Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 x64 infected with Rootkit.0access , Adware.GameVance


  • This topic is locked This topic is locked
38 replies to this topic

#1 Belouve

Belouve

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 11 July 2012 - 07:57 PM

A Windows 7 Machine, 64-bit, was given to me to clean (relatives laptop)

MalwareBytes was installed and QuickScan detected Rootkit.0access , Adware.GameVance , and Trojan.Dropper.BCMiner
All items were quarantined and removed. Further MBAM scans do detect something, but the scanning program freezes up.

Windows Firewall is not at its recommended settings (likely disabled), and is unable to have its settings set to the recommended. Trying to alter Firewall settings fails.

I will continue to look over the machine, but have used this forum for previous cleaning, with success. Logs and information are as follows, only DDS.txt is below, and Attach is attached. As it is an x64 system, GMER is inapplicable.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Cushin at 19:38:53 on 2012-07-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1053 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Users\Cushin\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Users\Cushin\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\32788R22FWJFW\License\iexplore.exe
C:\32788R22FWJFW\License\iexplore.exe
C:\32788R22FWJFW\License\iexplore.exe
C:\Windows\system32\conhost.exe
C:\32788R22FWJFW\License\iexplore.exe
C:\32788R22FWJFW\License\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\32788R22FWJFW\pev.3XE
C:\32788R22FWJFW\sed.3XE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
c:\program files (x86)\real\realplayer\update\realsched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
mURLSearchHooks: H - No File
mURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\ToolBar\searchqudtx.dll
BHO: Fantapper.IEPlugin.SamplePlugin: {a12c7d2d-9a4c-4c9a-9bd4-cc4815b28ebc} - mscoree.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\ToolBar\searchqudtx.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk
uRun: [Google Update] "C:\Users\Cushin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Cushin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
IE: {eeec7d2d-9a4c-4c9a-9bd4-cc4815b28eee} - {456c7d2d-9a4c-4c9a-9bd4-cc4815b28456} - mscoree.dll
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{03E2D4D8-4331-4BF1-807E-B2127DD99B44} : NameServer = 4.2.2.2,4.2.2.3
TCP: Interfaces\{2A907A11-940D-4C2F-BAD7-A1C33153ADAE} : NameServer = 4.2.2.2,4.2.2.3
TCP: Interfaces\{2A907A11-940D-4C2F-BAD7-A1C33153ADAE} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2A907A11-940D-4C2F-BAD7-A1C33153ADAE}\34964797F58416C6C6 : DhcpNameServer = 207.230.202.28 207.230.192.254
TCP: Interfaces\{2A907A11-940D-4C2F-BAD7-A1C33153ADAE}\7457563747D28403C403342503E4 : NameServer = 4.2.2.2,4.2.2.3
TCP: Interfaces\{2A907A11-940D-4C2F-BAD7-A1C33153ADAE}\7457563747D28403C403342503E4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2A907A11-940D-4C2F-BAD7-A1C33153ADAE}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{D00258B3-A2C7-47A2-8474-C28D596F29C2} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
LSA: Notification Packages = DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: Fantapper.IEPlugin.SamplePlugin: {A12C7D2D-9A4C-4c9a-9BD4-CC4815B28EBC} - mscoree.dll
BHO-X64: UrlHelper Class: {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Client\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\ToolBar\searchqudtx.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
AppInit_DLLs-X64: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cushin\AppData\Roaming\Mozilla\Firefox\Profiles\6gxu2ohv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff9.dll
FF - component: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\components\dpffcli.dll
FF - component: C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_4_3\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\Cushin\AppData\Roaming\Mozilla\Firefox\Profiles\6gxu2ohv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - component: C:\Users\Cushin\AppData\Roaming\Mozilla\Firefox\Profiles\6gxu2ohv.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency.dll
FF - component: C:\Users\Cushin\AppData\Roaming\Mozilla\Firefox\Profiles\6gxu2ohv.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.5.dll
FF - component: C:\Users\Cushin\AppData\Roaming\Mozilla\Firefox\Profiles\6gxu2ohv.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components\dtTransparency3.6.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Cushin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Cushin\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-27 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-10 654408]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vmwvusb;VMware View Generic USB Driver;C:\Windows\system32\Drivers\vmwvusb.sys --> C:\Windows\system32\Drivers\vmwvusb.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2011/01/27 00:55:30;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2011-1-27 245232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-13 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-3-13 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-9 129976]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-11 00:13:32 -------- d-----w- C:\Users\Cushin\AppData\Roaming\Malwarebytes
2012-07-11 00:12:53 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-11 00:12:52 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-11 00:12:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-10 18:27:20 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-09 18:09:24 -------- d-----w- C:\Users\Cushin\AppData\Roaming\Tific
2012-07-09 18:09:09 -------- d-----w- C:\Users\Cushin\AppData\Local\Symantec
2012-07-09 15:36:02 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-09 15:36:02 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-09 15:13:04 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-06 20:26:30 48240 ----a-w- C:\Windows\System32\drivers\vmwvusb.sys
2012-07-06 20:25:59 -------- d-----w- C:\Users\Cushin\AppData\Local\VMware
2012-07-06 20:25:41 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2012-07-06 20:25:33 -------- d-----w- C:\Program Files\VMware
2012-06-21 08:50:25 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 08:49:59 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 08:48:57 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 08:48:57 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-20 02:42:17 -------- d-----w- C:\Users\Cushin\AppData\Local\{F8C62712-12BC-4804-B8D6-EDB270BE3EEE}
2012-06-13 11:50:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 11:50:27 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 11:50:27 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 11:50:17 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 11:50:14 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 11:50:04 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 11:50:01 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 11:50:00 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 11:49:51 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 11:49:48 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 11:49:47 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 11:49:38 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 11:49:38 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 11:49:38 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 11:49:38 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 11:49:38 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 11:49:38 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2012-06-05 23:26:06 14672 ----a-w- C:\Users\Cushin\~WRD0695.tmp
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-08 14:52:30 14411 ---h--w- C:\Users\Cushin\~WRL0003.tmp
2012-04-19 09:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
.
============= FINISH: 19:45:31.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:50 PM

