ok
21:35:28.0099 2716 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:35:28.0105 2716 isapnp - ok
21:35:28.0238 2716 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:35:28.0285 2716 iScsiPrt - ok
21:35:28.0351 2716 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:35:28.0361 2716 kbdclass - ok
21:35:28.0440 2716 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:35:28.0446 2716 kbdhid - ok
21:35:28.0484 2716 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:35:28.0487 2716 KeyIso - ok
21:35:28.0535 2716 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:35:28.0536 2716 KSecDD - ok
21:35:28.0723 2716 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:35:28.0725 2716 KSecPkg - ok
21:35:28.0771 2716 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:35:28.0781 2716 ksthunk - ok
21:35:28.0866 2716 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:35:28.0877 2716 KtmRm - ok
21:35:28.0951 2716 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:35:28.0955 2716 LanmanServer - ok
21:35:29.0020 2716 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:35:29.0025 2716 LanmanWorkstation - ok
21:35:29.0138 2716 LightScribeService (47269f0de1e5089c6f23bc1ec48cfc31) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:35:29.0140 2716 LightScribeService - ok
21:35:29.0178 2716 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:35:29.0182 2716 lltdio - ok
21:35:29.0241 2716 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:35:29.0252 2716 lltdsvc - ok
21:35:29.0263 2716 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:35:29.0266 2716 lmhosts - ok
21:35:29.0314 2716 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:35:29.0338 2716 LSI_FC - ok
21:35:29.0357 2716 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:35:29.0360 2716 LSI_SAS - ok
21:35:29.0421 2716 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:35:29.0424 2716 LSI_SAS2 - ok
21:35:29.0447 2716 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:35:29.0457 2716 LSI_SCSI - ok
21:35:29.0484 2716 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:35:29.0487 2716 luafv - ok
21:35:29.0560 2716 mbamchameleon (08aa34bc5f95f4fdd58dd7528a9c63cc) C:\Windows\system32\drivers\mbamchameleon.sys
21:35:29.0563 2716 mbamchameleon - ok
21:35:29.0692 2716 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
21:35:29.0697 2716 MBAMProtector - ok
21:35:29.0763 2716 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:35:29.0784 2716 MBAMService - ok
21:35:29.0865 2716 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
21:35:29.0869 2716 McComponentHostService - ok
21:35:29.0957 2716 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:35:29.0975 2716 Mcx2Svc - ok
21:35:30.0002 2716 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:35:30.0004 2716 megasas - ok
21:35:30.0043 2716 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:35:30.0048 2716 MegaSR - ok
21:35:30.0076 2716 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:35:30.0078 2716 MMCSS - ok
21:35:30.0102 2716 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:35:30.0104 2716 Modem - ok
21:35:30.0182 2716 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:35:30.0183 2716 monitor - ok
21:35:30.0247 2716 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:35:30.0248 2716 mouclass - ok
21:35:30.0285 2716 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:35:30.0286 2716 mouhid - ok
21:35:30.0351 2716 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:35:30.0352 2716 mountmgr - ok
21:35:30.0516 2716 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:35:30.0519 2716 MozillaMaintenance - ok
21:35:30.0581 2716 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
21:35:30.0584 2716 MpFilter - ok
21:35:30.0636 2716 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:35:30.0647 2716 mpio - ok
21:35:30.0771 2716 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:35:30.0823 2716 mpsdrv - ok
21:35:31.0092 2716 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:35:31.0105 2716 MpsSvc - ok
21:35:31.0214 2716 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:35:31.0235 2716 MRxDAV - ok
21:35:31.0266 2716 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:35:31.0272 2716 mrxsmb - ok
21:35:31.0323 2716 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:35:31.0327 2716 mrxsmb10 - ok
21:35:31.0393 2716 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:35:31.0407 2716 mrxsmb20 - ok
21:35:31.0463 2716 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:35:31.0468 2716 msahci - ok
21:35:31.0518 2716 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:35:31.0523 2716 msdsm - ok
21:35:31.0602 2716 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:35:31.0606 2716 MSDTC - ok
21:35:31.0633 2716 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:35:31.0635 2716 Msfs - ok
21:35:31.0688 2716 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:35:31.0701 2716 mshidkmdf - ok
21:35:31.0744 2716 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:35:31.0745 2716 msisadrv - ok
21:35:31.0773 2716 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:35:31.0777 2716 MSiSCSI - ok
21:35:31.0785 2716 msiserver - ok
21:35:31.0831 2716 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:35:31.0832 2716 MSKSSRV - ok
21:35:31.0962 2716 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:35:31.0963 2716 MsMpSvc - ok
21:35:31.0998 2716 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:35:31.0999 2716 MSPCLOCK - ok
21:35:32.0025 2716 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:35:32.0026 2716 MSPQM - ok
21:35:32.0202 2716 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:35:32.0208 2716 MsRPC - ok
21:35:32.0273 2716 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:35:32.0274 2716 mssmbios - ok
21:35:32.0296 2716 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:35:32.0313 2716 MSTEE - ok
