Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect problems need help!


  • This topic is locked This topic is locked
56 replies to this topic

#1 BobConner

BobConner

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 11 July 2012 - 02:28 PM

Hello, I have been having firefox redirect me to places like newsfudge.com, infomash.com, and click.get-answers-fast.com.
I have scanned my system with avg, malewarebytes anti-malware, and tdsskiller.

I get C:/windows/assembly/GAC_64/desktop.ini, C:/windows/assembly/GAC_32/desktop.ini and trojan droppers with avg

C:\Windows\Installer\{9705df24-18aa-f1cf-6e4a-a747e5067baf}\U\00000008.@ (Trojan.Dropper.BCMiner)with malewarebytes anti-malware

and Physical Drive:/Device/Hardisk1/DR1 or sometimes Physical Drive:/Device/Hardisk0/DR0 with tdsskiller

I also tried MbrChecker, it told me their was a non-standard or infected mbr in place but after i tell it to replace it with a standard one it says it did then on a reboot it comes up non-standard again.

I'm not sure what exactly the problem is because my problem sounds a lot like many different malwares like alureon and zero access.

please help
i will upload the logs requested in the preparation section.

Edited by BobConner, 11 July 2012 - 06:59 PM.


BC AdBot (Login to Remove)

 


#2 BobConner

BobConner
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 11 July 2012 - 06:33 PM

DDS LOG

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Administrator at 19:21:51 on 2012-07-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2974 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\Explorer.EXE
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Administrator\Downloads\rn3ep8ct.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - D:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - D:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [TomTomHOME.exe] "D:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [AVG_TRAY] "D:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "D:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - D:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{CBF0F3C9-93A9-4C58-AC00-B807C6694322} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
SecurityProviders: credssp.dll, EdxedboPjepm.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - D:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [AVG_TRAY] "D:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "D:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "D:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\uc4m559i.default\
FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1253879194&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 MRV6X64P;Vista 64-bits Native WiFi Driver;C:\Windows\system32\DRIVERS\MRVW13C.sys --> C:\Windows\system32\DRIVERS\MRVW13C.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-11 361984]
S2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 AVGIDSAgent;AVGIDSAgent;D:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 avgwd;AVG WatchDog;D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-10 654408]
S2 TomTomHOMEService;TomTomHOMEService;D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-1 250056]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-25 136176]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 113120]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-10-24 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-10 19:05:23 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-10 19:05:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-09 16:21:04 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-05 16:15:26 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-05 16:15:26 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-05 16:15:12 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-07-05 16:15:11 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
2012-07-05 16:15:07 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-07-05 15:24:23 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-07-01 23:20:06 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
2012-07-01 23:08:59 -------- d-----w- C:\ProgramData\Hi-Rez Studios
2012-07-01 23:08:52 -------- d-----w- C:\Program Files (x86)\Hi-Rez Studios
2012-07-01 18:06:35 -------- d-----w- C:\Users\Administrator\AppData\Local\CrashRpt
2012-07-01 18:06:35 -------- d-----w- C:\Users\Administrator\AppData\Local\Arktos
2012-07-01 00:38:28 -------- d-----w- C:\ProgramData\Nexon
2012-07-01 00:38:24 -------- d-----w- C:\ProgramData\NexonUS
2012-06-24 20:10:28 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-24 20:09:59 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-24 20:09:59 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-24 20:09:24 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-24 20:09:24 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-24 20:09:24 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-24 20:09:24 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-19 21:56:34 -------- d-----w- C:\Users\Administrator\AppData\Local\Chromium
2012-06-19 21:56:12 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2012-06-19 19:24:53 -------- d-----w- C:\Program Files (x86)\Black_Box
2012-06-12 22:18:27 -------- d-----w- C:\Program Files\iPod
2012-06-12 22:18:25 -------- d-----w- C:\Program Files\iTunes
2012-06-12 21:23:01 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-12 21:23:00 2767360 ----a-w- C:\Windows\System32\win32k.sys
2012-06-12 21:22:49 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-12 21:22:49 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-12 21:22:49 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-12 21:22:49 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-12 21:22:49 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-12 21:22:49 1267200 ----a-w- C:\Windows\System32\crypt32.dll
.
==================== Find3M ====================
.
2012-07-09 20:58:41 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-06-23 18:53:14 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 18:53:14 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-11 17:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-06-11 17:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-06-11 17:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-06-11 17:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-06-11 17:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-06-11 17:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll
2012-06-11 17:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 08:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 19:22:23.55 ===============
Attached File  attach.zip   2.96KB   1 downloads

#3 BobConner

BobConner
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 11 July 2012 - 06:46 PM

GMER LOG

Attached File  ark.txt   3.06KB   1 downloads

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 12 July 2012 - 01:15 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 BobConner

BobConner
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 12 July 2012 - 10:45 AM

Hello, Thank you for your time and help.
I ran the combofix and even though i disabled avg by following the instructions in the link, combofix told me it was still running and i told it to scan anyway. it restarted the computer when i was not paying attention, so i don't know if that was bad. when the computer restarted combofix reappeared and said it was preparing a log then disappeared. avg also automatically started up again on reboot and told me that combofix was a threat i told it to ignore it though. i checked my desktop for a log but nothing is there, except now there is this weird shortcut on my desktop that says "The Internet", with a internet explorer logo. I am sorry i messed up the combofix thing but i do not know what i did wrong.

However here is the Other log

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 22
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.262
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 12 July 2012 - 11:59 AM

Greetings


lets see if it made a report



extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo

gringo

Edited by gringo_pr, 12 July 2012 - 12:03 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 BobConner

BobConner
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 12 July 2012 - 04:09 PM

Sorry for the late response, my internet was out. when i did what you said it could not find it, so what now?
also is it OK to leave my computer on? will it get worse?

Edited by BobConner, 12 July 2012 - 04:49 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 12 July 2012 - 09:46 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 BobConner

BobConner
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 13 July 2012 - 10:48 AM

