Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects to google/webhp


  • This topic is locked This topic is locked
22 replies to this topic

#1 monteverde

monteverde

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:01:22 PM

Posted 25 June 2012 - 06:15 AM

Same problem as others have described.
I use Windows 7, Chrome 8.0 and I had installed Kasperski One. A few days ago I noticed that Google search results had no longer the URL advisor arrows next to them. I tried to reinstall Kasperski from a back-up CD but it took me to a site redirect.kasperski.com. I have run defogger and DDS. Here are the logs.Thanks a lot. AGM


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by FCF at 6:50:13 on 2012-06-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6055.4955 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe
uRun: [Google Update] "C:\Users\FCF\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{84E84B30-065A-469C-8035-78935D2164D5} : DhcpNameServer = 192.168.1.1
.
============= SERVICES / DRIVERS ===============
.
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\Windows\system32\Drivers\SABI.sys --> C:\Windows\system32\Drivers\SABI.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-21 2655768]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-25 10:33:09 50477 ----a-w- C:\deaf.exe
2012-06-25 10:32:02 607260 ------r- C:\duds.scr
2012-06-23 01:51:40 -------- d-----w- C:\Windows\pss
2012-06-22 14:01:21 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{93A76B53-37D5-407F-A6AF-FE44BF6BCD89}\offreg.dll
2012-06-22 13:57:47 -------- d-----w- C:\Windows\SysWow64\Wat
2012-06-22 13:57:46 -------- d-----w- C:\Windows\System32\Wat
2012-06-22 03:41:27 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-06-22 03:41:25 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{93A76B53-37D5-407F-A6AF-FE44BF6BCD89}\mpengine.dll
2012-06-22 03:39:01 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-06-22 03:39:01 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-22 03:39:01 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-06-22 03:39:01 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-06-22 03:39:01 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-06-22 03:39:01 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-22 03:39:01 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-22 03:35:59 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-06-22 03:34:51 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-06-22 03:29:58 77312 ----a-w- C:\Windows\System32\packager.dll
2012-06-22 03:29:58 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-06-22 03:27:36 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 03:27:27 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 03:27:17 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 03:27:17 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 03:08:31 -------- d-----w- C:\Users\FCF\AppData\Local\Google
2012-06-22 03:08:16 -------- d-----w- C:\Users\FCF\AppData\Local\Deployment
2012-06-22 03:08:16 -------- d-----w- C:\Users\FCF\AppData\Local\Apps
2012-06-22 03:07:07 -------- d-----w- C:\Windows\Panther
2012-06-22 03:06:35 -------- d-----w- C:\Windows\System32\OEM
2012-06-22 02:47:49 -------- d-----w- C:\Windows.old
2012-06-22 02:24:58 13824 ----a-w- C:\Windows\System32\drivers\SABI.sys
2012-06-22 02:23:48 -------- d-----w- C:\Program Files (x86)\Samsung
2012-06-22 02:23:32 -------- d-----w- C:\ProgramData\WinClon
2012-06-22 02:22:54 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2012-06-22 02:22:32 -------- d-sh--w- C:\Windows\Installer
2012-06-22 02:22:12 -------- d-----w- C:\Program Files\Elantech
2012-06-22 02:22:10 5047080 ----a-w- C:\Windows\System32\ETDUI.cpl
2012-06-22 02:22:10 138024 ----a-w- C:\Windows\System32\drivers\ETD.sys
2012-06-22 02:21:03 -------- d-----w- C:\Program Files\Realtek
2012-06-22 02:21:02 -------- d-----w- C:\Windows\SysWow64\RTCOM
2012-06-22 02:19:10 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-06-22 02:19:09 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-06-22 02:19:09 425064 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-06-22 02:19:02 -------- d-----w- C:\Program Files (x86)\Realtek
2012-06-22 02:18:20 -------- d-----w- C:\Program Files\Common Files\Intel
2012-06-22 02:18:16 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-06-22 02:18:08 317440 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys
2012-06-22 02:18:08 14848 ----a-w- C:\Windows\System32\IntcDAuC.dll
2012-06-22 02:16:39 439320 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2012-06-22 02:16:24 8192 ----a-r- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
2012-06-22 02:16:24 8192 ----a-r- C:\Windows\System32\drivers\IntelMEFWVer.dll
2012-06-22 02:16:17 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2012-06-22 02:15:32 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2012-06-21 18:31:20 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2012-05-23 14:37:24 960940 ----a-w- C:\Windows\SysWow64\igkrng600.bin
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
.
============= FINISH: 6:50:51.74 ===============



defogger_disable by jpshortstuff (23.02.10.1)
Log created at 06:35 on 25/06/2012 (FCF)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:22 PM

Posted 26 June 2012 - 12:08 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 monteverde

monteverde
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:01:22 PM

Posted 26 June 2012 - 08:55 PM

Ok, so I seem to have the same problem on laptop and desktop
The logs I included earlier were from laptop, but I am going to have this just wiped clean
I still have the desktop to sort out, so I followed your instructions on the desktop, and these are the logs.
The desktop is an HP (HPE 510) with Windows 7 and IE 9. Just ignore files named "uffa", these are files I renamed.
Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.0
Java™ 7 Update 4
Java version out of Date!
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 2012 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````