21:35:32.0343 2716 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:35:32.0421 2716 MTConfig - ok
21:35:32.0445 2716 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:35:32.0484 2716 Mup - ok
21:35:32.0592 2716 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:35:32.0599 2716 napagent - ok
21:35:32.0688 2716 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:35:32.0698 2716 NativeWifiP - ok
21:35:32.0857 2716 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:35:32.0871 2716 NDIS - ok
21:35:32.0969 2716 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:35:32.0974 2716 NdisCap - ok
21:35:32.0997 2716 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:35:33.0009 2716 NdisTapi - ok
21:35:33.0245 2716 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:35:33.0286 2716 Ndisuio - ok
21:35:33.0383 2716 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:35:33.0392 2716 NdisWan - ok
21:35:33.0443 2716 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:35:33.0461 2716 NDProxy - ok
21:35:33.0502 2716 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:35:33.0516 2716 NetBIOS - ok
21:35:33.0735 2716 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:35:33.0754 2716 NetBT - ok
21:35:33.0928 2716 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:35:33.0931 2716 Netlogon - ok
21:35:33.0995 2716 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:35:34.0001 2716 Netman - ok
21:35:34.0118 2716 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:35:34.0127 2716 netprofm - ok
21:35:34.0305 2716 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:35:34.0337 2716 NetTcpPortSharing - ok
21:35:35.0086 2716 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
21:35:35.0198 2716 netw5v64 - ok
21:35:35.0698 2716 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:35:35.0701 2716 nfrd960 - ok
21:35:35.0843 2716 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:35:35.0846 2716 NisDrv - ok
21:35:36.0064 2716 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
21:35:36.0075 2716 NisSrv - ok
21:35:36.0234 2716 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:35:36.0242 2716 NlaSvc - ok
21:35:36.0326 2716 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:35:36.0328 2716 Npfs - ok
21:35:36.0373 2716 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:35:36.0383 2716 nsi - ok
21:35:36.0413 2716 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:35:36.0414 2716 nsiproxy - ok
21:35:37.0080 2716 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:35:37.0138 2716 Ntfs - ok
21:35:37.0280 2716 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:35:37.0289 2716 Null - ok
21:35:37.0334 2716 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:35:37.0354 2716 nvraid - ok
21:35:37.0375 2716 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:35:37.0393 2716 nvstor - ok
21:35:37.0463 2716 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:35:37.0468 2716 nv_agp - ok
21:35:37.0637 2716 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:35:37.0685 2716 odserv - ok
21:35:37.0730 2716 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:35:37.0732 2716 ohci1394 - ok
21:35:37.0770 2716 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:35:37.0829 2716 ose - ok
21:35:37.0903 2716 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:35:37.0910 2716 p2pimsvc - ok
21:35:37.0937 2716 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:35:37.0968 2716 p2psvc - ok
21:35:38.0101 2716 PanService (77cdc6c43d8c3e05d0e21b36eaabebae) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
21:35:38.0114 2716 PanService - ok
21:35:38.0250 2716 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:35:38.0253 2716 Parport - ok
21:35:38.0325 2716 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:35:38.0327 2716 partmgr - ok
21:35:38.0386 2716 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:35:38.0392 2716 PcaSvc - ok
21:35:38.0435 2716 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:35:38.0438 2716 pci - ok
21:35:38.0457 2716 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:35:38.0458 2716 pciide - ok
21:35:38.0488 2716 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:35:38.0492 2716 pcmcia - ok
21:35:38.0519 2716 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:35:38.0520 2716 pcw - ok
21:35:38.0562 2716 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:35:38.0572 2716 PEAUTH - ok
21:35:38.0702 2716 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:35:38.0705 2716 PerfHost - ok
21:35:39.0286 2716 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:35:39.0349 2716 pla - ok
21:35:39.0443 2716 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:35:39.0449 2716 PlugPlay - ok
21:35:39.0484 2716 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:35:39.0487 2716 PNRPAutoReg - ok
21:35:39.0539 2716 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:35:39.0545 2716 PNRPsvc - ok
21:35:39.0608 2716 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:35:39.0616 2716 PolicyAgent - ok
21:35:39.0775 2716 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:35:39.0782 2716 Power - ok
21:35:39.0872 2716 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:35:39.0874 2716 PptpMiniport - ok
21:35:39.0913 2716 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:35:39.0925 2716 Processor - ok
21:35:40.0060 2716 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
21:35:40.0077 2716 ProfSvc - ok
21:35:40.0118 2716 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:35:40.0121 2716 ProtectedStorage - ok
21:35:40.0190 2716 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:35:40.0193 2716 Psched - ok
21:35:40.0568 2716 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:35:40.0599 2716 ql2300 - ok
21:35:40.0928 2716 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:35:40.0932 2716 ql40xx - ok
21:35:40.0967 2716 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:35:41.0020 2716 QWAVE - ok
