Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sirefef trojan


  • This topic is locked This topic is locked
20 replies to this topic

#1 GMaelstrom

GMaelstrom

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 08 July 2012 - 09:21 PM

"I'm using Win7 64 bit and got infected today... I noticed that firefox was redirecting this morning so I closed the process and turned off the computer. When I restarted this afternoon, all my icons were relocated and that my MSE service was turned off and was not listed in services. Windows firewall was also turned off and I get an error trying to restart it. I reinstalled MSE and scanned only to find sirefef in a few places. I chose to remove it, rebooted and now have a error 1 minute shutdown loop. I also realized that my system restore is now turned off so I am unable to just restore it to yesterday. How did I get this super virus?!? I did install a flash update today and checked for that redirect virus that hits tomorrow. Thanks in advance guys this is way out of my league!"

I was told to make a new topic in this forum and post a DDS log. But the computer gets a critical error and restarts automatically after a minute even in safe mode... help?

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 08 July 2012 - 11:31 PM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 GMaelstrom

GMaelstrom
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 09 July 2012 - 07:22 PM

I got the computer to stop rebooting by uninstalling MSE. I still ran the FRST64. Mr Sirefef is still visiting my computer with no intention of leaving...

Here you go:
Scan result of Farbar Recovery Scan Tool Version: 09-07-2012
Ran by SYSTEM at 09-07-2012 17:08:02
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2412616 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKU\Dad\...\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent [x]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\Users\Dad\Start Menu\Programs\Startup\speedfan.exe - Shortcut.lnk
ShortcutTarget: speedfan.exe - Shortcut.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))

==================== Services (Whitelisted) ======

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21072 2010-08-29] (Mobile Stream)
3 L8042Kbd; C:\Windows\System32\Drivers\L8042Kbd.sys [30736 2009-06-17] (Logitech, Inc.)
1 ygeyumba; \??\C:\Windows\system32\drivers\ygeyumba.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-08 19:18 - 2012-07-08 19:18 - 00159144 ____A (Microsoft Corporation) C:\Users\Dad\Downloads\WindowsActivationUpdate.exe
2012-07-08 19:15 - 2012-07-08 19:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.773A42E88BF43548
2012-07-08 19:13 - 2012-07-08 19:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A89E1671C13FE816
2012-07-08 19:10 - 2012-07-08 19:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4B266C0E3756CA93
2012-07-08 18:58 - 2012-07-08 18:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66B885E6B9AC4C63
2012-07-08 18:56 - 2012-07-08 18:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.45DB43D0533DAE39
2012-07-08 18:54 - 2012-07-08 18:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3C1C2E4FA2B9D743
2012-07-08 18:51 - 2012-07-08 18:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.947EEAD13D4AA135
2012-07-08 18:51 - 2012-07-08 18:51 - 00001272 ____A C:\Users\Dad\Desktop\shutdown stopper.lnk
2012-07-08 18:15 - 2012-07-08 18:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8ED235B81A07AC1F
2012-07-08 18:13 - 2012-07-08 18:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8282BEB57C2262F7
2012-07-08 18:11 - 2012-07-08 18:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B1459E51AB851F59
2012-07-08 15:53 - 2012-07-08 15:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04DEF93FDE75D37C
2012-07-08 15:53 - 2012-07-08 15:53 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pagqrazr.sys
2012-07-08 15:51 - 2012-07-08 15:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E73BEF191044A649
2012-07-08 15:49 - 2012-07-08 15:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E7883BA61BAEDC32
2012-07-08 15:47 - 2012-07-08 15:47 - 00001003 ____A C:\Users\Dad\Desktop\New Text Document (2).txt
2012-07-08 15:46 - 2012-07-08 15:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F9BE0142C8E22996
2012-07-08 15:46 - 2012-07-08 15:46 - 00000000 ____D C:\Users\Dad\Desktop\New folder
2012-07-08 15:44 - 2012-07-08 15:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02BCCF2BA80D8654
2012-07-08 15:42 - 2012-07-08 15:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D321AB6B63C3A8B6
2012-07-08 15:39 - 2012-07-08 15:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA699004E9B78853
2012-07-08 14:37 - 2012-07-08 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.82F29EF2F538F647
2012-07-08 14:34 - 2012-07-08 14:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.210FE62296114154
2012-07-08 14:32 - 2012-07-08 14:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.00F5254084B9B771
2012-07-08 14:30 - 2012-07-08 14:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F1E2CB255F7D6950
2012-07-08 14:27 - 2012-07-08 14:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E4FE2150E0E7E838
2012-07-08 14:25 - 2012-07-08 14:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3C6DD5341C4BCCC1
2012-07-08 14:15 - 2012-07-08 14:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ED11D50856077615
2012-07-08 14:13 - 2012-07-08 14:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.19A20114CFD3B9BF
2012-07-08 14:10 - 2012-07-08 14:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C80ACB2B25C52642
2012-07-08 14:08 - 2012-07-08 14:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9248AD40B66C8F0B
2012-07-08 14:06 - 2012-07-08 14:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D04C95C73E53D1E
2012-07-08 14:03 - 2012-07-08 14:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3678597E47C1F107
2012-07-08 14:01 - 2012-07-08 14:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DBE378EEDDDB3CD2
2012-07-08 13:58 - 2012-07-08 13:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3AF3C7DAA266B37
2012-07-08 13:56 - 2012-07-08 13:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6E0A5A7168D6EB9A
2012-07-08 13:53 - 2012-07-08 13:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9846F7B70EDDBB04
2012-07-08 13:51 - 2012-07-08 13:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.80F26F059F342B10
2012-07-08 13:48 - 2012-07-08 13:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D4C88E9C93B5703
2012-07-08 13:46 - 2012-07-08 13:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CA16EE47BF3B72CA
2012-07-08 13:46 - 2012-07-08 13:46 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kupqlpjh.sys
2012-07-08 13:44 - 2012-07-08 13:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0FCD4051BDD6372E
2012-07-08 13:41 - 2012-07-08 13:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A828C0E38422F7DA
2012-07-08 13:37 - 2012-07-08 13:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20B8CF54D8E39D1D
2012-07-08 13:34 - 2012-07-08 13:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E92F20B4DD9856CE
2012-07-08 13:33 - 2012-07-08 13:33 - 405483618 ____N C:\Windows\MEMORY.DMP
2012-07-08 13:28 - 2012-07-08 13:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3694BB1CC896E1F1
2012-07-08 13:24 - 2012-07-08 19:15 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-08 13:24 - 2012-07-08 19:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-08 13:17 - 2012-07-08 13:18 - 12621696 ____A (Microsoft Corporation) C:\Users\Dad\Downloads\mseinstall.exe
2012-07-08 08:33 - 2012-07-08 08:33 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-21 14:45 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 14:45 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 14:45 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 14:45 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 14:45 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 14:45 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 14:45 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 14:45 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 14:45 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-12 20:15 - 2012-06-12 20:15 - 00000000 ____D C:\Users\Dad\AppData\Local\Macromedia
2012-06-12 17:28 - 2012-05-14 20:01 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-12 17:28 - 2012-05-14 19:59 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-12 17:28 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-12 17:28 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-12 17:28 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 17:28 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 17:28 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 17:28 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-12 17:28 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 17:28 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 17:28 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 17:28 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 17:28 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 17:28 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-12 17:28 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 17:28 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-12 17:28 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-12 17:28 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-12 17:28 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-12 17:28 - 2012-04-19 21:42 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-12 17:28 - 2012-04-19 21:42 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-12 17:28 - 2012-04-19 21:42 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-12 17:28 - 2012-04-19 21:42 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-12 17:28 - 2012-04-19 21:42 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-12 17:28 - 2012-04-19 21:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-12 17:28 - 2012-04-19 21:42 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-12 17:28 - 2012-04-19 21:42 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-12 17:28 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-12 17:28 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-12 17:28 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-12 17:28 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-12 17:28 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-12 17:28 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-12 17:28 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-12 17:28 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-12 17:28 - 2012-04-19 19:45 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-12 17:28 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-12 17:28 - 2012-04-16 21:31 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-12 17:28 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-12 17:28 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 17:28 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll


============ 3 Months Modified Files ========================

2012-07-08 19:33 - 2011-04-01 17:24 - 01715349 ____A C:\Windows\WindowsUpdate.log
2012-07-08 19:33 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-08 19:33 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-08 19:28 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-08 19:28 - 2009-07-13 20:51 - 00086531 ____A C:\Windows\setupact.log
2012-07-08 19:18 - 2012-07-08 19:18 - 00159144 ____A (Microsoft Corporation) C:\Users\Dad\Downloads\WindowsActivationUpdate.exe
2012-07-08 19:15 - 2012-07-08 19:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.773A42E88BF43548
2012-07-08 19:15 - 2011-04-01 20:35 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-08 19:13 - 2012-07-08 19:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A89E1671C13FE816
2012-07-08 19:10 - 2012-07-08 19:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4B266C0E3756CA93
2012-07-08 18:58 - 2012-07-08 18:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66B885E6B9AC4C63
2012-07-08 18:56 - 2012-07-08 18:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.45DB43D0533DAE39
2012-07-08 18:54 - 2012-07-08 18:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3C1C2E4FA2B9D743
2012-07-08 18:51 - 2012-07-08 18:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.947EEAD13D4AA135
2012-07-08 18:51 - 2012-07-08 18:51 - 00001272 ____A C:\Users\Dad\Desktop\shutdown stopper.lnk
2012-07-08 18:15 - 2012-07-08 18:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8ED235B81A07AC1F
2012-07-08 18:13 - 2012-07-08 18:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8282BEB57C2262F7
2012-07-08 18:11 - 2012-07-08 18:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B1459E51AB851F59
2012-07-08 18:10 - 2011-04-01 21:26 - 00011566 ____A C:\Windows\PFRO.log
2012-07-08 15:53 - 2012-07-08 15:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04DEF93FDE75D37C
2012-07-08 15:53 - 2012-07-08 15:53 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pagqrazr.sys
2012-07-08 15:51 - 2012-07-08 15:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E73BEF191044A649
2012-07-08 15:49 - 2012-07-08 15:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E7883BA61BAEDC32
2012-07-08 15:47 - 2012-07-08 15:47 - 00001003 ____A C:\Users\Dad\Desktop\New Text Document (2).txt
2012-07-08 15:46 - 2012-07-08 15:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F9BE0142C8E22996
2012-07-08 15:44 - 2012-07-08 15:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02BCCF2BA80D8654
2012-07-08 15:42 - 2012-07-08 15:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D321AB6B63C3A8B6
2012-07-08 15:39 - 2012-07-08 15:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA699004E9B78853
2012-07-08 14:37 - 2012-07-08 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.82F29EF2F538F647
2012-07-08 14:34 - 2012-07-08 14:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.210FE62296114154
2012-07-08 14:32 - 2012-07-08 14:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.00F5254084B9B771
2012-07-08 14:30 - 2012-07-08 14:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F1E2CB255F7D6950
2012-07-08 14:27 - 2012-07-08 14:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E4FE2150E0E7E838
2012-07-08 14:25 - 2012-07-08 14:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3C6DD5341C4BCCC1
2012-07-08 14:15 - 2012-07-08 14:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ED11D50856077615
2012-07-08 14:13 - 2012-07-08 14:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.19A20114CFD3B9BF
2012-07-08 14:10 - 2012-07-08 14:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C80ACB2B25C52642
2012-07-08 14:08 - 2012-07-08 14:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9248AD40B66C8F0B
2012-07-08 14:06 - 2012-07-08 14:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5D04C95C73E53D1E
2012-07-08 14:03 - 2012-07-08 14:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3678597E47C1F107
2012-07-08 14:01 - 2012-07-08 14:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DBE378EEDDDB3CD2
2012-07-08 13:58 - 2012-07-08 13:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D3AF3C7DAA266B37
2012-07-08 13:56 - 2012-07-08 13:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6E0A5A7168D6EB9A
2012-07-08 13:53 - 2012-07-08 13:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9846F7B70EDDBB04
2012-07-08 13:51 - 2012-07-08 13:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.80F26F059F342B10
2012-07-08 13:48 - 2012-07-08 13:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D4C88E9C93B5703
2012-07-08 13:46 - 2012-07-08 13:46 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CA16EE47BF3B72CA
2012-07-08 13:46 - 2012-07-08 13:46 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\kupqlpjh.sys
2012-07-08 13:44 - 2012-07-08 13:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0FCD4051BDD6372E
2012-07-08 13:41 - 2012-07-08 13:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A828C0E38422F7DA
2012-07-08 13:37 - 2012-07-08 13:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.20B8CF54D8E39D1D
2012-07-08 13:34 - 2012-07-08 13:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E92F20B4DD9856CE
2012-07-08 13:33 - 2012-07-08 13:33 - 405483618 ____N C:\Windows\MEMORY.DMP
2012-07-08 13:28 - 2012-07-08 13:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3694BB1CC896E1F1
2012-07-08 13:24 - 2011-04-01 20:35 - 00809644 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-08 13:21 - 2009-07-13 21:13 - 00796050 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-08 13:18 - 2012-07-08 13:17 - 12621696 ____A (Microsoft Corporation) C:\Users\Dad\Downloads\mseinstall.exe
2012-07-08 08:22 - 2012-04-03 16:23 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-08 08:22 - 2011-05-23 10:33 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-28 19:31 - 2009-07-13 21:08 - 00032594 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-17 20:15 - 2012-05-24 18:17 - 00000584 ____A C:\Users\Dad\Desktop\Guild Wars.lnk
2012-06-12 20:14 - 2009-07-13 20:45 - 00276216 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-12 19:14 - 2011-04-02 09:26 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 14:19 - 2012-06-21 14:45 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 14:45 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 14:45 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-21 14:45 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 14:45 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 14:45 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 14:45 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 14:45 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-21 14:45 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-28 12:16 - 2012-05-28 12:15 - 32112904 ____A (TeamSpeak Systems GmbH) C:\Users\Dad\Downloads\TeamSpeak3-Client-win64-3.0.6.exe
2012-05-27 20:16 - 2011-12-08 18:16 - 00068112 ____A C:\Users\Dad\AppData\Local\RAContactHistory.xml
2012-05-24 18:02 - 2012-05-24 17:56 - 168454136 ____A (NVIDIA Corporation) C:\Users\Dad\Downloads\301.42-desktop-win7-winvista-64bit-english-whql.exe
2012-05-18 22:57 - 2012-05-18 22:57 - 00165248 ____A (ArenaNet) C:\Users\Dad\Downloads\GwSetup.exe
2012-05-15 02:48 - 2012-05-24 18:10 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-05-24 18:10 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-05-24 18:10 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-05-24 18:10 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-05-24 18:10 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-05-24 18:10 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-05-24 18:10 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-05-24 18:10 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-05-24 18:10 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-24 18:10 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-05-24 18:10 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-05-24 18:10 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-05-24 18:10 - 00818496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-05-15 02:48 - 2012-05-24 18:10 - 00364352 ____A (NVIDIA Corporation) C:\Windows\System32\nvdecodemft.dll
2012-05-15 02:48 - 2012-05-24 18:10 - 00301376 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvdecodemft.dll
2012-05-15 02:48 - 2012-05-24 18:10 - 00246592 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-05-15 02:48 - 2012-05-24 18:10 - 00202048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-05-15 02:48 - 2012-03-13 19:24 - 00949056 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-05-15 02:48 - 2012-03-13 19:24 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2012-03-13 19:24 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2011-10-25 18:25 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2011-10-25 18:25 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2011-10-25 18:25 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2011-10-25 18:25 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2011-10-25 18:25 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2011-04-01 22:54 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 02:48 - 2011-02-23 07:28 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 02:48 - 2011-02-23 07:28 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 01:29 - 2012-03-13 19:25 - 02621723 ____A C:\Windows\System32\nvcoproc.bin
2012-05-15 01:29 - 2011-02-23 00:39 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2011-02-23 00:38 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2011-02-23 00:38 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2011-01-07 19:48 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:28 - 2011-02-23 00:39 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-15 01:21 - 2012-05-15 01:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-14 20:01 - 2012-06-12 17:28 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:59 - 2012-06-12 17:28 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:03 - 2012-06-12 17:28 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:00 - 2012-06-12 17:28 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 17:32 - 2012-06-12 17:28 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-06 16:46 - 2012-05-06 16:46 - 00000598 ____A C:\Users\Public\Desktop\Wizardry 8.lnk
2012-05-06 16:46 - 2012-05-06 16:46 - 00000135 ____A C:\Users\Public\Desktop\Wizardry 8 Homepage.url
2012-05-04 19:42 - 2012-04-03 17:42 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 03:06 - 2012-06-12 17:28 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 17:28 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 17:28 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-12 17:28 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-12 17:28 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-12 17:28 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 17:28 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 17:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-12 17:28 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-12 17:28 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-12 17:28 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-12 17:28 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-12 17:28 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 17:28 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-19 21:42 - 2012-06-12 17:28 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 21:42 - 2012-06-12 17:28 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 21:42 - 2012-06-12 17:28 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 21:42 - 2012-06-12 17:28 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 21:42 - 2012-06-12 17:28 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 21:42 - 2012-06-12 17:28 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 21:42 - 2012-06-12 17:28 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 21:42 - 2012-06-12 17:28 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 21:00 - 2012-06-12 17:28 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-19 21:00 - 2012-06-12 17:28 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-19 20:57 - 2012-06-12 17:28 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-19 20:57 - 2012-06-12 17:28 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-19 20:57 - 2012-06-12 17:28 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-19 20:56 - 2012-06-12 17:28 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-19 20:56 - 2012-06-12 17:28 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-19 20:56 - 2012-06-12 17:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-19 19:45 - 2012-06-12 17:28 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 19:16 - 2012-06-12 17:28 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-18 09:08 - 2012-05-24 18:10 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-04-18 09:08 - 2012-05-24 18:10 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-04-18 09:08 - 2012-03-13 19:24 - 01451840 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2012-04-16 21:31 - 2012-06-12 17:28 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-16 20:34 - 2012-06-12 17:28 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-13 17:56 - 2012-04-13 17:56 - 00292840 ____A C:\Windows\Minidump\041312-21918-01.dmp


ZeroAccess:
C:\Windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}
C:\Windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\@
C:\Windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\L
C:\Windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\n
C:\Windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\U
C:\Windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\L\00000004.@
C:\Windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\L\1afb2d56
C:\Windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\L\201d3dde
C:\Windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\U\00000004.@
C:\Windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\U\00000008.@
C:\Windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\U\000000cb.@
C:\Windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\U\80000000.@
C:\Windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\U\80000032.@
C:\Windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\U\80000064.@

ZeroAccess:
C:\Users\Dad\AppData\Local\{93c0012c-55d6-124f-edc2-7e91a5bdc911}
C:\Users\Dad\AppData\Local\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\@
C:\Users\Dad\AppData\Local\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\L
C:\Users\Dad\AppData\Local\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%
Total physical RAM: 8189.55 MB
Available physical RAM: 7409 MB
Total Pagefile: 8187.7 MB
Available Pagefile: 7409.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

2 Drive c: (System) (Fixed) (Total:37.27 GB) (Free:6.68 GB) NTFS
3 Drive e: () (Fixed) (Total:465.66 GB) (Free:345.41 GB) NTFS
5 Drive g: (KINGSTON) (Removable) (Total:3.72 GB) (Free:2.68 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 37 GB 0 B
Disk 2 Online 3822 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E NTFS Partition 465 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 37 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C System NTFS Partition 37 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3821 MB 540 KB

==================================================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G KINGSTON FAT32 Removable 3821 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-08 08:44

======================= End Of Log ==========================

#4 GMaelstrom

GMaelstrom
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 09 July 2012 - 07:50 PM