11:41:52.0084 2320 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
11:41:52.0584 2320 ============================================================
11:41:52.0584 2320 Current date / time: 2012/07/13 11:41:52.0584
11:41:52.0584 2320 SystemInfo:
11:41:52.0584 2320
11:41:52.0584 2320 OS Version: 6.0.6002 ServicePack: 2.0
11:41:52.0584 2320 Product type: Workstation
11:41:52.0584 2320 ComputerName: BOBCONNER-PC
11:41:52.0584 2320 UserName: Administrator
11:41:52.0584 2320 Windows directory: C:\Windows
11:41:52.0584 2320 System windows directory: C:\Windows
11:41:52.0584 2320 Running under WOW64
11:41:52.0584 2320 Processor architecture: Intel x64
11:41:52.0584 2320 Number of processors: 4
11:41:52.0584 2320 Page size: 0x1000
11:41:52.0584 2320 Boot type: Normal boot
11:41:52.0584 2320 ============================================================
11:41:54.0159 2320 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:41:54.0159 2320 Drive \Device\Harddisk0\DR0 - Size: 0x89E89C000 (34.48 Gb), SectorSize: 0x200, Cylinders: 0x1194, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:41:54.0190 2320 ============================================================
11:41:54.0190 2320 \Device\Harddisk1\DR1:
11:41:54.0190 2320 MBR partitions:
11:41:54.0190 2320 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
11:41:54.0190 2320 \Device\Harddisk0\DR0:
11:41:54.0190 2320 MBR partitions:
11:41:54.0190 2320 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x44F3000
11:41:54.0190 2320 ============================================================
11:41:54.0253 2320 C: <-> \Device\Harddisk1\DR1\Partition0
11:41:54.0268 2320 D: <-> \Device\Harddisk0\DR0\Partition0
11:41:54.0268 2320 ============================================================
11:41:54.0268 2320 Initialize success
11:41:54.0268 2320 ============================================================
11:41:58.0293 4388 ============================================================
11:41:58.0293 4388 Scan started
11:41:58.0293 4388 Mode: Manual;
11:41:58.0293 4388 ============================================================
11:41:59.0245 4388 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
11:41:59.0245 4388 ACPI - ok
11:41:59.0401 4388 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:41:59.0401 4388 AdobeARMservice - ok
11:41:59.0604 4388 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:41:59.0604 4388 AdobeFlashPlayerUpdateSvc - ok
11:41:59.0728 4388 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
11:41:59.0728 4388 adp94xx - ok
11:41:59.0916 4388 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
11:41:59.0931 4388 adpahci - ok
11:41:59.0994 4388 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
11:41:59.0994 4388 adpu160m - ok
11:42:00.0103 4388 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
11:42:00.0118 4388 adpu320 - ok
11:42:00.0212 4388 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
11:42:00.0212 4388 AeLookupSvc - ok
11:42:00.0274 4388 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
11:42:00.0290 4388 AFD - ok
11:42:00.0337 4388 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
11:42:00.0337 4388 agp440 - ok
11:42:00.0384 4388 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
11:42:00.0384 4388 aic78xx - ok
11:42:00.0493 4388 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
11:42:00.0493 4388 ALG - ok
11:42:00.0571 4388 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
11:42:00.0586 4388 aliide - ok
11:42:00.0649 4388 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
11:42:00.0649 4388 AMD External Events Utility - ok
11:42:00.0711 4388 AMD FUEL Service - ok
11:42:00.0758 4388 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
11:42:00.0758 4388 amdide - ok
11:42:00.0789 4388 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
11:42:00.0789 4388 amdiox64 - ok
11:42:00.0820 4388 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
11:42:00.0820 4388 AmdK8 - ok
11:42:01.0756 4388 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
11:42:02.0053 4388 amdkmdag - ok
11:42:02.0162 4388 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
11:42:02.0162 4388 amdkmdap - ok
11:42:02.0209 4388 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:42:02.0209 4388 AODDriver4.01 - ok
11:42:02.0224 4388 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:42:02.0224 4388 AODDriver4.1 - ok
11:42:02.0256 4388 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
11:42:02.0256 4388 Appinfo - ok
11:42:02.0396 4388 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:42:02.0396 4388 Apple Mobile Device - ok
11:42:02.0427 4388 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
11:42:02.0427 4388 arc - ok
11:42:02.0521 4388 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
11:42:02.0521 4388 arcsas - ok
11:42:02.0630 4388 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:42:02.0630 4388 aspnet_state - ok
11:42:02.0646 4388 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
11:42:02.0646 4388 AsyncMac - ok
11:42:02.0692 4388 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
11:42:02.0692 4388 atapi - ok
11:42:02.0724 4388 AtiHDAudioService (917692cdf8e1ce00d9752fa40615338b) C:\Windows\system32\drivers\AtihdLH6.sys
11:42:02.0724 4388 AtiHDAudioService - ok
11:42:02.0786 4388 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
11:42:02.0786 4388 AudioEndpointBuilder - ok
11:42:02.0786 4388 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
11:42:02.0802 4388 AudioSrv - ok
11:42:03.0036 4388 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) D:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
11:42:03.0067 4388 AVGIDSAgent - ok
11:42:03.0114 4388 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
11:42:03.0114 4388 AVGIDSDriver - ok
11:42:03.0129 4388 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
11:42:03.0129 4388 AVGIDSFilter - ok
11:42:03.0129 4388 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
11:42:03.0129 4388 AVGIDSHA - ok
11:42:03.0160 4388 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
11:42:03.0160 4388 Avgldx64 - ok
11:42:03.0192 4388 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
11:42:03.0192 4388 Avgmfx64 - ok
11:42:03.0207 4388 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
11:42:03.0207 4388 Avgrkx64 - ok
11:42:03.0270 4388 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
11:42:03.0270 4388 Avgtdia - ok
11:42:03.0301 4388 avgwd (ea1145debcd508fd25bd1e95c4346929) D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
11:42:03.0301 4388 avgwd - ok
11:42:03.0316 4388 Beep - ok
11:42:03.0519 4388 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
11:42:03.0535 4388 BITS - ok
11:42:03.0566 4388 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
11:42:03.0566 4388 blbdrive - ok
11:42:03.0691 4388 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:42:03.0691 4388 Bonjour Service - ok
11:42:03.0738 4388 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
11:42:03.0738 4388 bowser - ok
11:42:03.0769 4388 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
11:42:03.0769 4388 BrFiltLo - ok
11:42:03.0800 4388 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
11:42:03.0800 4388 BrFiltUp - ok
11:42:03.0831 4388 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
11:42:03.0831 4388 Browser - ok
11:42:03.0894 4388 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
11:42:03.0894 4388 Brserid - ok
11:42:03.0909 4388 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
11:42:03.0909 4388 BrSerWdm - ok
11:42:03.0940 4388 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
11:42:03.0940 4388 BrUsbMdm - ok
11:42:03.0940 4388 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
11:42:03.0940 4388 BrUsbSer - ok
11:42:03.0972 4388 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
11:42:03.0972 4388 BTHMODEM - ok
11:42:04.0050 4388 catchme - ok
11:42:04.0096 4388 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
11:42:04.0096 4388 cdfs - ok
11:42:04.0159 4388 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
11:42:04.0159 4388 cdrom - ok
11:42:04.0221 4388 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
11:42:04.0237 4388 CertPropSvc - ok
11:42:04.0268 4388 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
11:42:04.0268 4388 circlass - ok
11:42:04.0564 4388 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
11:42:04.0564 4388 CLFS - ok
11:42:04.0705 4388 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:42:04.0705 4388 clr_optimization_v2.0.50727_32 - ok