21:35:41.0040 2716 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:35:41.0043 2716 QWAVEdrv - ok
21:35:41.0056 2716 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:35:41.0057 2716 RasAcd - ok
21:35:41.0081 2716 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:35:41.0083 2716 RasAgileVpn - ok
21:35:41.0135 2716 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:35:41.0207 2716 RasAuto - ok
21:35:41.0268 2716 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:35:41.0272 2716 Rasl2tp - ok
21:35:41.0333 2716 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:35:41.0339 2716 RasMan - ok
21:35:41.0357 2716 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:35:41.0359 2716 RasPppoe - ok
21:35:41.0383 2716 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:35:41.0385 2716 RasSstp - ok
21:35:41.0756 2716 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:35:41.0779 2716 rdbss - ok
21:35:41.0820 2716 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:35:41.0823 2716 rdpbus - ok
21:35:41.0859 2716 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:35:41.0860 2716 RDPCDD - ok
21:35:41.0883 2716 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:35:41.0884 2716 RDPENCDD - ok
21:35:41.0906 2716 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:35:41.0907 2716 RDPREFMP - ok
21:35:41.0983 2716 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
21:35:41.0986 2716 RDPWD - ok
21:35:42.0259 2716 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:35:42.0264 2716 rdyboost - ok
21:35:42.0558 2716 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:35:42.0598 2716 RemoteAccess - ok
21:35:42.0826 2716 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:35:42.0848 2716 RemoteRegistry - ok
21:35:42.0879 2716 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:35:42.0884 2716 RpcEptMapper - ok
21:35:42.0987 2716 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:35:43.0027 2716 RpcLocator - ok
21:35:43.0266 2716 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:35:43.0273 2716 RpcSs - ok
21:35:43.0354 2716 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:35:43.0356 2716 rspndr - ok
21:35:43.0771 2716 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys
21:35:43.0775 2716 RSUSBSTOR - ok
21:35:44.0433 2716 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:35:44.0478 2716 RTL8167 - ok
21:35:45.0674 2716 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
21:35:45.0676 2716 RtVOsdService - ok
21:35:45.0727 2716 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:35:45.0729 2716 SamSs - ok
21:35:45.0880 2716 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:35:45.0908 2716 SASDIFSV - ok
21:35:46.0111 2716 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:35:46.0172 2716 SASKUTIL - ok
21:35:46.0424 2716 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:35:46.0426 2716 sbp2port - ok
21:35:46.0464 2716 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:35:46.0486 2716 SCardSvr - ok
21:35:46.0518 2716 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
21:35:46.0519 2716 SCDEmu - ok
21:35:46.0582 2716 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:35:46.0583 2716 scfilter - ok
21:35:46.0855 2716 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:35:46.0882 2716 Schedule - ok
21:35:46.0926 2716 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:35:46.0928 2716 SCPolicySvc - ok
21:35:46.0971 2716 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
21:35:46.0973 2716 sdbus - ok
21:35:47.0054 2716 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:35:47.0075 2716 SDRSVC - ok
21:35:47.0111 2716 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:35:47.0112 2716 secdrv - ok
21:35:47.0132 2716 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:35:47.0134 2716 seclogon - ok
21:35:47.0183 2716 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:35:47.0188 2716 SENS - ok
21:35:47.0243 2716 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:35:47.0246 2716 SensrSvc - ok
21:35:47.0314 2716 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:35:47.0333 2716 Serenum - ok
21:35:47.0389 2716 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:35:47.0392 2716 Serial - ok
21:35:47.0495 2716 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:35:47.0497 2716 sermouse - ok
21:35:47.0555 2716 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:35:47.0559 2716 SessionEnv - ok
21:35:47.0638 2716 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:35:47.0639 2716 sffdisk - ok
21:35:47.0676 2716 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:35:47.0678 2716 sffp_mmc - ok
21:35:47.0707 2716 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:35:47.0708 2716 sffp_sd - ok
21:35:47.0808 2716 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:35:47.0811 2716 sfloppy - ok
21:35:48.0198 2716 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:35:48.0219 2716 SharedAccess - ok
21:35:48.0302 2716 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:35:48.0323 2716 ShellHWDetection - ok
21:35:48.0375 2716 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:35:48.0377 2716 SiSRaid2 - ok
21:35:48.0422 2716 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:35:48.0429 2716 SiSRaid4 - ok
21:35:49.0346 2716 Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:35:49.0369 2716 Skype C2C Service - ok
21:35:49.0694 2716 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:35:49.0697 2716 SkypeUpdate - ok
21:35:49.0862 2716 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:35:49.0864 2716 Smb - ok
21:35:49.0890 2716 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:35:49.0893 2716 SNMPTRAP - ok
21:35:49.0912 2716 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:35:49.0914 2716 spldr - ok
21:35:49.0994 2716 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:35:50.0004 2716 Spooler - ok