Posted 12 July 2012 - 01:18 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Belouve

Belouve
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 12 July 2012 - 05:34 PM

SecurityCheck ran, ComboFix would hang on Output Folder C:\32788... each time. Let run for about an hour in regular Windows and in Safe Mode.

A few noted things:
Firefox wants the homepage to be http://www.searchqu.com/406
Firefox has an addon (I disabled, could not remove) of Play Pickle TextLinks
Graphical look seems dead, white. Taskbar is white, and Windows welcome screen is white background. No blue glass for effects. Desktop wallpaper is still there. Could be that Aero broke.
Webpages, even this one, now seem to be missing a lot of the images or upscale graphics (my user avatar does not display, and there are no longer any shading effects to the boxes. With the exception of a few icons, colors are white, black, and blue for text or box outlines.)

Log for SecurityCheck is as follows. There was no output from ComboFix, it did not successfully complete.

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus Free Edition 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:50 PM

Posted 12 July 2012 - 09:48 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Belouve

Belouve
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 13 July 2012 - 10:43 AM

Here is TDSSKiller Log. Will post aswMBR log soon, stand by...

09:52:40.0155 1372 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
09:52:40.0604 1372 ============================================================
09:52:40.0604 1372 Current date / time: 2012/07/13 09:52:40.0604
09:52:40.0604 1372 SystemInfo:
09:52:40.0604 1372
09:52:40.0604 1372 OS Version: 6.1.7601 ServicePack: 1.0
09:52:40.0604 1372 Product type: Workstation
09:52:40.0605 1372 ComputerName: CUSHIN-HP
09:52:40.0605 1372 UserName: Cushin
09:52:40.0605 1372 Windows directory: C:\Windows
09:52:40.0605 1372 System windows directory: C:\Windows
09:52:40.0605 1372 Running under WOW64
09:52:40.0605 1372 Processor architecture: Intel x64
09:52:40.0605 1372 Number of processors: 3
09:52:40.0605 1372 Page size: 0x1000
09:52:40.0605 1372 Boot type: Normal boot
09:52:40.0605 1372 ============================================================
09:52:46.0852 1372 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:52:46.0932 1372 ============================================================
09:52:46.0932 1372 \Device\Harddisk0\DR0:
09:52:46.0980 1372 MBR partitions:
09:52:46.0980 1372 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
09:52:46.0980 1372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3750F000
09:52:46.0980 1372 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x37573000, BlocksNum 0x2DDF000
09:52:46.0980 1372 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
09:52:46.0980 1372 ============================================================
09:52:47.0206 1372 C: <-> \Device\Harddisk0\DR0\Partition1
09:52:47.0800 1372 D: <-> \Device\Harddisk0\DR0\Partition2
09:52:47.0809 1372 F: <-> \Device\Harddisk0\DR0\Partition3
09:52:47.0809 1372 ============================================================
09:52:47.0809 1372 Initialize success
09:52:47.0809 1372 ============================================================
09:53:01.0094 5872 ============================================================
09:53:01.0094 5872 Scan started
09:53:01.0094 5872 Mode: Manual; SigCheck; TDLFS;
09:53:01.0094 5872 ============================================================
09:53:05.0254 5872 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:53:05.0698 5872 1394ohci - ok
09:53:05.0993 5872 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
09:53:06.0089 5872 Accelerometer - ok
09:53:06.0787 5872 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:53:06.0824 5872 ACPI - ok
09:53:06.0992 5872 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:53:07.0634 5872 AcpiPmi - ok
09:53:08.0793 5872 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:53:08.0967 5872 adp94xx - ok
09:53:09.0235 5872 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:53:09.0423 5872 adpahci - ok
09:53:09.0974 5872 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:53:10.0110 5872 adpu320 - ok
09:53:10.0442 5872 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:53:12.0501 5872 AeLookupSvc - ok
09:53:13.0013 5872 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
09:53:13.0052 5872 AESTFilters - ok
09:53:13.0877 5872 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:53:13.0967 5872 AFD - ok
09:53:14.0362 5872 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:53:14.0423 5872 agp440 - ok
09:53:14.0960 5872 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:53:15.0100 5872 ALG - ok
09:53:15.0199 5872 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:53:15.0256 5872 aliide - ok
09:53:15.0747 5872 AMD External Events Utility (09fcd2c758f1ad3df931ab9d944fe348) C:\Windows\system32\atiesrxx.exe
09:53:15.0789 5872 AMD External Events Utility - ok
09:53:15.0891 5872 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:53:15.0998 5872 amdide - ok
09:53:16.0235 5872 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:53:16.0502 5872 AmdK8 - ok