Computer boots and runs fine... just the redirecting and loss of MSE and Firewall is stopped and gives an error when trying to turn it on.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Dad at 17:33:29 on 2012-07-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6726 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Steam\Steam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Dad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SPEEDF~1.LNK - C:\Program Files (x86)\SpeedFan\speedfan.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{74158CC2-72EF-4A3D-A525-3D7004CFC839} : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{F04469A7-9C87-4F44-8B2E-D225C45290CA} : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\iz6ibi88.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 easytether;easytether;C:\Windows\system32\DRIVERS\easytthr.sys --> C:\Windows\system32\DRIVERS\easytthr.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-13 1262400]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 MotDev;Motorola Inc. USB Device;C:\Windows\system32\DRIVERS\motodrv.sys --> C:\Windows\system32\DRIVERS\motodrv.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-10 01:07:49 -------- d-----w- C:\FRST
2012-07-09 03:15:35 328704 ----a-w- C:\Windows\System32\services.exe.773A42E88BF43548
2012-07-09 03:13:15 328704 ----a-w- C:\Windows\System32\services.exe.A89E1671C13FE816
2012-07-09 03:10:51 328704 ----a-w- C:\Windows\System32\services.exe.4B266C0E3756CA93
2012-07-09 02:58:57 328704 ----a-w- C:\Windows\System32\services.exe.66B885E6B9AC4C63
2012-07-09 02:56:35 328704 ----a-w- C:\Windows\System32\services.exe.45DB43D0533DAE39
2012-07-09 02:54:12 328704 ----a-w- C:\Windows\System32\services.exe.3C1C2E4FA2B9D743
2012-07-09 02:51:48 328704 ----a-w- C:\Windows\System32\services.exe.947EEAD13D4AA135
2012-07-09 02:51:07 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{726D97D7-04D8-4F1C-9C49-98A5CA1F7EA7}\offreg.dll
2012-07-09 02:15:45 328704 ----a-w- C:\Windows\System32\services.exe.8ED235B81A07AC1F
2012-07-09 02:13:29 328704 ----a-w- C:\Windows\System32\services.exe.8282BEB57C2262F7
2012-07-09 02:11:14 328704 ----a-w- C:\Windows\System32\services.exe.B1459E51AB851F59
2012-07-08 23:53:50 50392 ----a-w- C:\Windows\System32\drivers\pagqrazr.sys
2012-07-08 23:53:50 328704 ----a-w- C:\Windows\System32\services.exe.04DEF93FDE75D37C
2012-07-08 23:51:30 328704 ----a-w- C:\Windows\System32\services.exe.E73BEF191044A649
2012-07-08 23:49:08 328704 ----a-w- C:\Windows\System32\services.exe.E7883BA61BAEDC32
2012-07-08 23:46:47 328704 ----a-w- C:\Windows\System32\services.exe.F9BE0142C8E22996
2012-07-08 23:44:26 328704 ----a-w- C:\Windows\System32\services.exe.02BCCF2BA80D8654
2012-07-08 23:42:10 328704 ----a-w- C:\Windows\System32\services.exe.D321AB6B63C3A8B6
2012-07-08 23:39:48 328704 ----a-w- C:\Windows\System32\services.exe.EA699004E9B78853
2012-07-08 22:37:01 328704 ----a-w- C:\Windows\System32\services.exe.82F29EF2F538F647
2012-07-08 22:34:46 328704 ----a-w- C:\Windows\System32\services.exe.210FE62296114154
2012-07-08 22:32:30 328704 ----a-w- C:\Windows\System32\services.exe.00F5254084B9B771
2012-07-08 22:30:15 328704 ----a-w- C:\Windows\System32\services.exe.F1E2CB255F7D6950
2012-07-08 22:27:54 328704 ----a-w- C:\Windows\System32\services.exe.E4FE2150E0E7E838
2012-07-08 22:25:38 328704 ----a-w- C:\Windows\System32\services.exe.3C6DD5341C4BCCC1
2012-07-08 22:15:46 328704 ----a-w- C:\Windows\System32\services.exe.ED11D50856077615
2012-07-08 22:13:19 328704 ----a-w- C:\Windows\System32\services.exe.19A20114CFD3B9BF
2012-07-08 22:10:53 328704 ----a-w- C:\Windows\System32\services.exe.C80ACB2B25C52642
2012-07-08 22:08:26 328704 ----a-w- C:\Windows\System32\services.exe.9248AD40B66C8F0B
2012-07-08 22:06:00 328704 ----a-w- C:\Windows\System32\services.exe.5D04C95C73E53D1E
2012-07-08 22:03:32 328704 ----a-w- C:\Windows\System32\services.exe.3678597E47C1F107
2012-07-08 22:01:05 328704 ----a-w- C:\Windows\System32\services.exe.DBE378EEDDDB3CD2
2012-07-08 21:58:39 328704 ----a-w- C:\Windows\System32\services.exe.D3AF3C7DAA266B37
2012-07-08 21:56:13 328704 ----a-w- C:\Windows\System32\services.exe.6E0A5A7168D6EB9A
2012-07-08 21:53:45 328704 ----a-w- C:\Windows\System32\services.exe.9846F7B70EDDBB04
2012-07-08 21:51:18 328704 ----a-w- C:\Windows\System32\services.exe.80F26F059F342B10
2012-07-08 21:48:51 328704 ----a-w- C:\Windows\System32\services.exe.9D4C88E9C93B5703
2012-07-08 21:46:40 50392 ----a-w- C:\Windows\System32\drivers\kupqlpjh.sys
2012-07-08 21:46:40 328704 ----a-w- C:\Windows\System32\services.exe.CA16EE47BF3B72CA
2012-07-08 21:44:13 328704 ----a-w- C:\Windows\System32\services.exe.0FCD4051BDD6372E
2012-07-08 21:41:45 328704 ----a-w- C:\Windows\System32\services.exe.A828C0E38422F7DA
2012-07-08 21:37:37 328704 ----a-w- C:\Windows\System32\services.exe.20B8CF54D8E39D1D
2012-07-08 21:34:44 328704 ----a-w- C:\Windows\System32\services.exe.E92F20B4DD9856CE
2012-07-08 21:28:40 328704 ----a-w- C:\Windows\System32\services.exe.3694BB1CC896E1F1
2012-07-08 21:25:42 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2C18CFFB-88CB-461A-A33C-565F8DCC57B7}\gapaengine.dll
2012-07-08 21:25:40 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{726D97D7-04D8-4F1C-9C49-98A5CA1F7EA7}\mpengine.dll
2012-07-08 21:24:36 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-08 21:24:35 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-08 16:33:27 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-23 19:47:49 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-23 19:47:49 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-21 22:45:56 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 22:45:54 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 22:45:52 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 22:45:52 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-13 04:15:40 -------- d-----w- C:\Users\Dad\AppData\Local\Macromedia
.
==================== Find3M ====================
.
2012-07-08 16:22:15 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-08 16:22:15 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 09:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-05 03:42:07 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
.
============= FINISH: 17:33:42.49 ===============

Attached File  Attach.txt   226.04KB   0 downloads

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 09 July 2012 - 08:08 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 GMaelstrom

GMaelstrom
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 09 July 2012 - 09:13 PM

Everything seems back to normal, Firewall is on and I reinstalled MSE. Quick Scan found nothing so I'm running a Full Scan.
I'm still wondering just how I received this unwanted visitor. Thank you very much!

ComboFix 12-07-08.03 - Dad 07/09/2012 18:42:22.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6694 [GMT -7:00]
Running from: c:\users\Dad\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\@
c:\windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\L\00000004.@
c:\windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\L\1afb2d56
c:\windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\L\201d3dde
c:\windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\n
c:\windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\U\00000004.@
c:\windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\U\00000008.@
c:\windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\U\000000cb.@
c:\windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\U\80000000.@
c:\windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\U\80000032.@
c:\windows\Installer\{93c0012c-55d6-124f-edc2-7e91a5bdc911}\U\80000064.@
D:\install.exe
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))
.
.
2012-07-10 01:45 . 2012-07-10 01:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-10 01:45 . 2012-07-10 01:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-10 01:07 . 2012-07-10 01:08 -------- d-----w- C:\FRST
2012-07-09 03:15 . 2012-07-09 03:15 328704 ----a-w- c:\windows\system32\services.exe.773A42E88BF43548
2012-07-09 03:13 . 2012-07-09 03:13 328704 ----a-w- c:\windows\system32\services.exe.A89E1671C13FE816
2012-07-09 03:10 . 2012-07-09 03:10 328704 ----a-w- c:\windows\system32\services.exe.4B266C0E3756CA93
2012-07-09 02:58 . 2012-07-09 02:58 328704 ----a-w- c:\windows\system32\services.exe.66B885E6B9AC4C63
2012-07-09 02:56 . 2012-07-09 02:56 328704 ----a-w- c:\windows\system32\services.exe.45DB43D0533DAE39
2012-07-09 02:54 . 2012-07-09 02:54 328704 ----a-w- c:\windows\system32\services.exe.3C1C2E4FA2B9D743
2012-07-09 02:51 . 2012-07-09 02:51 328704 ----a-w- c:\windows\system32\services.exe.947EEAD13D4AA135
2012-07-09 02:51 . 2012-07-09 03:14 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{726D97D7-04D8-4F1C-9C49-98A5CA1F7EA7}\offreg.dll
2012-07-09 02:15 . 2012-07-09 02:15 328704 ----a-w- c:\windows\system32\services.exe.8ED235B81A07AC1F
2012-07-09 02:13 . 2012-07-09 02:13 328704 ----a-w- c:\windows\system32\services.exe.8282BEB57C2262F7
2012-07-09 02:11 . 2012-07-09 02:11 328704 ----a-w- c:\windows\system32\services.exe.B1459E51AB851F59
2012-07-08 23:53 . 2012-07-08 23:53 50392 ----a-w- c:\windows\system32\drivers\pagqrazr.sys
2012-07-08 23:53 . 2012-07-08 23:53 328704 ----a-w- c:\windows\system32\services.exe.04DEF93FDE75D37C
2012-07-08 23:51 . 2012-07-08 23:51 328704 ----a-w- c:\windows\system32\services.exe.E73BEF191044A649
2012-07-08 23:49 . 2012-07-08 23:49 328704 ----a-w- c:\windows\system32\services.exe.E7883BA61BAEDC32
2012-07-08 23:46 . 2012-07-08 23:46 328704 ----a-w- c:\windows\system32\services.exe.F9BE0142C8E22996
2012-07-08 23:44 . 2012-07-08 23:44 328704 ----a-w- c:\windows\system32\services.exe.02BCCF2BA80D8654
2012-07-08 23:42 . 2012-07-08 23:42 328704 ----a-w- c:\windows\system32\services.exe.D321AB6B63C3A8B6
2012-07-08 23:39 . 2012-07-08 23:39 328704 ----a-w- c:\windows\system32\services.exe.EA699004E9B78853
2012-07-08 22:37 . 2012-07-08 22:37 328704 ----a-w- c:\windows\system32\services.exe.82F29EF2F538F647
2012-07-08 22:34 . 2012-07-08 22:34 328704 ----a-w- c:\windows\system32\services.exe.210FE62296114154
2012-07-08 22:32 . 2012-07-08 22:32 328704 ----a-w- c:\windows\system32\services.exe.00F5254084B9B771
2012-07-08 22:30 . 2012-07-08 22:30 328704 ----a-w- c:\windows\system32\services.exe.F1E2CB255F7D6950
2012-07-08 22:27 . 2012-07-08 22:27 328704 ----a-w- c:\windows\system32\services.exe.E4FE2150E0E7E838
2012-07-08 22:25 . 2012-07-08 22:25 328704 ----a-w- c:\windows\system32\services.exe.3C6DD5341C4BCCC1
2012-07-08 22:15 . 2012-07-08 22:15 328704 ----a-w- c:\windows\system32\services.exe.ED11D50856077615
2012-07-08 22:13 . 2012-07-08 22:13 328704 ----a-w- c:\windows\system32\services.exe.19A20114CFD3B9BF
2012-07-08 22:10 . 2012-07-08 22:10 328704 ----a-w- c:\windows\system32\services.exe.C80ACB2B25C52642
2012-07-08 22:08 . 2012-07-08 22:08 328704 ----a-w- c:\windows\system32\services.exe.9248AD40B66C8F0B
2012-07-08 22:06 . 2012-07-08 22:06 328704 ----a-w- c:\windows\system32\services.exe.5D04C95C73E53D1E
2012-07-08 22:03 . 2012-07-08 22:03 328704 ----a-w- c:\windows\system32\services.exe.3678597E47C1F107
2012-07-08 22:01 . 2012-07-08 22:01 328704 ----a-w- c:\windows\system32\services.exe.DBE378EEDDDB3CD2
2012-07-08 21:58 . 2012-07-08 21:58 328704 ----a-w- c:\windows\system32\services.exe.D3AF3C7DAA266B37
2012-07-08 21:56 . 2012-07-08 21:56 328704 ----a-w- c:\windows\system32\services.exe.6E0A5A7168D6EB9A
2012-07-08 21:53 . 2012-07-08 21:53 328704 ----a-w- c:\windows\system32\services.exe.9846F7B70EDDBB04
2012-07-08 21:51 . 2012-07-08 21:51 328704 ----a-w- c:\windows\system32\services.exe.80F26F059F342B10
2012-07-08 21:48 . 2012-07-08 21:48 328704 ----a-w- c:\windows\system32\services.exe.9D4C88E9C93B5703
2012-07-08 21:46 . 2012-07-08 21:46 50392 ----a-w- c:\windows\system32\drivers\kupqlpjh.sys
2012-07-08 21:46 . 2012-07-08 21:46 328704 ----a-w- c:\windows\system32\services.exe.CA16EE47BF3B72CA
2012-07-08 21:44 . 2012-07-08 21:44 328704 ----a-w- c:\windows\system32\services.exe.0FCD4051BDD6372E
2012-07-08 21:41 . 2012-07-08 21:41 328704 ----a-w- c:\windows\system32\services.exe.A828C0E38422F7DA
2012-07-08 21:37 . 2012-07-08 21:37 328704 ----a-w- c:\windows\system32\services.exe.20B8CF54D8E39D1D
2012-07-08 21:34 . 2012-07-08 21:34 328704 ----a-w- c:\windows\system32\services.exe.E92F20B4DD9856CE
2012-07-08 21:28 . 2012-07-08 21:28 328704 ----a-w- c:\windows\system32\services.exe.3694BB1CC896E1F1
2012-07-08 21:25 . 2012-07-08 21:25 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C18CFFB-88CB-461A-A33C-565F8DCC57B7}\gapaengine.dll
2012-07-08 21:25 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{726D97D7-04D8-4F1C-9C49-98A5CA1F7EA7}\mpengine.dll
2012-07-08 21:24 . 2012-07-09 03:15 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-08 21:24 . 2012-07-09 03:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-08 16:33 . 2012-07-08 16:33 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-23 19:47 . 2012-06-23 19:47 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-23 19:47 . 2012-06-23 19:47 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-21 22:45 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 22:45 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 22:45 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 22:45 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 22:45 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 22:45 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 22:45 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 22:45 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 22:45 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 04:15 . 2012-06-13 04:15 -------- d-----w- c:\users\Dad\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-08 16:22 . 2012-04-04 00:23 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-08 16:22 . 2011-05-23 18:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 10:48 . 2012-05-25 02:10 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-05-25 02:10 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-25 02:10 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-25 02:10 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-25 02:10 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-25 02:10 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-25 02:10 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-25 02:10 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-25 02:10 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-25 02:10 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-25 02:10 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-05-25 02:10 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-25 02:10 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-05-25 02:10 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-25 02:10 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-05-25 02:10 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-25 02:10 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-03-14 03:24 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-03-14 03:24 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-03-14 03:24 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-10-26 02:25 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2011-10-26 02:25 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-10-26 02:25 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-10-26 02:25 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-10-26 02:25 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-04-02 06:54 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-02-23 15:28 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2011-02-23 08:38 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-02-23 08:38 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-01-08 03:48 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-03-14 03:25 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2011-02-23 08:39 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-02-23 08:39 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-05 03:42 . 2012-04-04 01:42 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-18 17:08 . 2012-05-25 02:10 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-04-18 17:08 . 2012-05-25 02:10 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-04-18 17:08 . 2012-03-14 03:24 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="d:\program files\Steam\Steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
speedfan.exe - Shortcut.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2011-3-17 4523928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-4-2 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 ygeyumba;ygeyumba;c:\windows\system32\drivers\ygeyumba.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-01-07 51584]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 53632]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-23 113120]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-02 1255736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-30 21072]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\iz6ibi88.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-07-09 18:47:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-10 01:47
.
Pre-Run: 6,670,462,976 bytes free
Post-Run: 8,713,711,616 bytes free
.
- - End Of File - - 35A1127FE2FC3B38AEFD0362985C6E45