ComboFix 12-06-26.02 - CM 06/26/2012 20:47:51.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6860 [GMT -4:00]
Running from: c:\users\CM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O78YDPAP\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\iexplore.exe
C:\Thumbs.db
c:\users\CM\AppData\Local\Temp\SASAFC7.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-27 to 2012-06-27 )))))))))))))))))))))))))))))))
.
.
2012-06-26 18:58 . 2012-06-26 18:58 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-06-26 18:40 . 2009-12-30 15:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-06-26 18:40 . 2012-06-26 18:40 -------- d-----w- c:\program files\rev
2012-06-26 18:38 . 2012-06-26 18:38 -------- d-----w- C:\uffa
2012-06-26 17:35 . 2012-06-26 17:35 -------- d-----w- c:\programdata\SUPERSetup
2012-06-24 20:44 . 2012-06-27 00:52 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-19 16:14 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 16:14 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 16:14 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 16:14 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 16:14 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 16:14 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 16:14 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 16:14 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 16:14 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 21:44 . 2012-06-16 21:44 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-16 21:43 . 2012-06-16 21:43 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-06-16 21:43 . 2012-06-16 21:43 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-06-16 21:43 . 2012-06-16 21:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-16 21:42 . 2012-06-16 21:42 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-13 13:58 . 2012-06-13 13:58 -------- d-----w- c:\program files\EpsonNet
2012-06-13 13:48 . 2012-06-13 21:58 -------- d-----w- c:\program files (x86)\Common Files\EPSON
2012-06-13 13:45 . 2012-06-26 18:42 -------- d-----w- c:\program files (x86)\Epson Software
2012-06-13 13:10 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-13 13:10 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-13 13:10 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-06-13 13:10 . 2012-05-17 22:37 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-06-13 06:10 . 2011-08-10 04:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2012-06-13 06:10 . 2009-10-16 04:00 13824 ----a-w- c:\windows\system32\esxcdev.dll
2012-06-13 06:10 . 2009-10-16 04:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-06-13 06:01 . 2012-06-13 06:01 -------- d-----w- c:\programdata\Xerox
2012-06-13 06:00 . 2012-06-13 06:00 -------- d-----w- c:\program files\Lexmark
2012-06-13 04:44 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 04:44 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 04:44 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 04:44 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 04:44 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 04:43 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 04:43 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 04:43 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 04:43 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 04:43 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 04:43 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 04:43 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 04:43 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 04:43 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 04:43 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 04:43 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 04:43 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-11 23:06 . 2012-06-11 23:06 -------- d-----w- c:\programdata\Malwarebytes
2012-06-11 23:06 . 2012-06-13 21:58 -------- d-----w- c:\programdata\EPSON
2012-06-11 22:54 . 2012-06-11 22:54 -------- d-----w- c:\programdata\NortonInstaller
2012-06-11 14:28 . 2012-06-11 14:28 -------- d-----w- c:\windows\system32\SPReview
2012-06-11 14:27 . 2012-06-11 14:27 -------- d-----w- c:\windows\system32\EventProviders
2012-06-11 14:26 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-06-11 14:26 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-06-11 14:26 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-06-09 22:19 . 2010-11-20 13:26 828416 ----a-w- c:\windows\system32\MPSSVC.dll
2012-06-09 22:18 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-06-09 22:18 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-06-09 22:18 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-06-09 14:46 . 2012-06-09 14:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-09 14:46 . 2012-06-09 14:46 -------- d-----w- c:\program files (x86)\Oracle
2012-06-09 14:45 . 2012-04-04 22:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-09 14:45 . 2012-04-04 22:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-09 14:44 . 2012-06-09 14:44 -------- d-----w- c:\program files (x86)\Java
2012-06-09 14:32 . 2012-06-09 14:32 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-09 14:32 . 2012-06-09 14:32 -------- d-----w- c:\windows\system32\Wat
2012-06-09 07:08 . 2012-06-09 07:08 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-06-09 07:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-09 07:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-09 07:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-09 07:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-09 07:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-09 07:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-09 07:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-09 01:11 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-06-09 01:11 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-06-09 01:11 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-06-09 01:11 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-06-09 01:11 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-06-09 01:11 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-06-09 01:11 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-06-09 01:11 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-06-09 01:11 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-06-09 00:59 . 2012-06-09 00:59 -------- d-----w- c:\programdata\Apple
2012-06-08 23:49 . 2012-06-09 20:09 -------- d-----w- c:\users\Julia
2012-06-08 22:27 . 2012-06-26 17:11 -------- d-----w- c:\programdata\Recovery
2012-06-08 21:29 . 2012-06-08 21:29 -------- d-----w- c:\windows\system32\Hauppauge
2012-06-08 20:11 . 2012-06-24 21:22 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-06-08 20:07 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-06-08 20:06 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-08 20:06 . 2010-11-20 13:33 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-06-08 20:06 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-08 20:06 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-08 20:06 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-08 20:06 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-08 20:06 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-08 20:06 . 2010-11-20 13:24 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe
2012-06-08 20:06 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-06-08 20:06 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-06-08 20:04 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-06-08 20:04 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-06-08 20:01 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-06-08 20:01 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-06-08 20:01 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-06-08 19:21 . 2012-06-10 18:36 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-06-08 19:21 . 2012-06-08 19:21 -------- d-----w- c:\windows\PCHEALTH
2012-06-08 19:20 . 2012-06-08 19:20 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-06-08 19:19 . 2012-06-13 13:21 -------- d-----w- c:\programdata\Microsoft Help
2012-06-08 19:18 . 2012-06-08 19:18 -------- d-----r- C:\MSOCache
2012-06-08 19:13 . 2012-06-08 19:13 -------- d-----w- c:\program files\Common Files\EPSON
2012-06-08 19:13 . 2006-10-31 04:10 51360 ----a-w- c:\windows\SysWow64\EpPicPrt.dll
2012-06-08 19:13 . 2006-10-31 04:10 51360 ----a-w- c:\windows\SysWow64\EpPicMgr.dll
2012-06-08 19:13 . 2006-10-20 04:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll
2012-06-08 19:13 . 2006-10-20 04:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll
2012-06-08 19:13 . 2006-10-20 04:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll
2012-06-08 19:12 . 2008-11-12 03:00 118784 ----a-w- c:\windows\system32\E_ILMGCA.DLL
2012-06-08 19:12 . 2009-10-01 03:01 88064 ----a-w- c:\windows\system32\E_IBCBGCA.DLL
2012-06-08 18:55 . 2012-06-08 18:55 -------- d-----w- c:\programdata\PDFC
2012-06-08 18:37 . 2012-06-08 18:37 -------- d-----w- c:\users\Public\Symantec
2012-06-08 18:36 . 2012-06-19 18:02 -------- d-----w- c:\users\CM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-26 18:38 . 2012-06-26 18:37 2109990 ----a-w- C:\uffa.zip
2012-06-11 14:36 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-11 14:36 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-09-12 1705600]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-09 1255736]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R4 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-21 92216]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-23 203264]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-23 7886848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-23 285696]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 HCW723x;Hauppauge WinTV 723x PCIe Card;c:\windows\system32\DRIVERS\HCW723x.sys [2009-12-16 1799552]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-05 1041760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3290895377-1361538910-2046344388-1001Core.job
- c:\users\Julia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08 23:50]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3290895377-1361538910-2046344388-1001UA.job
- c:\users\Julia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08 23:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe
AddRemove-WildTangentGDF-hp-clubpenguin - c:\program files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe
AddRemove-WildTangentGDF-hp-darkorbit - c:\program files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe
AddRemove-WildTangentGDF-hp-habbohotel - c:\program files (x86)\HP Games\Web Link - Habbo Hotel\Uninstall.exe
AddRemove-WildTangentGDF-hp-seafight - c:\program files (x86)\HP Games\Web Link - Seafight\Uninstall.exe
AddRemove-WildTangentGDF-hp-worldofwarcraft - c:\program files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe
AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-06-26 20:57:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-27 00:57
.
Pre-Run: 1,425,944,715,264 bytes free
Post-Run: 1,426,804,346,880 bytes free
.
- - End Of File - - 491E5801A1148C3305B902A0B38ADF03


THANKS

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:22 PM

Posted 26 June 2012 - 08:58 PM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 monteverde

monteverde
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:01:22 PM

Posted 26 June 2012 - 10:53 PM

I will. I just wanted to add that after running Combofix all antivirus have been disabled. So I run RKILL (did I do wrong?) and it terminated c:\windows\syswow64\rundll32.exe. But Kasperski still stalls when I try to launch. AGM

#6 monteverde

monteverde
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:01:22 PM

Posted 26 June 2012 - 11:00 PM

Here is the log

Windows IP Configuration

Host Name . . . . . . . . . . . . : CM-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 68-A3-C4-7D-D2-42
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 78-AC-C0-BD-39-29
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::90f3:d283:938f:deba%12(Preferred)
IPv4 Address. . . . . . . . . . . : 67.82.111.223(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.248.0
Lease Obtained. . . . . . . . . . : Tuesday, June 26, 2012 11:54:36 PM
Lease Expires . . . . . . . . . . : Wednesday, June 27, 2012 3:44:46 AM
Default Gateway . . . . . . . . . : 67.82.104.1
DHCP Server . . . . . . . . . . . : 167.206.195.6
DHCPv6 IAID . . . . . . . . . . . : 309898432
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-47-D4-4A-78-AC-C0-BF-5A-BE
DNS Servers . . . . . . . . . . . : 167.206.245.129
167.206.245.130
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 802.11n Wireless LAN Card
Physical Address. . . . . . . . . : 68-A3-C4-7D-D2-43
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:34b6:247e:bcad:9020(Preferred)
Link-local IPv6 Address . . . . . : fe80::34b6:247e:bcad:9020%10(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4352:6fdf::4352:6fdf(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 167.206.245.129
167.206.245.130
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{F8CBF50B-E794-4826-82CC-99AA9D48814A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: vdns1.srv.prnynj.cv.net
Address: 167.206.245.129

Name: google.com
Addresses: 2607:f8b0:4006:802::100e
173.194.43.14
173.194.43.8
173.194.43.1
173.194.43.2
173.194.43.6
173.194.43.7
173.194.43.4
173.194.43.0
173.194.43.5
173.194.43.3
173.194.43.9

Server: vdns1.srv.prnynj.cv.net
Address: 167.206.245.129

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging google.com [173.194.43.0] with 32 bytes of data:
Reply from 173.194.43.0: bytes=32 time=14ms TTL=56
Reply from 173.194.43.0: bytes=32 time=14ms TTL=56

Ping statistics for 173.194.43.0:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 14ms, Average = 14ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=31ms TTL=53
Reply from 98.139.183.24: bytes=32 time=46ms TTL=53

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 46ms, Average = 38ms
===========================================================================
Interface List
15...68 a3 c4 7d d2 42 ......Microsoft Virtual WiFi Miniport Adapter
12...78 ac c0 bd 39 29 ......Realtek PCIe FE Family Controller
11...68 a3 c4 7d d2 43 ......802.11n Wireless LAN Card
1...........................Software Loopback Interface 1
10...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 67.82.104.1 67.82.111.223 20
67.82.104.0 255.255.248.0 On-link 67.82.111.223 276
67.82.111.223 255.255.255.255 On-link 67.82.111.223 276
67.82.111.255 255.255.255.255 On-link 67.82.111.223 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 67.82.111.223 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 67.82.111.223 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 1125 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
10 58 2001::/32 On-link
10 306 2001:0:4137:9e76:34b6:247e:bcad:9020/128
On-link
13 1025 2002::/16 On-link
13 281 2002:4352:6fdf::4352:6fdf/128
On-link
12 276 fe80::/64 On-link
10 306 fe80::/64 On-link
10 306 fe80::34b6:247e:bcad:9020/128
On-link
12 276 fe80::90f3:d283:938f:deba/128
On-link
1 306 ff00::/8 On-link
10 306 ff00::/8 On-link
12 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#7 monteverde

monteverde
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:01:22 PM

Posted 26 June 2012 - 11:04 PM

Here is the log

Windows IP Configuration

Host Name . . . . . . . . . . . . : CM-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 68-A3-C4-7D-D2-42
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 78-AC-C0-BD-39-29
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::90f3:d283:938f:deba%12(Preferred)
IPv4 Address. . . . . . . . . . . : 67.82.111.223(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.248.0
Lease Obtained. . . . . . . . . . : Tuesday, June 26, 2012 11:54:36 PM
Lease Expires . . . . . . . . . . : Wednesday, June 27, 2012 3:44:46 AM
Default Gateway . . . . . . . . . : 67.82.104.1
DHCP Server . . . . . . . . . . . : 167.206.195.6
DHCPv6 IAID . . . . . . . . . . . : 309898432
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-47-D4-4A-78-AC-C0-BF-5A-BE
DNS Servers . . . . . . . . . . . : 167.206.245.129
167.206.245.130
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 802.11n Wireless LAN Card
Physical Address. . . . . . . . . : 68-A3-C4-7D-D2-43
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:34b6:247e:bcad:9020(Preferred)
Link-local IPv6 Address . . . . . : fe80::34b6:247e:bcad:9020%10(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:4352:6fdf::4352:6fdf(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 167.206.245.129
167.206.245.130
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{F8CBF50B-E794-4826-82CC-99AA9D48814A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: vdns1.srv.prnynj.cv.net
Address: 167.206.245.129