09:53:33.0117 5872 amdkmdag (2e76d0a912ab09ca5586ab23e466a25f) C:\Windows\system32\DRIVERS\atikmdag.sys
09:53:33.0835 5872 amdkmdag - ok
09:53:36.0291 5872 amdkmdap (dd3c0c1b62da0736482501c4bcdcd1f8) C:\Windows\system32\DRIVERS\atikmpag.sys
09:53:36.0393 5872 amdkmdap - ok
09:53:36.0572 5872 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:53:36.0592 5872 AmdPPM - ok
09:53:37.0308 5872 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:53:37.0601 5872 amdsata - ok
09:53:38.0807 5872 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:53:39.0051 5872 amdsbs - ok
09:53:39.0285 5872 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:53:39.0313 5872 amdxata - ok
09:53:39.0757 5872 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:53:39.0928 5872 AppID - ok
09:53:40.0086 5872 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:53:40.0218 5872 AppIDSvc - ok
09:53:40.0645 5872 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:53:40.0754 5872 Appinfo - ok
09:53:41.0288 5872 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:53:41.0323 5872 Apple Mobile Device - ok
09:53:41.0954 5872 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:53:42.0075 5872 arc - ok
09:53:42.0837 5872 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:53:42.0953 5872 arcsas - ok
09:53:43.0062 5872 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:53:43.0144 5872 AsyncMac - ok
09:53:43.0301 5872 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:53:43.0330 5872 atapi - ok
09:53:46.0305 5872 athr (b4421d8cdadc441f76ba39532a3e3414) C:\Windows\system32\DRIVERS\athrx.sys
09:53:46.0471 5872 athr - ok
09:53:46.0798 5872 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
09:53:46.0844 5872 AtiHdmiService - ok
09:53:46.0967 5872 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
09:53:46.0990 5872 AtiPcie - ok
09:53:47.0450 5872 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:53:47.0603 5872 AudioEndpointBuilder - ok
09:53:47.0615 5872 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:53:47.0662 5872 AudioSrv - ok
09:53:49.0725 5872 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
09:53:49.0920 5872 AVGIDSAgent - ok
09:53:50.0380 5872 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
09:53:50.0409 5872 AVGIDSDriver - ok
09:53:50.0568 5872 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
09:53:50.0593 5872 AVGIDSFilter - ok
09:53:50.0732 5872 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
09:53:50.0760 5872 AVGIDSHA - ok
09:53:50.0988 5872 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
09:53:51.0041 5872 Avgldx64 - ok
09:53:51.0094 5872 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
09:53:51.0125 5872 Avgmfx64 - ok
09:53:51.0336 5872 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
09:53:51.0361 5872 Avgrkx64 - ok
09:53:51.0574 5872 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
09:53:51.0710 5872 Avgtdia - ok
09:53:52.0329 5872 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
09:53:52.0362 5872 avgwd - ok
09:53:52.0710 5872 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:53:52.0842 5872 AxInstSV - ok
09:53:53.0262 5872 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:53:53.0522 5872 b06bdrv - ok
09:53:53.0949 5872 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:53:54.0142 5872 b57nd60a - ok
09:53:54.0653 5872 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:53:54.0822 5872 BDESVC - ok
09:53:54.0972 5872 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:53:55.0074 5872 Beep - ok
09:53:55.0933 5872 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
09:53:56.0017 5872 BFE - ok
09:53:56.0537 5872 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
09:53:56.0660 5872 BITS - ok
09:53:56.0910 5872 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:53:57.0064 5872 blbdrive - ok
09:53:57.0821 5872 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
09:53:57.0855 5872 Bonjour Service - ok
09:53:57.0991 5872 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:53:58.0049 5872 bowser - ok
09:53:58.0229 5872 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:53:58.0431 5872 BrFiltLo - ok
09:53:58.0468 5872 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:53:58.0507 5872 BrFiltUp - ok
09:53:58.0897 5872 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:53:59.0006 5872 BridgeMP - ok
09:53:59.0066 5872 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:53:59.0185 5872 Browser - ok
09:53:59.0342 5872 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:53:59.0444 5872 Brserid - ok
09:53:59.0478 5872 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:53:59.0542 5872 BrSerWdm - ok
09:53:59.0584 5872 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:53:59.0630 5872 BrUsbMdm - ok
09:53:59.0752 5872 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:53:59.0852 5872 BrUsbSer - ok
09:53:59.0923 5872 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:53:59.0995 5872 BTHMODEM - ok
09:54:00.0079 5872 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:54:00.0206 5872 bthserv - ok
09:54:00.0258 5872 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:54:00.0362 5872 cdfs - ok