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 09 July 2012 - 09:20 PM

Greetings

This is a hard virus to remove so I do want to do some more checking to be sure


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 GMaelstrom

GMaelstrom
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 09 July 2012 - 10:37 PM

This is strange.... MSE just told me that sirefef is back!

20:27:37.0546 3468 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
20:27:38.0076 3468 ============================================================
20:27:38.0076 3468 Current date / time: 2012/07/09 20:27:38.0076
20:27:38.0076 3468 SystemInfo:
20:27:38.0076 3468
20:27:38.0076 3468 OS Version: 6.1.7601 ServicePack: 1.0
20:27:38.0076 3468 Product type: Workstation
20:27:38.0076 3468 ComputerName: NONEYAH
20:27:38.0076 3468 UserName: Dad
20:27:38.0076 3468 Windows directory: C:\Windows
20:27:38.0076 3468 System windows directory: C:\Windows
20:27:38.0076 3468 Running under WOW64
20:27:38.0076 3468 Processor architecture: Intel x64
20:27:38.0076 3468 Number of processors: 6
20:27:38.0076 3468 Page size: 0x1000
20:27:38.0076 3468 Boot type: Normal boot
20:27:38.0076 3468 ============================================================
20:27:38.0498 3468 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:27:38.0498 3468 Drive \Device\Harddisk1\DR1 - Size: 0x9514B6000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1431, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:27:38.0498 3468 ============================================================
20:27:38.0498 3468 \Device\Harddisk0\DR0:
20:27:38.0498 3468 MBR partitions:
20:27:38.0498 3468 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:27:38.0498 3468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
20:27:38.0498 3468 \Device\Harddisk1\DR1:
20:27:38.0498 3468 MBR partitions:
20:27:38.0498 3468 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A89000
20:27:38.0498 3468 ============================================================
20:27:38.0498 3468 C: <-> \Device\Harddisk1\DR1\Partition0
20:27:38.0513 3468 D: <-> \Device\Harddisk0\DR0\Partition1
20:27:38.0513 3468 ============================================================
20:27:38.0513 3468 Initialize success
20:27:38.0513 3468 ============================================================
20:27:48.0528 2904 ============================================================
20:27:48.0528 2904 Scan started
20:27:48.0528 2904 Mode: Manual;
20:27:48.0528 2904 ============================================================
20:27:49.0090 2904 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:27:49.0106 2904 1394ohci - ok
20:27:49.0106 2904 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:27:49.0121 2904 ACPI - ok
20:27:49.0121 2904 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:27:49.0121 2904 AcpiPmi - ok
20:27:49.0121 2904 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:27:49.0121 2904 AdobeARMservice - ok
20:27:49.0152 2904 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:27:49.0152 2904 adp94xx - ok
20:27:49.0168 2904 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:27:49.0168 2904 adpahci - ok
20:27:49.0184 2904 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:27:49.0184 2904 adpu320 - ok
20:27:49.0184 2904 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:27:49.0184 2904 AeLookupSvc - ok
20:27:49.0215 2904 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:27:49.0215 2904 AFD - ok
20:27:49.0215 2904 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:27:49.0215 2904 agp440 - ok
20:27:49.0230 2904 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:27:49.0230 2904 ALG - ok
20:27:49.0230 2904 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:27:49.0230 2904 aliide - ok
20:27:49.0230 2904 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:27:49.0230 2904 amdide - ok
20:27:49.0246 2904 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:27:49.0246 2904 AmdK8 - ok
20:27:49.0246 2904 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:27:49.0246 2904 AmdPPM - ok
20:27:49.0246 2904 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:27:49.0246 2904 amdsata - ok
20:27:49.0262 2904 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:27:49.0262 2904 amdsbs - ok
20:27:49.0262 2904 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:27:49.0262 2904 amdxata - ok
20:27:49.0277 2904 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:27:49.0277 2904 AppID - ok
20:27:49.0277 2904 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:27:49.0277 2904 AppIDSvc - ok
20:27:49.0293 2904 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:27:49.0293 2904 Appinfo - ok
20:27:49.0293 2904 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:27:49.0293 2904 Apple Mobile Device - ok
20:27:49.0308 2904 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:27:49.0308 2904 arc - ok
20:27:49.0308 2904 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:27:49.0308 2904 arcsas - ok
20:27:49.0324 2904 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:27:49.0324 2904 aspnet_state - ok
20:27:49.0324 2904 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:27:49.0324 2904 AsyncMac - ok
20:27:49.0340 2904 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:27:49.0340 2904 atapi - ok
20:27:49.0355 2904 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:27:49.0355 2904 AudioEndpointBuilder - ok
20:27:49.0371 2904 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:27:49.0371 2904 AudioSrv - ok
20:27:49.0371 2904 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:27:49.0386 2904 AxInstSV - ok
20:27:49.0402 2904 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:27:49.0402 2904 b06bdrv - ok
20:27:49.0418 2904 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:27:49.0418 2904 b57nd60a - ok
20:27:49.0433 2904 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:27:49.0433 2904 BDESVC - ok
20:27:49.0433 2904 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:27:49.0433 2904 Beep - ok
20:27:49.0464 2904 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:27:49.0464 2904 BFE - ok
20:27:49.0496 2904 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:27:49.0496 2904 BITS - ok
20:27:49.0511 2904 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:27:49.0511 2904 blbdrive - ok
20:27:49.0527 2904 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:27:49.0527 2904 Bonjour Service - ok
20:27:49.0542 2904 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:27:49.0542 2904 bowser - ok
20:27:49.0542 2904 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:27:49.0542 2904 BrFiltLo - ok
20:27:49.0542 2904 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:27:49.0542 2904 BrFiltUp - ok
20:27:49.0558 2904 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:27:49.0558 2904 BridgeMP - ok
20:27:49.0558 2904 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:27:49.0558 2904 Browser - ok
20:27:49.0574 2904 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:27:49.0574 2904 Brserid - ok
20:27:49.0589 2904 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:27:49.0589 2904 BrSerWdm - ok
20:27:49.0589 2904 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:27:49.0589 2904 BrUsbMdm - ok
20:27:49.0589 2904 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:27:49.0589 2904 BrUsbSer - ok
20:27:49.0605 2904 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:27:49.0605 2904 BTHMODEM - ok
20:27:49.0605 2904 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:27:49.0605 2904 bthserv - ok
20:27:49.0605 2904 catchme - ok
20:27:49.0620 2904 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:27:49.0620 2904 cdfs - ok
20:27:49.0620 2904 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:27:49.0620 2904 cdrom - ok
20:27:49.0636 2904 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:27:49.0636 2904 CertPropSvc - ok
20:27:49.0636 2904 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:27:49.0636 2904 circlass - ok
20:27:49.0652 2904 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:27:49.0667 2904 CLFS - ok
20:27:49.0667 2904 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:27:49.0667 2904 clr_optimization_v2.0.50727_32 - ok
20:27:49.0683 2904 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:27:49.0683 2904 clr_optimization_v2.0.50727_64 - ok
20:27:49.0698 2904 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:27:49.0698 2904 clr_optimization_v4.0.30319_32 - ok
20:27:49.0714 2904 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:27:49.0714 2904 clr_optimization_v4.0.30319_64 - ok
20:27:49.0714 2904 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:27:49.0714 2904 CmBatt - ok
20:27:49.0714 2904 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:27:49.0714 2904 cmdide - ok
20:27:49.0745 2904 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:27:49.0745 2904 CNG - ok
20:27:49.0745 2904 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:27:49.0745 2904 Compbatt - ok
20:27:49.0761 2904 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:27:49.0761 2904 CompositeBus - ok
20:27:49.0761 2904 COMSysApp - ok
20:27:49.0761 2904 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:27:49.0761 2904 crcdisk - ok
20:27:49.0776 2904 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:27:49.0776 2904 CryptSvc - ok
20:27:49.0776 2904 dc3d (23d4b856725f5fc3c4f410c150ab107b) C:\Windows\system32\DRIVERS\dc3d.sys
20:27:49.0776 2904 dc3d - ok
20:27:49.0792 2904 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:27:49.0808 2904 DcomLaunch - ok
20:27:49.0808 2904 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:27:49.0823 2904 defragsvc - ok
20:27:49.0823 2904 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:27:49.0823 2904 DfsC - ok
20:27:49.0839 2904 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:27:49.0839 2904 Dhcp - ok
20:27:49.0839 2904 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:27:49.0839 2904 discache - ok
20:27:49.0854 2904 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:27:49.0854 2904 Disk - ok
20:27:49.0854 2904 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:27:49.0854 2904 Dnscache - ok
20:27:49.0870 2904 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:27:49.0870 2904 dot3svc - ok
20:27:49.0886 2904 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:27:49.0886 2904 DPS - ok
20:27:49.0886 2904 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:27:49.0886 2904 drmkaud - ok
20:27:49.0917 2904 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:27:49.0932 2904 DXGKrnl - ok
20:27:49.0948 2904 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:27:49.0948 2904 EapHost - ok
20:27:49.0948 2904 easytether (1d69a83033930c20583d608c622ca56b) C:\Windows\system32\DRIVERS\easytthr.sys
20:27:49.0964 2904 easytether - ok
20:27:50.0057 2904 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:27:50.0088 2904 ebdrv - ok
20:27:50.0120 2904 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:27:50.0120 2904 EFS - ok
20:27:50.0151 2904 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:27:50.0151 2904 ehRecvr - ok
20:27:50.0166 2904 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:27:50.0166 2904 ehSched - ok
20:27:50.0182 2904 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:27:50.0198 2904 elxstor - ok
20:27:50.0198 2904 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:27:50.0198 2904 ErrDev - ok
20:27:50.0213 2904 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:27:50.0213 2904 EventSystem - ok
20:27:50.0229 2904 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:27:50.0229 2904 exfat - ok
20:27:50.0244 2904 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:27:50.0244 2904 fastfat - ok
20:27:50.0276 2904 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:27:50.0276 2904 Fax - ok
20:27:50.0276 2904 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:27:50.0276 2904 fdc - ok