21:35:50.0309 2716 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:35:50.0358 2716 sppsvc - ok
21:35:50.0515 2716 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:35:50.0523 2716 sppuinotify - ok
21:35:50.0869 2716 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:35:50.0876 2716 srv - ok
21:35:50.0921 2716 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:35:50.0926 2716 srv2 - ok
21:35:50.0973 2716 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:35:50.0977 2716 SrvHsfHDA - ok
21:35:51.0072 2716 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:35:51.0107 2716 SrvHsfV92 - ok
21:35:52.0172 2716 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:35:52.0183 2716 SrvHsfWinac - ok
21:35:52.0216 2716 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:35:52.0219 2716 srvnet - ok
21:35:52.0266 2716 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:35:52.0271 2716 SSDPSRV - ok
21:35:52.0294 2716 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:35:52.0296 2716 SstpSvc - ok
21:35:52.0371 2716 Steam Client Service - ok
21:35:52.0402 2716 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:35:52.0403 2716 stexstor - ok
21:35:52.0584 2716 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:35:52.0596 2716 stisvc - ok
21:35:52.0637 2716 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:35:52.0638 2716 swenum - ok
21:35:52.0696 2716 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:35:52.0705 2716 swprv - ok
21:35:52.0793 2716 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
21:35:52.0798 2716 SynTP - ok
21:35:53.0249 2716 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:35:53.0285 2716 SysMain - ok
21:35:53.0407 2716 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:35:53.0412 2716 TabletInputService - ok
21:35:53.0458 2716 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:35:53.0465 2716 TapiSrv - ok
21:35:53.0584 2716 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:35:53.0616 2716 TBS - ok
21:35:54.0555 2716 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:35:54.0603 2716 Tcpip - ok
21:35:54.0946 2716 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:35:54.0962 2716 TCPIP6 - ok
21:35:55.0030 2716 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:35:55.0032 2716 tcpipreg - ok
21:35:55.0056 2716 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:35:55.0057 2716 TDPIPE - ok
21:35:55.0099 2716 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:35:55.0100 2716 TDTCP - ok
21:35:55.0198 2716 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:35:55.0200 2716 tdx - ok
21:35:55.0303 2716 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:35:55.0305 2716 TermDD - ok
21:35:55.0354 2716 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:35:55.0366 2716 TermService - ok
21:35:55.0465 2716 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:35:55.0467 2716 Themes - ok
21:35:55.0558 2716 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:35:55.0562 2716 THREADORDER - ok
21:35:55.0594 2716 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:35:55.0599 2716 TrkWks - ok
21:35:55.0673 2716 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:35:55.0708 2716 TrustedInstaller - ok
21:35:55.0762 2716 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:35:55.0764 2716 tssecsrv - ok
21:35:55.0826 2716 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:35:55.0827 2716 TsUsbFlt - ok
21:35:55.0878 2716 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:35:55.0880 2716 tunnel - ok
21:35:55.0944 2716 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:35:55.0946 2716 uagp35 - ok
21:35:55.0997 2716 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:35:56.0004 2716 udfs - ok
21:35:56.0039 2716 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:35:56.0044 2716 UI0Detect - ok
21:35:56.0095 2716 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:35:56.0097 2716 uliagpkx - ok
21:35:56.0192 2716 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:35:56.0196 2716 umbus - ok
21:35:56.0223 2716 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:35:56.0224 2716 UmPass - ok
21:35:56.0270 2716 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:35:56.0288 2716 upnphost - ok
21:35:56.0373 2716 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:35:56.0374 2716 usbccgp - ok
21:35:56.0476 2716 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:35:56.0478 2716 usbcir - ok
21:35:56.0503 2716 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:35:56.0520 2716 usbehci - ok
21:35:56.0685 2716 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:35:56.0689 2716 usbhub - ok
21:35:56.0712 2716 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:35:56.0714 2716 usbohci - ok
21:35:56.0851 2716 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:35:56.0874 2716 usbprint - ok
21:35:56.0962 2716 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:35:56.0964 2716 USBSTOR - ok
21:35:57.0002 2716 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:35:57.0005 2716 usbuhci - ok
21:35:57.0106 2716 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:35:57.0109 2716 usbvideo - ok
21:35:57.0170 2716 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:35:57.0193 2716 UxSms - ok
21:35:57.0233 2716 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:35:57.0235 2716 VaultSvc - ok
21:35:57.0340 2716 VBoxNetAdp (9304501324486866f91b3ae4c420f206) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:35:57.0343 2716 VBoxNetAdp - ok
21:35:57.0352 2716 VBoxNetFlt - ok
21:35:57.0450 2716 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:35:57.0454 2716 vdrvroot - ok
21:35:57.0530 2716 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:35:57.0540 2716 vds - ok
21:35:57.0577 2716 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:35:57.0579 2716 vga - ok
21:35:57.0613 2716 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:35:57.0614 2716 VgaSave - ok