09:54:00.0565 5872 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
09:54:00.0626 5872 cdrom - ok
09:54:00.0753 5872 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:54:00.0891 5872 CertPropSvc - ok
09:54:01.0047 5872 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:54:01.0139 5872 circlass - ok
09:54:01.0300 5872 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:54:01.0340 5872 CLFS - ok
09:54:01.0604 5872 CLKMSVC10_C6F09094 (dede5ec7dc09d840d5d74e06ff4de127) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
09:54:01.0632 5872 CLKMSVC10_C6F09094 - ok
09:54:01.0853 5872 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:54:02.0010 5872 clr_optimization_v2.0.50727_32 - ok
09:54:02.0234 5872 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:54:02.0296 5872 clr_optimization_v2.0.50727_64 - ok
09:54:02.0560 5872 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:54:02.0650 5872 clr_optimization_v4.0.30319_32 - ok
09:54:02.0789 5872 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:54:02.0811 5872 clr_optimization_v4.0.30319_64 - ok
09:54:02.0934 5872 clwvd (d68d9f4d53010b7e84d4e80a2e485554) C:\Windows\system32\DRIVERS\clwvd.sys
09:54:02.0971 5872 clwvd - ok
09:54:03.0180 5872 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:54:03.0279 5872 CmBatt - ok
09:54:03.0350 5872 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:54:03.0399 5872 cmdide - ok
09:54:03.0551 5872 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
09:54:03.0595 5872 CNG - ok
09:54:03.0655 5872 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:54:03.0684 5872 Compbatt - ok
09:54:03.0779 5872 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:54:03.0827 5872 CompositeBus - ok
09:54:03.0837 5872 COMSysApp - ok
09:54:03.0884 5872 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:54:03.0925 5872 crcdisk - ok
09:54:04.0046 5872 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
09:54:04.0086 5872 CryptSvc - ok
09:54:04.0382 5872 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
09:54:04.0412 5872 cvhsvc - ok
09:54:04.0806 5872 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:54:04.0897 5872 DcomLaunch - ok
09:54:04.0986 5872 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:54:05.0098 5872 defragsvc - ok
09:54:05.0258 5872 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:54:05.0334 5872 DfsC - ok
09:54:05.0558 5872 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:54:05.0616 5872 Dhcp - ok
09:54:05.0846 5872 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:54:05.0940 5872 discache - ok
09:54:06.0046 5872 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:54:06.0075 5872 Disk - ok
09:54:06.0488 5872 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:54:06.0543 5872 Dnscache - ok
09:54:06.0968 5872 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:54:07.0144 5872 dot3svc - ok
09:54:07.0498 5872 DpHost (eac9d9868d37c8785d12475a9bb65a11) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
09:54:07.0524 5872 DpHost - ok
09:54:07.0617 5872 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:54:07.0794 5872 DPS - ok
09:54:07.0947 5872 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:54:08.0050 5872 drmkaud - ok
09:54:08.0495 5872 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:54:08.0535 5872 DXGKrnl - ok
09:54:08.0617 5872 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:54:08.0684 5872 EapHost - ok
09:54:09.0674 5872 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:54:09.0847 5872 ebdrv - ok
09:54:10.0467 5872 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:54:10.0500 5872 EFS - ok
09:54:10.0800 5872 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:54:10.0932 5872 ehRecvr - ok
09:54:11.0005 5872 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:54:11.0060 5872 ehSched - ok
09:54:11.0610 5872 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:54:11.0697 5872 elxstor - ok
09:54:11.0779 5872 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:54:11.0864 5872 ErrDev - ok
09:54:11.0988 5872 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:54:12.0085 5872 EventSystem - ok
09:54:12.0412 5872 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:54:12.0510 5872 exfat - ok
09:54:12.0658 5872 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:54:12.0755 5872 fastfat - ok
09:54:12.0897 5872 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:54:12.0948 5872 Fax - ok
09:54:13.0000 5872 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:54:13.0059 5872 fdc - ok
09:54:13.0108 5872 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:54:13.0193 5872 fdPHost - ok
09:54:13.0374 5872 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:54:13.0471 5872 FDResPub - ok
09:54:13.0503 5872 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:54:13.0517 5872 FileInfo - ok
09:54:13.0549 5872 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:54:13.0675 5872 Filetrace - ok
09:54:13.0758 5872 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:54:13.0813 5872 flpydisk - ok
09:54:13.0926 5872 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:54:13.0963 5872 FltMgr - ok
09:54:14.0575 5872 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
09:54:14.0682 5872 FontCache - ok
