Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nginx re-direct problem


  • This topic is locked This topic is locked
41 replies to this topic

#1 gben123

gben123

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 03 July 2012 - 04:38 PM

I am having the same Nginx problem described here:


http://www.bleepingcomputer.com/forums/topic457804.html/page__p__2745068__hl__nginx__fromsearch__1#entry2745068

This was originally mistakenly posted on the Windows 7 forum and I've moved it here on direction of boopme.

Sorry for not zipping the dds files as the upload utility would not allow me to upload the zipped versions.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 PM

Posted 03 July 2012 - 11:44 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gben123

gben123
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 05 July 2012 - 04:50 PM

Gringo,


Below are the checkup.txt and comboFix log files.

In answer to your question as to how the computer is doing, the problem is intermittent and while the problem is not manifesting itself at this moment, it might again. I'll keep you posted.

One thing I didn't not previously is that the problem occurs when using Firefox but not with Internet Explorer. The thing is, I hate Internet Explorer.

Here are the logs...


Security Check


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
MVPS Hosts File
Spybot - Search & Destroy
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b


ComboFix


ComboFix 12-06-28.03 - Gary 07/05/2012 15:28:55.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4040.2737 [GMT -6:00]
Running from: c:\users\Gary\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Files Created from 2012-06-05 to 2012-07-05 )))))))))))))))))))))))))))))))
.
.
2012-07-05 21:32 . 2012-07-05 21:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-05 18:10 . 2012-07-05 18:10 -------- d-----w- c:\programdata\MemeoCommon
2012-07-05 18:09 . 2012-07-05 18:09 -------- d-----w- c:\program files (x86)\Common Files\Memeo
2012-07-05 18:09 . 2012-07-05 18:09 -------- d-----w- c:\program files (x86)\Memeo
2012-07-05 18:08 . 2012-07-05 18:09 -------- d-----w- c:\program files (x86)\Seagate
2012-07-04 16:18 . 2012-07-04 16:18 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4553BCD6-E18A-483F-B755-C93A27A9AF0B}\offreg.dll
2012-07-03 21:21 . 2012-07-03 21:21 -------- d-----w- c:\program files (x86)\7-Zip
2012-07-03 20:53 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4553BCD6-E18A-483F-B755-C93A27A9AF0B}\mpengine.dll
2012-06-28 15:53 . 2012-06-28 15:53 -------- d-----w- c:\windows\en
2012-06-28 15:52 . 2012-06-28 15:52 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-28 15:51 . 2009-09-04 23:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2012-06-28 15:51 . 2009-09-04 23:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2012-06-28 15:51 . 2009-09-04 23:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2012-06-28 15:51 . 2009-09-04 23:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-06-28 15:51 . 2006-11-29 19:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-06-28 15:51 . 2006-11-29 19:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2012-06-28 15:50 . 2012-06-28 15:50 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c5c180671cd554502\DSETUP.dll
2012-06-28 15:50 . 2012-06-28 15:50 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c5c180671cd554502\DXSETUP.exe
2012-06-28 15:50 . 2012-06-28 15:50 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c5c180671cd554502\dsetup32.dll
2012-06-28 15:50 . 2012-06-28 15:50 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c5fd02ce1cd554503\MeshBetaRemover.exe
2012-06-28 05:09 . 2012-06-28 05:09 -------- d-----w- c:\programdata\Energy Management
2012-06-25 22:57 . 2012-06-25 23:10 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-25 01:08 . 2012-06-25 01:08 -------- d-----w- c:\programdata\Microsoft Help
2012-06-23 06:34 . 2012-06-23 06:34 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-22 23:24 . 2012-06-27 00:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-22 23:24 . 2012-06-27 00:21 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-22 23:24 . 2012-06-22 23:24 -------- d-----w- c:\windows\system32\Macromed
2012-06-22 03:10 . 2012-06-22 03:10 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-06-21 16:49 . 2012-06-22 14:38 -------- d-----w- C:\divx
2012-06-21 14:32 . 2012-06-21 14:32 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-06-21 14:31 . 2012-06-21 14:32 -------- d-----w- c:\program files\DivX
2012-06-21 14:31 . 2012-06-21 14:32 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-06-21 14:26 . 2012-06-21 14:32 -------- d-----w- c:\program files (x86)\DivX
2012-06-21 14:23 . 2012-06-21 14:32 -------- d-----w- c:\programdata\DivX
2012-06-21 13:44 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 13:44 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 13:44 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 13:44 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 13:44 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 13:44 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 13:44 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 13:44 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 13:44 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 05:48 . 2012-06-21 05:48 250 ----a-w- C:\user.js
2012-06-20 14:13 . 2012-06-20 14:13 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-06-18 22:39 . 2012-06-18 22:39 -------- d-----w- c:\programdata\VirtualizedApplications
2012-06-18 20:34 . 2012-06-18 20:34 -------- d-----r- C:\MSOCache
2012-06-18 20:28 . 2012-06-19 21:45 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-06-16 19:49 . 2012-06-16 19:49 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-16 19:49 . 2012-06-16 19:49 -------- d-----w- c:\windows\system32\Wat
2012-06-16 19:42 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-16 19:42 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-16 19:42 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-16 19:42 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-16 19:42 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-16 19:42 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-16 19:42 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-16 19:39 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-16 19:39 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-16 19:39 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-16 19:39 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-06-16 19:39 . 2012-05-17 22:37 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-06-16 19:39 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-16 19:32 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-06-16 19:32 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-06-16 19:24 . 2012-06-16 19:24 -------- d-----w- c:\programdata\GFI Software
2012-06-16 15:36 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-06-16 15:36 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-06-16 15:36 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-06-16 15:36 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-06-16 15:30 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-16 15:30 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-16 15:30 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-16 15:29 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-16 15:29 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-16 15:29 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-16 15:29 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-16 15:24 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-16 15:24 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-06-16 15:24 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-16 15:22 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-06-16 15:22 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-06-16 15:22 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-06-16 15:22 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-06-16 15:22 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-06-16 15:21 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-16 15:21 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-16 15:21 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-16 15:21 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-16 15:21 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-16 15:21 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-16 15:21 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-06-16 15:21 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-06-16 15:16 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-06-16 15:16 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-06-16 00:55 . 2012-06-16 00:56 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-06-16 00:40 . 2012-06-20 01:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-16 00:40 . 2012-06-20 01:00 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-15 22:20 . 2012-06-15 22:20 -------- d-----w- c:\program files (x86)\Conduit
2012-06-15 22:18 . 2012-06-15 22:18 -------- d-----w- c:\program files (x86)\uTorrent
2012-06-15 21:58 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-06-15 21:58 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-06-15 21:58 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-06-15 21:50 . 2012-07-03 21:06 -------- d-----w- c:\users\Gary
2012-06-15 21:49 . 2012-06-15 21:49 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2011-06-15 548864]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2012-03-05 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]
"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2011-05-04 144608]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-09-30 299520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-16 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2012-03-05 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-03-05 39008]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2012-03-05 13408]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-04 25824]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-03-05 29792]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-10-21 76912]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [2011-06-15 250752]
S3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\Drivers\vmuvcflt.sys [2010-08-16 8320]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PROCEXP152
*Deregistered* - PROCEXP152
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2012-03-05 02:33 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 418840]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2012-03-05 114688]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-03-05 9753024]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-03-05 5908928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\k9u7f8hr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/;_ylt=AkWaKYMmfGL._WWPkkWmkIRhk70X
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=060612_6_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - b45343410000000000009cb70d372ae6
FF - user.js: extensions.BabylonToolbar_i.hardId - b45343410000000000009cb70d372ae6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15512
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:48
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-05 15:34:18
ComboFix-quarantined-files.txt 2012-07-05 21:34
.
Pre-Run: 155,079,491,584 bytes free
Post-Run: 154,941,476,864 bytes free
.
- - End Of File - - F70D317F026BD7924C494858662AA3A0
.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 PM

Posted 05 July 2012 - 07:19 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gben123

gben123
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 05 July 2012 - 08:45 PM

Gringo,


The "FixMBR" button was highlighted. Did you want me to click on that? The logs follow...