21:35:57.0777 2716 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:35:57.0781 2716 vhdmp - ok
21:35:57.0846 2716 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:35:57.0849 2716 viaide - ok
21:35:57.0897 2716 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:35:57.0898 2716 volmgr - ok
21:35:57.0968 2716 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:35:57.0975 2716 volmgrx - ok
21:35:58.0004 2716 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:35:58.0009 2716 volsnap - ok
21:35:58.0056 2716 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:35:58.0059 2716 vsmraid - ok
21:35:58.0248 2716 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:35:58.0273 2716 VSS - ok
21:35:58.0481 2716 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
21:35:58.0510 2716 vToolbarUpdater11.1.0 - ok
21:35:58.0626 2716 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:35:58.0631 2716 vwifibus - ok
21:35:58.0699 2716 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:35:58.0703 2716 vwififlt - ok
21:35:58.0771 2716 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:35:58.0781 2716 W32Time - ok
21:35:58.0817 2716 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:35:58.0819 2716 WacomPen - ok
21:35:58.0947 2716 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:35:58.0949 2716 WANARP - ok
21:35:58.0965 2716 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:35:58.0966 2716 Wanarpv6 - ok
21:35:59.0103 2716 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:35:59.0164 2716 WatAdminSvc - ok
21:35:59.0438 2716 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:35:59.0517 2716 wbengine - ok
21:35:59.0864 2716 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:35:59.0884 2716 WbioSrvc - ok
21:35:59.0937 2716 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:35:59.0961 2716 wcncsvc - ok
21:36:00.0001 2716 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:36:00.0037 2716 WcsPlugInService - ok
21:36:00.0092 2716 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:36:00.0093 2716 Wd - ok
21:36:00.0170 2716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:36:00.0190 2716 Wdf01000 - ok
21:36:00.0216 2716 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:36:00.0219 2716 WdiServiceHost - ok
21:36:00.0226 2716 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:36:00.0229 2716 WdiSystemHost - ok
21:36:00.0291 2716 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:36:00.0363 2716 WebClient - ok
21:36:00.0454 2716 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:36:00.0470 2716 Wecsvc - ok
21:36:00.0882 2716 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:36:00.0887 2716 wercplsupport - ok
21:36:00.0913 2716 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:36:00.0916 2716 WerSvc - ok
21:36:01.0009 2716 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:36:01.0011 2716 WfpLwf - ok
21:36:01.0039 2716 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:36:01.0040 2716 WIMMount - ok
21:36:01.0095 2716 WinDefend - ok
21:36:01.0107 2716 WinHttpAutoProxySvc - ok
21:36:01.0340 2716 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:36:01.0347 2716 Winmgmt - ok
21:36:01.0594 2716 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:36:01.0643 2716 WinRM - ok
21:36:01.0893 2716 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:36:01.0908 2716 Wlansvc - ok
21:36:02.0307 2716 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:36:02.0327 2716 wlidsvc - ok
21:36:02.0477 2716 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:36:02.0478 2716 WmiAcpi - ok
21:36:02.0623 2716 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:36:02.0683 2716 wmiApSrv - ok
21:36:02.0717 2716 WMPNetworkSvc - ok
21:36:02.0748 2716 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:36:02.0752 2716 WPCSvc - ok
21:36:02.0824 2716 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:36:02.0828 2716 WPDBusEnum - ok
21:36:02.0849 2716 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:36:02.0851 2716 ws2ifsl - ok
21:36:02.0884 2716 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:36:02.0887 2716 wscsvc - ok
21:36:02.0896 2716 WSearch - ok
21:36:03.0515 2716 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:36:03.0558 2716 wuauserv - ok
21:36:03.0794 2716 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:36:03.0796 2716 WudfPf - ok
21:36:03.0863 2716 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:36:03.0866 2716 WUDFRd - ok
21:36:03.0916 2716 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:36:03.0922 2716 wudfsvc - ok
21:36:03.0975 2716 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:36:03.0981 2716 WwanSvc - ok
21:36:04.0119 2716 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
21:36:04.0128 2716 yukonw7 - ok
21:36:04.0157 2716 MBR (0x1B8) (dc8363864b8a890d0c0895b891606506) \Device\Harddisk0\DR0
21:36:04.0748 2716 \Device\Harddisk0\DR0 - ok
21:36:04.0778 2716 Boot (0x1200) (e499d0317ea5e09abc8ecfcf309adaf1) \Device\Harddisk0\DR0\Partition0
21:36:04.0780 2716 \Device\Harddisk0\DR0\Partition0 - ok
21:36:04.0817 2716 Boot (0x1200) (8d51b1bbea57f3b7ca09d708f592b0e1) \Device\Harddisk0\DR0\Partition1
21:36:04.0819 2716 \Device\Harddisk0\DR0\Partition1 - ok
21:36:04.0846 2716 Boot (0x1200) (1f0945b04bd6049f886379fbd7dd1ef9) \Device\Harddisk0\DR0\Partition2
21:36:04.0847 2716 \Device\Harddisk0\DR0\Partition2 - ok
21:36:04.0867 2716 Boot (0x1200) (a5d4946b78c92d4c6c37144457246c0b) \Device\Harddisk0\DR0\Partition3
21:36:04.0868 2716 \Device\Harddisk0\DR0\Partition3 - ok
21:36:04.0869 2716 ============================================================
21:36:04.0869 2716 Scan finished
21:36:04.0869 2716 ============================================================
21:36:04.0889 5576 Detected object count: 0
21:36:04.0889 5576 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:58 AM