09:54:14.0950 5872 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:54:14.0997 5872 FontCache3.0.0.0 - ok
09:54:15.0246 5872 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:54:15.0300 5872 FsDepends - ok
09:54:15.0521 5872 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
09:54:15.0550 5872 Fs_Rec - ok
09:54:15.0797 5872 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:54:15.0830 5872 fvevol - ok
09:54:15.0870 5872 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:54:15.0941 5872 gagp30kx - ok
09:54:16.0407 5872 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
09:54:16.0484 5872 GameConsoleService - ok
09:54:16.0563 5872 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:54:16.0602 5872 GEARAspiWDM - ok
09:54:16.0806 5872 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:54:16.0925 5872 gpsvc - ok
09:54:17.0129 5872 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:54:17.0158 5872 gupdate - ok
09:54:17.0167 5872 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:54:17.0182 5872 gupdatem - ok
09:54:17.0315 5872 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:54:17.0411 5872 gusvc - ok
09:54:17.0645 5872 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:54:17.0696 5872 hcw85cir - ok
09:54:17.0910 5872 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:54:18.0040 5872 HdAudAddService - ok
09:54:18.0308 5872 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
09:54:18.0396 5872 HDAudBus - ok
09:54:18.0649 5872 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:54:18.0736 5872 HidBatt - ok
09:54:18.0805 5872 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:54:18.0902 5872 HidBth - ok
09:54:19.0092 5872 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:54:19.0199 5872 HidIr - ok
09:54:19.0241 5872 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
09:54:19.0379 5872 hidserv - ok
09:54:19.0463 5872 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
09:54:19.0518 5872 HidUsb - ok
09:54:19.0588 5872 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:54:19.0676 5872 hkmsvc - ok
09:54:19.0925 5872 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:54:20.0018 5872 HomeGroupListener - ok
09:54:20.0260 5872 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:54:20.0307 5872 HomeGroupProvider - ok
09:54:20.0507 5872 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
09:54:20.0530 5872 HP Support Assistant Service - ok
09:54:20.0701 5872 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
09:54:20.0729 5872 HP Wireless Assistant Service - ok
09:54:20.0829 5872 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
09:54:20.0863 5872 HPClientSvc - ok
09:54:20.0946 5872 HPDrvMntSvc.exe (c958976c7daaf47084a33ebbc6e28b84) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
09:54:20.0979 5872 HPDrvMntSvc.exe - ok
09:54:21.0254 5872 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
09:54:21.0279 5872 hpdskflt - ok
09:54:21.0738 5872 hpqwmiex (09fbd4c4db2fd84b9ab1c5bfdcc95559) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
09:54:21.0772 5872 hpqwmiex - ok
09:54:21.0844 5872 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:54:21.0899 5872 HpSAMD - ok
09:54:22.0037 5872 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
09:54:22.0061 5872 hpsrv - ok
09:54:22.0225 5872 HPWMISVC (171000873eb522e5ea3dd4c4e0b689b2) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
09:54:22.0248 5872 HPWMISVC - ok
09:54:22.0575 5872 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:54:22.0657 5872 HTTP - ok
09:54:22.0692 5872 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:54:22.0721 5872 hwpolicy - ok
09:54:22.0841 5872 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
09:54:22.0881 5872 i8042prt - ok
09:54:22.0969 5872 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:54:23.0015 5872 iaStorV - ok
09:54:23.0229 5872 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:54:23.0303 5872 idsvc - ok
09:54:25.0465 5872 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:54:25.0734 5872 igfx - ok
09:54:26.0246 5872 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:54:26.0294 5872 iirsp - ok
09:54:26.0620 5872 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:54:26.0696 5872 IKEEXT - ok
09:54:26.0847 5872 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:54:26.0894 5872 intelide - ok
09:54:26.0947 5872 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:54:27.0016 5872 intelppm - ok
09:54:27.0081 5872 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:54:27.0180 5872 IPBusEnum - ok
09:54:27.0225 5872 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:54:27.0316 5872 IpFilterDriver - ok
09:54:27.0488 5872 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
09:54:27.0571 5872 iphlpsvc - ok
09:54:27.0607 5872 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:54:27.0717 5872 IPMIDRV - ok
09:54:27.0848 5872 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:54:27.0985 5872 IPNAT - ok
09:54:28.0297 5872 iPod Service (81826a13598a7feaa9e391190e9b539a) C:\Program Files\iPod\bin\iPodService.exe
09:54:28.0357 5872 iPod Service - ok
09:54:28.0490 5872 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:54:28.0690 5872 IRENUM - ok