Name: google.com
Addresses: 2607:f8b0:4006:802::100e
173.194.43.14
173.194.43.8
173.194.43.1
173.194.43.2
173.194.43.6
173.194.43.7
173.194.43.4
173.194.43.0
173.194.43.5
173.194.43.3
173.194.43.9

Server: vdns1.srv.prnynj.cv.net
Address: 167.206.245.129

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging google.com [173.194.43.0] with 32 bytes of data:
Reply from 173.194.43.0: bytes=32 time=14ms TTL=56
Reply from 173.194.43.0: bytes=32 time=14ms TTL=56

Ping statistics for 173.194.43.0:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 14ms, Maximum = 14ms, Average = 14ms

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=31ms TTL=53
Reply from 98.139.183.24: bytes=32 time=46ms TTL=53

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 46ms, Average = 38ms
===========================================================================
Interface List
15...68 a3 c4 7d d2 42 ......Microsoft Virtual WiFi Miniport Adapter
12...78 ac c0 bd 39 29 ......Realtek PCIe FE Family Controller
11...68 a3 c4 7d d2 43 ......802.11n Wireless LAN Card
1...........................Software Loopback Interface 1
10...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 67.82.104.1 67.82.111.223 20
67.82.104.0 255.255.248.0 On-link 67.82.111.223 276
67.82.111.223 255.255.255.255 On-link 67.82.111.223 276
67.82.111.255 255.255.255.255 On-link 67.82.111.223 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 67.82.111.223 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 67.82.111.223 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 1125 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
10 58 2001::/32 On-link
10 306 2001:0:4137:9e76:34b6:247e:bcad:9020/128
On-link
13 1025 2002::/16 On-link
13 281 2002:4352:6fdf::4352:6fdf/128
On-link
12 276 fe80::/64 On-link
10 306 fe80::/64 On-link
10 306 fe80::34b6:247e:bcad:9020/128
On-link
12 276 fe80::90f3:d283:938f:deba/128
On-link
1 306 ff00::/8 On-link
10 306 ff00::/8 On-link
12 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:22 PM

Posted 27 June 2012 - 12:08 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 monteverde

monteverde
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:01:22 PM

Posted 27 June 2012 - 01:53 PM

Here are the logs. Everything went pretty smoothly. Still cannot get Kasperski AV to run. Thanks for looking at this. AGM