19:28:25.0188 4468 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
19:28:25.0781 4468 ============================================================
19:28:25.0781 4468 Current date / time: 2012/07/05 19:28:25.0781
19:28:25.0781 4468 SystemInfo:
19:28:25.0781 4468
19:28:25.0781 4468 OS Version: 6.1.7601 ServicePack: 1.0
19:28:25.0781 4468 Product type: Workstation
19:28:25.0781 4468 ComputerName: GARY-PC
19:28:25.0781 4468 UserName: Gary
19:28:25.0781 4468 Windows directory: C:\windows
19:28:25.0781 4468 System windows directory: C:\windows
19:28:25.0781 4468 Running under WOW64
19:28:25.0781 4468 Processor architecture: Intel x64
19:28:25.0781 4468 Number of processors: 2
19:28:25.0781 4468 Page size: 0x1000
19:28:25.0781 4468 Boot type: Normal boot
19:28:25.0781 4468 ============================================================
19:28:26.0514 4468 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:28:26.0530 4468 ============================================================
19:28:26.0530 4468 \Device\Harddisk0\DR0:
19:28:26.0530 4468 MBR partitions:
19:28:26.0530 4468 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
19:28:26.0530 4468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1FC49800
19:28:26.0546 4468 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1FCAE800, BlocksNum 0x39FD800
19:28:26.0546 4468 ============================================================
19:28:26.0624 4468 C: <-> \Device\Harddisk0\DR0\Partition1
19:28:26.0670 4468 D: <-> \Device\Harddisk0\DR0\Partition2
19:28:26.0670 4468 ============================================================
19:28:26.0670 4468 Initialize success
19:28:26.0670 4468 ============================================================
19:28:43.0331 4536 ============================================================
19:28:43.0331 4536 Scan started
19:28:43.0331 4536 Mode: Manual;
19:28:43.0331 4536 ============================================================
19:28:43.0908 4536 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
19:28:43.0940 4536 1394ohci - ok
19:28:44.0018 4536 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
19:28:44.0018 4536 ACPI - ok
19:28:44.0049 4536 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
19:28:44.0049 4536 AcpiPmi - ok
19:28:44.0096 4536 ACPIVPC (5bbff8b826ec38d32c26334e079c7efc) C:\windows\system32\DRIVERS\AcpiVpc.sys
19:28:44.0111 4536 ACPIVPC - ok
19:28:44.0189 4536 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
19:28:44.0220 4536 adp94xx - ok
19:28:44.0298 4536 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
19:28:44.0298 4536 adpahci - ok
19:28:44.0330 4536 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
19:28:44.0330 4536 adpu320 - ok
19:28:44.0408 4536 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
19:28:44.0408 4536 AeLookupSvc - ok
19:28:44.0517 4536 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
19:28:44.0532 4536 AFD - ok
19:28:44.0579 4536 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
19:28:44.0579 4536 agp440 - ok
19:28:44.0595 4536 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
19:28:44.0610 4536 ALG - ok
19:28:44.0626 4536 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:28:44.0626 4536 aliide - ok
19:28:44.0626 4536 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:28:44.0626 4536 amdide - ok
19:28:44.0657 4536 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
19:28:44.0657 4536 AmdK8 - ok
19:28:44.0673 4536 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
19:28:44.0673 4536 AmdPPM - ok
19:28:44.0688 4536 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
19:28:44.0688 4536 amdsata - ok
19:28:44.0720 4536 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
19:28:44.0720 4536 amdsbs - ok
19:28:44.0751 4536 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
19:28:44.0751 4536 amdxata - ok
19:28:44.0782 4536 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
19:28:44.0813 4536 AppID - ok
19:28:44.0829 4536 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
19:28:44.0844 4536 AppIDSvc - ok
19:28:44.0860 4536 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
19:28:44.0876 4536 Appinfo - ok
19:28:44.0891 4536 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
19:28:44.0891 4536 arc - ok
19:28:44.0907 4536 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
19:28:44.0907 4536 arcsas - ok
19:28:44.0922 4536 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:28:44.0922 4536 AsyncMac - ok
19:28:44.0954 4536 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:28:44.0954 4536 atapi - ok
19:28:45.0141 4536 athr (782d36bad8ddbf008d02e055dbe70f82) C:\windows\system32\DRIVERS\athrx.sys
19:28:45.0203 4536 athr - ok
19:28:45.0796 4536 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:28:45.0827 4536 AudioEndpointBuilder - ok
19:28:45.0843 4536 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:28:45.0843 4536 AudioSrv - ok
19:28:45.0905 4536 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
19:28:45.0905 4536 AxInstSV - ok
19:28:46.0014 4536 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
19:28:46.0030 4536 b06bdrv - ok
19:28:46.0092 4536 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:28:46.0092 4536 b57nd60a - ok
19:28:46.0139 4536 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
19:28:46.0139 4536 BDESVC - ok
19:28:46.0155 4536 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:28:46.0155 4536 Beep - ok
19:28:46.0264 4536 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
19:28:46.0264 4536 BFE - ok
19:28:46.0373 4536 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
19:28:46.0389 4536 BITS - ok
19:28:46.0451 4536 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:28:46.0451 4536 blbdrive - ok
19:28:46.0498 4536 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
19:28:46.0514 4536 bowser - ok
19:28:46.0545 4536 BPntDrv (aaa4f992f879977a000fe8b8c730cd2c) C:\windows\system32\drivers\BPntDrv.sys
19:28:46.0545 4536 BPntDrv - ok
19:28:46.0576 4536 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
19:28:46.0576 4536 BrFiltLo - ok
19:28:46.0592 4536 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
19:28:46.0592 4536 BrFiltUp - ok
19:28:46.0607 4536 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
19:28:46.0607 4536 BridgeMP - ok
19:28:46.0670 4536 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
19:28:46.0685 4536 Browser - ok
19:28:46.0716 4536 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:28:46.0732 4536 Brserid - ok
19:28:46.0748 4536 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:28:46.0748 4536 BrSerWdm - ok
19:28:46.0763 4536 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:28:46.0763 4536 BrUsbMdm - ok
19:28:46.0763 4536 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:28:46.0763 4536 BrUsbSer - ok
19:28:46.0794 4536 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
19:28:46.0794 4536 BthEnum - ok
19:28:46.0826 4536 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
19:28:46.0826 4536 BTHMODEM - ok
19:28:46.0841 4536 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
19:28:46.0857 4536 BthPan - ok
19:28:46.0904 4536 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\windows\system32\Drivers\BTHport.sys
19:28:46.0919 4536 BTHPORT - ok
19:28:46.0966 4536 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
19:28:46.0966 4536 bthserv - ok
19:28:46.0982 4536 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\windows\system32\Drivers\BTHUSB.sys
19:28:46.0982 4536 BTHUSB - ok
19:28:46.0982 4536 catchme - ok
19:28:47.0013 4536 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:28:47.0028 4536 cdfs - ok
19:28:47.0060 4536 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
19:28:47.0075 4536 cdrom - ok
19:28:47.0106 4536 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:28:47.0106 4536 CertPropSvc - ok
19:28:47.0138 4536 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
19:28:47.0138 4536 circlass - ok
19:28:47.0200 4536 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:28:47.0216 4536 CLFS - ok
19:28:47.0294 4536 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:28:47.0294 4536 clr_optimization_v2.0.50727_32 - ok
19:28:47.0356 4536 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:28:47.0372 4536 clr_optimization_v2.0.50727_64 - ok
19:28:47.0450 4536 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:28:47.0465 4536 clr_optimization_v4.0.30319_32 - ok
19:28:47.0512 4536 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:28:47.0528 4536 clr_optimization_v4.0.30319_64 - ok
19:28:47.0590 4536 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys
19:28:47.0590 4536 clwvd - ok
19:28:47.0621 4536 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:28:47.0637 4536 CmBatt - ok
19:28:47.0652 4536 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:28:47.0652 4536 cmdide - ok
19:28:47.0730 4536 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
19:28:47.0746 4536 CNG - ok
19:28:48.0230 4536 CnxtHdAudService (a260be645dd096d90318c8cf98536720) C:\windows\system32\drivers\CHDRT64.sys
19:28:48.0292 4536 CnxtHdAudService - ok
19:28:48.0432 4536 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
19:28:48.0432 4536 Compbatt - ok
19:28:48.0464 4536 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
19:28:48.0464 4536 CompositeBus - ok
19:28:48.0479 4536 COMSysApp - ok
19:28:48.0495 4536 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
19:28:48.0495 4536 crcdisk - ok
19:28:48.0557 4536 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
19:28:48.0573 4536 CryptSvc - ok
19:28:48.0729 4536 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:28:48.0744 4536 cvhsvc - ok
19:28:48.0822 4536 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:28:48.0838 4536 DcomLaunch - ok
19:28:48.0900 4536 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
19:28:48.0900 4536 defragsvc - ok
19:28:48.0978 4536 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
19:28:48.0978 4536 DfsC - ok
19:28:49.0025 4536 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
19:28:49.0025 4536 Dhcp - ok
19:28:49.0041 4536 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:28:49.0041 4536 discache - ok
19:28:49.0072 4536 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
19:28:49.0072 4536 Disk - ok
19:28:49.0103 4536 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
19:28:49.0119 4536 Dnscache - ok
19:28:49.0166 4536 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
19:28:49.0181 4536 dot3svc - ok
19:28:49.0197 4536 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
19:28:49.0197 4536 DPS - ok
19:28:49.0228 4536 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:28:49.0244 4536 drmkaud - ok
19:28:49.0337 4536 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
19:28:49.0384 4536 DXGKrnl - ok
19:28:49.0400 4536 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
19:28:49.0431 4536 EapHost - ok
19:28:49.0680 4536 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
19:28:49.0743 4536 ebdrv - ok
19:28:49.0899 4536 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
19:28:49.0899 4536 EFS - ok
19:28:49.0992 4536 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
19:28:50.0008 4536 ehRecvr - ok
19:28:50.0055 4536 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
19:28:50.0070 4536 ehSched - ok
19:28:50.0538 4536 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
19:28:50.0554 4536 elxstor - ok
19:28:50.0554 4536 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
19:28:50.0570 4536 ErrDev - ok
19:28:50.0648 4536 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
19:28:50.0663 4536 EventSystem - ok
19:28:50.0694 4536 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:28:50.0710 4536 exfat - ok
19:28:50.0757 4536 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:28:50.0757 4536 fastfat - ok
19:28:50.0835 4536 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
19:28:50.0866 4536 Fax - ok