11:42:04.0845 4388 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:42:04.0861 4388 clr_optimization_v2.0.50727_64 - ok
11:42:05.0064 4388 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:42:05.0064 4388 clr_optimization_v4.0.30319_32 - ok
11:42:05.0282 4388 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:42:05.0282 4388 clr_optimization_v4.0.30319_64 - ok
11:42:05.0391 4388 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
11:42:05.0391 4388 cmdide - ok
11:42:05.0422 4388 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
11:42:05.0422 4388 Compbatt - ok
11:42:05.0422 4388 COMSysApp - ok
11:42:05.0500 4388 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
11:42:05.0500 4388 crcdisk - ok
11:42:05.0766 4388 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
11:42:05.0766 4388 CryptSvc - ok
11:42:06.0078 4388 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
11:42:06.0093 4388 DcomLaunch - ok
11:42:06.0156 4388 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
11:42:06.0156 4388 DfsC - ok
11:42:06.0655 4388 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
11:42:06.0717 4388 DFSR - ok
11:42:08.0152 4388 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
11:42:08.0152 4388 Dhcp - ok
11:42:08.0808 4388 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
11:42:08.0839 4388 disk - ok
11:42:09.0057 4388 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
11:42:09.0057 4388 Dnscache - ok
11:42:09.0338 4388 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
11:42:09.0338 4388 dot3svc - ok
11:42:09.0541 4388 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
11:42:09.0541 4388 DPS - ok
11:42:09.0681 4388 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
11:42:09.0697 4388 drmkaud - ok
11:42:09.0822 4388 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
11:42:09.0822 4388 DXGKrnl - ok
11:42:09.0884 4388 E1G60 (1fe13464b5544a0276fcc9eef626ffdb) C:\Windows\system32\DRIVERS\E1G6032E.sys
11:42:09.0884 4388 E1G60 - ok
11:42:09.0900 4388 EagleX64 - ok
11:42:09.0962 4388 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
11:42:09.0962 4388 EapHost - ok
11:42:10.0024 4388 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
11:42:10.0040 4388 Ecache - ok
11:42:10.0165 4388 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
11:42:10.0165 4388 ehRecvr - ok
11:42:10.0180 4388 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
11:42:10.0180 4388 ehSched - ok
11:42:10.0196 4388 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
11:42:10.0196 4388 ehstart - ok
11:42:10.0243 4388 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
11:42:10.0258 4388 elxstor - ok
11:42:10.0477 4388 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
11:42:10.0477 4388 EMDMgmt - ok
11:42:10.0539 4388 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
11:42:10.0539 4388 ErrDev - ok
11:42:10.0617 4388 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
11:42:10.0617 4388 EventSystem - ok
11:42:10.0711 4388 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
11:42:10.0726 4388 exfat - ok
11:42:10.0789 4388 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
11:42:10.0804 4388 fastfat - ok
11:42:10.0851 4388 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
11:42:10.0851 4388 fdc - ok
11:42:10.0882 4388 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
11:42:10.0882 4388 fdPHost - ok
11:42:10.0882 4388 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
11:42:10.0898 4388 FDResPub - ok
11:42:10.0945 4388 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
11:42:10.0945 4388 FileInfo - ok
11:42:10.0960 4388 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
11:42:10.0960 4388 Filetrace - ok
11:42:10.0976 4388 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:42:10.0992 4388 flpydisk - ok
11:42:11.0054 4388 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
11:42:11.0054 4388 FltMgr - ok
11:42:11.0210 4388 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
11:42:11.0226 4388 FontCache - ok
11:42:11.0319 4388 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:42:11.0319 4388 FontCache3.0.0.0 - ok
11:42:11.0522 4388 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
11:42:11.0522 4388 Fs_Rec - ok
11:42:11.0553 4388 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
11:42:11.0553 4388 gagp30kx - ok
11:42:11.0616 4388 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:42:11.0616 4388 GEARAspiWDM - ok
11:42:11.0787 4388 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
11:42:11.0803 4388 gpsvc - ok
11:42:11.0990 4388 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:42:11.0990 4388 gupdate - ok
11:42:12.0006 4388 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:42:12.0006 4388 gupdatem - ok
11:42:12.0068 4388 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:42:12.0068 4388 gusvc - ok
11:42:12.0177 4388 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
11:42:12.0177 4388 HdAudAddService - ok
11:42:12.0630 4388 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:42:12.0676 4388 HDAudBus - ok
11:42:12.0708 4388 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
11:42:12.0723 4388 HidBth - ok
11:42:12.0754 4388 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
11:42:12.0770 4388 HidIr - ok
11:42:12.0879 4388 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
11:42:12.0879 4388 hidserv - ok
11:42:12.0957 4388 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
11:42:12.0957 4388 HidUsb - ok
11:42:13.0035 4388 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
11:42:13.0051 4388 hkmsvc - ok
11:42:13.0628 4388 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
11:42:13.0675 4388 HpCISSs - ok
11:42:14.0658 4388 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
11:42:14.0658 4388 HTTP - ok
11:42:14.0860 4388 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
11:42:14.0876 4388 i2omp - ok
11:42:14.0970 4388 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
11:42:14.0970 4388 i8042prt - ok
11:42:15.0063 4388 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
11:42:15.0063 4388 iaStorV - ok
11:42:15.0391 4388 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:42:15.0516 4388 idsvc - ok
11:42:15.0562 4388 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
11:42:15.0578 4388 iirsp - ok
11:42:17.0091 4388 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
11:42:17.0310 4388 IKEEXT - ok
11:42:17.0434 4388 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
11:42:17.0450 4388 intelide - ok
11:42:17.0856 4388 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
11:42:17.0918 4388 intelppm - ok
11:42:18.0277 4388 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
11:42:18.0277 4388 IPBusEnum - ok
11:42:18.0402 4388 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:42:18.0417 4388 IpFilterDriver - ok
11:42:18.0573 4388 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
11:42:18.0573 4388 iphlpsvc - ok
11:42:18.0573 4388 IpInIp - ok
11:42:18.0604 4388 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
11:42:18.0620 4388 IPMIDRV - ok
11:42:18.0651 4388 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
11:42:18.0651 4388 IPNAT - ok
11:42:22.0052 4388 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
11:42:22.0068 4388 iPod Service - ok
11:42:22.0146 4388 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
11:42:22.0146 4388 IRENUM - ok
11:42:22.0224 4388 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
11:42:22.0224 4388 isapnp - ok
11:42:22.0738 4388 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
11:42:22.0738 4388 iScsiPrt - ok
11:42:22.0863 4388 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
11:42:22.0863 4388 iteatapi - ok
11:42:22.0988 4388 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
11:42:23.0004 4388 iteraid - ok
11:42:23.0082 4388 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
11:42:23.0097 4388 kbdclass - ok
11:42:23.0362 4388 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
11:42:23.0425 4388 kbdhid - ok
11:42:23.0908 4388 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
11:42:23.0924 4388 KeyIso - ok
11:42:25.0344 4388 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
11:42:25.0359 4388 KSecDD - ok
11:42:25.0484 4388 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
11:42:25.0515 4388 ksthunk - ok
11:42:25.0952 4388 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