14:39:01.0677 2852 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
14:39:02.0161 2852 ============================================================
14:39:02.0161 2852 Current date / time: 2012/06/27 14:39:02.0161
14:39:02.0161 2852 SystemInfo:
14:39:02.0161 2852
14:39:02.0161 2852 OS Version: 6.1.7601 ServicePack: 1.0
14:39:02.0161 2852 Product type: Workstation
14:39:02.0161 2852 ComputerName: CM-HP
14:39:02.0161 2852 UserName: CM
14:39:02.0161 2852 Windows directory: C:\Windows
14:39:02.0161 2852 System windows directory: C:\Windows
14:39:02.0161 2852 Running under WOW64
14:39:02.0161 2852 Processor architecture: Intel x64
14:39:02.0161 2852 Number of processors: 6
14:39:02.0161 2852 Page size: 0x1000
14:39:02.0161 2852 Boot type: Normal boot
14:39:02.0161 2852 ============================================================
14:39:03.0955 2852 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:39:03.0986 2852 ============================================================
14:39:03.0986 2852 \Device\Harddisk0\DR0:
14:39:03.0986 2852 MBR partitions:
14:39:03.0986 2852 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:39:03.0986 2852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAD057800
14:39:03.0986 2852 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAD08A000, BlocksNum 0x19FD000
14:39:03.0986 2852 ============================================================
14:39:04.0001 2852 C: <-> \Device\Harddisk0\DR0\Partition1
14:39:04.0064 2852 D: <-> \Device\Harddisk0\DR0\Partition2
14:39:04.0064 2852 ============================================================
14:39:04.0064 2852 Initialize success
14:39:04.0064 2852 ============================================================
14:39:06.0217 1468 ============================================================
14:39:06.0217 1468 Scan started
14:39:06.0217 1468 Mode: Manual;
14:39:06.0217 1468 ============================================================
14:39:07.0043 1468 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:39:07.0043 1468 1394ohci - ok
14:39:07.0075 1468 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:39:07.0090 1468 ACPI - ok
14:39:07.0121 1468 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:39:07.0121 1468 AcpiPmi - ok
14:39:07.0199 1468 AdobeARMservice - ok
14:39:07.0246 1468 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:39:07.0277 1468 adp94xx - ok
14:39:07.0309 1468 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:39:07.0309 1468 adpahci - ok
14:39:07.0340 1468 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:39:07.0340 1468 adpu320 - ok
14:39:07.0387 1468 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:39:07.0387 1468 AeLookupSvc - ok
14:39:07.0449 1468 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:39:07.0449 1468 AFD - ok
14:39:07.0465 1468 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:39:07.0465 1468 agp440 - ok
14:39:07.0496 1468 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:39:07.0496 1468 ALG - ok
14:39:07.0511 1468 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:39:07.0511 1468 aliide - ok
14:39:07.0543 1468 AMD External Events Utility (694b7056f66a9dffe18836655477589a) C:\Windows\system32\atiesrxx.exe
14:39:07.0543 1468 AMD External Events Utility - ok
14:39:07.0558 1468 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:39:07.0558 1468 amdide - ok
14:39:07.0574 1468 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:39:07.0574 1468 AmdK8 - ok
14:39:07.0792 1468 amdkmdag (600c89344a1dc910e5af3852a0bc86f4) C:\Windows\system32\DRIVERS\atikmdag.sys
14:39:07.0948 1468 amdkmdag - ok
14:39:08.0011 1468 amdkmdap (b191851b6fbf30532470d3541a104eef) C:\Windows\system32\DRIVERS\atikmpag.sys
14:39:08.0011 1468 amdkmdap - ok
14:39:08.0042 1468 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:39:08.0042 1468 AmdPPM - ok
14:39:08.0073 1468 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:39:08.0073 1468 amdsata - ok
14:39:08.0089 1468 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:39:08.0089 1468 amdsbs - ok
14:39:08.0104 1468 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:39:08.0104 1468 amdxata - ok
14:39:08.0135 1468 amd_sata (8a2b4818215d8a6ff54dc3f0d63cbb2d) C:\Windows\system32\DRIVERS\amd_sata.sys
14:39:08.0135 1468 amd_sata - ok
14:39:08.0151 1468 amd_xata (a2d8977623e13591b15f6370c6cc37b0) C:\Windows\system32\DRIVERS\amd_xata.sys
14:39:08.0151 1468 amd_xata - ok
14:39:08.0182 1468 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:39:08.0182 1468 AppID - ok
14:39:08.0198 1468 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:39:08.0198 1468 AppIDSvc - ok
14:39:08.0229 1468 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:39:08.0229 1468 Appinfo - ok
14:39:08.0323 1468 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:39:08.0323 1468 Apple Mobile Device - ok
14:39:08.0369 1468 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:39:08.0369 1468 arc - ok
14:39:08.0401 1468 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:39:08.0401 1468 arcsas - ok
14:39:08.0432 1468 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:39:08.0432 1468 AsyncMac - ok
14:39:08.0447 1468 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:39:08.0463 1468 atapi - ok
14:39:08.0479 1468 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\Windows\system32\drivers\AtihdW76.sys
14:39:08.0479 1468 AtiHDAudioService - ok
14:39:08.0494 1468 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
14:39:08.0494 1468 AtiPcie - ok
14:39:08.0572 1468 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:39:08.0588 1468 AudioEndpointBuilder - ok
14:39:08.0603 1468 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:39:08.0603 1468 AudioSrv - ok
14:39:08.0775 1468 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
14:39:08.0775 1468 AVP - ok
14:39:08.0837 1468 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:39:08.0837 1468 AxInstSV - ok
14:39:08.0884 1468 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:39:08.0900 1468 b06bdrv - ok
14:39:08.0931 1468 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:39:08.0947 1468 b57nd60a - ok
14:39:08.0978 1468 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:39:08.0978 1468 BDESVC - ok
14:39:08.0993 1468 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:39:08.0993 1468 Beep - ok
14:39:09.0087 1468 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
14:39:09.0103 1468 BFE - ok
14:39:09.0196 1468 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
14:39:09.0212 1468 BITS - ok
14:39:09.0259 1468 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:39:09.0259 1468 blbdrive - ok
14:39:09.0305 1468 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:39:09.0321 1468 Bonjour Service - ok
14:39:09.0352 1468 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:39:09.0352 1468 bowser - ok
14:39:09.0368 1468 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:39:09.0383 1468 BrFiltLo - ok
14:39:09.0399 1468 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:39:09.0399 1468 BrFiltUp - ok
14:39:09.0430 1468 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
14:39:09.0430 1468 BridgeMP - ok
14:39:09.0461 1468 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:39:09.0461 1468 Browser - ok
14:39:09.0493 1468 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:39:09.0508 1468 Brserid - ok
14:39:09.0508 1468 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:39:09.0508 1468 BrSerWdm - ok
14:39:09.0524 1468 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:39:09.0524 1468 BrUsbMdm - ok
14:39:09.0539 1468 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:39:09.0539 1468 BrUsbSer - ok
14:39:09.0555 1468 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:39:09.0555 1468 BTHMODEM - ok
14:39:09.0571 1468 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:39:09.0571 1468 bthserv - ok
14:39:09.0586 1468 catchme - ok
14:39:09.0602 1468 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:39:09.0602 1468 cdfs - ok
14:39:09.0649 1468 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:39:09.0649 1468 cdrom - ok
14:39:09.0695 1468 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:39:09.0695 1468 CertPropSvc - ok
14:39:09.0711 1468 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:39:09.0711 1468 circlass - ok
14:39:09.0742 1468 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:39:09.0758 1468 CLFS - ok
14:39:09.0820 1468 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:39:09.0820 1468 clr_optimization_v2.0.50727_32 - ok
14:39:09.0867 1468 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:39:09.0867 1468 clr_optimization_v2.0.50727_64 - ok
14:39:09.0929 1468 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:39:09.0961 1468 clr_optimization_v4.0.30319_32 - ok
14:39:09.0992 1468 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:39:09.0992 1468 clr_optimization_v4.0.30319_64 - ok
14:39:10.0023 1468 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:39:10.0023 1468 CmBatt - ok
14:39:10.0070 1468 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:39:10.0070 1468 cmdide - ok
14:39:10.0117 1468 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
14:39:10.0132 1468 CNG - ok
14:39:10.0148 1468 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:39:10.0148 1468 Compbatt - ok
14:39:10.0179 1468 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:39:10.0179 1468 CompositeBus - ok
14:39:10.0210 1468 COMSysApp - ok
14:39:10.0226 1468 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:39:10.0226 1468 crcdisk - ok
14:39:10.0273 1468 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:39:10.0273 1468 CryptSvc - ok
14:39:10.0335 1468 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:39:10.0351 1468 DcomLaunch - ok
14:39:10.0397 1468 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:39:10.0413 1468 defragsvc - ok
14:39:10.0460 1468 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:39:10.0460 1468 DfsC - ok
14:39:10.0507 1468 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:39:10.0507 1468 Dhcp - ok
14:39:10.0538 1468 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:39:10.0538 1468 discache - ok
14:39:10.0553 1468 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:39:10.0553 1468 Disk - ok
14:39:10.0600 1468 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:39:10.0600 1468 Dnscache - ok
14:39:10.0647 1468 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:39:10.0647 1468 dot3svc - ok
14:39:10.0694 1468 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:39:10.0694 1468 DPS - ok
14:39:10.0725 1468 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:39:10.0725 1468 drmkaud - ok
14:39:10.0803 1468 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:39:10.0819 1468 DXGKrnl - ok
14:39:10.0819 1468 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:39:10.0819 1468 EapHost - ok
14:39:10.0975 1468 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:39:11.0021 1468 ebdrv - ok
14:39:11.0131 1468 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:39:11.0131 1468 EFS - ok
14:39:11.0193 1468 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:39:11.0209 1468 ehRecvr - ok
14:39:11.0240 1468 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:39:11.0240 1468 ehSched - ok
14:39:11.0302 1468 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:39:11.0318 1468 elxstor - ok
14:39:11.0349 1468 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:39:11.0349 1468 ErrDev - ok
14:39:11.0380 1468 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:39:11.0396 1468 EventSystem - ok