20:27:50.0276 2904 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:27:50.0276 2904 fdPHost - ok
20:27:50.0291 2904 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:27:50.0291 2904 FDResPub - ok
20:27:50.0291 2904 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:27:50.0291 2904 FileInfo - ok
20:27:50.0291 2904 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:27:50.0291 2904 Filetrace - ok
20:27:50.0291 2904 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:27:50.0291 2904 flpydisk - ok
20:27:50.0307 2904 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:27:50.0307 2904 FltMgr - ok
20:27:50.0354 2904 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:27:50.0354 2904 FontCache - ok
20:27:50.0369 2904 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:27:50.0369 2904 FontCache3.0.0.0 - ok
20:27:50.0369 2904 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:27:50.0369 2904 FsDepends - ok
20:27:50.0385 2904 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:27:50.0385 2904 Fs_Rec - ok
20:27:50.0400 2904 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:27:50.0400 2904 fvevol - ok
20:27:50.0400 2904 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:27:50.0400 2904 gagp30kx - ok
20:27:50.0400 2904 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:27:50.0416 2904 GEARAspiWDM - ok
20:27:50.0432 2904 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:27:50.0447 2904 gpsvc - ok
20:27:50.0447 2904 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:27:50.0447 2904 hcw85cir - ok
20:27:50.0463 2904 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:27:50.0463 2904 HdAudAddService - ok
20:27:50.0463 2904 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:27:50.0463 2904 HDAudBus - ok
20:27:50.0478 2904 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:27:50.0478 2904 HidBatt - ok
20:27:50.0478 2904 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:27:50.0478 2904 HidBth - ok
20:27:50.0478 2904 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:27:50.0478 2904 HidIr - ok
20:27:50.0494 2904 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:27:50.0494 2904 hidserv - ok
20:27:50.0494 2904 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:27:50.0494 2904 HidUsb - ok
20:27:50.0494 2904 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:27:50.0510 2904 hkmsvc - ok
20:27:50.0510 2904 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:27:50.0510 2904 HomeGroupListener - ok
20:27:50.0525 2904 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:27:50.0525 2904 HomeGroupProvider - ok
20:27:50.0525 2904 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:27:50.0525 2904 HpSAMD - ok
20:27:50.0572 2904 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
20:27:50.0603 2904 HPSLPSVC - ok
20:27:50.0634 2904 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:27:50.0634 2904 HTTP - ok
20:27:50.0650 2904 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:27:50.0650 2904 hwpolicy - ok
20:27:50.0650 2904 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:27:50.0650 2904 i8042prt - ok
20:27:50.0666 2904 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:27:50.0681 2904 iaStorV - ok
20:27:50.0697 2904 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:27:50.0712 2904 idsvc - ok
20:27:50.0728 2904 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:27:50.0728 2904 iirsp - ok
20:27:50.0759 2904 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:27:50.0759 2904 IKEEXT - ok
20:27:50.0759 2904 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:27:50.0759 2904 intelide - ok
20:27:50.0775 2904 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:27:50.0775 2904 intelppm - ok
20:27:50.0775 2904 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:27:50.0775 2904 IPBusEnum - ok
20:27:50.0775 2904 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:27:50.0775 2904 IpFilterDriver - ok
20:27:50.0806 2904 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:27:50.0806 2904 iphlpsvc - ok
20:27:50.0806 2904 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:27:50.0822 2904 IPMIDRV - ok
20:27:50.0822 2904 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:27:50.0822 2904 IPNAT - ok
20:27:50.0853 2904 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
20:27:50.0868 2904 iPod Service - ok
20:27:50.0868 2904 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:27:50.0868 2904 IRENUM - ok
20:27:50.0868 2904 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:27:50.0868 2904 isapnp - ok
20:27:50.0884 2904 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:27:50.0884 2904 iScsiPrt - ok
20:27:50.0900 2904 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:27:50.0900 2904 kbdclass - ok
20:27:50.0900 2904 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:27:50.0900 2904 kbdhid - ok
20:27:50.0900 2904 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:27:50.0900 2904 KeyIso - ok
20:27:50.0915 2904 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:27:50.0915 2904 KSecDD - ok
20:27:50.0915 2904 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:27:50.0931 2904 KSecPkg - ok
20:27:50.0931 2904 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:27:50.0931 2904 ksthunk - ok
20:27:50.0946 2904 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:27:50.0946 2904 KtmRm - ok
20:27:50.0946 2904 L8042Kbd (f33c5d79d3273530e1892a0922283a7b) C:\Windows\system32\DRIVERS\L8042Kbd.sys
20:27:50.0946 2904 L8042Kbd - ok
20:27:50.0962 2904 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:27:50.0962 2904 LanmanServer - ok
20:27:50.0978 2904 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:27:50.0978 2904 LanmanWorkstation - ok
20:27:50.0978 2904 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
20:27:50.0978 2904 LBTServ - ok
20:27:50.0993 2904 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
20:27:50.0993 2904 LGBusEnum - ok
20:27:50.0993 2904 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
20:27:50.0993 2904 LGVirHid - ok
20:27:50.0993 2904 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:27:50.0993 2904 LHidFilt - ok
20:27:51.0009 2904 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:27:51.0009 2904 lltdio - ok
20:27:51.0024 2904 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:27:51.0024 2904 lltdsvc - ok
20:27:51.0024 2904 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:27:51.0024 2904 lmhosts - ok
20:27:51.0040 2904 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:27:51.0040 2904 LMouFilt - ok
20:27:51.0040 2904 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:27:51.0040 2904 LSI_FC - ok
20:27:51.0056 2904 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:27:51.0056 2904 LSI_SAS - ok
20:27:51.0056 2904 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:27:51.0056 2904 LSI_SAS2 - ok
20:27:51.0071 2904 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:27:51.0071 2904 LSI_SCSI - ok
20:27:51.0071 2904 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:27:51.0071 2904 luafv - ok
20:27:51.0071 2904 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
20:27:51.0087 2904 LUsbFilt - ok
20:27:51.0087 2904 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:27:51.0087 2904 Mcx2Svc - ok
20:27:51.0087 2904 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:27:51.0087 2904 megasas - ok
20:27:51.0102 2904 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:27:51.0118 2904 MegaSR - ok
20:27:51.0118 2904 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:27:51.0118 2904 MMCSS - ok
20:27:51.0118 2904 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:27:51.0118 2904 Modem - ok
20:27:51.0118 2904 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:27:51.0118 2904 monitor - ok
20:27:51.0134 2904 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\Windows\system32\Drivers\motoandroid.sys
20:27:51.0134 2904 motandroidusb - ok
20:27:51.0134 2904 MotDev (3cc500c9b0e4d476802d277353cb2c89) C:\Windows\system32\DRIVERS\motodrv.sys
20:27:51.0134 2904 MotDev - ok
20:27:51.0134 2904 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:27:51.0134 2904 mouclass - ok
20:27:51.0149 2904 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:27:51.0149 2904 mouhid - ok
20:27:51.0149 2904 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:27:51.0149 2904 mountmgr - ok
20:27:51.0149 2904 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:27:51.0165 2904 MozillaMaintenance - ok
20:27:51.0165 2904 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
20:27:51.0165 2904 MpFilter - ok
20:27:51.0180 2904 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:27:51.0180 2904 mpio - ok
20:27:51.0180 2904 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:27:51.0180 2904 mpsdrv - ok
20:27:51.0212 2904 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:27:51.0212 2904 MpsSvc - ok
20:27:51.0227 2904 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:27:51.0227 2904 MRxDAV - ok
20:27:51.0243 2904 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:27:51.0243 2904 mrxsmb - ok
20:27:51.0243 2904 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:27:51.0258 2904 mrxsmb10 - ok
20:27:51.0258 2904 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:27:51.0258 2904 mrxsmb20 - ok
20:27:51.0258 2904 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:27:51.0258 2904 msahci - ok
20:27:51.0274 2904 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:27:51.0274 2904 msdsm - ok
20:27:51.0274 2904 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:27:51.0290 2904 MSDTC - ok
20:27:51.0290 2904 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:27:51.0290 2904 Msfs - ok
20:27:51.0290 2904 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:27:51.0290 2904 mshidkmdf - ok
20:27:51.0290 2904 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:27:51.0305 2904 msisadrv - ok
20:27:51.0305 2904 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:27:51.0305 2904 MSiSCSI - ok
20:27:51.0305 2904 msiserver - ok
20:27:51.0321 2904 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:27:51.0321 2904 MSKSSRV - ok
20:27:51.0321 2904 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:27:51.0321 2904 MsMpSvc - ok
20:27:51.0321 2904 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:27:51.0321 2904 MSPCLOCK - ok
20:27:51.0321 2904 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:27:51.0321 2904 MSPQM - ok
20:27:51.0336 2904 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:27:51.0352 2904 MsRPC - ok
20:27:51.0352 2904 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:27:51.0352 2904 mssmbios - ok
20:27:51.0352 2904 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:27:51.0352 2904 MSTEE - ok
20:27:51.0368 2904 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:27:51.0368 2904 MTConfig - ok
20:27:51.0368 2904 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:27:51.0368 2904 Mup - ok
20:27:51.0383 2904 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:27:51.0383 2904 napagent - ok
20:27:51.0399 2904 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:27:51.0414 2904 NativeWifiP - ok
20:27:51.0446 2904 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:27:51.0461 2904 NDIS - ok
20:27:51.0461 2904 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:27:51.0461 2904 NdisCap - ok
20:27:51.0461 2904 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:27:51.0461 2904 NdisTapi - ok
20:27:51.0461 2904 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:27:51.0477 2904 Ndisuio - ok
20:27:51.0477 2904 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:27:51.0477 2904 NdisWan - ok
20:27:51.0477 2904 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:27:51.0492 2904 NDProxy - ok
20:27:51.0492 2904 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
20:27:51.0492 2904 Net Driver HPZ12 - ok