19:28:50.0913 4536 fbfmon (3191aca33088ee2481044fc0db736442) C:\windows\system32\drivers\fbfmon.sys
19:28:50.0913 4536 fbfmon - ok
19:28:50.0928 4536 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
19:28:50.0944 4536 fdc - ok
19:28:50.0960 4536 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
19:28:50.0960 4536 fdPHost - ok
19:28:50.0991 4536 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
19:28:50.0991 4536 FDResPub - ok
19:28:51.0038 4536 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:28:51.0038 4536 FileInfo - ok
19:28:51.0053 4536 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:28:51.0053 4536 Filetrace - ok
19:28:51.0084 4536 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
19:28:51.0084 4536 flpydisk - ok
19:28:51.0131 4536 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
19:28:51.0131 4536 FltMgr - ok
19:28:51.0256 4536 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
19:28:51.0272 4536 FontCache - ok
19:28:51.0365 4536 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:28:51.0365 4536 FontCache3.0.0.0 - ok
19:28:51.0412 4536 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:28:51.0412 4536 FsDepends - ok
19:28:51.0459 4536 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
19:28:51.0459 4536 Fs_Rec - ok
19:28:51.0506 4536 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
19:28:51.0521 4536 fvevol - ok
19:28:51.0552 4536 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
19:28:51.0552 4536 gagp30kx - ok
19:28:51.0662 4536 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
19:28:51.0677 4536 gpsvc - ok
19:28:51.0708 4536 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:28:51.0708 4536 hcw85cir - ok
19:28:51.0771 4536 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
19:28:51.0786 4536 HdAudAddService - ok
19:28:51.0818 4536 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
19:28:51.0818 4536 HDAudBus - ok
19:28:51.0833 4536 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
19:28:51.0833 4536 HidBatt - ok
19:28:51.0849 4536 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
19:28:51.0849 4536 HidBth - ok
19:28:51.0864 4536 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
19:28:51.0880 4536 HidIr - ok
19:28:51.0896 4536 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
19:28:51.0896 4536 hidserv - ok
19:28:51.0927 4536 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
19:28:51.0927 4536 HidUsb - ok
19:28:51.0958 4536 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
19:28:51.0974 4536 hkmsvc - ok
19:28:52.0020 4536 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
19:28:52.0036 4536 HomeGroupListener - ok
19:28:52.0067 4536 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
19:28:52.0067 4536 HomeGroupProvider - ok
19:28:52.0098 4536 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
19:28:52.0098 4536 HpSAMD - ok
19:28:52.0192 4536 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
19:28:52.0208 4536 HTTP - ok
19:28:52.0223 4536 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
19:28:52.0223 4536 hwpolicy - ok
19:28:52.0270 4536 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
19:28:52.0270 4536 i8042prt - ok
19:28:52.0332 4536 iaStor (53cc5bf8b5a219119953c7abb19a7705) C:\windows\system32\DRIVERS\iaStor.sys
19:28:52.0348 4536 iaStor - ok
19:28:52.0457 4536 IAStorDataMgrSvc (f5c0317af600f8c0d7e4202eb04232b1) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:28:52.0457 4536 IAStorDataMgrSvc - ok
19:28:52.0878 4536 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
19:28:52.0894 4536 iaStorV - ok
19:28:53.0112 4536 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:28:53.0144 4536 idsvc - ok
19:28:53.0830 4536 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\windows\system32\DRIVERS\igdkmd64.sys
19:28:54.0095 4536 igfx - ok
19:28:54.0251 4536 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
19:28:54.0251 4536 iirsp - ok
19:28:54.0345 4536 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
19:28:54.0360 4536 IKEEXT - ok
19:28:54.0438 4536 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
19:28:54.0454 4536 IntcDAud - ok
19:28:54.0470 4536 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:28:54.0470 4536 intelide - ok
19:28:54.0501 4536 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:28:54.0501 4536 intelppm - ok
19:28:54.0516 4536 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
19:28:54.0532 4536 IPBusEnum - ok
19:28:54.0548 4536 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:28:54.0579 4536 IpFilterDriver - ok
19:28:54.0641 4536 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
19:28:54.0657 4536 iphlpsvc - ok
19:28:54.0657 4536 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
19:28:54.0672 4536 IPMIDRV - ok
19:28:54.0688 4536 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:28:54.0688 4536 IPNAT - ok
19:28:54.0719 4536 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:28:54.0719 4536 IRENUM - ok
19:28:54.0719 4536 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
19:28:54.0735 4536 isapnp - ok
19:28:54.0782 4536 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
19:28:54.0782 4536 iScsiPrt - ok
19:28:54.0813 4536 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
19:28:54.0813 4536 kbdclass - ok
19:28:54.0828 4536 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
19:28:54.0828 4536 kbdhid - ok
19:28:54.0875 4536 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:28:54.0875 4536 KeyIso - ok
19:28:55.0343 4536 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
19:28:55.0359 4536 KSecDD - ok
19:28:55.0390 4536 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
19:28:55.0406 4536 KSecPkg - ok
19:28:55.0421 4536 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:28:55.0437 4536 ksthunk - ok
19:28:55.0484 4536 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
19:28:55.0499 4536 KtmRm - ok
19:28:55.0546 4536 L1C (95ca93fc12be372bb952669f37fff9c5) C:\windows\system32\DRIVERS\L1C62x64.sys
19:28:55.0562 4536 L1C - ok
19:28:55.0624 4536 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
19:28:55.0640 4536 LanmanServer - ok
19:28:55.0671 4536 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
19:28:55.0686 4536 LanmanWorkstation - ok
19:28:55.0749 4536 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys
19:28:55.0749 4536 LHDmgr - ok
19:28:55.0780 4536 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:28:55.0796 4536 lltdio - ok
19:28:55.0842 4536 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
19:28:55.0858 4536 lltdsvc - ok
19:28:55.0889 4536 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
19:28:55.0889 4536 lmhosts - ok
19:28:56.0014 4536 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:28:56.0014 4536 LMS - ok
19:28:56.0061 4536 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
19:28:56.0061 4536 LSI_FC - ok
19:28:56.0108 4536 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
19:28:56.0108 4536 LSI_SAS - ok
19:28:56.0108 4536 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
19:28:56.0123 4536 LSI_SAS2 - ok
19:28:56.0139 4536 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
19:28:56.0139 4536 LSI_SCSI - ok
19:28:56.0154 4536 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:28:56.0154 4536 luafv - ok
19:28:56.0201 4536 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
19:28:56.0201 4536 Mcx2Svc - ok
19:28:56.0201 4536 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
19:28:56.0217 4536 megasas - ok
19:28:56.0279 4536 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
19:28:56.0279 4536 MegaSR - ok
19:28:56.0326 4536 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
19:28:56.0326 4536 MEIx64 - ok
19:28:56.0498 4536 MemeoBackgroundService (671a03ca9cd0259ccbb7b78a9ce234ec) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
19:28:56.0498 4536 MemeoBackgroundService - ok
19:28:56.0544 4536 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:28:56.0560 4536 MMCSS - ok
19:28:56.0576 4536 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:28:56.0576 4536 Modem - ok
19:28:56.0607 4536 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:28:56.0607 4536 monitor - ok
19:28:56.0638 4536 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:28:56.0638 4536 mouclass - ok
19:28:56.0669 4536 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:28:56.0669 4536 mouhid - ok
19:28:56.0716 4536 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
19:28:56.0716 4536 mountmgr - ok
19:28:56.0747 4536 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
19:28:56.0763 4536 mpio - ok
19:28:56.0794 4536 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:28:56.0794 4536 mpsdrv - ok
19:28:56.0903 4536 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
19:28:56.0934 4536 MpsSvc - ok
19:28:56.0950 4536 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
19:28:56.0966 4536 MRxDAV - ok
19:28:56.0997 4536 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
19:28:56.0997 4536 mrxsmb - ok
19:28:57.0044 4536 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:28:57.0044 4536 mrxsmb10 - ok
19:28:57.0075 4536 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:28:57.0090 4536 mrxsmb20 - ok
19:28:57.0122 4536 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
19:28:57.0122 4536 msahci - ok
19:28:57.0153 4536 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
19:28:57.0168 4536 msdsm - ok
19:28:57.0215 4536 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
19:28:57.0215 4536 MSDTC - ok
19:28:57.0246 4536 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:28:57.0246 4536 Msfs - ok
19:28:57.0262 4536 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:28:57.0262 4536 mshidkmdf - ok
19:28:57.0278 4536 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
19:28:57.0278 4536 msisadrv - ok
19:28:57.0324 4536 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
19:28:57.0324 4536 MSiSCSI - ok
19:28:57.0340 4536 msiserver - ok
19:28:57.0699 4536 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:28:57.0699 4536 MSKSSRV - ok
19:28:57.0714 4536 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:28:57.0714 4536 MSPCLOCK - ok
19:28:57.0714 4536 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:28:57.0730 4536 MSPQM - ok
19:28:57.0777 4536 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
19:28:57.0792 4536 MsRPC - ok
19:28:57.0824 4536 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
19:28:57.0824 4536 mssmbios - ok
19:28:57.0839 4536 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:28:57.0839 4536 MSTEE - ok
19:28:57.0855 4536 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
19:28:57.0855 4536 MTConfig - ok
19:28:57.0902 4536 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:28:57.0902 4536 Mup - ok
19:28:57.0964 4536 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
19:28:57.0995 4536 napagent - ok
19:28:58.0042 4536 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:28:58.0042 4536 NativeWifiP - ok
19:28:58.0167 4536 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
19:28:58.0182 4536 NDIS - ok
19:28:58.0182 4536 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:28:58.0198 4536 NdisCap - ok
19:28:58.0214 4536 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:28:58.0214 4536 NdisTapi - ok
19:28:58.0245 4536 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
19:28:58.0245 4536 Ndisuio - ok
19:28:58.0276 4536 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
19:28:58.0276 4536 NdisWan - ok
19:28:58.0307 4536 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
19:28:58.0307 4536 NDProxy - ok
19:28:58.0338 4536 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:28:58.0338 4536 NetBIOS - ok
19:28:58.0370 4536 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
19:28:58.0385 4536 NetBT - ok
19:28:58.0432 4536 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:28:58.0432 4536 Netlogon - ok
19:28:58.0494 4536 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
19:28:58.0526 4536 Netman - ok