14:39:11.0411 1468 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:39:11.0411 1468 exfat - ok
14:39:11.0427 1468 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:39:11.0443 1468 fastfat - ok
14:39:11.0505 1468 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:39:11.0505 1468 Fax - ok
14:39:11.0536 1468 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:39:11.0536 1468 fdc - ok
14:39:11.0552 1468 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:39:11.0552 1468 fdPHost - ok
14:39:11.0567 1468 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:39:11.0567 1468 FDResPub - ok
14:39:11.0583 1468 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:39:11.0583 1468 FileInfo - ok
14:39:11.0599 1468 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:39:11.0599 1468 Filetrace - ok
14:39:11.0630 1468 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:39:11.0630 1468 flpydisk - ok
14:39:11.0677 1468 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:39:11.0677 1468 FltMgr - ok
14:39:11.0755 1468 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:39:11.0770 1468 FontCache - ok
14:39:11.0848 1468 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:39:11.0848 1468 FontCache3.0.0.0 - ok
14:39:11.0879 1468 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:39:11.0879 1468 FsDepends - ok
14:39:11.0911 1468 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:39:11.0911 1468 Fs_Rec - ok
14:39:11.0957 1468 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:39:11.0957 1468 fvevol - ok
14:39:11.0973 1468 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:39:11.0989 1468 gagp30kx - ok
14:39:12.0004 1468 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:39:12.0020 1468 GEARAspiWDM - ok
14:39:12.0082 1468 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:39:12.0113 1468 gpsvc - ok
14:39:12.0238 1468 HCW723x (4307c9853addc675b561e6c74f9fe437) C:\Windows\system32\DRIVERS\HCW723x.sys
14:39:12.0254 1468 HCW723x - ok
14:39:12.0457 1468 HCW85BDA (6d0f56d217545e2d0addbf301b35260f) C:\Windows\system32\drivers\HCW85BDA.sys
14:39:12.0488 1468 HCW85BDA - ok
14:39:12.0535 1468 hcw85cir (25581dcfe6cb06cc0e48fa5b63f67532) C:\Windows\system32\drivers\hcw85cir3.sys
14:39:12.0535 1468 hcw85cir - ok
14:39:12.0597 1468 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:39:12.0597 1468 HdAudAddService - ok
14:39:12.0644 1468 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:39:12.0644 1468 HDAudBus - ok
14:39:12.0675 1468 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:39:12.0675 1468 HidBatt - ok
14:39:12.0691 1468 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:39:12.0706 1468 HidBth - ok
14:39:12.0722 1468 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:39:12.0722 1468 HidIr - ok
14:39:12.0737 1468 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
14:39:12.0737 1468 hidserv - ok
14:39:12.0753 1468 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
14:39:12.0769 1468 HidUsb - ok
14:39:12.0800 1468 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:39:12.0815 1468 hkmsvc - ok
14:39:12.0847 1468 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:39:12.0862 1468 HomeGroupListener - ok
14:39:12.0878 1468 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:39:12.0893 1468 HomeGroupProvider - ok
14:39:12.0925 1468 HP Health Check Service - ok
14:39:13.0003 1468 HPAuto (da075126f867727810ee9b98b3041c4c) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
14:39:13.0034 1468 HPAuto - ok
14:39:13.0065 1468 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
14:39:13.0065 1468 HPClientSvc - ok
14:39:13.0081 1468 HPDrvMntSvc.exe - ok
14:39:13.0081 1468 hpqwmiex - ok
14:39:13.0112 1468 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:39:13.0112 1468 HpSAMD - ok
14:39:13.0174 1468 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:39:13.0205 1468 HTTP - ok
14:39:13.0221 1468 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:39:13.0221 1468 hwpolicy - ok
14:39:13.0268 1468 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:39:13.0268 1468 i8042prt - ok
14:39:13.0299 1468 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:39:13.0299 1468 iaStorV - ok
14:39:13.0408 1468 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:39:13.0424 1468 idsvc - ok
14:39:13.0439 1468 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:39:13.0439 1468 iirsp - ok
14:39:13.0517 1468 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:39:13.0533 1468 IKEEXT - ok
14:39:13.0689 1468 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
14:39:13.0705 1468 IntcAzAudAddService - ok
14:39:13.0798 1468 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:39:13.0798 1468 intelide - ok
14:39:13.0829 1468 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:39:13.0829 1468 intelppm - ok
14:39:13.0845 1468 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:39:13.0845 1468 IPBusEnum - ok
14:39:13.0861 1468 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:39:13.0876 1468 IpFilterDriver - ok
14:39:13.0923 1468 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
14:39:13.0939 1468 iphlpsvc - ok
14:39:13.0954 1468 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:39:13.0954 1468 IPMIDRV - ok
14:39:13.0985 1468 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:39:13.0985 1468 IPNAT - ok
14:39:14.0048 1468 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
14:39:14.0063 1468 iPod Service - ok
14:39:14.0063 1468 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:39:14.0063 1468 IRENUM - ok
14:39:14.0110 1468 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:39:14.0110 1468 isapnp - ok
14:39:14.0141 1468 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:39:14.0141 1468 iScsiPrt - ok
14:39:14.0173 1468 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:39:14.0173 1468 kbdclass - ok
14:39:14.0188 1468 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:39:14.0204 1468 kbdhid - ok
14:39:14.0219 1468 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:39:14.0219 1468 KeyIso - ok
14:39:14.0297 1468 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
14:39:14.0313 1468 KL1 - ok
14:39:14.0329 1468 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
14:39:14.0329 1468 kl2 - ok
14:39:14.0422 1468 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
14:39:14.0422 1468 KLIF - ok
14:39:14.0453 1468 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
14:39:14.0453 1468 KLIM6 - ok
14:39:14.0469 1468 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
14:39:14.0469 1468 klmouflt - ok
14:39:14.0500 1468 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
14:39:14.0500 1468 KSecDD - ok
14:39:14.0531 1468 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
14:39:14.0531 1468 KSecPkg - ok
14:39:14.0531 1468 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:39:14.0531 1468 ksthunk - ok
14:39:14.0578 1468 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:39:14.0578 1468 KtmRm - ok
14:39:14.0594 1468 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
14:39:14.0609 1468 LanmanServer - ok
14:39:14.0641 1468 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:39:14.0656 1468 LanmanWorkstation - ok
14:39:14.0687 1468 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:39:14.0687 1468 lltdio - ok
14:39:14.0719 1468 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:39:14.0719 1468 lltdsvc - ok
14:39:14.0734 1468 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:39:14.0734 1468 lmhosts - ok
14:39:14.0781 1468 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:39:14.0781 1468 LSI_FC - ok
14:39:14.0797 1468 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:39:14.0797 1468 LSI_SAS - ok
14:39:14.0797 1468 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:39:14.0812 1468 LSI_SAS2 - ok
14:39:14.0828 1468 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:39:14.0828 1468 LSI_SCSI - ok
14:39:14.0843 1468 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:39:14.0843 1468 luafv - ok
14:39:14.0890 1468 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:39:14.0890 1468 Mcx2Svc - ok
14:39:14.0906 1468 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:39:14.0906 1468 megasas - ok
14:39:14.0937 1468 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:39:14.0937 1468 MegaSR - ok
14:39:14.0953 1468 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:39:14.0953 1468 MMCSS - ok
14:39:14.0968 1468 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:39:14.0968 1468 Modem - ok
14:39:14.0999 1468 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:39:14.0999 1468 monitor - ok
14:39:15.0031 1468 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
14:39:15.0031 1468 mouclass - ok
14:39:15.0046 1468 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:39:15.0046 1468 mouhid - ok
14:39:15.0077 1468 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:39:15.0077 1468 mountmgr - ok
14:39:15.0109 1468 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:39:15.0109 1468 mpio - ok
14:39:15.0140 1468 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:39:15.0140 1468 mpsdrv - ok
14:39:15.0202 1468 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
14:39:15.0218 1468 MpsSvc - ok
14:39:15.0265 1468 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:39:15.0265 1468 MRxDAV - ok
14:39:15.0296 1468 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:39:15.0327 1468 mrxsmb - ok
14:39:15.0343 1468 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:39:15.0358 1468 mrxsmb10 - ok
14:39:15.0358 1468 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:39:15.0358 1468 mrxsmb20 - ok
14:39:15.0374 1468 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:39:15.0374 1468 msahci - ok
14:39:15.0389 1468 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:39:15.0405 1468 msdsm - ok
14:39:15.0421 1468 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:39:15.0421 1468 MSDTC - ok
14:39:15.0452 1468 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:39:15.0452 1468 Msfs - ok
14:39:15.0467 1468 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:39:15.0467 1468 mshidkmdf - ok
14:39:15.0499 1468 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:39:15.0499 1468 msisadrv - ok
14:39:15.0530 1468 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:39:15.0530 1468 MSiSCSI - ok
14:39:15.0530 1468 msiserver - ok
14:39:15.0561 1468 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:39:15.0561 1468 MSKSSRV - ok
14:39:15.0577 1468 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:39:15.0577 1468 MSPCLOCK - ok
14:39:15.0592 1468 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:39:15.0592 1468 MSPQM - ok
14:39:15.0639 1468 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:39:15.0639 1468 MsRPC - ok
14:39:15.0670 1468 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:39:15.0670 1468 mssmbios - ok
14:39:15.0670 1468 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:39:15.0670 1468 MSTEE - ok
14:39:15.0701 1468 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:39:15.0701 1468 MTConfig - ok
14:39:15.0717 1468 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:39:15.0717 1468 Mup - ok
14:39:15.0779 1468 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:39:15.0795 1468 napagent - ok
14:39:15.0842 1468 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:39:15.0857 1468 NativeWifiP - ok
14:39:15.0904 1468 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:39:15.0935 1468 NDIS - ok
14:39:15.0967 1468 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:39:15.0967 1468 NdisCap - ok