Posted 23 June 2012 - 07:54 AM

Greetings


You sent me the TDSSKiller report twice


Can you send me the aswMBR please



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 The Gladstone

The Gladstone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 23 June 2012 - 01:01 PM

ooops, sorry about that. Here's the real log...

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-22 21:29:24
-----------------------------
21:29:24.524 OS Version: Windows x64 6.1.7601 Service Pack 1
21:29:24.524 Number of processors: 2 586 0x603
21:29:24.525 ComputerName: RARGLEBLARGLE UserName: Josh
21:29:29.999 Initialize success
21:30:22.477 AVAST engine defs: 12062201
21:32:37.311 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
21:32:37.313 Disk 0 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 11
21:32:37.322 Disk 0 MBR read successfully
21:32:37.324 Disk 0 MBR scan
21:32:37.332 Disk 0 unknown MBR code
21:32:37.345 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:32:37.389 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291091 MB offset 409600
21:32:37.461 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13850 MB offset 596563968
21:32:37.506 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
21:32:37.727 Disk 0 scanning C:\Windows\system32\drivers
21:33:06.535 Service scanning
21:34:32.844 Modules scanning
21:34:32.854 Disk 0 trace - called modules:
21:34:33.227 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
21:34:33.235 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031e7060]
21:34:33.242 3 CLASSPNP.SYS[fffff880019a543f] -> nt!IofCallDriver -> [0xfffffa80021f5040]
21:34:33.252 5 amdxata.sys[fffff880011017a8] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa8003187060]
21:34:35.507 AVAST engine scan C:\Windows
21:34:48.701 AVAST engine scan C:\Windows\system32
21:42:30.296 AVAST engine scan C:\Windows\system32\drivers
21:43:02.829 AVAST engine scan C:\Users\Josh
22:02:28.957 AVAST engine scan C:\ProgramData
22:11:15.083 Scan finished successfully
22:13:15.562 Disk 0 MBR has been saved successfully to "C:\Users\Josh\Desktop\MBR.dat"
22:13:15.661 The log file has been saved successfully to "C:\Users\Josh\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:58 AM

Posted 23 June 2012 - 01:13 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 The Gladstone

The Gladstone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 23 June 2012 - 02:12 PM

There were no problems running Combofix. The ads have stopped popping up and some space has opened up in the hard drive. Here is Combofix's log