19:28:58.0572 4536 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
19:28:58.0572 4536 netprofm - ok
19:28:58.0682 4536 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:28:58.0697 4536 NetTcpPortSharing - ok
19:28:58.0744 4536 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
19:28:58.0744 4536 nfrd960 - ok
19:28:58.0806 4536 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
19:28:58.0806 4536 NlaSvc - ok
19:28:58.0822 4536 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:28:58.0822 4536 Npfs - ok
19:28:58.0853 4536 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
19:28:58.0853 4536 nsi - ok
19:28:58.0869 4536 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:28:58.0869 4536 nsiproxy - ok
19:28:59.0009 4536 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
19:28:59.0056 4536 Ntfs - ok
19:28:59.0181 4536 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:28:59.0181 4536 Null - ok
19:28:59.0228 4536 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
19:28:59.0228 4536 nvraid - ok
19:28:59.0274 4536 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
19:28:59.0290 4536 nvstor - ok
19:28:59.0337 4536 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
19:28:59.0368 4536 nv_agp - ok
19:28:59.0415 4536 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
19:28:59.0415 4536 ohci1394 - ok
19:28:59.0508 4536 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:28:59.0524 4536 ose - ok
19:29:00.0304 4536 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:29:00.0429 4536 osppsvc - ok
19:29:00.0585 4536 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:29:00.0600 4536 p2pimsvc - ok
19:29:00.0663 4536 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
19:29:00.0678 4536 p2psvc - ok
19:29:00.0756 4536 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
19:29:00.0756 4536 Parport - ok
19:29:00.0788 4536 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
19:29:00.0803 4536 partmgr - ok
19:29:00.0834 4536 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
19:29:00.0866 4536 PcaSvc - ok
19:29:00.0897 4536 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
19:29:00.0912 4536 pci - ok
19:29:00.0928 4536 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
19:29:00.0928 4536 pciide - ok
19:29:00.0959 4536 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
19:29:00.0975 4536 pcmcia - ok
19:29:01.0006 4536 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:29:01.0006 4536 pcw - ok
19:29:01.0084 4536 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:29:01.0084 4536 PEAUTH - ok
19:29:01.0193 4536 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
19:29:01.0193 4536 PerfHost - ok
19:29:01.0380 4536 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
19:29:01.0427 4536 pla - ok
19:29:01.0505 4536 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
19:29:01.0505 4536 PlugPlay - ok
19:29:01.0536 4536 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
19:29:01.0536 4536 PNRPAutoReg - ok
19:29:01.0599 4536 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:29:01.0599 4536 PNRPsvc - ok
19:29:01.0677 4536 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
19:29:01.0677 4536 PolicyAgent - ok
19:29:01.0692 4536 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
19:29:01.0708 4536 Power - ok
19:29:01.0802 4536 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
19:29:01.0833 4536 PptpMiniport - ok
19:29:01.0848 4536 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
19:29:01.0848 4536 Processor - ok
19:29:01.0911 4536 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
19:29:01.0926 4536 ProfSvc - ok
19:29:01.0973 4536 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:29:01.0973 4536 ProtectedStorage - ok
19:29:02.0020 4536 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
19:29:02.0020 4536 Psched - ok
19:29:02.0535 4536 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
19:29:02.0566 4536 ql2300 - ok
19:29:02.0706 4536 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
19:29:02.0722 4536 ql40xx - ok
19:29:02.0769 4536 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
19:29:02.0784 4536 QWAVE - ok
19:29:02.0800 4536 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:29:02.0816 4536 QWAVEdrv - ok
19:29:02.0816 4536 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:29:02.0831 4536 RasAcd - ok
19:29:02.0878 4536 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:29:02.0878 4536 RasAgileVpn - ok
19:29:02.0909 4536 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
19:29:02.0940 4536 RasAuto - ok
19:29:02.0972 4536 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
19:29:03.0003 4536 Rasl2tp - ok
19:29:03.0050 4536 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
19:29:03.0081 4536 RasMan - ok
19:29:03.0112 4536 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:29:03.0112 4536 RasPppoe - ok
19:29:03.0159 4536 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:29:03.0159 4536 RasSstp - ok
19:29:03.0206 4536 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
19:29:03.0206 4536 rdbss - ok
19:29:03.0221 4536 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
19:29:03.0221 4536 rdpbus - ok
19:29:03.0252 4536 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:29:03.0252 4536 RDPCDD - ok
19:29:03.0284 4536 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:29:03.0284 4536 RDPENCDD - ok
19:29:03.0315 4536 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:29:03.0315 4536 RDPREFMP - ok
19:29:03.0362 4536 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
19:29:03.0377 4536 RDPWD - ok
19:29:03.0424 4536 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
19:29:03.0440 4536 rdyboost - ok
19:29:03.0486 4536 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
19:29:03.0502 4536 RemoteAccess - ok
19:29:03.0549 4536 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
19:29:03.0564 4536 RemoteRegistry - ok
19:29:03.0611 4536 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
19:29:03.0627 4536 RFCOMM - ok
19:29:03.0674 4536 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
19:29:03.0689 4536 RpcEptMapper - ok
19:29:03.0720 4536 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
19:29:03.0720 4536 RpcLocator - ok
19:29:03.0783 4536 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:29:03.0783 4536 RpcSs - ok
19:29:03.0845 4536 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:29:03.0845 4536 rspndr - ok
19:29:03.0908 4536 RSUSBVSTOR (89dfb71b370d82dfe75183f677043cee) C:\windows\system32\Drivers\RtsUVStor.sys
19:29:03.0923 4536 RSUSBVSTOR - ok
19:29:03.0970 4536 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys
19:29:03.0986 4536 RTL8167 - ok
19:29:04.0017 4536 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:29:04.0017 4536 SamSs - ok
19:29:04.0032 4536 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
19:29:04.0032 4536 sbp2port - ok
19:29:04.0064 4536 SBRE - ok
19:29:04.0251 4536 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
19:29:04.0282 4536 SBSDWSCService - ok
19:29:04.0329 4536 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
19:29:04.0344 4536 SCardSvr - ok
19:29:04.0422 4536 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
19:29:04.0422 4536 scfilter - ok
19:29:04.0875 4536 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
19:29:04.0890 4536 Schedule - ok
19:29:04.0937 4536 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:29:04.0937 4536 SCPolicySvc - ok
19:29:04.0984 4536 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
19:29:05.0000 4536 SDRSVC - ok
19:29:05.0109 4536 SeagateDashboardService (16b44d246835eac156f8daf0aa4f530c) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
19:29:05.0109 4536 SeagateDashboardService - ok
19:29:05.0171 4536 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:29:05.0171 4536 secdrv - ok
19:29:05.0202 4536 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
19:29:05.0202 4536 seclogon - ok
19:29:05.0234 4536 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
19:29:05.0234 4536 SENS - ok
19:29:05.0265 4536 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
19:29:05.0265 4536 SensrSvc - ok
19:29:05.0296 4536 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
19:29:05.0296 4536 Serenum - ok
19:29:05.0327 4536 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
19:29:05.0327 4536 Serial - ok
19:29:05.0343 4536 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
19:29:05.0343 4536 sermouse - ok
19:29:05.0374 4536 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
19:29:05.0405 4536 SessionEnv - ok
19:29:05.0405 4536 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
19:29:05.0405 4536 sffdisk - ok
19:29:05.0405 4536 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
19:29:05.0421 4536 sffp_mmc - ok
19:29:05.0421 4536 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
19:29:05.0421 4536 sffp_sd - ok
19:29:05.0421 4536 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
19:29:05.0421 4536 sfloppy - ok
19:29:05.0530 4536 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
19:29:05.0546 4536 Sftfs - ok
19:29:05.0686 4536 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:29:05.0686 4536 sftlist - ok
19:29:05.0733 4536 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
19:29:05.0733 4536 Sftplay - ok
19:29:05.0764 4536 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
19:29:05.0764 4536 Sftredir - ok
19:29:05.0780 4536 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
19:29:05.0780 4536 Sftvol - ok
19:29:05.0826 4536 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:29:05.0826 4536 sftvsa - ok
19:29:05.0889 4536 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
19:29:05.0904 4536 SharedAccess - ok
19:29:05.0967 4536 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
19:29:05.0967 4536 ShellHWDetection - ok
19:29:06.0014 4536 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
19:29:06.0014 4536 SiSRaid2 - ok
19:29:06.0029 4536 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
19:29:06.0029 4536 SiSRaid4 - ok
19:29:06.0045 4536 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:29:06.0060 4536 Smb - ok
19:29:06.0076 4536 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
19:29:06.0076 4536 SNMPTRAP - ok
19:29:06.0107 4536 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:29:06.0107 4536 spldr - ok
19:29:06.0154 4536 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
19:29:06.0170 4536 Spooler - ok
19:29:06.0482 4536 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
19:29:06.0560 4536 sppsvc - ok
19:29:06.0684 4536 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
19:29:06.0700 4536 sppuinotify - ok
19:29:06.0778 4536 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
19:29:06.0794 4536 srv - ok
19:29:07.0277 4536 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
19:29:07.0293 4536 srv2 - ok
19:29:07.0324 4536 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
19:29:07.0340 4536 srvnet - ok
19:29:07.0386 4536 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
19:29:07.0386 4536 SSDPSRV - ok
19:29:07.0402 4536 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
19:29:07.0402 4536 SstpSvc - ok
19:29:07.0433 4536 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
19:29:07.0433 4536 stexstor - ok
19:29:07.0542 4536 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
19:29:07.0558 4536 stisvc - ok
19:29:07.0589 4536 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
19:29:07.0589 4536 swenum - ok
19:29:07.0652 4536 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
19:29:07.0667 4536 swprv - ok
19:29:07.0823 4536 SynTP (9643991b5cfd7a9ba68626b7a005f7e6) C:\windows\system32\DRIVERS\SynTP.sys
19:29:07.0886 4536 SynTP - ok
19:29:08.0151 4536 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
19:29:08.0213 4536 SysMain - ok
19:29:08.0260 4536 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
19:29:08.0276 4536 TabletInputService - ok