20:27:51.0492 2904 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:27:51.0492 2904 NetBIOS - ok
20:27:51.0508 2904 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:27:51.0508 2904 NetBT - ok
20:27:51.0508 2904 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:27:51.0508 2904 Netlogon - ok
20:27:51.0524 2904 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:27:51.0524 2904 Netman - ok
20:27:51.0539 2904 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:27:51.0539 2904 NetMsmqActivator - ok
20:27:51.0555 2904 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:27:51.0555 2904 NetPipeActivator - ok
20:27:51.0570 2904 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:27:51.0570 2904 netprofm - ok
20:27:51.0570 2904 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:27:51.0570 2904 NetTcpActivator - ok
20:27:51.0570 2904 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:27:51.0570 2904 NetTcpPortSharing - ok
20:27:51.0586 2904 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:27:51.0586 2904 nfrd960 - ok
20:27:51.0586 2904 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:27:51.0586 2904 NisDrv - ok
20:27:51.0602 2904 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
20:27:51.0602 2904 NisSrv - ok
20:27:51.0617 2904 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:27:51.0617 2904 NlaSvc - ok
20:27:51.0633 2904 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:27:51.0633 2904 Npfs - ok
20:27:51.0633 2904 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:27:51.0633 2904 nsi - ok
20:27:51.0633 2904 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:27:51.0633 2904 nsiproxy - ok
20:27:51.0695 2904 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:27:51.0726 2904 Ntfs - ok
20:27:51.0742 2904 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:27:51.0758 2904 Null - ok
20:27:51.0758 2904 nusb3hub (785298579b5f9b4032152dfbb992fdb6) C:\Windows\system32\DRIVERS\nusb3hub.sys
20:27:51.0758 2904 nusb3hub - ok
20:27:51.0758 2904 nusb3xhc (df2750481b4964814467c974f2b0eef1) C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:27:51.0758 2904 nusb3xhc - ok
20:27:51.0773 2904 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
20:27:51.0773 2904 NVHDA - ok
20:27:52.0194 2904 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:27:52.0350 2904 nvlddmkm - ok
20:27:52.0382 2904 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:27:52.0382 2904 nvraid - ok
20:27:52.0382 2904 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:27:52.0397 2904 nvstor - ok
20:27:52.0413 2904 NVSvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
20:27:52.0428 2904 NVSvc - ok
20:27:52.0460 2904 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:27:52.0475 2904 nvUpdatusService - ok
20:27:52.0506 2904 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:27:52.0506 2904 nv_agp - ok
20:27:52.0522 2904 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:27:52.0522 2904 ohci1394 - ok
20:27:52.0538 2904 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:27:52.0538 2904 p2pimsvc - ok
20:27:52.0553 2904 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:27:52.0569 2904 p2psvc - ok
20:27:52.0569 2904 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:27:52.0569 2904 Parport - ok
20:27:52.0569 2904 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:27:52.0584 2904 partmgr - ok
20:27:52.0584 2904 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:27:52.0584 2904 PcaSvc - ok
20:27:52.0600 2904 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:27:52.0600 2904 pci - ok
20:27:52.0600 2904 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:27:52.0600 2904 pciide - ok
20:27:52.0616 2904 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:27:52.0616 2904 pcmcia - ok
20:27:52.0616 2904 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:27:52.0616 2904 pcw - ok
20:27:52.0647 2904 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:27:52.0647 2904 PEAUTH - ok
20:27:52.0678 2904 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:27:52.0678 2904 PerfHost - ok
20:27:52.0756 2904 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:27:52.0772 2904 pla - ok
20:27:52.0787 2904 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:27:52.0787 2904 PlugPlay - ok
20:27:52.0787 2904 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
20:27:52.0787 2904 Pml Driver HPZ12 - ok
20:27:52.0803 2904 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:27:52.0803 2904 PNRPAutoReg - ok
20:27:52.0818 2904 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:27:52.0818 2904 PNRPsvc - ok
20:27:52.0818 2904 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
20:27:52.0818 2904 Point64 - ok
20:27:52.0850 2904 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:27:52.0850 2904 PolicyAgent - ok
20:27:52.0865 2904 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:27:52.0865 2904 Power - ok
20:27:52.0865 2904 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:27:52.0865 2904 PptpMiniport - ok
20:27:52.0865 2904 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:27:52.0881 2904 Processor - ok
20:27:52.0881 2904 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:27:52.0881 2904 ProfSvc - ok
20:27:52.0881 2904 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:27:52.0896 2904 ProtectedStorage - ok
20:27:52.0896 2904 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:27:52.0896 2904 Psched - ok
20:27:52.0943 2904 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:27:52.0959 2904 ql2300 - ok
20:27:52.0990 2904 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:27:53.0006 2904 ql40xx - ok
20:27:53.0006 2904 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:27:53.0021 2904 QWAVE - ok
20:27:53.0021 2904 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:27:53.0021 2904 QWAVEdrv - ok
20:27:53.0021 2904 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:27:53.0021 2904 RasAcd - ok
20:27:53.0037 2904 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:27:53.0037 2904 RasAgileVpn - ok
20:27:53.0037 2904 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:27:53.0037 2904 RasAuto - ok
20:27:53.0052 2904 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:27:53.0052 2904 Rasl2tp - ok
20:27:53.0052 2904 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:27:53.0068 2904 RasMan - ok
20:27:53.0068 2904 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:27:53.0068 2904 RasPppoe - ok
20:27:53.0068 2904 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:27:53.0068 2904 RasSstp - ok
20:27:53.0084 2904 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:27:53.0084 2904 rdbss - ok
20:27:53.0099 2904 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:27:53.0099 2904 rdpbus - ok
20:27:53.0099 2904 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:27:53.0099 2904 RDPCDD - ok
20:27:53.0099 2904 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:27:53.0099 2904 RDPENCDD - ok
20:27:53.0115 2904 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:27:53.0115 2904 RDPREFMP - ok
20:27:53.0115 2904 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:27:53.0115 2904 RDPWD - ok
20:27:53.0130 2904 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:27:53.0130 2904 rdyboost - ok
20:27:53.0146 2904 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:27:53.0146 2904 RemoteAccess - ok
20:27:53.0146 2904 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:27:53.0146 2904 RemoteRegistry - ok
20:27:53.0162 2904 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:27:53.0162 2904 RpcEptMapper - ok
20:27:53.0162 2904 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:27:53.0162 2904 RpcLocator - ok
20:27:53.0177 2904 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:27:53.0193 2904 RpcSs - ok
20:27:53.0193 2904 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:27:53.0193 2904 rspndr - ok
20:27:53.0208 2904 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:27:53.0208 2904 RTL8167 - ok
20:27:53.0208 2904 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:27:53.0208 2904 SamSs - ok
20:27:53.0208 2904 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:27:53.0208 2904 sbp2port - ok
20:27:53.0224 2904 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:27:53.0224 2904 SCardSvr - ok
20:27:53.0224 2904 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:27:53.0224 2904 scfilter - ok
20:27:53.0271 2904 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:27:53.0271 2904 Schedule - ok
20:27:53.0286 2904 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:27:53.0286 2904 SCPolicySvc - ok
20:27:53.0286 2904 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:27:53.0286 2904 SDRSVC - ok
20:27:53.0302 2904 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:27:53.0302 2904 secdrv - ok
20:27:53.0302 2904 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:27:53.0302 2904 seclogon - ok
20:27:53.0302 2904 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:27:53.0302 2904 SENS - ok
20:27:53.0318 2904 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:27:53.0318 2904 SensrSvc - ok
20:27:53.0318 2904 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:27:53.0318 2904 Serenum - ok
20:27:53.0318 2904 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:27:53.0318 2904 Serial - ok
20:27:53.0333 2904 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:27:53.0333 2904 sermouse - ok
20:27:53.0333 2904 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:27:53.0349 2904 SessionEnv - ok
20:27:53.0349 2904 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:27:53.0349 2904 sffdisk - ok
20:27:53.0349 2904 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:27:53.0349 2904 sffp_mmc - ok
20:27:53.0349 2904 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:27:53.0349 2904 sffp_sd - ok
20:27:53.0349 2904 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:27:53.0349 2904 sfloppy - ok
20:27:53.0380 2904 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:27:53.0380 2904 SharedAccess - ok
20:27:53.0396 2904 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:27:53.0396 2904 ShellHWDetection - ok
20:27:53.0396 2904 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:27:53.0396 2904 SiSRaid2 - ok
20:27:53.0411 2904 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:27:53.0411 2904 SiSRaid4 - ok
20:27:53.0411 2904 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:27:53.0411 2904 Smb - ok
20:27:53.0411 2904 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:27:53.0427 2904 SNMPTRAP - ok
20:27:53.0442 2904 speedfan (7455ed832a33fef453407f5411c3342d) C:\Windows\syswow64\speedfan.sys
20:27:53.0442 2904 speedfan - ok
20:27:53.0442 2904 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:27:53.0442 2904 spldr - ok
20:27:53.0474 2904 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:27:53.0474 2904 Spooler - ok
20:27:53.0614 2904 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:27:53.0630 2904 sppsvc - ok
20:27:53.0645 2904 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:27:53.0645 2904 sppuinotify - ok
20:27:53.0676 2904 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:27:53.0676 2904 srv - ok
20:27:53.0692 2904 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:27:53.0692 2904 srv2 - ok
20:27:53.0708 2904 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:27:53.0708 2904 srvnet - ok
20:27:53.0708 2904 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:27:53.0708 2904 SSDPSRV - ok
20:27:53.0723 2904 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:27:53.0723 2904 SstpSvc - ok
20:27:53.0723 2904 Steam Client Service - ok
20:27:53.0739 2904 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:27:53.0739 2904 Stereo Service - ok
20:27:53.0754 2904 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:27:53.0754 2904 stexstor - ok
20:27:53.0754 2904 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