ComboFix 12-06-23.05 - Josh 23/06/2012 14:47:34.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2811.1419 [GMT -4:00]
Running from: c:\users\Josh\Downloads\ComboFix.exe
Command switches used :: c:\users\Josh\Desktop\cfscript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 18:58 . 2012-06-23 18:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 19:05 . 2012-06-21 19:09 33096 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-06-21 18:58 . 2012-06-21 18:58 -------- d-----w- c:\users\Josh\AppData\Roaming\SUPERAntiSpyware.com
2012-06-21 18:58 . 2012-06-21 18:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-21 18:58 . 2012-06-21 18:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-21 17:52 . 2012-06-21 17:52 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-21 17:52 . 2012-06-21 17:53 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-21 17:30 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-21 17:30 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-21 17:30 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-21 17:30 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-21 17:30 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-21 17:30 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-21 17:29 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-21 17:29 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-21 17:29 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-21 17:29 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-21 17:29 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-21 17:29 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-21 17:29 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-21 17:29 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-21 17:29 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-21 17:29 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-21 17:28 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-21 17:28 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-21 17:28 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-21 14:45 . 2012-06-21 14:45 -------- d-----w- c:\users\Josh\AppData\Roaming\Malwarebytes
2012-06-21 14:44 . 2012-06-21 14:44 -------- d-----w- c:\programdata\Malwarebytes
2012-06-21 14:44 . 2012-06-21 14:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-21 14:44 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 14:05 . 2012-06-21 14:12 -------- d-----w- c:\users\Josh\AppData\Local\Google
2012-06-21 14:05 . 2012-06-21 14:12 -------- d-----w- c:\program files (x86)\Google
2012-06-19 17:45 . 2012-06-19 17:45 -------- d-----w- c:\program files (x86)\Oracle
2012-06-19 17:42 . 2012-06-19 17:42 -------- d-----w- c:\program files (x86)\Java
2012-06-11 05:30 . 2012-06-11 05:30 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-06-07 22:05 . 2012-06-07 22:05 -------- d-----w- c:\users\Josh\AppData\Roaming\AVG2012
2012-06-07 22:05 . 2012-06-07 22:05 -------- d-----w- c:\users\Josh\AppData\Local\AVG Secure Search
2012-06-07 22:04 . 2012-06-07 22:05 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-07 22:04 . 2012-06-07 22:04 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-06-07 22:04 . 2012-06-07 22:04 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-06-07 22:01 . 2012-06-23 14:01 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-07 22:01 . 2012-06-21 18:17 -------- d-----w- c:\programdata\AVG2012
2012-06-07 22:00 . 2012-06-07 22:00 -------- d-----w- c:\program files (x86)\AVG
2012-06-07 21:56 . 2012-06-23 14:02 -------- d-----w- c:\programdata\MFAData
2012-06-07 21:49 . 2012-06-07 21:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-04 08:20 . 2012-06-04 08:20 -------- d-----w- c:\users\Josh\AppData\Roaming\MotioninJoy
2012-06-04 08:20 . 2011-12-07 23:42 328712 ----a-w- c:\windows\system32\MijFrc.dll
2012-06-04 07:56 . 2012-06-04 08:20 -------- d-----w- c:\program files (x86)\PCSX2
2012-06-01 02:28 . 2012-06-01 02:28 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-05-30 17:59 . 2012-05-30 17:59 4966600 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-05-24 20:24 . 2012-05-24 20:24 -------- d-----w- c:\users\Josh\AppData\Roaming\LolClient2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 18:12 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-06-18 07:12 . 2012-06-23 01:38 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E399CC1A-24CA-4A14-B572-1E7A81D143CE}\mpengine.dll
2012-06-18 07:12 . 2012-06-21 18:02 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-01 21:10 . 2012-04-11 18:12 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-01 21:10 . 2011-05-28 21:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 17:02 . 2012-05-31 11:46 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{650F32A4-4DB0-4011-8E3F-6D7E9A3F5A87}\mpengine.dll
2012-05-07 18:33 . 2012-03-09 20:22 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-07 18:32 . 2012-03-09 20:21 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-05-07 18:32 . 2012-03-09 20:21 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-04 23:29 . 2012-02-24 20:32 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-04 23:29 . 2010-09-01 23:28 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-23 19:54 . 2012-03-22 18:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-04-23 19:53 . 2012-03-22 18:37 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-04-23 19:53 . 2012-03-22 18:37 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-04-20 19:30 . 2011-07-24 19:15 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-07 02:27 . 2012-04-07 02:28 2048104 ----a-w- c:\windows\system32\RtPgEx64.dll
2012-04-07 02:27 . 2012-04-07 02:28 1146984 ----a-w- c:\windows\system32\RTSnMg64.cpl
2012-04-07 02:27 . 2012-04-07 02:28 332392 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2012-04-07 02:27 . 2012-04-07 02:28 2494056 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2012-04-07 02:27 . 2012-04-07 02:28 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2012-04-07 02:27 . 2012-04-07 02:28 569960 ----a-w- c:\windows\system32\RtkApi64.dll
2012-04-07 02:27 . 2012-04-07 02:28 2625640 ----a-w- c:\windows\system32\RtkAPO64.dll
2012-04-07 02:27 . 2012-04-07 02:28 80488 ----a-w- c:\windows\system32\RCoInst64.dll
2012-04-07 02:27 . 2012-04-07 02:28 1215592 ----a-w- c:\windows\system32\RTCOM64.dll
2012-04-07 02:27 . 2012-04-07 02:28 200800 ----a-w- c:\windows\system32\AERTAC64.dll
2012-04-07 02:27 . 2010-03-31 08:11 1251944 ----a-w- c:\windows\RtlExUpd.dll
2012-04-06 02:34 . 2012-04-06 02:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 02:34 . 2012-04-06 02:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 02:34 . 2012-04-06 02:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 02:33 . 2012-04-06 02:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 02:33 . 2012-04-06 02:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 02:33 . 2012-04-06 02:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 02:32 . 2012-04-06 02:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 02:32 . 2012-04-06 02:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-06 02:32 . 2012-04-06 02:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-04-06 02:21 . 2012-05-16 19:54 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2012-05-16 19:54 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 01:35 . 2012-05-16 19:54 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-05-16 19:54 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-03 03:39 . 2012-04-03 03:39 921 ----a-w- c:\windows\QSFVExit.bat