19:29:08.0322 4536 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
19:29:08.0354 4536 TapiSrv - ok
19:29:08.0369 4536 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
19:29:08.0369 4536 TBS - ok
19:29:08.0603 4536 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
19:29:08.0650 4536 Tcpip - ok
19:29:08.0946 4536 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
19:29:08.0962 4536 TCPIP6 - ok
19:29:09.0071 4536 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
19:29:09.0071 4536 tcpipreg - ok
19:29:09.0102 4536 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:29:09.0102 4536 TDPIPE - ok
19:29:09.0134 4536 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
19:29:09.0134 4536 TDTCP - ok
19:29:09.0180 4536 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
19:29:09.0180 4536 tdx - ok
19:29:09.0212 4536 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
19:29:09.0212 4536 TermDD - ok
19:29:09.0680 4536 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
19:29:09.0711 4536 TermService - ok
19:29:09.0758 4536 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
19:29:09.0758 4536 Themes - ok
19:29:09.0789 4536 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:29:09.0789 4536 THREADORDER - ok
19:29:09.0836 4536 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
19:29:09.0851 4536 TrkWks - ok
19:29:09.0929 4536 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
19:29:09.0945 4536 TrustedInstaller - ok
19:29:09.0976 4536 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
19:29:09.0976 4536 tssecsrv - ok
19:29:10.0007 4536 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
19:29:10.0007 4536 TsUsbFlt - ok
19:29:10.0038 4536 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
19:29:10.0038 4536 TsUsbGD - ok
19:29:10.0085 4536 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
19:29:10.0101 4536 tunnel - ok
19:29:10.0116 4536 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
19:29:10.0116 4536 uagp35 - ok
19:29:10.0163 4536 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
19:29:10.0179 4536 udfs - ok
19:29:10.0226 4536 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
19:29:10.0226 4536 UI0Detect - ok
19:29:10.0272 4536 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
19:29:10.0272 4536 uliagpkx - ok
19:29:10.0304 4536 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
19:29:10.0304 4536 umbus - ok
19:29:10.0335 4536 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
19:29:10.0335 4536 UmPass - ok
19:29:10.0647 4536 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:29:10.0725 4536 UNS - ok
19:29:10.0912 4536 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
19:29:10.0928 4536 upnphost - ok
19:29:10.0990 4536 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
19:29:10.0990 4536 usbccgp - ok
19:29:11.0037 4536 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
19:29:11.0037 4536 usbcir - ok
19:29:11.0068 4536 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
19:29:11.0068 4536 usbehci - ok
19:29:11.0130 4536 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
19:29:11.0146 4536 usbhub - ok
19:29:11.0162 4536 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
19:29:11.0162 4536 usbohci - ok
19:29:11.0177 4536 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
19:29:11.0177 4536 usbprint - ok
19:29:11.0224 4536 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:29:11.0224 4536 USBSTOR - ok
19:29:11.0224 4536 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
19:29:11.0240 4536 usbuhci - ok
19:29:11.0271 4536 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
19:29:11.0271 4536 usbvideo - ok
19:29:11.0302 4536 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
19:29:11.0302 4536 UxSms - ok
19:29:11.0333 4536 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:29:11.0333 4536 VaultSvc - ok
19:29:11.0364 4536 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
19:29:11.0364 4536 vdrvroot - ok
19:29:11.0411 4536 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
19:29:11.0442 4536 vds - ok
19:29:11.0442 4536 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:29:11.0442 4536 vga - ok
19:29:11.0474 4536 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:29:11.0474 4536 VgaSave - ok
19:29:11.0505 4536 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
19:29:11.0536 4536 vhdmp - ok
19:29:11.0552 4536 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:29:11.0552 4536 viaide - ok
19:29:11.0614 4536 vm331avs (2355b35bf277965efa3dae43b7d78239) C:\windows\system32\Drivers\vm331avs.sys
19:29:11.0614 4536 vm331avs - ok
19:29:11.0645 4536 vmuvcflt (40c39413a2458016ff43444750f467ca) C:\windows\system32\Drivers\vmuvcflt.sys
19:29:11.0645 4536 vmuvcflt - ok
19:29:12.0004 4536 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
19:29:12.0004 4536 volmgr - ok
19:29:12.0051 4536 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
19:29:12.0066 4536 volmgrx - ok
19:29:12.0113 4536 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
19:29:12.0129 4536 volsnap - ok
19:29:12.0176 4536 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
19:29:12.0176 4536 vsmraid - ok
19:29:12.0347 4536 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
19:29:12.0410 4536 VSS - ok
19:29:12.0566 4536 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:29:12.0566 4536 vwifibus - ok
19:29:12.0612 4536 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:29:12.0612 4536 vwififlt - ok
19:29:12.0690 4536 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
19:29:12.0706 4536 W32Time - ok
19:29:12.0737 4536 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
19:29:12.0737 4536 WacomPen - ok
19:29:12.0768 4536 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:29:12.0768 4536 WANARP - ok
19:29:12.0784 4536 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:29:12.0784 4536 Wanarpv6 - ok
19:29:12.0956 4536 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
19:29:12.0987 4536 WatAdminSvc - ok
19:29:13.0143 4536 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
19:29:13.0190 4536 wbengine - ok
19:29:13.0346 4536 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
19:29:13.0361 4536 WbioSrvc - ok
19:29:13.0408 4536 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
19:29:13.0424 4536 wcncsvc - ok
19:29:13.0439 4536 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
19:29:13.0439 4536 WcsPlugInService - ok
19:29:13.0486 4536 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
19:29:13.0486 4536 Wd - ok
19:29:13.0564 4536 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:29:13.0580 4536 Wdf01000 - ok
19:29:13.0611 4536 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:29:13.0611 4536 WdiServiceHost - ok
19:29:13.0626 4536 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:29:13.0626 4536 WdiSystemHost - ok
19:29:13.0673 4536 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
19:29:13.0689 4536 WebClient - ok
19:29:13.0736 4536 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
19:29:13.0751 4536 Wecsvc - ok
19:29:13.0782 4536 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
19:29:13.0798 4536 wercplsupport - ok
19:29:13.0829 4536 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
19:29:13.0845 4536 WerSvc - ok
19:29:13.0907 4536 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:29:13.0907 4536 WfpLwf - ok
19:29:13.0938 4536 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:29:13.0938 4536 WIMMount - ok
19:29:13.0970 4536 WinDefend - ok
19:29:13.0985 4536 WinHttpAutoProxySvc - ok
19:29:14.0391 4536 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
19:29:14.0391 4536 Winmgmt - ok
19:29:14.0578 4536 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
19:29:14.0640 4536 WinRM - ok
19:29:14.0874 4536 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
19:29:14.0890 4536 Wlansvc - ok
19:29:14.0968 4536 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:29:14.0984 4536 wlcrasvc - ok
19:29:15.0264 4536 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:29:15.0327 4536 wlidsvc - ok
19:29:15.0467 4536 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
19:29:15.0483 4536 WmiAcpi - ok
19:29:15.0561 4536 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
19:29:15.0576 4536 wmiApSrv - ok
19:29:15.0639 4536 WMPNetworkSvc - ok
19:29:15.0686 4536 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
19:29:15.0686 4536 WPCSvc - ok
19:29:15.0732 4536 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
19:29:15.0748 4536 WPDBusEnum - ok
19:29:15.0779 4536 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:29:15.0779 4536 ws2ifsl - ok
19:29:15.0810 4536 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
19:29:15.0810 4536 wscsvc - ok
19:29:15.0810 4536 WSearch - ok
19:29:15.0873 4536 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
19:29:15.0904 4536 wsvd - ok
19:29:16.0138 4536 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
19:29:16.0216 4536 wuauserv - ok
19:29:16.0372 4536 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
19:29:16.0403 4536 WudfPf - ok
19:29:16.0871 4536 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
19:29:16.0887 4536 WUDFRd - ok
19:29:16.0918 4536 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
19:29:16.0934 4536 wudfsvc - ok
19:29:16.0965 4536 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
19:29:16.0980 4536 WwanSvc - ok
19:29:17.0012 4536 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:29:17.0277 4536 \Device\Harddisk0\DR0 - ok
19:29:17.0277 4536 Boot (0x1200) (0655e763ab8b772787a206f1e4ef25f4) \Device\Harddisk0\DR0\Partition0
19:29:17.0292 4536 \Device\Harddisk0\DR0\Partition0 - ok
19:29:17.0308 4536 Boot (0x1200) (3503293032ec744b83eadb7cdcb77e29) \Device\Harddisk0\DR0\Partition1
19:29:17.0308 4536 \Device\Harddisk0\DR0\Partition1 - ok
19:29:17.0339 4536 Boot (0x1200) (3f37dc7fb829f2d1b14ad7b984cd5b75) \Device\Harddisk0\DR0\Partition2
19:29:17.0339 4536 \Device\Harddisk0\DR0\Partition2 - ok
19:29:17.0339 4536 ============================================================
19:29:17.0339 4536 Scan finished
19:29:17.0339 4536 ============================================================
19:29:17.0355 3496 Detected object count: 0
19:29:17.0355 3496 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-05 19:32:49
-----------------------------
19:32:49.371 OS Version: Windows x64 6.1.7601 Service Pack 1
19:32:49.371 Number of processors: 2 586 0x2A07
19:32:49.371 ComputerName: GARY-PC UserName: Gary
19:32:50.884 Initialize success
19:37:06.778 AVAST engine defs: 12070501
19:37:37.073 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:37:37.089 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
19:37:37.105 Disk 0 MBR read successfully
19:37:37.105 Disk 0 MBR scan
19:37:37.105 Disk 0 Windows 7 default MBR code
19:37:37.120 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
19:37:37.136 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 260243 MB offset 411648
19:37:37.151 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 533389312
19:37:37.183 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 594198528
19:37:37.214 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 533391360
19:37:37.276 Disk 0 scanning C:\windows\system32\drivers
19:37:45.607 Service scanning
19:38:07.338 Modules scanning
19:38:07.338 Disk 0 trace - called modules:
19:38:07.338 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:38:07.338 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c222d0]
19:38:07.338 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800471d050]
19:38:09.646 AVAST engine scan C:\windows
19:38:13.796 AVAST engine scan C:\windows\system32
19:40:21.151 AVAST engine scan C:\windows\system32\drivers
19:40:32.454 AVAST engine scan C:\Users\Gary
19:41:51.971 Disk 0 MBR has been saved successfully to "C:\Users\Gary\Desktop\MBR.dat"
19:41:51.975 The log file has been saved successfully to "C:\Users\Gary\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 PM