20:27:53.0754 2904 StillCam - ok
20:27:53.0786 2904 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:27:53.0786 2904 stisvc - ok
20:27:53.0786 2904 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:27:53.0786 2904 swenum - ok
20:27:53.0817 2904 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:27:53.0817 2904 swprv - ok
20:27:53.0879 2904 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:27:53.0895 2904 SysMain - ok
20:27:53.0926 2904 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:27:53.0926 2904 TabletInputService - ok
20:27:53.0942 2904 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:27:53.0942 2904 TapiSrv - ok
20:27:53.0942 2904 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:27:53.0942 2904 TBS - ok
20:27:54.0004 2904 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:27:54.0035 2904 Tcpip - ok
20:27:54.0113 2904 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:27:54.0129 2904 TCPIP6 - ok
20:27:54.0160 2904 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:27:54.0160 2904 tcpipreg - ok
20:27:54.0160 2904 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:27:54.0160 2904 TDPIPE - ok
20:27:54.0160 2904 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:27:54.0160 2904 TDTCP - ok
20:27:54.0176 2904 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:27:54.0176 2904 tdx - ok
20:27:54.0176 2904 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:27:54.0176 2904 TermDD - ok
20:27:54.0207 2904 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:27:54.0207 2904 TermService - ok
20:27:54.0207 2904 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:27:54.0222 2904 Themes - ok
20:27:54.0222 2904 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:27:54.0222 2904 THREADORDER - ok
20:27:54.0222 2904 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:27:54.0222 2904 TrkWks - ok
20:27:54.0238 2904 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:27:54.0238 2904 TrustedInstaller - ok
20:27:54.0238 2904 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:27:54.0238 2904 tssecsrv - ok
20:27:54.0254 2904 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:27:54.0254 2904 TsUsbFlt - ok
20:27:54.0254 2904 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:27:54.0254 2904 tunnel - ok
20:27:54.0269 2904 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:27:54.0269 2904 uagp35 - ok
20:27:54.0285 2904 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:27:54.0285 2904 udfs - ok
20:27:54.0285 2904 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:27:54.0300 2904 UI0Detect - ok
20:27:54.0300 2904 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:27:54.0300 2904 uliagpkx - ok
20:27:54.0300 2904 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:27:54.0300 2904 umbus - ok
20:27:54.0300 2904 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:27:54.0300 2904 UmPass - ok
20:27:54.0332 2904 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:27:54.0332 2904 upnphost - ok
20:27:54.0332 2904 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:27:54.0332 2904 USBAAPL64 - ok
20:27:54.0332 2904 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:27:54.0347 2904 usbaudio - ok
20:27:54.0347 2904 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:27:54.0347 2904 usbccgp - ok
20:27:54.0347 2904 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:27:54.0363 2904 usbcir - ok
20:27:54.0363 2904 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:27:54.0363 2904 usbehci - ok
20:27:54.0378 2904 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:27:54.0378 2904 usbhub - ok
20:27:54.0378 2904 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:27:54.0378 2904 usbohci - ok
20:27:54.0378 2904 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:27:54.0378 2904 usbprint - ok
20:27:54.0394 2904 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:27:54.0394 2904 USBSTOR - ok
20:27:54.0394 2904 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:27:54.0394 2904 usbuhci - ok
20:27:54.0394 2904 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:27:54.0394 2904 UxSms - ok
20:27:54.0410 2904 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:27:54.0410 2904 VaultSvc - ok
20:27:54.0410 2904 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:27:54.0410 2904 vdrvroot - ok
20:27:54.0425 2904 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:27:54.0441 2904 vds - ok
20:27:54.0441 2904 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:27:54.0441 2904 vga - ok
20:27:54.0441 2904 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:27:54.0441 2904 VgaSave - ok
20:27:54.0456 2904 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:27:54.0456 2904 vhdmp - ok
20:27:54.0456 2904 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:27:54.0456 2904 viaide - ok
20:27:54.0472 2904 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:27:54.0472 2904 volmgr - ok
20:27:54.0488 2904 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:27:54.0488 2904 volmgrx - ok
20:27:54.0503 2904 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:27:54.0503 2904 volsnap - ok
20:27:54.0519 2904 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:27:54.0519 2904 vsmraid - ok
20:27:54.0566 2904 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:27:54.0581 2904 VSS - ok
20:27:54.0612 2904 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:27:54.0612 2904 vwifibus - ok
20:27:54.0628 2904 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:27:54.0628 2904 W32Time - ok
20:27:54.0628 2904 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:27:54.0644 2904 WacomPen - ok
20:27:54.0644 2904 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:27:54.0644 2904 WANARP - ok
20:27:54.0644 2904 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:27:54.0644 2904 Wanarpv6 - ok
20:27:54.0690 2904 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:27:54.0690 2904 WatAdminSvc - ok
20:27:54.0753 2904 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:27:54.0768 2904 wbengine - ok
20:27:54.0800 2904 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:27:54.0800 2904 WbioSrvc - ok
20:27:54.0815 2904 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:27:54.0831 2904 wcncsvc - ok
20:27:54.0831 2904 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:27:54.0831 2904 WcsPlugInService - ok
20:27:54.0831 2904 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:27:54.0831 2904 Wd - ok
20:27:54.0862 2904 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:27:54.0878 2904 Wdf01000 - ok
20:27:54.0878 2904 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:27:54.0878 2904 WdiServiceHost - ok
20:27:54.0878 2904 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:27:54.0878 2904 WdiSystemHost - ok
20:27:54.0893 2904 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:27:54.0893 2904 WebClient - ok
20:27:54.0909 2904 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:27:54.0909 2904 Wecsvc - ok
20:27:54.0924 2904 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:27:54.0924 2904 wercplsupport - ok
20:27:54.0924 2904 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:27:54.0924 2904 WerSvc - ok
20:27:54.0940 2904 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:27:54.0940 2904 WfpLwf - ok
20:27:54.0940 2904 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:27:54.0940 2904 WIMMount - ok
20:27:54.0940 2904 WinDefend - ok
20:27:54.0956 2904 WinHttpAutoProxySvc - ok
20:27:54.0971 2904 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:27:54.0971 2904 Winmgmt - ok
20:27:55.0034 2904 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:27:55.0065 2904 WinRM - ok
20:27:55.0096 2904 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:27:55.0096 2904 WinUsb - ok
20:27:55.0127 2904 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:27:55.0143 2904 Wlansvc - ok
20:27:55.0221 2904 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:27:55.0236 2904 wlidsvc - ok
20:27:55.0268 2904 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:27:55.0268 2904 WmiAcpi - ok
20:27:55.0283 2904 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:27:55.0283 2904 wmiApSrv - ok
20:27:55.0283 2904 WMPNetworkSvc - ok
20:27:55.0299 2904 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:27:55.0299 2904 WPCSvc - ok
20:27:55.0299 2904 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:27:55.0299 2904 WPDBusEnum - ok
20:27:55.0314 2904 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:27:55.0314 2904 ws2ifsl - ok
20:27:55.0314 2904 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:27:55.0314 2904 wscsvc - ok
20:27:55.0314 2904 WSearch - ok
20:27:55.0392 2904 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:27:55.0424 2904 wuauserv - ok
20:27:55.0455 2904 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:27:55.0455 2904 WudfPf - ok
20:27:55.0470 2904 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:27:55.0470 2904 WUDFRd - ok
20:27:55.0470 2904 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:27:55.0470 2904 wudfsvc - ok
20:27:55.0486 2904 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:27:55.0486 2904 WwanSvc - ok
20:27:55.0502 2904 ygeyumba - ok
20:27:55.0502 2904 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:27:55.0658 2904 \Device\Harddisk0\DR0 - ok
20:27:55.0658 2904 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
20:27:55.0658 2904 \Device\Harddisk1\DR1 - ok
20:27:55.0658 2904 Boot (0x1200) (88e77e747712a0c3a2605b32fed76341) \Device\Harddisk0\DR0\Partition0
20:27:55.0658 2904 \Device\Harddisk0\DR0\Partition0 - ok
20:27:55.0658 2904 Boot (0x1200) (a178007efa4aba9de5d1f5df53cfb983) \Device\Harddisk0\DR0\Partition1
20:27:55.0658 2904 \Device\Harddisk0\DR0\Partition1 - ok
20:27:55.0658 2904 Boot (0x1200) (366e6262c96e5b2dc63aeb441cbf1e90) \Device\Harddisk1\DR1\Partition0
20:27:55.0658 2904 \Device\Harddisk1\DR1\Partition0 - ok
20:27:55.0673 2904 ============================================================
20:27:55.0673 2904 Scan finished
20:27:55.0673 2904 ============================================================
20:27:55.0673 5036 Detected object count: 0
20:27:55.0673 5036 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-09 20:29:40
-----------------------------
20:29:40.505 OS Version: Windows x64 6.1.7601 Service Pack 1
20:29:40.505 Number of processors: 6 586 0xA00
20:29:40.505 ComputerName: NONEYAH UserName: Dad
20:29:41.004 Initialize success
20:30:43.321 AVAST engine defs: 12070901
20:30:54.697 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:30:54.698 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3
20:30:54.700 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
20:30:54.702 Disk 1 Vendor: Corsair_CSSD-F40GB2 1.1 Size: 38164MB BusType: 3
20:30:54.704 Disk 1 MBR read successfully
20:30:54.706 Disk 1 MBR scan
20:30:54.710 Disk 1 Windows 7 default MBR code
20:30:54.713 Disk 1 Partition 1 00 07 HPFS/NTFS NTFS 38162 MB offset 2048
20:30:54.757 Disk 1 scanning C:\Windows\system32\drivers
20:31:00.663 Service scanning
20:31:15.463 Modules scanning
20:31:15.469 Disk 1 trace - called modules:
20:31:15.472 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:31:15.476 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800726b060]
20:31:15.480 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8006b7d580]
20:31:15.484 5 ACPI.sys[fffff88000edd7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-1[0xfffffa8006d33680]
20:31:16.018 AVAST engine scan C:\Windows
20:31:17.711 AVAST engine scan C:\Windows\system32
20:33:35.018 AVAST engine scan C:\Windows\system32\drivers
20:33:42.002 AVAST engine scan C:\Users\Dad
20:34:21.212 AVAST engine scan C:\ProgramData
20:34:35.733 Scan finished successfully
20:34:46.201 Disk 1 MBR has been saved successfully to "C:\Users\Dad\Desktop\MBR.dat"
20:34:46.205 The log file has been saved successfully to "C:\Users\Dad\Desktop\aswMBR.txt"