09:54:28.0899 5872 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:54:28.0964 5872 isapnp - ok
09:54:29.0203 5872 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:54:29.0248 5872 iScsiPrt - ok
09:54:29.0420 5872 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
09:54:29.0471 5872 kbdclass - ok
09:54:29.0555 5872 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:54:29.0633 5872 kbdhid - ok
09:54:29.0772 5872 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:54:29.0802 5872 KeyIso - ok
09:54:29.0914 5872 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
09:54:29.0948 5872 KSecDD - ok
09:54:30.0084 5872 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
09:54:30.0120 5872 KSecPkg - ok
09:54:30.0185 5872 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:54:30.0278 5872 ksthunk - ok
09:54:30.0392 5872 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:54:30.0582 5872 KtmRm - ok
09:54:30.0727 5872 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
09:54:30.0816 5872 LanmanServer - ok
09:54:30.0851 5872 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:54:30.0931 5872 LanmanWorkstation - ok
09:54:31.0240 5872 LightScribeService (fcbdcc6f1801e32244235608e1277752) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
09:54:31.0250 5872 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
09:54:31.0251 5872 LightScribeService - detected UnsignedFile.Multi.Generic (1)
09:54:31.0530 5872 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:54:31.0625 5872 lltdio - ok
09:54:31.0766 5872 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:54:31.0892 5872 lltdsvc - ok
09:54:32.0029 5872 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:54:32.0088 5872 lmhosts - ok
09:54:32.0210 5872 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:54:32.0295 5872 LSI_FC - ok
09:54:32.0336 5872 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:54:32.0411 5872 LSI_SAS - ok
09:54:32.0436 5872 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:54:32.0479 5872 LSI_SAS2 - ok
09:54:32.0560 5872 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:54:32.0625 5872 LSI_SCSI - ok
09:54:32.0847 5872 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:54:32.0918 5872 luafv - ok
09:54:33.0063 5872 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
09:54:33.0095 5872 MBAMProtector - ok
09:54:33.0495 5872 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:54:33.0530 5872 MBAMService - ok
09:54:33.0843 5872 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
09:54:33.0928 5872 McComponentHostService - ok
09:54:34.0130 5872 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:54:34.0272 5872 Mcx2Svc - ok
09:54:34.0322 5872 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:54:34.0365 5872 megasas - ok
09:54:34.0781 5872 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:54:34.0878 5872 MegaSR - ok
09:54:34.0913 5872 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:54:34.0988 5872 MMCSS - ok
09:54:35.0189 5872 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:54:35.0287 5872 Modem - ok
09:54:35.0335 5872 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:54:35.0389 5872 monitor - ok
09:54:35.0484 5872 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:54:35.0525 5872 mouclass - ok
09:54:35.0548 5872 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:54:35.0585 5872 mouhid - ok
09:54:35.0808 5872 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:54:35.0835 5872 mountmgr - ok
09:54:35.0918 5872 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:54:35.0985 5872 MozillaMaintenance - ok
09:54:36.0148 5872 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:54:36.0209 5872 mpio - ok
09:54:36.0508 5872 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:54:36.0611 5872 mpsdrv - ok
09:54:36.0865 5872 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:54:36.0957 5872 MRxDAV - ok
09:54:37.0017 5872 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:54:37.0092 5872 mrxsmb - ok
09:54:37.0165 5872 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:54:37.0223 5872 mrxsmb10 - ok
09:54:37.0433 5872 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:54:37.0456 5872 mrxsmb20 - ok
09:54:37.0520 5872 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:54:37.0546 5872 msahci - ok
09:54:37.0650 5872 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:54:37.0699 5872 msdsm - ok
09:54:37.0741 5872 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:54:37.0801 5872 MSDTC - ok
09:54:37.0843 5872 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:54:37.0930 5872 Msfs - ok
09:54:38.0000 5872 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:54:38.0137 5872 mshidkmdf - ok
09:54:38.0230 5872 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:54:38.0259 5872 msisadrv - ok
09:54:38.0377 5872 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:54:38.0491 5872 MSiSCSI - ok
09:54:38.0498 5872 msiserver - ok
09:54:38.0673 5872 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:54:38.0774 5872 MSKSSRV - ok
09:54:38.0807 5872 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:54:38.0886 5872 MSPCLOCK - ok