11:42:26.0108 4388 KtmRm - ok
11:42:26.0451 4388 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
11:42:26.0451 4388 LanmanServer - ok
11:42:26.0841 4388 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
11:42:26.0841 4388 LanmanWorkstation - ok
11:42:26.0950 4388 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
11:42:26.0950 4388 lltdio - ok
11:42:27.0169 4388 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
11:42:27.0184 4388 lltdsvc - ok
11:42:27.0231 4388 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
11:42:27.0231 4388 lmhosts - ok
11:42:27.0450 4388 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
11:42:27.0481 4388 LSI_FC - ok
11:42:27.0606 4388 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
11:42:27.0621 4388 LSI_SAS - ok
11:42:27.0746 4388 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
11:42:27.0762 4388 LSI_SCSI - ok
11:42:28.0011 4388 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
11:42:28.0011 4388 luafv - ok
11:42:28.0105 4388 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
11:42:28.0105 4388 MBAMProtector - ok
11:42:28.0760 4388 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:42:28.0838 4388 MBAMService - ok
11:42:29.0010 4388 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
11:42:29.0025 4388 Mcx2Svc - ok
11:42:29.0197 4388 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
11:42:29.0197 4388 megasas - ok
11:42:29.0462 4388 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
11:42:29.0493 4388 MegaSR - ok
11:42:29.0587 4388 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
11:42:29.0587 4388 MMCSS - ok
11:42:30.0070 4388 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
11:42:30.0102 4388 Modem - ok
11:42:30.0258 4388 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
11:42:30.0258 4388 monitor - ok
11:42:30.0398 4388 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
11:42:30.0398 4388 mouclass - ok
11:42:30.0538 4388 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
11:42:30.0554 4388 mouhid - ok
11:42:30.0663 4388 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
11:42:30.0663 4388 MountMgr - ok
11:42:30.0991 4388 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:42:30.0991 4388 MozillaMaintenance - ok
11:42:31.0256 4388 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
11:42:31.0272 4388 mpio - ok
11:42:31.0412 4388 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
11:42:31.0428 4388 mpsdrv - ok
11:42:31.0537 4388 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
11:42:31.0584 4388 Mraid35x - ok
11:42:31.0911 4388 MRV6X64P (bb56a50c1b9b352b3fc52a0e2931572a) C:\Windows\system32\DRIVERS\MRVW13C.sys
11:42:32.0036 4388 MRV6X64P - ok
11:42:32.0192 4388 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
11:42:32.0192 4388 MRxDAV - ok
11:42:32.0379 4388 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:42:32.0379 4388 mrxsmb - ok
11:42:32.0457 4388 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:42:32.0473 4388 mrxsmb10 - ok
11:42:32.0676 4388 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:42:32.0676 4388 mrxsmb20 - ok
11:42:32.0800 4388 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
11:42:32.0800 4388 msahci - ok
11:42:32.0832 4388 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
11:42:32.0925 4388 msdsm - ok
11:42:33.0081 4388 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
11:42:33.0097 4388 MSDTC - ok
11:42:33.0237 4388 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
11:42:33.0237 4388 Msfs - ok
11:42:33.0268 4388 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
11:42:33.0268 4388 msisadrv - ok
11:42:33.0409 4388 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
11:42:33.0471 4388 MSiSCSI - ok
11:42:33.0471 4388 msiserver - ok
11:42:33.0549 4388 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
11:42:33.0565 4388 MSKSSRV - ok
11:42:33.0627 4388 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
11:42:33.0643 4388 MSPCLOCK - ok
11:42:33.0705 4388 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
11:42:33.0736 4388 MSPQM - ok
11:42:34.0813 4388 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
11:42:34.0813 4388 MsRPC - ok
11:42:34.0969 4388 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
11:42:34.0969 4388 mssmbios - ok
11:42:35.0047 4388 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
11:42:35.0062 4388 MSTEE - ok
11:42:35.0281 4388 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
11:42:35.0296 4388 Mup - ok
11:42:36.0201 4388 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
11:42:36.0466 4388 napagent - ok
11:42:37.0153 4388 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
11:42:37.0153 4388 NativeWifiP - ok
11:42:38.0416 4388 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
11:42:38.0432 4388 NDIS - ok
11:42:38.0526 4388 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
11:42:38.0541 4388 NdisTapi - ok
11:42:38.0713 4388 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
11:42:38.0713 4388 Ndisuio - ok
11:42:39.0696 4388 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
11:42:39.0711 4388 NdisWan - ok
11:42:39.0945 4388 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
11:42:39.0945 4388 NDProxy - ok
11:42:40.0070 4388 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
11:42:40.0086 4388 NetBIOS - ok
11:42:40.0444 4388 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
11:42:40.0507 4388 netbt - ok
11:42:40.0788 4388 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
11:42:40.0788 4388 Netlogon - ok
11:42:41.0552 4388 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
11:42:41.0552 4388 Netman - ok
11:42:42.0613 4388 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:42:42.0613 4388 NetMsmqActivator - ok
11:42:42.0613 4388 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:42:42.0613 4388 NetPipeActivator - ok
11:42:42.0784 4388 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
11:42:42.0800 4388 netprofm - ok
11:42:42.0800 4388 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:42:42.0800 4388 NetTcpActivator - ok
11:42:42.0816 4388 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:42:42.0816 4388 NetTcpPortSharing - ok
11:42:42.0909 4388 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
11:42:42.0909 4388 nfrd960 - ok
11:42:43.0315 4388 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
11:42:43.0315 4388 NlaSvc - ok
11:42:43.0377 4388 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
11:42:43.0377 4388 Npfs - ok
11:42:43.0549 4388 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
11:42:43.0549 4388 nsi - ok
11:42:43.0596 4388 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
11:42:43.0596 4388 nsiproxy - ok
11:42:44.0469 4388 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
11:42:44.0485 4388 Ntfs - ok
11:42:45.0811 4388 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
11:42:45.0858 4388 Null - ok
11:42:46.0887 4388 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
11:42:46.0918 4388 nvraid - ok
11:42:47.0074 4388 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
11:42:47.0074 4388 nvstor - ok
11:42:47.0324 4388 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
11:42:47.0324 4388 nv_agp - ok
11:42:47.0340 4388 NwlnkFlt - ok
11:42:47.0340 4388 NwlnkFwd - ok
11:42:47.0511 4388 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
11:42:47.0511 4388 ohci1394 - ok
11:42:49.0617 4388 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
11:42:49.0633 4388 p2pimsvc - ok
11:42:49.0633 4388 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
11:42:49.0633 4388 p2psvc - ok
11:42:50.0257 4388 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
11:42:50.0366 4388 Parport - ok
11:42:50.0662 4388 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
11:42:50.0662 4388 partmgr - ok
11:42:50.0896 4388 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
11:42:50.0896 4388 PcaSvc - ok
11:42:51.0318 4388 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
11:42:51.0318 4388 pci - ok
11:42:51.0583 4388 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
11:42:51.0583 4388 pciide - ok
11:42:52.0254 4388 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
11:42:52.0316 4388 pcmcia - ok
11:42:54.0625 4388 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
11:42:54.0640 4388 PEAUTH - ok
11:42:57.0370 4388 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
11:42:57.0370 4388 PerfHost - ok