Posted 05 July 2012 - 09:18 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 PM

Posted 05 July 2012 - 10:21 PM

OTL logfile created on: 7/5/2012 8:31:51 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Gary\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 54.63% Memory free
7.89 Gb Paging File | 5.82 Gb Available in Paging File | 73.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 144.14 Gb Free Space | 56.72% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 11.01 Gb Free Space | 37.97% Space Free | Partition Type: NTFS

Computer Name: GARY-PC | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Gary\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe (Memeo)
PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (Axentra Corporation)
PRC - C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\9c5c9e0b5972a39696939f7009df4a08\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c4621632eccd0b813535a27e737a8a03\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll ()
MOD - C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll ()
MOD - C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll ()
MOD - C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll ()
MOD - C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll ()
MOD - C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll ()
MOD - C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SeagateDashboardService) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo)
DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (vm331avs) -- C:\Windows\SysNative\drivers\vm331avs.sys (Vimicro Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (vmuvcflt) -- C:\Windows\SysNative\drivers\vmuvcflt.sys (Vimicro Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-51203059-700633758-2680594782-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-51203059-700633758-2680594782-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-51203059-700633758-2680594782-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-51203059-700633758-2680594782-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109935&tt=060612_6_&babsrc=SP_ss&mntrId=b45343410000000000009cb70d372ae6
IE - HKU\S-1-5-21-51203059-700633758-2680594782-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS488
IE - HKU\S-1-5-21-51203059-700633758-2680594782-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/;_ylt=AkWaKYMmfGL._WWPkkWmkIRhk70X"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/21 08:32:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/21 00:11:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/25 17:10:25 | 000,000,000 | ---D | M]