09:54:38.0923 5872 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:54:39.0013 5872 MSPQM - ok
09:54:39.0338 5872 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:54:39.0375 5872 MsRPC - ok
09:54:39.0602 5872 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:54:39.0632 5872 mssmbios - ok
09:54:39.0676 5872 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:54:39.0778 5872 MSTEE - ok
09:54:39.0906 5872 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:54:39.0970 5872 MTConfig - ok
09:54:40.0015 5872 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:54:40.0035 5872 Mup - ok
09:54:40.0447 5872 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:54:40.0545 5872 napagent - ok
09:54:40.0641 5872 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:54:40.0720 5872 NativeWifiP - ok
09:54:41.0096 5872 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:54:41.0132 5872 NDIS - ok
09:54:41.0161 5872 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:54:41.0240 5872 NdisCap - ok
09:54:41.0368 5872 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:54:41.0457 5872 NdisTapi - ok
09:54:41.0618 5872 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:54:41.0698 5872 Ndisuio - ok
09:54:41.0737 5872 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:54:41.0832 5872 NdisWan - ok
09:54:41.0990 5872 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:54:42.0090 5872 NDProxy - ok
09:54:42.0142 5872 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:54:42.0238 5872 NetBIOS - ok
09:54:42.0330 5872 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:54:42.0392 5872 NetBT - ok
09:54:42.0607 5872 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:54:42.0628 5872 Netlogon - ok
09:54:42.0693 5872 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:54:42.0866 5872 Netman - ok
09:54:42.0989 5872 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:54:43.0089 5872 netprofm - ok
09:54:43.0436 5872 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:54:43.0498 5872 NetTcpPortSharing - ok
09:54:45.0639 5872 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
09:54:45.0897 5872 netw5v64 - ok
09:54:46.0681 5872 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:54:46.0726 5872 nfrd960 - ok
09:54:47.0027 5872 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:54:47.0108 5872 NlaSvc - ok
09:54:47.0219 5872 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:54:47.0284 5872 Npfs - ok
09:54:47.0396 5872 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:54:47.0460 5872 nsi - ok
09:54:47.0641 5872 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:54:47.0733 5872 nsiproxy - ok
09:54:48.0128 5872 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:54:48.0173 5872 Ntfs - ok
09:54:48.0720 5872 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:54:48.0814 5872 Null - ok
09:54:48.0915 5872 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:54:48.0971 5872 nvraid - ok
09:54:49.0021 5872 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:54:49.0092 5872 nvstor - ok
09:54:49.0194 5872 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:54:49.0270 5872 nv_agp - ok
09:54:49.0515 5872 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:54:49.0579 5872 ohci1394 - ok
09:54:49.0828 5872 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:54:49.0902 5872 ose - ok
09:54:52.0850 5872 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:54:53.0516 5872 osppsvc - ok
09:54:53.0926 5872 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:54:53.0985 5872 p2pimsvc - ok
09:54:54.0247 5872 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:54:54.0500 5872 p2psvc - ok
09:54:54.0743 5872 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:54:54.0819 5872 Parport - ok
09:54:54.0852 5872 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
09:54:54.0866 5872 partmgr - ok
09:54:54.0926 5872 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:54:54.0982 5872 PcaSvc - ok
09:54:55.0090 5872 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:54:55.0124 5872 pci - ok
09:54:55.0137 5872 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:54:55.0210 5872 pciide - ok
09:54:55.0386 5872 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:54:55.0449 5872 pcmcia - ok
09:54:55.0691 5872 PCPitstop Scheduling (9c6ae415ec245d7ec696ffd915b41573) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
09:54:55.0777 5872 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - warning
09:54:55.0777 5872 PCPitstop Scheduling - detected UnsignedFile.Multi.Generic (1)
09:54:55.0805 5872 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:54:55.0838 5872 pcw - ok
09:54:55.0935 5872 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:54:56.0046 5872 PEAUTH - ok
09:54:56.0503 5872 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:54:56.0576 5872 PerfHost - ok
09:54:57.0220 5872 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:54:57.0412 5872 pla - ok
09:54:57.0559 5872 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:54:57.0602 5872 PlugPlay - ok
09:54:57.0777 5872 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:54:57.0883 5872 PNRPAutoReg - ok
09:54:57.0986 5872 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:54:58.0014 5872 PNRPsvc - ok