11:43:03.0813 4388 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
11:43:03.0844 4388 pla - ok
11:43:05.0092 4388 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
11:43:05.0108 4388 PlugPlay - ok
11:43:05.0155 4388 PnkBstrA - ok
11:43:09.0694 4388 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
11:43:09.0710 4388 PNRPAutoReg - ok
11:43:09.0726 4388 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
11:43:09.0741 4388 PNRPsvc - ok
11:43:11.0254 4388 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
11:43:11.0691 4388 PolicyAgent - ok
11:43:12.0378 4388 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
11:43:12.0440 4388 PptpMiniport - ok
11:43:12.0658 4388 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
11:43:12.0690 4388 Processor - ok
11:43:13.0641 4388 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
11:43:13.0657 4388 ProfSvc - ok
11:43:13.0766 4388 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
11:43:13.0766 4388 ProtectedStorage - ok
11:43:14.0530 4388 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
11:43:14.0546 4388 PSched - ok
11:43:19.0850 4388 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
11:43:20.0536 4388 ql2300 - ok
11:43:21.0036 4388 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
11:43:21.0051 4388 ql40xx - ok
11:43:22.0674 4388 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
11:43:22.0689 4388 QWAVE - ok
11:43:23.0001 4388 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
11:43:23.0001 4388 QWAVEdrv - ok
11:43:23.0157 4388 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
11:43:23.0204 4388 RasAcd - ok
11:43:23.0672 4388 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
11:43:23.0672 4388 RasAuto - ok
11:43:23.0812 4388 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:43:23.0875 4388 Rasl2tp - ok
11:43:25.0372 4388 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
11:43:25.0372 4388 RasMan - ok
11:43:25.0700 4388 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
11:43:25.0716 4388 RasPppoe - ok
11:43:26.0059 4388 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
11:43:26.0106 4388 RasSstp - ok
11:43:26.0589 4388 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
11:43:26.0605 4388 rdbss - ok
11:43:26.0730 4388 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:43:26.0745 4388 RDPCDD - ok
11:43:27.0120 4388 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
11:43:27.0135 4388 rdpdr - ok
11:43:27.0166 4388 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
11:43:27.0166 4388 RDPENCDD - ok
11:43:27.0541 4388 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
11:43:27.0556 4388 RDPWD - ok
11:43:27.0837 4388 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
11:43:27.0837 4388 RemoteAccess - ok
11:43:28.0212 4388 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
11:43:28.0212 4388 RemoteRegistry - ok
11:43:28.0352 4388 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
11:43:28.0352 4388 RpcLocator - ok
11:43:30.0162 4388 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
11:43:30.0177 4388 RpcSs - ok
11:43:30.0364 4388 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
11:43:30.0364 4388 rspndr - ok
11:43:30.0630 4388 RTL8169 (c6701c5f6781d7ded9208a4d554ac37b) C:\Windows\system32\DRIVERS\Rtlh64.sys
11:43:30.0645 4388 RTL8169 - ok
11:43:30.0723 4388 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
11:43:30.0739 4388 SamSs - ok
11:43:31.0020 4388 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
11:43:31.0051 4388 sbp2port - ok
11:43:31.0612 4388 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
11:43:31.0612 4388 SCardSvr - ok
11:43:32.0174 4388 SCDEmu (3ac948640421e3891a49aa83c6b77b7a) C:\Windows\system32\drivers\SCDEmu.sys
11:43:32.0190 4388 SCDEmu - ok
11:43:33.0406 4388 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
11:43:33.0422 4388 Schedule - ok
11:43:33.0687 4388 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
11:43:33.0703 4388 SCPolicySvc - ok
11:43:34.0077 4388 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
11:43:34.0077 4388 SDRSVC - ok
11:43:34.0249 4388 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:43:34.0280 4388 secdrv - ok
11:43:34.0530 4388 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
11:43:34.0530 4388 seclogon - ok
11:43:34.0779 4388 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
11:43:34.0779 4388 SENS - ok
11:43:34.0920 4388 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
11:43:34.0935 4388 Serenum - ok
11:43:35.0107 4388 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
11:43:35.0122 4388 Serial - ok
11:43:35.0294 4388 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
11:43:35.0294 4388 sermouse - ok
11:43:35.0388 4388 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
11:43:35.0388 4388 SessionEnv - ok
11:43:35.0419 4388 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
11:43:35.0450 4388 sffdisk - ok
11:43:35.0512 4388 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
11:43:35.0528 4388 sffp_mmc - ok
11:43:35.0668 4388 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
11:43:35.0684 4388 sffp_sd - ok
11:43:35.0793 4388 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
11:43:35.0824 4388 sfloppy - ok
11:43:36.0230 4388 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
11:43:36.0261 4388 SharedAccess - ok
11:43:36.0807 4388 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
11:43:36.0823 4388 ShellHWDetection - ok
11:43:37.0010 4388 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
11:43:37.0072 4388 SiSRaid2 - ok
11:43:37.0353 4388 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
11:43:37.0369 4388 SiSRaid4 - ok
11:43:41.0097 4388 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
11:43:41.0128 4388 slsvc - ok
11:43:41.0737 4388 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
11:43:41.0737 4388 SLUINotify - ok
11:43:41.0908 4388 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
11:43:41.0940 4388 Smb - ok
11:43:42.0002 4388 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
11:43:42.0002 4388 SNMPTRAP - ok
11:43:42.0033 4388 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
11:43:42.0033 4388 spldr - ok
11:43:42.0111 4388 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
11:43:42.0127 4388 Spooler - ok
11:43:42.0283 4388 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
11:43:42.0283 4388 srv - ok
11:43:42.0314 4388 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
11:43:42.0330 4388 srv2 - ok
11:43:42.0345 4388 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
11:43:42.0345 4388 srvnet - ok
11:43:42.0470 4388 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
11:43:42.0470 4388 SSDPSRV - ok
11:43:42.0610 4388 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
11:43:42.0610 4388 SstpSvc - ok
11:43:42.0782 4388 Steam Client Service - ok
11:43:42.0985 4388 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
11:43:43.0000 4388 stisvc - ok
11:43:43.0078 4388 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
11:43:43.0078 4388 swenum - ok
11:43:43.0250 4388 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
11:43:43.0266 4388 swprv - ok
11:43:43.0375 4388 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
11:43:43.0406 4388 Symc8xx - ok
11:43:43.0468 4388 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
11:43:43.0484 4388 Sym_hi - ok
11:43:43.0546 4388 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
11:43:43.0578 4388 Sym_u3 - ok
11:43:44.0092 4388 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
11:43:44.0108 4388 SysMain - ok
11:43:44.0202 4388 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
11:43:44.0202 4388 TabletInputService - ok
11:43:44.0295 4388 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
11:43:44.0311 4388 TapiSrv - ok
11:43:44.0342 4388 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
11:43:44.0358 4388 TBS - ok
11:43:45.0075 4388 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
11:43:45.0325 4388 Tcpip - ok
11:43:47.0540 4388 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
11:43:47.0571 4388 Tcpip6 - ok
11:43:48.0086 4388 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
11:43:48.0086 4388 tcpipreg - ok
11:43:48.0164 4388 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
11:43:48.0195 4388 TDPIPE - ok
11:43:48.0226 4388 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
11:43:48.0258 4388 TDTCP - ok
11:43:48.0336 4388 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