#9 GMaelstrom

GMaelstrom
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 09 July 2012 - 10:42 PM

I might have been a little hasty.... it found it in the Qoobox folder. I removed it using MSE.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 09 July 2012 - 10:54 PM

Greetings

Yea that is the backup folder for combofix

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

Driver::
ygeyumba

FireFox::
FF - ProfilePath - c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\iz6ibi88.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 GMaelstrom

GMaelstrom
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 09 July 2012 - 11:28 PM

No problems running the script. Computer seems to be behaving normally.

ComboFix 12-07-08.03 - Dad 07/09/2012 21:18:45.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8190.6012 [GMT -7:00]
Running from: c:\users\Dad\Desktop\ComboFix.exe
Command switches used :: c:\users\Dad\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ygeyumba
.
.
((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))
.
.
2012-07-10 04:22 . 2012-07-10 04:22 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23EE5234-F0FA-46CA-B2A0-F5F6DB7D51C1}\offreg.dll
2012-07-10 04:21 . 2012-07-10 04:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-10 04:21 . 2012-07-10 04:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-10 01:58 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23EE5234-F0FA-46CA-B2A0-F5F6DB7D51C1}\mpengine.dll
2012-07-10 01:07 . 2012-07-10 01:08 -------- d-----w- C:\FRST
2012-07-09 03:15 . 2012-07-09 03:15 328704 ----a-w- c:\windows\system32\services.exe.773A42E88BF43548
2012-07-09 03:13 . 2012-07-09 03:13 328704 ----a-w- c:\windows\system32\services.exe.A89E1671C13FE816
2012-07-09 03:10 . 2012-07-09 03:10 328704 ----a-w- c:\windows\system32\services.exe.4B266C0E3756CA93
2012-07-09 02:58 . 2012-07-09 02:58 328704 ----a-w- c:\windows\system32\services.exe.66B885E6B9AC4C63
2012-07-09 02:56 . 2012-07-09 02:56 328704 ----a-w- c:\windows\system32\services.exe.45DB43D0533DAE39
2012-07-09 02:54 . 2012-07-09 02:54 328704 ----a-w- c:\windows\system32\services.exe.3C1C2E4FA2B9D743
2012-07-09 02:51 . 2012-07-09 02:51 328704 ----a-w- c:\windows\system32\services.exe.947EEAD13D4AA135
2012-07-09 02:15 . 2012-07-09 02:15 328704 ----a-w- c:\windows\system32\services.exe.8ED235B81A07AC1F
2012-07-09 02:13 . 2012-07-09 02:13 328704 ----a-w- c:\windows\system32\services.exe.8282BEB57C2262F7
2012-07-09 02:11 . 2012-07-09 02:11 328704 ----a-w- c:\windows\system32\services.exe.B1459E51AB851F59
2012-07-08 23:53 . 2012-07-08 23:53 50392 ----a-w- c:\windows\system32\drivers\pagqrazr.sys
2012-07-08 23:53 . 2012-07-08 23:53 328704 ----a-w- c:\windows\system32\services.exe.04DEF93FDE75D37C
2012-07-08 23:51 . 2012-07-08 23:51 328704 ----a-w- c:\windows\system32\services.exe.E73BEF191044A649
2012-07-08 23:49 . 2012-07-08 23:49 328704 ----a-w- c:\windows\system32\services.exe.E7883BA61BAEDC32
2012-07-08 23:46 . 2012-07-08 23:46 328704 ----a-w- c:\windows\system32\services.exe.F9BE0142C8E22996
2012-07-08 23:44 . 2012-07-08 23:44 328704 ----a-w- c:\windows\system32\services.exe.02BCCF2BA80D8654
2012-07-08 23:42 . 2012-07-08 23:42 328704 ----a-w- c:\windows\system32\services.exe.D321AB6B63C3A8B6
2012-07-08 23:39 . 2012-07-08 23:39 328704 ----a-w- c:\windows\system32\services.exe.EA699004E9B78853
2012-07-08 22:37 . 2012-07-08 22:37 328704 ----a-w- c:\windows\system32\services.exe.82F29EF2F538F647
2012-07-08 22:34 . 2012-07-08 22:34 328704 ----a-w- c:\windows\system32\services.exe.210FE62296114154
2012-07-08 22:32 . 2012-07-08 22:32 328704 ----a-w- c:\windows\system32\services.exe.00F5254084B9B771
2012-07-08 22:30 . 2012-07-08 22:30 328704 ----a-w- c:\windows\system32\services.exe.F1E2CB255F7D6950
2012-07-08 22:27 . 2012-07-08 22:27 328704 ----a-w- c:\windows\system32\services.exe.E4FE2150E0E7E838
2012-07-08 22:25 . 2012-07-08 22:25 328704 ----a-w- c:\windows\system32\services.exe.3C6DD5341C4BCCC1
2012-07-08 22:15 . 2012-07-08 22:15 328704 ----a-w- c:\windows\system32\services.exe.ED11D50856077615
2012-07-08 22:13 . 2012-07-08 22:13 328704 ----a-w- c:\windows\system32\services.exe.19A20114CFD3B9BF
2012-07-08 22:10 . 2012-07-08 22:10 328704 ----a-w- c:\windows\system32\services.exe.C80ACB2B25C52642
2012-07-08 22:08 . 2012-07-08 22:08 328704 ----a-w- c:\windows\system32\services.exe.9248AD40B66C8F0B
2012-07-08 22:06 . 2012-07-08 22:06 328704 ----a-w- c:\windows\system32\services.exe.5D04C95C73E53D1E
2012-07-08 22:03 . 2012-07-08 22:03 328704 ----a-w- c:\windows\system32\services.exe.3678597E47C1F107
2012-07-08 22:01 . 2012-07-08 22:01 328704 ----a-w- c:\windows\system32\services.exe.DBE378EEDDDB3CD2
2012-07-08 21:58 . 2012-07-08 21:58 328704 ----a-w- c:\windows\system32\services.exe.D3AF3C7DAA266B37
2012-07-08 21:56 . 2012-07-08 21:56 328704 ----a-w- c:\windows\system32\services.exe.6E0A5A7168D6EB9A
2012-07-08 21:53 . 2012-07-08 21:53 328704 ----a-w- c:\windows\system32\services.exe.9846F7B70EDDBB04
2012-07-08 21:51 . 2012-07-08 21:51 328704 ----a-w- c:\windows\system32\services.exe.80F26F059F342B10
2012-07-08 21:48 . 2012-07-08 21:48 328704 ----a-w- c:\windows\system32\services.exe.9D4C88E9C93B5703
2012-07-08 21:46 . 2012-07-08 21:46 50392 ----a-w- c:\windows\system32\drivers\kupqlpjh.sys
2012-07-08 21:46 . 2012-07-08 21:46 328704 ----a-w- c:\windows\system32\services.exe.CA16EE47BF3B72CA
2012-07-08 21:44 . 2012-07-08 21:44 328704 ----a-w- c:\windows\system32\services.exe.0FCD4051BDD6372E
2012-07-08 21:41 . 2012-07-08 21:41 328704 ----a-w- c:\windows\system32\services.exe.A828C0E38422F7DA
2012-07-08 21:37 . 2012-07-08 21:37 328704 ----a-w- c:\windows\system32\services.exe.20B8CF54D8E39D1D
2012-07-08 21:34 . 2012-07-08 21:34 328704 ----a-w- c:\windows\system32\services.exe.E92F20B4DD9856CE
2012-07-08 21:28 . 2012-07-08 21:28 328704 ----a-w- c:\windows\system32\services.exe.3694BB1CC896E1F1
2012-07-08 21:25 . 2012-07-08 21:25 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C18CFFB-88CB-461A-A33C-565F8DCC57B7}\gapaengine.dll
2012-07-08 21:25 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-08 21:24 . 2012-07-10 01:57 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-08 21:24 . 2012-07-10 01:57 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-08 16:33 . 2012-07-08 16:33 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-23 19:47 . 2012-06-23 19:47 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-23 19:47 . 2012-06-23 19:47 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-21 22:45 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 22:45 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 22:45 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 22:45 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 22:45 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 22:45 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 22:45 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 22:45 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 22:45 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-13 04:15 . 2012-06-13 04:15 -------- d-----w- c:\users\Dad\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-08 16:22 . 2012-04-04 00:23 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-08 16:22 . 2011-05-23 18:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 10:48 . 2012-05-25 02:10 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-05-25 02:10 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-05-25 02:10 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-05-25 02:10 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-25 02:10 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-05-25 02:10 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-25 02:10 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-05-25 02:10 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-05-25 02:10 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-05-25 02:10 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-05-25 02:10 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-05-25 02:10 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-05-25 02:10 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-05-25 02:10 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-05-25 02:10 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-05-25 02:10 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-05-25 02:10 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-03-14 03:24 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-03-14 03:24 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-03-14 03:24 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-10-26 02:25 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2011-10-26 02:25 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-10-26 02:25 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-10-26 02:25 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2011-10-26 02:25 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-04-02 06:54 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-02-23 15:28 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2011-02-23 08:38 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-02-23 08:38 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-01-08 03:48 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-03-14 03:25 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2011-02-23 08:39 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-02-23 08:39 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-05 03:42 . 2012-04-04 01:42 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-18 17:08 . 2012-05-25 02:10 31040 ----a-w- c:\windows\system32\nvhdap64.dll
2012-04-18 17:08 . 2012-05-25 02:10 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-04-18 17:08 . 2012-03-14 03:24 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-10_01.46.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-02 16:55 . 2012-07-10 01:55 38092 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-10 01:55 28834 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-02 01:29 . 2012-07-10 01:55 12092 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3457429048-1852111845-58648828-1000_UserData.bin
- 2011-04-02 01:25 . 2012-07-10 01:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-02 01:25 . 2012-07-10 01:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:46 . 2012-07-10 01:40 91144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-07-10 01:57 91144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-04-02 01:25 . 2012-07-10 01:38 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-02 01:25 . 2012-07-10 01:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-02 01:25 . 2012-07-10 01:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-02 01:25 . 2012-07-10 01:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-02 02:02 . 2012-07-10 04:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-02 02:02 . 2012-07-10 01:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-02 02:02 . 2012-07-10 01:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-02 02:02 . 2012-07-10 04:17 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-10 04:22 . 2012-07-10 04:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-10 01:46 . 2012-07-10 01:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-07-10 02:00 671176 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-10 01:43 671176 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-10 01:43 126262 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-10 02:00 126262 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-10 01:45 230752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-10 04:21 230752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-27 02:21 . 2012-03-27 02:21 7622656 c:\windows\Installer\3ff6a.msi
+ 2011-04-02 05:25 . 2012-07-10 04:21 39474248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3457429048-1852111845-58648828-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="d:\program files\Steam\Steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
speedfan.exe - Shortcut.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2011-3-17 4523928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-4-2 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-01-07 51584]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 53632]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-23 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-02 1255736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-30 21072]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-11-20 75776]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-11-20 177152]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
"combofix"="c:\combofix\CF28690.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\iz6ibi88.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-07-09 21:23:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-10 04:23
.
Pre-Run: 7,893,745,664 bytes free
Post-Run: 8,234,033,152 bytes free
.
- - End Of File - - BD18D99A31FCAB6CC83C78DE2314AC4A

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 09 July 2012 - 11:44 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 GMaelstrom

GMaelstrom
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 10 July 2012 - 05:47 PM

µTorrent
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
Advanced Combat Tracker (remove only)
AIO_Scan
Apple Application Support
Apple Software Update
BufferChm
C7200
C7200_Help
Counter-Strike: Source
D3DX10
DocProc
Dual-Core Optimizer
EQ2MAP Updater 1.2.8
erLT
EverQuest II
Guild Wars
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life Deathmatch: Source
HandBrake 0.9.5
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
K-Lite Codec Pack 8.0.0 (Full)
Logitech SetPoint
Microsoft .NET Framework 1.1
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEC Electronics USB 3.0 Host Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_Min
QuickTime
Raid Hub Client
Samsung_MonSetup
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
SpeedFan (remove only)
Steam
The Elder Scrolls V: Skyrim
Toolbox
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VLC media player 2.0.0
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wizardry 8

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:17 PM

Posted 10 July 2012 - 09:21 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 GMaelstrom

GMaelstrom
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 10 July 2012 - 10:13 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.10.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Dad :: NONEYAH [administrator]

7/10/2012 8:06:04 PM
mbam-log-2012-07-10 (20-06-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228831
Time elapsed: 1 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:09:34 PM, on 7/10/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
D:\Program Files\Steam\Steam.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Users\Dad\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: speedfan.exe - Shortcut.lnk = C:\Program Files (x86)\SpeedFan\speedfan.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8226 bytes
-------------------------------

Computer seems to be running fine except for a java scripting error that vanished once I updated.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users