14:39:15.0982 1468 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:39:15.0982 1468 NdisTapi - ok
14:39:16.0029 1468 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:39:16.0029 1468 Ndisuio - ok
14:39:16.0060 1468 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:39:16.0060 1468 NdisWan - ok
14:39:16.0091 1468 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:39:16.0107 1468 NDProxy - ok
14:39:16.0107 1468 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:39:16.0107 1468 NetBIOS - ok
14:39:16.0154 1468 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:39:16.0169 1468 NetBT - ok
14:39:16.0185 1468 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:39:16.0201 1468 Netlogon - ok
14:39:16.0247 1468 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:39:16.0247 1468 Netman - ok
14:39:16.0279 1468 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:39:16.0279 1468 netprofm - ok
14:39:16.0372 1468 netr28x (24cf1304d899124336f67f88f3c15e21) C:\Windows\system32\DRIVERS\netr28x.sys
14:39:16.0388 1468 netr28x - ok
14:39:16.0466 1468 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:39:16.0466 1468 NetTcpPortSharing - ok
14:39:16.0497 1468 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:39:16.0497 1468 nfrd960 - ok
14:39:16.0559 1468 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:39:16.0559 1468 NlaSvc - ok
14:39:16.0575 1468 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:39:16.0575 1468 Npfs - ok
14:39:16.0591 1468 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:39:16.0591 1468 nsi - ok
14:39:16.0622 1468 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:39:16.0622 1468 nsiproxy - ok
14:39:16.0715 1468 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:39:16.0731 1468 Ntfs - ok
14:39:16.0840 1468 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:39:16.0840 1468 Null - ok
14:39:16.0903 1468 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:39:16.0903 1468 nvraid - ok
14:39:16.0934 1468 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:39:16.0934 1468 nvstor - ok
14:39:16.0965 1468 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:39:16.0965 1468 nv_agp - ok
14:39:17.0012 1468 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:39:17.0012 1468 ohci1394 - ok
14:39:17.0090 1468 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:39:17.0090 1468 ose - ok
14:39:17.0308 1468 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:39:17.0417 1468 osppsvc - ok
14:39:17.0480 1468 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:39:17.0495 1468 p2pimsvc - ok
14:39:17.0527 1468 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:39:17.0542 1468 p2psvc - ok
14:39:17.0558 1468 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:39:17.0558 1468 Parport - ok
14:39:17.0589 1468 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:39:17.0589 1468 partmgr - ok
14:39:17.0589 1468 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:39:17.0605 1468 PcaSvc - ok
14:39:17.0620 1468 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:39:17.0620 1468 pci - ok
14:39:17.0636 1468 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:39:17.0636 1468 pciide - ok
14:39:17.0651 1468 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:39:17.0667 1468 pcmcia - ok
14:39:17.0683 1468 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:39:17.0683 1468 pcw - ok
14:39:17.0729 1468 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:39:17.0745 1468 PEAUTH - ok
14:39:17.0792 1468 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:39:17.0839 1468 PerfHost - ok
14:39:17.0963 1468 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:39:17.0979 1468 pla - ok
14:39:18.0041 1468 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:39:18.0057 1468 PlugPlay - ok
14:39:18.0073 1468 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:39:18.0073 1468 PNRPAutoReg - ok
14:39:18.0088 1468 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:39:18.0104 1468 PNRPsvc - ok
14:39:18.0135 1468 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:39:18.0151 1468 PolicyAgent - ok
14:39:18.0182 1468 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:39:18.0182 1468 Power - ok
14:39:18.0229 1468 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:39:18.0229 1468 PptpMiniport - ok
14:39:18.0244 1468 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:39:18.0244 1468 Processor - ok
14:39:18.0291 1468 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:39:18.0291 1468 ProfSvc - ok
14:39:18.0322 1468 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:39:18.0322 1468 ProtectedStorage - ok
14:39:18.0353 1468 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:39:18.0353 1468 Psched - ok
14:39:18.0431 1468 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:39:18.0463 1468 ql2300 - ok
14:39:18.0572 1468 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:39:18.0572 1468 ql40xx - ok
14:39:18.0603 1468 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:39:18.0619 1468 QWAVE - ok
14:39:18.0634 1468 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:39:18.0634 1468 QWAVEdrv - ok
14:39:18.0650 1468 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:39:18.0650 1468 RasAcd - ok
14:39:18.0665 1468 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:39:18.0665 1468 RasAgileVpn - ok
14:39:18.0681 1468 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:39:18.0681 1468 RasAuto - ok
14:39:18.0712 1468 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:39:18.0728 1468 Rasl2tp - ok
14:39:18.0775 1468 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:39:18.0790 1468 RasMan - ok
14:39:18.0806 1468 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:39:18.0806 1468 RasPppoe - ok
14:39:18.0821 1468 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:39:18.0821 1468 RasSstp - ok
14:39:18.0837 1468 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:39:18.0853 1468 rdbss - ok
14:39:18.0853 1468 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:39:18.0853 1468 rdpbus - ok
14:39:18.0884 1468 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:39:18.0884 1468 RDPCDD - ok
14:39:18.0915 1468 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:39:18.0915 1468 RDPENCDD - ok
14:39:18.0931 1468 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:39:18.0931 1468 RDPREFMP - ok
14:39:18.0962 1468 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:39:18.0962 1468 RDPWD - ok
14:39:18.0993 1468 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:39:18.0993 1468 rdyboost - ok
14:39:19.0024 1468 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:39:19.0024 1468 RemoteAccess - ok
14:39:19.0040 1468 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:39:19.0055 1468 RemoteRegistry - ok
14:39:19.0118 1468 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
14:39:19.0118 1468 Revoflt - ok
14:39:19.0133 1468 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:39:19.0133 1468 RpcEptMapper - ok
14:39:19.0165 1468 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:39:19.0165 1468 RpcLocator - ok
14:39:19.0227 1468 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:39:19.0227 1468 RpcSs - ok
14:39:19.0243 1468 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:39:19.0243 1468 rspndr - ok
14:39:19.0305 1468 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:39:19.0305 1468 RTL8167 - ok
14:39:19.0321 1468 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:39:19.0321 1468 SamSs - ok
14:39:19.0352 1468 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:39:19.0367 1468 sbp2port - ok
14:39:19.0383 1468 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:39:19.0399 1468 SCardSvr - ok
14:39:19.0430 1468 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:39:19.0430 1468 scfilter - ok
14:39:19.0508 1468 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:39:19.0523 1468 Schedule - ok
14:39:19.0570 1468 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:39:19.0570 1468 SCPolicySvc - ok
14:39:19.0617 1468 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:39:19.0617 1468 SDRSVC - ok
14:39:19.0664 1468 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:39:19.0664 1468 secdrv - ok
14:39:19.0711 1468 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:39:19.0711 1468 seclogon - ok
14:39:19.0726 1468 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
14:39:19.0726 1468 SENS - ok
14:39:19.0742 1468 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:39:19.0742 1468 SensrSvc - ok
14:39:19.0757 1468 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:39:19.0757 1468 Serenum - ok
14:39:19.0789 1468 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:39:19.0789 1468 Serial - ok
14:39:19.0820 1468 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:39:19.0820 1468 sermouse - ok
14:39:19.0835 1468 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:39:19.0851 1468 SessionEnv - ok
14:39:19.0867 1468 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:39:19.0867 1468 sffdisk - ok
14:39:19.0882 1468 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:39:19.0882 1468 sffp_mmc - ok
14:39:19.0898 1468 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:39:19.0898 1468 sffp_sd - ok
14:39:19.0913 1468 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:39:19.0913 1468 sfloppy - ok
14:39:19.0976 1468 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:39:19.0976 1468 SharedAccess - ok
14:39:20.0007 1468 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:39:20.0023 1468 ShellHWDetection - ok
14:39:20.0038 1468 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:39:20.0038 1468 SiSRaid2 - ok
14:39:20.0069 1468 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:39:20.0069 1468 SiSRaid4 - ok
14:39:20.0101 1468 Skype C2C Service - ok
14:39:20.0116 1468 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:39:20.0116 1468 Smb - ok
14:39:20.0132 1468 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:39:20.0132 1468 SNMPTRAP - ok
14:39:20.0147 1468 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:39:20.0147 1468 spldr - ok
14:39:20.0179 1468 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:39:20.0194 1468 Spooler - ok
14:39:20.0366 1468 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:39:20.0444 1468 sppsvc - ok
14:39:20.0537 1468 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:39:20.0553 1468 sppuinotify - ok
14:39:20.0600 1468 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:39:20.0631 1468 srv - ok
14:39:20.0662 1468 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:39:20.0662 1468 srv2 - ok
14:39:20.0693 1468 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:39:20.0709 1468 srvnet - ok
14:39:20.0740 1468 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:39:20.0740 1468 SSDPSRV - ok
14:39:20.0756 1468 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:39:20.0771 1468 SstpSvc - ok
14:39:20.0787 1468 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:39:20.0787 1468 stexstor - ok
14:39:20.0818 1468 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
14:39:20.0818 1468 StillCam - ok
14:39:20.0881 1468 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:39:20.0896 1468 stisvc - ok
14:39:20.0912 1468 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:39:20.0912 1468 swenum - ok
14:39:20.0943 1468 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:39:20.0959 1468 swprv - ok
14:39:21.0068 1468 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:39:21.0099 1468 SysMain - ok