11:43:48.0382 4388 tdx - ok
11:43:48.0460 4388 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
11:43:48.0476 4388 TermDD - ok
11:43:48.0804 4388 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
11:43:48.0804 4388 TermService - ok
11:43:48.0960 4388 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
11:43:48.0960 4388 Themes - ok
11:43:49.0053 4388 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
11:43:49.0053 4388 THREADORDER - ok
11:43:49.0084 4388 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
11:43:49.0084 4388 TomTomHOMEService - ok
11:43:49.0209 4388 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
11:43:49.0225 4388 TrkWks - ok
11:43:49.0350 4388 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
11:43:49.0350 4388 TrustedInstaller - ok
11:43:49.0443 4388 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:43:49.0474 4388 tssecsrv - ok
11:43:49.0521 4388 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
11:43:49.0552 4388 tunmp - ok
11:43:49.0630 4388 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
11:43:49.0646 4388 tunnel - ok
11:43:49.0708 4388 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
11:43:49.0708 4388 uagp35 - ok
11:43:49.0849 4388 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
11:43:49.0896 4388 udfs - ok
11:43:49.0974 4388 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
11:43:49.0974 4388 UI0Detect - ok
11:43:50.0036 4388 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
11:43:50.0052 4388 uliagpkx - ok
11:43:50.0192 4388 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
11:43:50.0223 4388 uliahci - ok
11:43:50.0317 4388 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
11:43:50.0317 4388 UlSata - ok
11:43:50.0448 4388 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
11:43:50.0467 4388 ulsata2 - ok
11:43:50.0514 4388 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
11:43:50.0540 4388 umbus - ok
11:43:50.0630 4388 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
11:43:50.0638 4388 upnphost - ok
11:43:50.0885 4388 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
11:43:50.0936 4388 USBAAPL64 - ok
11:43:51.0189 4388 usbccgp (66627c6008319def7909f21fb75a8991) C:\Windows\system32\DRIVERS\usbccgp.sys
11:43:51.0191 4388 usbccgp - ok
11:43:51.0318 4388 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
11:43:51.0352 4388 usbcir - ok
11:43:51.0874 4388 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
11:43:51.0941 4388 usbehci - ok
11:43:53.0146 4388 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
11:43:53.0398 4388 usbhub - ok
11:43:53.0600 4388 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
11:43:53.0618 4388 usbohci - ok
11:43:53.0937 4388 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
11:43:53.0958 4388 usbprint - ok
11:43:54.0531 4388 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:43:54.0651 4388 USBSTOR - ok
11:43:54.0897 4388 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
11:43:54.0909 4388 usbuhci - ok
11:43:55.0007 4388 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
11:43:55.0012 4388 UxSms - ok
11:43:56.0911 4388 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
11:43:56.0921 4388 vds - ok
11:43:57.0079 4388 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
11:43:57.0081 4388 vga - ok
11:43:57.0247 4388 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
11:43:57.0285 4388 VgaSave - ok
11:43:57.0414 4388 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
11:43:57.0419 4388 viaide - ok
11:43:57.0963 4388 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
11:43:57.0967 4388 volmgr - ok
11:44:00.0180 4388 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
11:44:00.0187 4388 volmgrx - ok
11:44:01.0011 4388 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
11:44:01.0017 4388 volsnap - ok
11:44:01.0489 4388 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
11:44:01.0554 4388 vsmraid - ok
11:44:03.0884 4388 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
11:44:04.0657 4388 VSS - ok
11:44:06.0642 4388 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
11:44:06.0650 4388 vToolbarUpdater11.2.0 - ok
11:44:07.0240 4388 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
11:44:07.0264 4388 W32Time - ok
11:44:07.0690 4388 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
11:44:07.0693 4388 WacomPen - ok
11:44:07.0740 4388 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
11:44:07.0743 4388 Wanarp - ok
11:44:07.0792 4388 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
11:44:07.0794 4388 Wanarpv6 - ok
11:44:07.0913 4388 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
11:44:07.0925 4388 wcncsvc - ok
11:44:07.0984 4388 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
11:44:07.0988 4388 WcsPlugInService - ok
11:44:08.0063 4388 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
11:44:08.0066 4388 Wd - ok
11:44:08.0108 4388 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
11:44:08.0113 4388 Wdf01000 - ok
11:44:08.0271 4388 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
11:44:08.0273 4388 WdiServiceHost - ok
11:44:08.0275 4388 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
11:44:08.0277 4388 WdiSystemHost - ok
11:44:08.0351 4388 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
11:44:08.0353 4388 WebClient - ok
11:44:08.0502 4388 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
11:44:08.0505 4388 Wecsvc - ok
11:44:09.0003 4388 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
11:44:09.0005 4388 wercplsupport - ok
11:44:09.0176 4388 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
11:44:09.0179 4388 WerSvc - ok
11:44:09.0468 4388 WinDefend - ok
11:44:09.0653 4388 WinHttpAutoProxySvc - ok
11:44:10.0214 4388 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
11:44:10.0506 4388 Winmgmt - ok
11:44:11.0177 4388 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
11:44:11.0446 4388 WinRM - ok
11:44:13.0354 4388 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
11:44:13.0359 4388 Wlansvc - ok
11:44:14.0334 4388 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:44:14.0349 4388 wlidsvc - ok
11:44:15.0914 4388 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:44:15.0915 4388 WmiAcpi - ok
11:44:16.0413 4388 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
11:44:16.0414 4388 wmiApSrv - ok
11:44:16.0541 4388 WMPNetworkSvc - ok
11:44:16.0851 4388 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
11:44:16.0853 4388 WPCSvc - ok
11:44:17.0263 4388 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
11:44:17.0265 4388 WPDBusEnum - ok
11:44:17.0573 4388 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
11:44:17.0575 4388 WpdUsb - ok
11:44:20.0435 4388 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:44:20.0451 4388 WPFFontCache_v0400 - ok
11:44:20.0646 4388 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
11:44:20.0688 4388 ws2ifsl - ok
11:44:21.0365 4388 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
11:44:21.0367 4388 wscsvc - ok
11:44:21.0371 4388 WSearch - ok
11:44:35.0046 4388 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:44:35.0060 4388 wuauserv - ok
11:44:38.0097 4388 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:44:38.0297 4388 WUDFRd - ok
11:44:39.0278 4388 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
11:44:39.0280 4388 wudfsvc - ok
11:44:39.0858 4388 X6va005 - ok
11:44:44.0676 4388 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
11:44:44.0814 4388 xnacc - ok
11:44:45.0103 4388 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
11:44:45.0120 4388 xusb21 - ok
11:44:45.0395 4388 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
11:44:53.0411 4388 \Device\Harddisk1\DR1 - ok
11:44:53.0417 4388 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:44:53.0422 4388 \Device\Harddisk0\DR0 - ok
11:44:53.0495 4388 Boot (0x1200) (29f30db67b54a90016b62083452db232) \Device\Harddisk1\DR1\Partition0
11:44:53.0501 4388 \Device\Harddisk1\DR1\Partition0 - ok
11:44:53.0520 4388 Boot (0x1200) (85a24c38a6587e41eaf012838dcc79a5) \Device\Harddisk0\DR0\Partition0
11:44:53.0523 4388 \Device\Harddisk0\DR0\Partition0 - ok
11:44:53.0524 4388 ============================================================
11:44:53.0524 4388 Scan finished
11:44:53.0524 4388 ============================================================
11:44:53.0547 1440 Detected object count: 0
11:44:53.0547 1440 Actual detected object count: 0