[2012/06/15 16:03:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Extensions
[2012/07/04 19:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\k9u7f8hr.default\extensions
[2012/06/26 18:21:54 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\k9u7f8hr.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2012/06/15 18:55:28 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\k9u7f8hr.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/06/15 16:03:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/28 10:25:27 | 000,010,390 | ---- | M] () (No name found) -- C:\USERS\GARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K9U7F8HR.DEFAULT\EXTENSIONS\{6E764C17-863A-450F-BDD0-6772BD5AAA18}.XPI
[2012/06/22 17:34:52 | 000,023,073 | ---- | M] () (No name found) -- C:\USERS\GARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K9U7F8HR.DEFAULT\EXTENSIONS\IMGFLASHBLOCKER@SHIMON.CHOHEN.XPI
[2012/06/20 20:25:59 | 000,051,397 | ---- | M] () (No name found) -- C:\USERS\GARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K9U7F8HR.DEFAULT\EXTENSIONS\SPLITPANNEL@MAX.MAX.XPI
[2012/06/14 16:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 16:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 16:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/05 15:32:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-51203059-700633758-2680594782-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE (Vimicro)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-51203059-700633758-2680594782-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-51203059-700633758-2680594782-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-51203059-700633758-2680594782-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62995B6C-EE66-4E34-A9E7-086596B1C719}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/05 20:29:12 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
[2012/07/05 19:32:13 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Gary\Desktop\aswMBR.exe
[2012/07/05 19:24:41 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gary\Desktop\tdsskiller.exe
[2012/07/05 15:34:20 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/07/05 15:28:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/07/05 15:28:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/07/05 15:28:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/07/05 15:28:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/05 15:27:51 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/07/05 12:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\MemeoCommon
[2012/07/05 12:10:14 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Memeo
[2012/07/05 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Seagate
[2012/07/05 12:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
[2012/07/05 12:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2012/07/05 12:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Memeo
[2012/07/05 12:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Memeo
[2012/07/05 12:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2012/07/05 12:01:54 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Leadertech
[2012/07/03 15:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/07/03 15:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/06/29 20:47:14 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Ad-Aware Antivirus
[2012/06/29 20:07:25 | 004,566,027 | R--- | C] (Swearware) -- C:\Users\Gary\Desktop\ComboFix.exe
[2012/06/28 11:43:03 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\flvtoavi_setup
[2012/06/28 10:00:25 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\{95CA031E-0FFD-4DA5-A54C-9D1A52CF1A77}
[2012/06/28 09:53:52 | 000,000,000 | ---D | C] -- C:\windows\en
[2012/06/28 09:51:49 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_5.dll
[2012/06/28 09:51:49 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_3.dll
[2012/06/28 09:51:48 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_42.dll
[2012/06/28 09:51:48 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_42.dll
[2012/06/28 09:51:37 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_32.dll
[2012/06/28 09:51:37 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_32.dll
[2012/06/28 09:49:57 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\{5CBA7C8D-1898-44A6-9598-80C0860A303A}
[2012/06/28 09:49:46 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\{02096B5B-B1C3-4B62-9BBA-3E0C2F8A6194}
[2012/06/27 23:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Energy Management
[2012/06/27 15:30:27 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\{C3204E82-32FD-4CBE-8D80-BB1F80A9202B}
[2012/06/27 15:30:19 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Windows Live Writer
[2012/06/27 15:30:19 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Windows Live Writer
[2012/06/27 13:30:49 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\{5C22F6B7-9ED9-49E8-89B1-676505DC30AD}
[2012/06/25 17:10:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/06/25 16:59:52 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Adobe
[2012/06/25 16:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/06/25 16:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/06/24 19:08:31 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Microsoft Help
[2012/06/24 19:08:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/06/23 00:34:32 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA%
[2012/06/22 17:25:03 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Macromedia
[2012/06/22 17:24:34 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/06/22 17:24:34 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/22 17:24:27 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2012/06/21 21:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012/06/21 10:49:21 | 000,000,000 | ---D | C] -- C:\divx
[2012/06/21 08:36:56 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\DDMSettings
[2012/06/21 08:32:15 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\DivX
[2012/06/21 08:32:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012/06/21 08:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/06/21 08:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/06/21 08:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/06/21 08:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012/06/21 08:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/06/21 07:44:36 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2012/06/21 07:44:36 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2012/06/21 07:44:36 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2012/06/21 07:44:32 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2012/06/21 07:44:32 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2012/06/21 07:44:32 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2012/06/21 07:44:28 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2012/06/21 07:44:28 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2012/06/21 00:09:44 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Aiseesoft Studio
[2012/06/21 00:09:43 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\Aiseesoft Studio
[2012/06/20 23:42:58 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Windows Live
[2012/06/20 23:42:40 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\{B3F1DD78-98F7-4234-9515-8CFC463EDA17}
[2012/06/20 08:13:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/06/19 12:26:33 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntshrui.dll
[2012/06/19 12:26:32 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\timedate.cpl
[2012/06/19 12:26:32 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\timedate.cpl
[2012/06/19 12:26:31 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2012/06/19 12:26:31 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2012/06/19 12:26:28 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2012/06/19 12:26:27 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/06/19 12:26:27 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012/06/18 16:46:10 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\Thumbdrive
[2012/06/18 16:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/06/18 14:34:14 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/06/18 14:29:10 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\SoftGrid Client
[2012/06/18 14:29:09 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\SoftGrid Client
[2012/06/18 14:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2012/06/18 14:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/06/18 14:28:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012/06/18 14:28:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/06/18 14:28:04 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\TP
[2012/06/16 13:49:02 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2012/06/16 13:49:02 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2012/06/16 13:42:33 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
[2012/06/16 13:42:32 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/06/16 13:42:32 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2012/06/16 13:40:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/06/16 13:40:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/06/16 13:40:04 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/06/16 13:40:04 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/06/16 13:40:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/06/16 13:40:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/06/16 13:40:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/06/16 13:40:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/06/16 13:40:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/06/16 13:40:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/06/16 13:39:59 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/06/16 13:39:59 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/06/16 13:39:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/06/16 13:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/06/16 13:08:07 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\ElevatedDiagnostics
[2012/06/16 10:08:23 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/06/16 09:36:05 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/06/16 09:35:55 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\poqexec.exe
[2012/06/16 09:35:55 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\poqexec.exe
[2012/06/16 09:35:36 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll
[2012/06/16 09:35:35 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll
[2012/06/16 09:35:34 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll
[2012/06/16 09:35:34 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll
[2012/06/16 09:35:32 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2012/06/16 09:35:30 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2012/06/16 09:35:30 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll
[2012/06/16 09:35:30 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2012/06/16 09:35:30 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2012/06/16 09:35:29 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2012/06/16 09:35:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll
[2012/06/16 09:30:07 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/06/16 09:30:07 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/06/16 09:30:07 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012/06/16 09:29:49 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/06/16 09:29:48 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/06/16 09:29:47 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/06/16 09:22:16 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcrt.dll
[2012/06/16 09:22:07 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll
[2012/06/16 09:22:07 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\EncDec.dll
[2012/06/16 09:21:31 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll
[2012/06/16 09:16:33 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll
[2012/06/16 09:16:33 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll
[2012/06/15 21:09:43 | 000,000,000 | ---D | C] -- C:\Users\Gary\Documents\ProcessExplorer
[2012/06/15 18:56:15 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\adaware
[2012/06/15 18:55:31 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\adawarebp
[2012/06/15 18:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/06/15 18:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/06/15 18:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/15 18:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/15 18:00:58 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Macromedia
[2012/06/15 18:00:57 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Adobe
[2012/06/15 16:20:14 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\CRE
[2012/06/15 16:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/06/15 16:20:10 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Conduit
[2012/06/15 16:18:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/06/15 16:17:55 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\uTorrent
[2012/06/15 16:03:13 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Mozilla
[2012/06/15 16:03:13 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Mozilla
[2012/06/15 16:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/15 16:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/06/15 15:58:58 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll
[2012/06/15 15:58:58 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll
[2012/06/15 15:55:34 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Diagnostics
[2012/06/15 15:52:01 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Google
[2012/06/15 15:52:01 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Google
[2012/06/15 15:51:28 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Intel Corporation
[2012/06/15 15:50:57 | 000,000,000 | R--D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/06/15 15:50:57 | 000,000,000 | R--D | C] -- C:\Users\Gary\Searches
[2012/06/15 15:50:57 | 000,000,000 | R--D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/06/15 15:50:57 | 000,000,000 | -H-D | C] -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/06/15 15:50:43 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Identities
[2012/06/15 15:50:38 | 000,000,000 | R--D | C] -- C:\Users\Gary\Contacts
[2012/06/15 15:50:35 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\VirtualStore
[2012/06/15 15:50:11 | 000,000,000 | -HSD | C] -- C:\Users\Gary\AppData\Local\Temporary Internet Files
[2012/06/15 15:50:11 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Templates
[2012/06/15 15:50:11 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Start Menu
[2012/06/15 15:50:11 | 000,000,000 | -HSD | C] -- C:\Users\Gary\SendTo
[2012/06/15 15:50:11 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Recent
[2012/06/15 15:50:11 | 000,000,000 | -HSD | C] -- C:\Users\Gary\PrintHood
[2012/06/15 15:50:11 | 000,000,000 | -HSD | C] -- C:\Users\Gary\NetHood
[2012/06/15 15:50:11 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Documents\My Videos
[2012/06/15 15:50:11 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Documents\My Pictures
[2012/06/15 15:50:11 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Documents\My Music
[2012/06/15 15:50:11 | 000,000,000 | -HSD | C] -- C:\Users\Gary\My Documents
[2012/06/15 15:50:11 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Local Settings
[2012/06/15 15:50:11 | 000,000,000 | -HSD | C] -- C:\Users\Gary\AppData\Local\History
[2012/06/15 15:50:11 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Cookies
[2012/06/15 15:50:11 | 000,000,000 | -HSD | C] -- C:\Users\Gary\Application Data
[2012/06/15 15:50:11 | 000,000,000 | -HSD | C] -- C:\Users\Gary\AppData\Local\Application Data
[2012/06/15 15:50:10 | 000,000,000 | --SD | C] -- C:\Users\Gary\AppData\Roaming\Microsoft
[2012/06/15 15:50:10 | 000,000,000 | R--D | C] -- C:\Users\Gary\Videos
[2012/06/15 15:50:10 | 000,000,000 | R--D | C] -- C:\Users\Gary\Saved Games
[2012/06/15 15:50:10 | 000,000,000 | R--D | C] -- C:\Users\Gary\Pictures
[2012/06/15 15:50:10 | 000,000,000 | R--D | C] -- C:\Users\Gary\Music
[2012/06/15 15:50:10 | 000,000,000 | R--D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/06/15 15:50:10 | 000,000,000 | R--D | C] -- C:\Users\Gary\Links
[2012/06/15 15:50:10 | 000,000,000 | R--D | C] -- C:\Users\Gary\Favorites
[2012/06/15 15:50:10 | 000,000,000 | R--D | C] -- C:\Users\Gary\Downloads
[2012/06/15 15:50:10 | 000,000,000 | R--D | C] -- C:\Users\Gary\Documents
[2012/06/15 15:50:10 | 000,000,000 | R--D | C] -- C:\Users\Gary\Desktop
[2012/06/15 15:50:10 | 000,000,000 | R--D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/06/15 15:50:10 | 000,000,000 | -H-D | C] -- C:\Users\Gary\AppData
[2012/06/15 15:50:10 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Temp
[2012/06/15 15:50:10 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Microsoft
[2012/06/15 15:50:10 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Media Center Programs
[2012/06/15 15:50:10 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
[2012/06/15 15:49:55 | 000,000,000 | ---D | C] -- C:\Recovery
[2012/06/15 09:47:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012/07/05 20:29:13 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Gary\Desktop\OTL.exe
[2012/07/05 19:41:51 | 000,000,512 | ---- | M] () -- C:\Users\Gary\Desktop\MBR.dat
[2012/07/05 19:32:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Gary\Desktop\aswMBR.exe
[2012/07/05 19:25:52 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gary\Desktop\tdsskiller.exe
[2012/07/05 19:21:00 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/07/05 19:21:00 | 000,624,622 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/07/05 19:21:00 | 000,106,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/07/05 19:20:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/05 15:32:11 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/07/05 15:17:06 | 000,881,475 | ---- | M] () -- C:\Users\Gary\Desktop\SecurityCheck.exe
[2012/07/05 12:09:52 | 000,001,277 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2012/07/05 12:06:30 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/05 12:06:30 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/05 11:59:48 | 000,246,185 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012/07/05 11:59:00 | 512,847,592 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/07/05 11:58:59 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/04 22:47:52 | 000,082,390 | ---- | M] () -- C:\Users\Gary\Desktop\Nginx re-direct problem.htm
[2012/07/03 15:23:23 | 000,005,751 | ---- | M] () -- C:\Users\Gary\Desktop\DDS.7z
[2012/07/03 15:23:08 | 000,002,071 | ---- | M] () -- C:\Users\Gary\Desktop\Attach.7z
[2012/07/03 15:06:18 | 000,000,000 | ---- | M] () -- C:\Users\Gary\defogger_reenable
[2012/06/29 20:07:45 | 004,566,027 | R--- | M] (Swearware) -- C:\Users\Gary\Desktop\ComboFix.exe
[2012/06/28 12:32:26 | 000,000,942 | ---- | M] () -- C:\Users\Gary\Desktop\flvtoavi.lnk
[2012/06/28 10:01:57 | 000,001,036 | ---- | M] () -- C:\Users\Gary\Desktop\Documents.lnk
[2012/06/27 23:15:47 | 000,003,584 | ---- | M] () -- C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/27 13:36:24 | 016,258,612 | ---- | M] () -- C:\Users\Gary\Desktop\Joe Walsh - Life's Been Good - YouTube [360p].mp4
[2012/06/26 21:32:34 | 014,818,226 | ---- | M] () -- C:\Users\Gary\Desktop\RICK DERRINGER - Rock & Roll Hoochie Koo (1973) - YouTube [360p].mp4
[2012/06/26 18:21:30 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2012/06/26 18:21:30 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/26 12:37:20 | 000,037,694 | ---- | M] () -- C:\Users\Gary\Desktop\ambulance2.pdf
[2012/06/25 17:10:25 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/06/21 08:32:22 | 000,002,112 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/06/21 08:32:13 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/06/20 23:48:47 | 000,000,250 | ---- | M] () -- C:\user.js
[2012/06/19 16:08:11 | 000,000,835 | ---- | M] () -- C:\Downloads.lnk
[2012/06/19 16:08:11 | 000,000,432 | ---- | M] () -- C:\Desktop.lnk
[2012/06/19 15:45:41 | 000,731,106 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/06/16 13:50:10 | 000,282,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/06/16 13:08:46 | 000,002,235 | ---- | M] () -- C:\Users\Gary\Desktop\OneKey Recovery.lnk
[2012/06/15 18:40:54 | 000,001,278 | ---- | M] () -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/15 18:40:54 | 000,001,254 | ---- | M] () -- C:\Users\Gary\Desktop\Spybot - Search & Destroy.lnk
[2012/06/15 16:19:01 | 000,000,963 | ---- | M] () -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/06/15 16:19:01 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/06/15 16:03:09 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/15 15:51:53 | 000,001,433 | ---- | M] () -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/15 09:49:12 | 000,108,227 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2012/06/15 09:49:12 | 000,108,227 | ---- | M] () -- C:\windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2012/07/05 19:41:51 | 000,000,512 | ---- | C] () -- C:\Users\Gary\Desktop\MBR.dat
[2012/07/05 15:28:09 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/07/05 15:28:09 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/07/05 15:28:09 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/07/05 15:28:09 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/07/05 15:28:09 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/07/05 15:16:54 | 000,881,475 | ---- | C] () -- C:\Users\Gary\Desktop\SecurityCheck.exe
[2012/07/05 12:09:52 | 000,001,277 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2012/07/04 22:47:51 | 000,082,390 | ---- | C] () -- C:\Users\Gary\Desktop\Nginx re-direct problem.htm
[2012/07/03 15:23:23 | 000,005,751 | ---- | C] () -- C:\Users\Gary\Desktop\DDS.7z
[2012/07/03 15:23:08 | 000,002,071 | ---- | C] () -- C:\Users\Gary\Desktop\Attach.7z
[2012/07/03 15:06:18 | 000,000,000 | ---- | C] () -- C:\Users\Gary\defogger_reenable
[2012/06/28 12:32:26 | 000,000,942 | ---- | C] () -- C:\Users\Gary\Desktop\flvtoavi.lnk
[2012/06/28 10:01:57 | 000,001,036 | ---- | C] () -- C:\Users\Gary\Desktop\Documents.lnk
[2012/06/27 23:15:46 | 000,003,584 | ---- | C] () -- C:\Users\Gary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/27 13:34:04 | 016,258,612 | ---- | C] () -- C:\Users\Gary\Desktop\Joe Walsh - Life's Been Good - YouTube [360p].mp4
[2012/06/26 21:31:24 | 014,818,226 | ---- | C] () -- C:\Users\Gary\Desktop\RICK DERRINGER - Rock & Roll Hoochie Koo (1973) - YouTube [360p].mp4
[2012/06/26 12:37:20 | 000,037,694 | ---- | C] () -- C:\Users\Gary\Desktop\ambulance2.pdf
[2012/06/25 17:10:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/06/25 17:10:04 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/06/21 08:32:13 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/06/21 08:32:03 | 000,002,112 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/06/20 23:48:46 | 000,000,250 | ---- | C] () -- C:\user.js
[2012/06/18 14:28:28 | 000,731,106 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/06/16 10:08:21 | 512,847,592 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/06/15 18:40:54 | 000,001,278 | ---- | C] () -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/06/15 18:40:54 | 000,001,254 | ---- | C] () -- C:\Users\Gary\Desktop\Spybot - Search & Destroy.lnk
[2012/06/15 16:19:01 | 000,000,963 | ---- | C] () -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/06/15 16:19:01 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/06/15 16:03:09 | 000,001,138 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/15 16:03:09 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/15 15:51:53 | 000,001,433 | ---- | C] () -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/15 15:51:02 | 000,001,405 | ---- | C] () -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/06/15 15:50:58 | 000,001,439 | ---- | C] () -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/06/15 15:50:57 | 000,000,835 | ---- | C] () -- C:\Downloads.lnk
[2012/06/15 15:50:57 | 000,000,432 | ---- | C] () -- C:\Desktop.lnk
[2012/06/15 15:50:11 | 000,002,235 | ---- | C] () -- C:\Users\Gary\Desktop\OneKey Recovery.lnk
[2012/06/15 15:50:11 | 000,000,290 | ---- | C] () -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/06/15 15:50:11 | 000,000,272 | ---- | C] () -- C:\Users\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/06/15 09:47:50 | 3177,074,688 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/04 20:49:16 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2012/03/04 20:49:16 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2012/03/04 20:33:21 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2012/03/04 20:33:21 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2012/03/04 20:33:21 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2012/03/04 20:33:21 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2012/03/04 20:33:15 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2012/03/04 20:23:46 | 000,001,803 | ---- | C] () -- C:\windows\vm331Rmv.ini
[2012/03/04 20:23:46 | 000,001,803 | ---- | C] () -- C:\windows\SysWow64\vm331Rmv.ini
[2012/03/04 20:20:51 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll
[2012/03/04 20:08:26 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/03/04 20:08:25 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/03/04 20:08:24 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