14:39:21.0146 1468 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:39:21.0146 1468 TabletInputService - ok
14:39:21.0193 1468 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:39:21.0208 1468 TapiSrv - ok
14:39:21.0317 1468 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:39:21.0317 1468 TBS - ok
14:39:21.0442 1468 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:39:21.0473 1468 Tcpip - ok
14:39:21.0567 1468 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:39:21.0583 1468 TCPIP6 - ok
14:39:21.0629 1468 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:39:21.0629 1468 tcpipreg - ok
14:39:21.0645 1468 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:39:21.0645 1468 TDPIPE - ok
14:39:21.0692 1468 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:39:21.0692 1468 TDTCP - ok
14:39:21.0739 1468 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:39:21.0739 1468 tdx - ok
14:39:21.0754 1468 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:39:21.0754 1468 TermDD - ok
14:39:21.0801 1468 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:39:21.0817 1468 TermService - ok
14:39:21.0832 1468 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:39:21.0832 1468 Themes - ok
14:39:21.0848 1468 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:39:21.0848 1468 THREADORDER - ok
14:39:21.0863 1468 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:39:21.0879 1468 TrkWks - ok
14:39:21.0910 1468 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:39:21.0910 1468 TrustedInstaller - ok
14:39:21.0941 1468 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:39:21.0941 1468 tssecsrv - ok
14:39:21.0988 1468 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:39:21.0988 1468 TsUsbFlt - ok
14:39:22.0019 1468 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:39:22.0035 1468 tunnel - ok
14:39:22.0051 1468 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:39:22.0051 1468 uagp35 - ok
14:39:22.0097 1468 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:39:22.0097 1468 udfs - ok
14:39:22.0129 1468 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:39:22.0129 1468 UI0Detect - ok
14:39:22.0160 1468 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:39:22.0160 1468 uliagpkx - ok
14:39:22.0191 1468 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:39:22.0191 1468 umbus - ok
14:39:22.0207 1468 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:39:22.0207 1468 UmPass - ok
14:39:22.0238 1468 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:39:22.0238 1468 upnphost - ok
14:39:22.0285 1468 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
14:39:22.0285 1468 USBAAPL64 - ok
14:39:22.0316 1468 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:39:22.0316 1468 usbccgp - ok
14:39:22.0331 1468 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:39:22.0331 1468 usbcir - ok
14:39:22.0363 1468 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
14:39:22.0363 1468 usbehci - ok
14:39:22.0378 1468 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
14:39:22.0394 1468 usbfilter - ok
14:39:22.0409 1468 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:39:22.0425 1468 usbhub - ok
14:39:22.0441 1468 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
14:39:22.0441 1468 usbohci - ok
14:39:22.0456 1468 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:39:22.0456 1468 usbprint - ok
14:39:22.0487 1468 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:39:22.0487 1468 usbscan - ok
14:39:22.0487 1468 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:39:22.0487 1468 USBSTOR - ok
14:39:22.0503 1468 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:39:22.0503 1468 usbuhci - ok
14:39:22.0519 1468 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:39:22.0534 1468 UxSms - ok
14:39:22.0550 1468 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:39:22.0550 1468 VaultSvc - ok
14:39:22.0565 1468 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:39:22.0565 1468 vdrvroot - ok
14:39:22.0612 1468 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:39:22.0643 1468 vds - ok
14:39:22.0659 1468 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:39:22.0659 1468 vga - ok
14:39:22.0675 1468 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:39:22.0675 1468 VgaSave - ok
14:39:22.0690 1468 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:39:22.0690 1468 vhdmp - ok
14:39:22.0706 1468 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:39:22.0706 1468 viaide - ok
14:39:22.0737 1468 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:39:22.0737 1468 volmgr - ok
14:39:22.0784 1468 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:39:22.0799 1468 volmgrx - ok
14:39:22.0831 1468 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:39:22.0831 1468 volsnap - ok
14:39:22.0846 1468 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:39:22.0846 1468 vsmraid - ok
14:39:22.0955 1468 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:39:22.0987 1468 VSS - ok
14:39:23.0096 1468 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:39:23.0096 1468 vwifibus - ok
14:39:23.0143 1468 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:39:23.0143 1468 vwififlt - ok
14:39:23.0158 1468 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:39:23.0158 1468 vwifimp - ok
14:39:23.0189 1468 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:39:23.0205 1468 W32Time - ok
14:39:23.0221 1468 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:39:23.0221 1468 WacomPen - ok
14:39:23.0236 1468 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:39:23.0236 1468 WANARP - ok
14:39:23.0236 1468 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:39:23.0236 1468 Wanarpv6 - ok
14:39:23.0314 1468 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:39:23.0345 1468 WatAdminSvc - ok
14:39:23.0439 1468 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:39:23.0455 1468 wbengine - ok
14:39:23.0486 1468 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:39:23.0486 1468 WbioSrvc - ok
14:39:23.0517 1468 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:39:23.0517 1468 wcncsvc - ok
14:39:23.0533 1468 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:39:23.0533 1468 WcsPlugInService - ok
14:39:23.0548 1468 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:39:23.0548 1468 Wd - ok
14:39:23.0579 1468 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:39:23.0579 1468 Wdf01000 - ok
14:39:23.0595 1468 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:39:23.0595 1468 WdiServiceHost - ok
14:39:23.0611 1468 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:39:23.0611 1468 WdiSystemHost - ok
14:39:23.0642 1468 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:39:23.0657 1468 WebClient - ok
14:39:23.0689 1468 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:39:23.0689 1468 Wecsvc - ok
14:39:23.0720 1468 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:39:23.0720 1468 wercplsupport - ok
14:39:23.0751 1468 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:39:23.0751 1468 WerSvc - ok
14:39:23.0767 1468 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:39:23.0767 1468 WfpLwf - ok
14:39:23.0798 1468 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:39:23.0798 1468 WIMMount - ok
14:39:23.0829 1468 WinDefend - ok
14:39:23.0845 1468 WinHttpAutoProxySvc - ok
14:39:23.0907 1468 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:39:23.0923 1468 Winmgmt - ok
14:39:24.0047 1468 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:39:24.0063 1468 WinRM - ok
14:39:24.0157 1468 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:39:24.0157 1468 WinUsb - ok
14:39:24.0203 1468 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:39:24.0219 1468 Wlansvc - ok
14:39:24.0235 1468 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:39:24.0235 1468 WmiAcpi - ok
14:39:24.0250 1468 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:39:24.0266 1468 wmiApSrv - ok
14:39:24.0266 1468 WMPNetworkSvc - ok
14:39:24.0281 1468 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:39:24.0281 1468 WPCSvc - ok
14:39:24.0313 1468 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:39:24.0328 1468 WPDBusEnum - ok
14:39:24.0344 1468 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:39:24.0344 1468 ws2ifsl - ok
14:39:24.0359 1468 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
14:39:24.0359 1468 wscsvc - ok
14:39:24.0375 1468 WSearch - ok
14:39:24.0500 1468 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:39:24.0562 1468 wuauserv - ok
14:39:24.0625 1468 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:39:24.0625 1468 WudfPf - ok
14:39:24.0656 1468 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:39:24.0656 1468 WUDFRd - ok
14:39:24.0703 1468 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:39:24.0703 1468 wudfsvc - ok
14:39:24.0749 1468 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:39:24.0765 1468 WwanSvc - ok
14:39:24.0812 1468 MBR (0x1B8) (22c55462c7e975d71f191f6ff24c08cb) \Device\Harddisk0\DR0
14:39:25.0015 1468 \Device\Harddisk0\DR0 - ok
14:39:25.0015 1468 Boot (0x1200) (73947221e3f7c8dd0aa0b57d07b8fa47) \Device\Harddisk0\DR0\Partition0
14:39:25.0015 1468 \Device\Harddisk0\DR0\Partition0 - ok
14:39:25.0030 1468 Boot (0x1200) (9ec49fc35f8ff4ef14063e645cec491c) \Device\Harddisk0\DR0\Partition1
14:39:25.0030 1468 \Device\Harddisk0\DR0\Partition1 - ok
14:39:25.0061 1468 Boot (0x1200) (80543b9e2656d87c594a5354ace50bd2) \Device\Harddisk0\DR0\Partition2
14:39:25.0061 1468 \Device\Harddisk0\DR0\Partition2 - ok
14:39:25.0061 1468 ============================================================
14:39:25.0061 1468 Scan finished
14:39:25.0061 1468 ============================================================
14:39:25.0077 1020 Detected object count: 0
14:39:25.0077 1020 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-27 14:40:27
-----------------------------
14:40:27.573 OS Version: Windows x64 6.1.7601 Service Pack 1
14:40:27.573 Number of processors: 6 586 0xA00
14:40:27.573 ComputerName: CM-HP UserName: CM
14:40:29.352 Initialize success
14:41:26.356 AVAST engine defs: 12062700
14:41:28.992 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
14:41:29.008 Disk 0 Vendor: WDC_WD15 51.0 Size: 1430799MB BusType: 11
14:41:29.024 Disk 0 MBR read successfully
14:41:29.024 Disk 0 MBR scan
14:41:29.039 Disk 0 unknown MBR code
14:41:29.039 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:41:29.070 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1417391 MB offset 206848
14:41:29.102 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13306 MB offset 2903023616
14:41:29.164 Disk 0 scanning C:\Windows\system32\drivers
14:41:39.382 Service scanning
14:41:57.416 Modules scanning
14:41:57.431 Disk 0 trace - called modules:
14:41:57.447 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
14:41:57.977 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007251060]
14:41:57.977 3 CLASSPNP.SYS[fffff88001e5143f] -> nt!IofCallDriver -> [0xfffffa8007173ac0]
14:41:57.993 5 amd_xata.sys[fffff880010728b4] -> nt!IofCallDriver -> \Device\00000058[0xfffffa800716f9c0]
14:42:00.348 AVAST engine scan C:\Windows
14:42:03.562 AVAST engine scan C:\Windows\system32
14:44:04.899 AVAST engine scan C:\Windows\system32\drivers
14:44:16.053 AVAST engine scan C:\Users\CM
14:45:06.987 AVAST engine scan C:\ProgramData
14:46:07.624 Scan finished successfully
14:46:38.528 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
14:46:38.637 The log file has been saved successfully to "E:\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:22 PM