#10 BobConner

BobConner
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 13 July 2012 - 11:24 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-13 11:49:08
-----------------------------
11:49:08.139 OS Version: Windows x64 6.0.6002 Service Pack 2
11:49:08.139 Number of processors: 4 586 0x402
11:49:08.140 ComputerName: BOBCONNER-PC UserName:
11:49:14.710 Initialize success
11:50:27.935 AVAST engine defs: 12071300
11:50:43.043 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4
11:50:43.047 Disk 0 Vendor: WDC_WD360ADFD-00NLR5 21.07QR5 Size: 35304MB BusType: 3
11:50:43.052 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-6
11:50:43.057 Disk 1 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476940MB BusType: 3
11:50:43.132 Disk 1 MBR read successfully
11:50:43.138 Disk 1 MBR scan
11:50:43.147 Disk 1 Windows VISTA default MBR code
11:50:43.225 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
11:50:43.379 Disk 1 scanning C:\Windows\system32\drivers
11:51:07.287 Service scanning
11:51:48.056 Modules scanning
11:51:48.060 Disk 1 trace - called modules:
11:51:48.083 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
11:51:48.414 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004b98790]
11:51:48.417 3 CLASSPNP.SYS[fffffa6000fcdc33] -> nt!IofCallDriver -> [0xfffffa8004943780]
11:51:48.420 5 acpi.sys[fffffa60008f9fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-6[0xfffffa8004937760]
11:51:53.091 AVAST engine scan C:\Windows
11:52:01.348 AVAST engine scan C:\Windows\system32
11:57:53.668 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
11:58:01.074 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
12:02:10.754 AVAST engine scan C:\Windows\system32\drivers
12:02:45.839 AVAST engine scan C:\Users\Administrator
12:13:27.344 AVAST engine scan C:\ProgramData
12:14:28.196 Scan finished successfully
12:23:11.831 Disk 1 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
12:23:11.836 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 13 July 2012 - 12:50 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 BobConner

BobConner
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 13 July 2012 - 02:28 PM

I tried both the installation dvd and the advanced boot options. Neither had the option anywhere to repair windows. When i tried with the dvd the the first screen asked for the language then it asked for the activation code. On the next screen it gave me the option of which hardrive i wanted to install windows on and gave the option to load driver, delete, new, or format my selection instead of installing windows vista. When i tried the advanced boot options it gave the following options safe mode, safe mode with networking, safe mode with command prompt, enable bootlogging, enable low resoluttion video, last known good configuration, directory services restore mode, debugging mode, disable automatic restart on system failure, disable driver signature enforcement, or start windows normally. So i do not know what to pick, since there are no repair options in either method

#13 BobConner

BobConner
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 13 July 2012 - 02:46 PM

I watched a video of someone else using the dvd to enter the repair menu and ithe window tht popped up with the option to install or repair in the video never showed up when i tried. It went directly to the part where it asks for your keyboard and language preferences. It has a bar at the bottom of the screen that says 1. Collecting info 2. Installing windows. I think i had used this dvd years ago and saw the option to repair but do not know how to get there anymore

If i select the drive windows is currently installed on then it says that it contains windows and says that all of that information will be moved to a folder named windows.old and will not be usable.

Edited by BobConner, 13 July 2012 - 02:51 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:08 PM

Posted 15 July 2012 - 11:16 PM

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 BobConner

BobConner
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 16 July 2012 - 11:39 AM

OTL logfile created on: 7/16/2012 12:25:03 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Administrator\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 62.60% Memory free
8.17 Gb Paging File | 6.32 Gb Available in Paging File | 77.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 228.16 Gb Free Space | 48.99% Space Free | Partition Type: NTFS
Drive D: | 34.47 Gb Total Space | 19.94 Gb Free Space | 57.84% Space Free | Partition Type: NTFS

Computer Name: BOBCONNER-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Administrator\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - D:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - D:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - D:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - D:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AVGIDSAgent) -- D:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avgwd) -- D:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (TomTomHOMEService) -- D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\DRIVERS\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (AODDriver4.01) -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdLH6.sys (Advanced Micro Devices)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\DRIVERS\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\DRIVERS\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\DRIVERS\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (MRV6X64P) -- C:\Windows\SysNative\DRIVERS\MRVW13C.sys (Marvell Semiconductor, Inc)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3334154755-1170260570-1945295091-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3334154755-1170260570-1945295091-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 82 9A 38 78 4D CD 01 [binary data]
IE - HKU\S-1-5-21-3334154755-1170260570-1945295091-500\..\SearchScopes,DefaultScope = {213DE5F1-1D9E-4BDC-9395-DA5D76A04DF8}
IE - HKU\S-1-5-21-3334154755-1170260570-1945295091-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3334154755-1170260570-1945295091-500\..\SearchScopes\{213DE5F1-1D9E-4BDC-9395-DA5D76A04DF8}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7GGHP_enUS455
IE - HKU\S-1-5-21-3334154755-1170260570-1945295091-500\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={6ECD3B74-A55C-4CFF-9280-E82BCFF01834}&mid=9b9023dc33ec47d18ce9d15267d690b4-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&pr=fr&d=2011-10-24 17:00:23&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3334154755-1170260570-1945295091-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3334154755-1170260570-1945295091-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1253879194&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: D:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/06 20:18:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: D:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 09:00:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 19:20:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/25 17:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2011/12/25 17:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/05/26 16:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\uc4m559i.default\extensions
[2012/05/26 16:54:35 | 000,000,000 | ---D | M] (Roomy Bookmarks Toolbar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\uc4m559i.default\extensions\ALone-live@ya.ru
[2012/07/02 09:00:12 | 000,000,000 | ---D | M] (AVG Do Not Track) -- D:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK

O1 HOSTS File: ([2012/07/12 11:30:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - D:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - D:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3334154755-1170260570-1945295091-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] D:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3334154755-1170260570-1945295091-500..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3334154755-1170260570-1945295091-500..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3334154755-1170260570-1945295091-500..\Run: [TomTomHOME.exe] D:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3334154755-1170260570-1945295091-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3334154755-1170260570-1945295091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3334154755-1170260570-1945295091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - D:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - D:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBF0F3C9-93A9-4C58-AC00-B807C6694322}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O29:64bit: - HKLM SecurityProviders - (EdxedboPjepm.dll) - File not found
O29 - HKLM SecurityProviders - (EdxedboPjepm.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1fcdda26-fdcf-11e0-8f61-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1fcdda26-fdcf-11e0-8f61-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (D:\PROGRA~1\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/14 13:15:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/14 13:15:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/13 11:45:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/13 11:45:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/13 11:45:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/13 11:45:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/13 11:45:53 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/13 11:45:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/13 11:45:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/13 11:45:51 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/13 11:45:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/13 11:45:50 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/13 11:45:49 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/12 18:03:05 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/07/12 13:27:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/12 11:25:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/12 11:25:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2012/07/12 11:07:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/12 11:07:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/12 11:07:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/12 11:07:48 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/12 11:07:37 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/12 11:03:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/12 10:58:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/10 20:56:02 | 008,116,368 | ---- | C] (SurfRight B.V.) -- C:\Users\Administrator\Desktop\HitmanPro36_x64.exe
[2012/07/10 15:05:23 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/10 15:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/09 12:21:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/06 20:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/05 11:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/07/05 11:24:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/07/05 11:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/07/01 19:20:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls
[2012/07/01 19:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012/07/01 19:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2012/07/01 19:08:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2012/07/01 14:06:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CrashRpt
[2012/07/01 14:06:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Arktos
[2012/07/01 14:06:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Arktos
[2012/06/30 20:38:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2012/06/30 20:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2012/06/24 16:10:28 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/24 16:10:28 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/24 16:10:28 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/24 16:09:59 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/24 16:09:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012/06/24 16:09:59 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/24 16:09:59 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012/06/24 16:09:59 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/24 16:09:59 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012/06/24 16:09:24 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/24 16:09:24 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012/06/24 16:09:24 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/24 16:09:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012/06/19 17:56:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Chromium
[2012/06/19 17:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012/06/19 17:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Payne 3
[2012/06/19 17:34:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Rockstar Games
[2012/06/19 15:24:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black_Box
[2012/06/17 17:30:40 | 000,000,000 | RH-D | C] -- C:\Users\Administrator\AppData\Roaming\SecuROM
[2012/06/17 16:40:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/16 12:27:40 | 101,562,085 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/16 12:21:44 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/16 12:21:41 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/16 12:21:35 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/16 12:21:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/13 21:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/13 21:37:03 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/13 21:13:13 | 000,006,656 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/13 16:06:10 | 000,255,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/13 12:23:11 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/07/12 18:53:55 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/12 18:53:55 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/12 15:51:49 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 11:30:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/12 10:35:48 | 000,000,680 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2012/07/11 19:30:26 | 000,003,026 | ---- | M] () -- C:\Users\Administrator\Desktop\attach.zip
[2012/07/11 15:33:07 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2012/07/09 16:58:41 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/07/09 16:58:41 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/09 13:06:36 | 000,756,378 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/09 13:06:36 | 000,640,636 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/09 13:06:36 | 000,118,888 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/08 16:45:51 | 000,298,016 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/07/07 12:01:26 | 000,750,948 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/05 12:28:53 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/04 20:04:10 | 003,130,440 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/07/04 18:55:40 | 000,000,222 | ---- | M] () -- C:\Users\Administrator\Desktop\Blacklight Retribution.url
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/02 20:04:37 | 000,486,340 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/01 19:30:41 | 000,000,219 | ---- | M] () -- C:\Users\Administrator\Desktop\Team Fortress 2.url
[2012/06/30 15:28:12 | 000,000,221 | ---- | M] () -- C:\Users\Administrator\Desktop\Tribes Ascend.url
[2012/06/28 18:10:21 | 000,000,666 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/06/19 17:34:33 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\Max Payne 3.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/13 12:23:11 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/07/12 15:51:49 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 11:07:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/12 11:07:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/12 11:07:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/12 11:07:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/12 11:07:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/12 10:31:41 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{9705df24-18aa-f1cf-6e4a-a747e5067baf}\U\00000008.@
[2012/07/11 19:30:26 | 000,003,026 | ---- | C] () -- C:\Users\Administrator\Desktop\attach.zip
[2012/07/11 15:33:07 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2012/07/10 16:17:32 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{9705df24-18aa-f1cf-6e4a-a747e5067baf}\U\80000064.@
[2012/07/10 15:56:13 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{9705df24-18aa-f1cf-6e4a-a747e5067baf}\U\80000000.@
[2012/07/10 15:51:58 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{9705df24-18aa-f1cf-6e4a-a747e5067baf}\U\00000004.@
[2012/07/09 12:11:20 | 000,095,744 | ---- | C] () -- C:\Windows\Installer\{9705df24-18aa-f1cf-6e4a-a747e5067baf}\U\80000032.@
[2012/07/09 12:11:19 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{9705df24-18aa-f1cf-6e4a-a747e5067baf}\L\00000004.@
[2012/07/09 12:11:01 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{9705df24-18aa-f1cf-6e4a-a747e5067baf}\U\000000cb.@
[2012/07/05 12:18:44 | 000,750,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/05 12:15:26 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/05 12:15:26 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/07/05 12:15:12 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/05 12:15:11 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/07/04 18:55:40 | 000,000,222 | ---- | C] () -- C:\Users\Administrator\Desktop\Blacklight Retribution.url
[2012/07/01 19:30:41 | 000,000,219 | ---- | C] () -- C:\Users\Administrator\Desktop\Team Fortress 2.url
[2012/06/30 15:28:12 | 000,000,221 | ---- | C] () -- C:\Users\Administrator\Desktop\Tribes Ascend.url
[2012/06/19 17:34:33 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\Max Payne 3.lnk
[2012/04/06 10:09:15 | 000,103,056 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/10 16:35:27 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{9705df24-18aa-f1cf-6e4a-a747e5067baf}\@
[2012/01/10 16:35:27 | 000,002,048 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\{9705df24-18aa-f1cf-6e4a-a747e5067baf}\@
[2011/12/07 20:52:56 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/25 16:59:28 | 000,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2011/10/24 17:06:49 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011/10/24 17:06:12 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/10/24 17:05:34 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011/10/24 16:52:10 | 000,006,656 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/23 20:23:28 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011/10/23 18:13:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/23 17:59:22 | 000,000,552 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d8caps.dat
[2011/10/23 17:51:04 | 000,000,732 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users