< End of report >
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 PM

Posted 05 July 2012 - 10:31 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-51203059-700633758-2680594782-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    IE - HKU\S-1-5-21-51203059-700633758-2680594782-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109935&tt=060612_6_&babsrc=SP_ss&mntrId=b45343410000000000009cb70d372ae6
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    [2012/06/15 16:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2012/06/15 16:20:10 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Conduit
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gben123

gben123
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 05 July 2012 - 10:43 PM

gringo,

The output from the script is below. The computer's behavior is normal.



========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-51203059-700633758-2680594782-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry key HKEY_USERS\S-1-5-21-51203059-700633758-2680594782-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Users\Gary\AppData\Local\Conduit folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Gary\Desktop\cmd.bat deleted successfully.
C:\Users\Gary\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Gary

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Gary
->Flash cache emptied: 5773 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07052012_213837

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 PM

Posted 05 July 2012 - 10:48 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Adobe Reader 9.5.1
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gben123

gben123
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 05 July 2012 - 11:48 PM

Below are the two log files.

One thing, I originally forgot to run HijackThis as admin so I re-ran it as such and that is the log I am including. The first run found some sort of adaware game that I had it fix.


MBAM...


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.06.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Gary :: GARY-PC [administrator]

Protection: Enabled

7/5/2012 10:30:21 PM
mbam-log-2012-07-05 (22-30-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208193
Time elapsed: 2 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


HijackThis...



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:41:56 PM, on 7/5/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Gary\Desktop\OTL.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\SysWOW64\NOTEPAD.EXE
C:\Users\Gary\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9236 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 PM

Posted 05 July 2012 - 11:58 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
      O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
      O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
      O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
      O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gben123

gben123
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 06 July 2012 - 12:54 AM

C:\Users\Gary\Downloads\PBS__60s_Pop_Rock_and_Soul_1080p.exe Win32/Adware.1ClickDownload.C application
C:\Users\Gary\Downloads\VideoConverterSetup.exe Win32/InstallCore.K application

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:36 PM

Posted 06 July 2012 - 06:04 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Gary\Downloads\PBS__60s_Pop_Rock_and_Soul_1080p.exe"
    del /f /s /q "C:\Users\Gary\Downloads\VideoConverterSetup.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gben123

gben123
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:36 PM

Posted 06 July 2012 - 10:38 AM

Thanks so much for your hard work. You're a gem.

A couple of points:

- The first time I ran combofix uninstall the screen went grey, an hourglass appeared and everything hung. I had to cycle power. The second try worked.

- I went out and got a seagate USB drive and did a complete system backup prior to beginning all of this. I assume I should delete that one and re-do (the drive was unplugged during all of our operations). Is there a tool I should use to delete the old backup or just use Seagate's GUI?

- Earlier you suggested deleting some startup apps (I've used msconfig to remove several from opening at startup but was rather conservative in doing so). Do you have a suggested list?


Thanks for all your help, the computer is working fine. I'll let you know if there are any developments.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users