Posted 27 June 2012 - 05:21 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 monteverde

monteverde
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:01:22 PM

Posted 27 June 2012 - 09:06 PM

Here is the Combolog. Kasperski Internet Security is still turned off . AGM

ComboFix 12-06-27.01 - CM 06/27/2012 21:40:29.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.7240 [GMT -4:00]
Running from: c:\users\CM\Desktop\ComboFix.exe
Command switches used :: c:\users\CM\Desktop\CFscript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 01:44 . 2012-06-28 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-28 01:39 . 2012-06-28 01:39 -------- d-----r- c:\users\Public
2012-06-27 15:33 . 2012-06-27 15:33 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-06-26 18:58 . 2012-06-26 18:58 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-06-26 18:40 . 2009-12-30 15:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-06-26 18:40 . 2012-06-26 18:40 -------- d-----w- c:\program files\rev
2012-06-26 17:35 . 2012-06-26 17:35 -------- d-----w- c:\programdata\SUPERSetup
2012-06-24 20:44 . 2012-06-27 18:36 -------- d-----w- c:\programdata\Kaspersky Lab
2012-06-19 16:14 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 16:14 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 16:14 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 16:14 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 16:14 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 16:14 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 16:14 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 16:14 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 16:14 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 21:44 . 2012-06-16 21:44 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-16 21:43 . 2012-06-16 21:43 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-06-16 21:43 . 2012-06-16 21:43 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-06-16 21:43 . 2012-06-16 21:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-16 21:42 . 2012-06-16 21:42 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-13 13:58 . 2012-06-13 13:58 -------- d-----w- c:\program files\EpsonNet
2012-06-13 13:48 . 2012-06-13 21:58 -------- d-----w- c:\program files (x86)\Common Files\EPSON
2012-06-13 13:45 . 2012-06-26 18:42 -------- d-----w- c:\program files (x86)\Epson Software
2012-06-13 13:10 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-13 13:10 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-13 13:10 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-06-13 13:10 . 2012-05-17 22:37 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-06-13 06:10 . 2011-08-10 04:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2012-06-13 06:10 . 2009-10-16 04:00 13824 ----a-w- c:\windows\system32\esxcdev.dll
2012-06-13 06:10 . 2009-10-16 04:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-06-13 06:01 . 2012-06-13 06:01 -------- d-----w- c:\programdata\Xerox
2012-06-13 06:00 . 2012-06-13 06:00 -------- d-----w- c:\program files\Lexmark
2012-06-13 04:44 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 04:44 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 04:44 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 04:44 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 04:44 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 04:43 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 04:43 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 04:43 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 04:43 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 04:43 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 04:43 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 04:43 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 04:43 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 04:43 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 04:43 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 04:43 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 04:43 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-11 23:06 . 2012-06-11 23:06 -------- d-----w- c:\programdata\Malwarebytes
2012-06-11 23:06 . 2012-06-13 21:58 -------- d-----w- c:\programdata\EPSON
2012-06-11 22:54 . 2012-06-11 22:54 -------- d-----w- c:\programdata\NortonInstaller
2012-06-11 14:28 . 2012-06-11 14:28 -------- d-----w- c:\windows\system32\SPReview
2012-06-11 14:27 . 2012-06-11 14:27 -------- d-----w- c:\windows\system32\EventProviders
2012-06-11 14:26 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-06-11 14:26 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-06-11 14:26 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-06-09 22:19 . 2010-11-20 13:26 828416 ----a-w- c:\windows\system32\MPSSVC.dll
2012-06-09 22:18 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-06-09 22:18 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-06-09 22:18 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-06-09 14:46 . 2012-06-09 14:46 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-09 14:46 . 2012-06-09 14:46 -------- d-----w- c:\program files (x86)\Oracle
2012-06-09 14:45 . 2012-04-04 22:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-09 14:45 . 2012-04-04 22:47 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-09 14:44 . 2012-06-09 14:44 -------- d-----w- c:\program files (x86)\Java
2012-06-09 14:32 . 2012-06-09 14:32 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-09 14:32 . 2012-06-09 14:32 -------- d-----w- c:\windows\system32\Wat
2012-06-09 07:08 . 2012-06-09 07:08 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-06-09 07:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-09 07:06 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-09 07:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-09 07:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-09 07:06 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-09 07:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-09 07:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-09 01:11 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-06-09 01:11 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-06-09 01:11 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-06-09 01:11 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-06-09 01:11 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-06-09 01:11 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-06-09 01:11 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-06-09 01:11 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-06-09 01:11 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-06-09 00:59 . 2012-06-09 00:59 -------- d-----w- c:\programdata\Apple
2012-06-08 23:49 . 2012-06-09 20:09 -------- d-----w- c:\users\Julia
2012-06-08 22:27 . 2012-06-26 17:11 -------- d-----w- c:\programdata\Recovery
2012-06-08 21:29 . 2012-06-08 21:29 -------- d-----w- c:\windows\system32\Hauppauge
2012-06-08 20:11 . 2012-06-24 21:22 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-06-08 20:07 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-06-08 20:06 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-08 20:06 . 2010-11-20 13:33 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-06-08 20:06 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-08 20:06 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-08 20:06 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-08 20:06 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-08 20:06 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-08 20:06 . 2010-11-20 13:24 2164224 ----a-w- c:\program files\Windows Journal\Journal.exe
2012-06-08 20:06 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-06-08 20:06 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-06-08 20:04 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-06-08 20:04 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-06-08 20:01 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-06-08 20:01 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-06-08 20:01 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-06-08 19:21 . 2012-06-10 18:36 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-06-08 19:21 . 2012-06-08 19:21 -------- d-----w- c:\windows\PCHEALTH
2012-06-08 19:20 . 2012-06-08 19:20 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-06-08 19:19 . 2012-06-13 13:21 -------- d-----w- c:\programdata\Microsoft Help
2012-06-08 19:18 . 2012-06-08 19:18 -------- d-----r- C:\MSOCache
2012-06-08 19:13 . 2012-06-08 19:13 -------- d-----w- c:\program files\Common Files\EPSON
2012-06-08 19:13 . 2006-10-31 04:10 51360 ----a-w- c:\windows\SysWow64\EpPicPrt.dll
2012-06-08 19:13 . 2006-10-31 04:10 51360 ----a-w- c:\windows\SysWow64\EpPicMgr.dll
2012-06-08 19:13 . 2006-10-20 04:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll
2012-06-08 19:13 . 2006-10-20 04:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll
2012-06-08 19:13 . 2006-10-20 04:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll
2012-06-08 19:12 . 2008-11-12 03:00 118784 ----a-w- c:\windows\system32\E_ILMGCA.DLL
2012-06-08 19:12 . 2009-10-01 03:01 88064 ----a-w- c:\windows\system32\E_IBCBGCA.DLL
2012-06-08 18:55 . 2012-06-08 18:55 -------- d-----w- c:\programdata\PDFC
2012-06-08 18:36 . 2012-06-27 02:21 -------- d-----w- c:\users\CM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-26 18:38 . 2012-06-26 18:37 2109990 ----a-w- C:\uffa.zip
2012-06-11 14:36 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-11 14:36 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-27_00.54.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-08 18:38 . 2012-06-28 01:47 30668 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-28 01:47 33704 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-06-08 21:33 . 2012-06-27 01:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-08 21:33 . 2012-06-26 22:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-08 21:33 . 2012-06-26 22:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-08 21:33 . 2012-06-27 01:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-27 01:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-26 22:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-27 01:45 94640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-08 19:04 . 2012-06-28 01:47 6650 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3290895377-1361538910-2046344388-1000_UserData.bin
- 2012-06-27 00:52 . 2012-06-27 00:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-28 01:45 . 2012-06-28 01:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-28 01:45 . 2012-06-28 01:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-27 00:52 . 2012-06-27 00:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-08 19:59 . 2012-06-28 01:29 301776 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-06-27 15:33 623940 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-25 01:49 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-27 15:33 106316 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-25 01:49 106316 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-27 00:51 322648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-28 01:44 322648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-06-09 01:01 . 2012-06-09 01:01 380928 c:\windows\Installer\{CF8FFD12-602B-422D-AF1D-511B411E7632}\iTunesIco.exe
+ 2012-06-09 01:01 . 2012-06-27 15:33 380928 c:\windows\Installer\{CF8FFD12-602B-422D-AF1D-511B411E7632}\iTunesIco.exe
+ 2009-07-14 04:45 . 2012-06-27 00:55 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-20 16:38 7113171 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-06-08 19:01 . 2012-06-27 18:31 1191172 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3290895377-1361538910-2046344388-1000-8192.dat
+ 2012-06-10 03:57 . 2012-06-28 01:44 4127128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3290895377-1361538910-2046344388-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-09-12 1705600]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-09 1255736]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-23 203264]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-23 7886848]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-23 285696]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 HCW723x;Hauppauge WinTV 723x PCIe Card;c:\windows\system32\DRIVERS\HCW723x.sys [2009-12-16 1799552]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-05 1041760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3290895377-1361538910-2046344388-1001Core.job
- c:\users\Julia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08 23:50]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3290895377-1361538910-2046344388-1001UA.job
- c:\users\Julia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-08 23:50]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Wow6432Node-HKLM-Run-StartCCC - c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
Wow6432Node-HKLM-Run-HP Software Update - c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
Wow6432Node-HKLM-Run-Adobe ARM - c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
HKLM-Run-hpsysdrv - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-06-27 21:49:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-28 01:49
ComboFix2.txt 2012-06-27 00:57
.
Pre-Run: 1,426,775,314,432 bytes free
Post-Run: 1,426,786,910,208 bytes free
.
- - End Of File - - 8E3662BE58675AFBC5C87AAB83905330

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:22 PM

Posted 27 June 2012 - 09:29 PM

Greetings

I want you to uninstall Kaspersky and reinstall it and see if it comes back to life



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 monteverde

monteverde
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:01:22 PM

Posted 29 June 2012 - 11:37 AM

Hello again. I was able to reinstall Kasperski, but when I tried to update the databases, I got a "malfunction" message (see screen1.pdf)
Also I don't see the green arrows next to search results when I do a search.
When I try to access my gmail account, I see this very long address at the top:
https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?tab%3Dwm&scc=1&ltmpl=default&ltmplcache=2
is this ok?
internet searches take forever
I have had a look at the startup menu (see screen2.pdf), not sure what that Xerox thing is
Thanks. AGM

Attached Files



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:22 PM

Posted 29 June 2012 - 10:45 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 monteverde

monteverde
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:01:22 PM

Posted 30 June 2012 - 02:22 PM

Here is it. Had to split into two parts as post was too long. FIRST PART

OTL logfile created on: 6/30/2012 2:49:37 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\CM\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 7.14 Gb Available Physical Memory | 89.21% Memory free
16.00 Gb Paging File | 14.48 Gb Available in Paging File | 90.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.17 Gb Total Space | 1326.61 Gb Free Space | 95.84% Space Free | Partition Type: NTFS
Drive D: | 12.99 Gb Total Space | 1.60 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
Drive E: | 0.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CM-HP | User Name: CM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\CM\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (HPAuto) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (HCW723x) -- C:\Windows\SysNative\drivers\HCW723x.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (HCW85BDA) -- C:\Windows\SysNative\drivers\HCW85BDA.sys (Hauppauge Computer Works)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir3.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3290895377-1361538910-2046344388-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3290895377-1361538910-2046344388-1000\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-21-3290895377-1361538910-2046344388-1000\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3290895377-1361538910-2046344388-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3290895377-1361538910-2046344388-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3290895377-1361538910-2046344388-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-3290895377-1361538910-2046344388-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-3290895377-1361538910-2046344388-1001\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-21-3290895377-1361538910-2046344388-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\CM\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\CM\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/06/28 15:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/06/28 15:11:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/06/28 15:11:58 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/06/27 21:45:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-3290895377-1361538910-2046344388-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3290895377-1361538910-2046344388-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKU\S-1-5-21-3290895377-1361538910-2046344388-1001..\Run: [EPSON NX420 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCA.EXE /FU "C:\Windows\TEMP\E_SF501.tmp" /EF "HKCU" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3290895377-1361538910-2046344388-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3290895377-1361538910-2046344388-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3290895377-1361538910-2046344388-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8CBF50B-E794-4826-82CC-99AA9D48814A}: DhcpNameServer = 167.206.245.129 167.206.245.130
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users