2012-03-30 11:35 . 2012-05-15 22:29 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-22_17.04.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-31 06:42 . 2012-06-23 02:40 68828 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-23 19:04 53302 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-10 04:33 . 2012-06-23 19:04 35280 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1639273734-1082684029-1186129129-1000_UserData.bin
+ 2010-08-10 08:05 . 2012-06-23 18:59 6742 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-08-10 08:05 . 2012-06-22 17:03 6742 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-06-23 19:00 . 2012-06-23 19:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-22 17:04 . 2012-06-22 17:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-22 17:04 . 2012-06-22 17:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-23 19:00 . 2012-06-23 19:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-06-22 01:23 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-23 02:38 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-09 22:07 . 2012-06-23 13:57 357776 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-06-22 14:43 644058 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-22 17:10 644058 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-22 17:10 118170 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-22 14:43 118170 c:\windows\system32\perfc009.dat
+ 2011-05-03 17:21 . 2012-01-31 12:44 279656 c:\windows\system32\MpSigStub.exe
- 2011-05-03 17:21 . 2012-01-31 09:59 279656 c:\windows\system32\MpSigStub.exe
- 2012-06-11 21:21 . 2012-06-22 17:03 189776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-06-11 21:21 . 2012-06-23 18:59 189776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-06-22 17:03 325748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-23 18:59 325748 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-06-22 01:23 2211840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-23 02:38 2211840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-22 01:23 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-23 02:38 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-18 09:41 . 2012-06-23 18:59 30697875 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1639273734-1082684029-1186129129-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-07 22:04 2068536 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-07 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-05-23 3407496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-07 1104440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA&inst=NwA3AC0AMwA4ADEANAAwADIAMAAxADAALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQgArADEALQBYAE8AOQArADEALQBGADkATQAyACsAMQA&prod=90&ver=9.0.894" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-21 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-21 136176]
R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-23 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2012-04-07 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-12-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-03-23 2321520]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-06 624856]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-07 935480]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-21 14:05]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-21 14:05]
.
2012-06-11 c:\windows\Tasks\HPCeeScheduleForJosh.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-04-07 6489704]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-02-05 995840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [BU]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [BU]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\93b74pa5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf5cd7a79-87f5-45ce-9cbd-ca2b03e7141e%7D&mid=7bf00bddf58d239488a0c5f481ec43a3-a02703f07077a19be9159f751d22ed12fb2a9109&ds=AVG&v=11.1.0.7&lang=en&pr=pr&d=2012-06-07%2018%3A04%3A43&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1639273734-1082684029-1186129129-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1f,75,43,ce,e3,b8,3f,80,e9,9b,be,46,aa,8b,13,8a,db,f5,a3,89,04,d2,27,
11,de,07,30,b9,8d,45,d4,af,31,3f,79,a5,13,fe,d5,c1,5c,35,92,32,a6,e4,02,bb,\
"??"=hex:62,67,65,76,95,f5,8c,ce,64,41,bc,4a,0f,1f,c5,87
.
[HKEY_USERS\S-1-5-21-1639273734-1082684029-1186129129-1000\Software\SecuROM\License information*]
"datasecu"=hex:1f,04,f5,df,d9,21,66,4a,87,1c,38,6c,3e,f3,d6,c1,2c,bf,82,a4,1e,
43,3b,e5,c8,e3,dd,49,52,e1,14,a4,d0,bd,29,d6,2a,9c,04,8c,45,0c,9f,ec,e9,b6,\
"rkeysecu"=hex:4b,b3,d4,12,64,7d,79,5e,14,ec,e7,22,de,8d,4a,6c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-06-23 15:09:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 19:09
ComboFix2.txt 2012-06-22 17:14
.
Pre-Run: 97,253,105,664 bytes free
Post-Run: 97,002,450,944 bytes free
.
- - End Of File - - E99C3AF7072E09B86A5D9E377F053BFB

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:58 AM

Posted 23 June 2012 - 09:23 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1 MUI
µTorrent
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 The Gladstone

The Gladstone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 23 June 2012 - 11:10 PM

Here are the Malwarebytes logs, going to be running Hijack This soon

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.23.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Josh :: RARGLEBLARGLE [administrator]

Protection: Enabled

23/06/2012 11:30:06 PM
mbam-log-2012-06-23 (23-30-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216647
Time elapsed: 18 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 The Gladstone

The Gladstone
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 23 June 2012 - 11:12 PM

here are the Hijack This logs

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:11:59 AM, on 24/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.154\deploy\LolClient.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Josh\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AMwA4ADEANAAwADIAMAAxADAALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQgArADEALQBYAE8AOQArADEALQBGADkATQAyACsAMQA"&"prod=90"&"ver=9.0.894
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Program Files\LSI SoftModem\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Unknown owner - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (file missing)
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13738 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users