09:54:58.0105 5872 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:54:58.0184 5872 PolicyAgent - ok
09:54:58.0414 5872 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:54:58.0554 5872 Power - ok
09:54:58.0636 5872 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:54:58.0721 5872 PptpMiniport - ok
09:54:58.0866 5872 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:54:58.0964 5872 Processor - ok
09:54:59.0020 5872 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
09:54:59.0075 5872 ProfSvc - ok
09:54:59.0266 5872 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:54:59.0294 5872 ProtectedStorage - ok
09:54:59.0366 5872 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:54:59.0436 5872 Psched - ok
09:55:00.0216 5872 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:55:00.0345 5872 ql2300 - ok
09:55:00.0924 5872 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:55:01.0070 5872 ql40xx - ok
09:55:01.0191 5872 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:55:01.0274 5872 QWAVE - ok
09:55:01.0306 5872 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:55:01.0351 5872 QWAVEdrv - ok
09:55:01.0439 5872 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:55:01.0522 5872 RasAcd - ok
09:55:01.0570 5872 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:55:01.0652 5872 RasAgileVpn - ok
09:55:01.0918 5872 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:55:02.0016 5872 RasAuto - ok
09:55:02.0504 5872 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:55:02.0700 5872 Rasl2tp - ok
09:55:02.0909 5872 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:55:02.0996 5872 RasMan - ok
09:55:03.0046 5872 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:55:03.0148 5872 RasPppoe - ok
09:55:03.0181 5872 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:55:03.0297 5872 RasSstp - ok
09:55:03.0578 5872 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:55:03.0719 5872 rdbss - ok
09:55:03.0909 5872 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:55:03.0972 5872 rdpbus - ok
09:55:04.0021 5872 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:55:04.0110 5872 RDPCDD - ok
09:55:04.0210 5872 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:55:04.0292 5872 RDPENCDD - ok
09:55:04.0334 5872 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:55:04.0404 5872 RDPREFMP - ok
09:55:04.0541 5872 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
09:55:04.0618 5872 RDPWD - ok
09:55:04.0799 5872 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:55:04.0838 5872 rdyboost - ok
09:55:05.0048 5872 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:55:05.0121 5872 RemoteAccess - ok
09:55:05.0373 5872 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:55:05.0463 5872 RemoteRegistry - ok
09:55:05.0681 5872 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
09:55:05.0698 5872 RoxioNow Service - ok
09:55:05.0909 5872 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:55:05.0972 5872 RpcEptMapper - ok
09:55:06.0036 5872 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:55:06.0108 5872 RpcLocator - ok
09:55:06.0389 5872 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:55:06.0444 5872 RpcSs - ok
09:55:06.0665 5872 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:55:06.0730 5872 rspndr - ok
09:55:06.0780 5872 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\Windows\system32\Drivers\RtsUStor.sys
09:55:06.0814 5872 RSUSBSTOR - ok
09:55:06.0912 5872 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:55:06.0944 5872 RTL8167 - ok
09:55:07.0059 5872 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:55:07.0090 5872 SamSs - ok
09:55:07.0223 5872 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:55:07.0280 5872 sbp2port - ok
09:55:07.0844 5872 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
09:55:07.0896 5872 SBSDWSCService - ok
09:55:07.0950 5872 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:55:08.0053 5872 SCardSvr - ok
09:55:08.0129 5872 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:55:08.0204 5872 scfilter - ok
09:55:08.0566 5872 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:55:08.0646 5872 Schedule - ok
09:55:08.0963 5872 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:55:09.0018 5872 SCPolicySvc - ok
09:55:09.0128 5872 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
09:55:09.0225 5872 sdbus - ok
09:55:09.0280 5872 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:55:09.0353 5872 SDRSVC - ok
09:55:09.0412 5872 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:55:09.0482 5872 secdrv - ok
09:55:09.0540 5872 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:55:09.0611 5872 seclogon - ok
09:55:09.0841 5872 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
09:55:09.0927 5872 SENS - ok
09:55:09.0951 5872 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:55:09.0985 5872 SensrSvc - ok
09:55:10.0083 5872 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:55:10.0155 5872 Serenum - ok
09:55:10.0177 5872 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:55:10.0233 5872 Serial - ok
09:55:10.0351 5872 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:55:10.0410 5872 sermouse - ok
09:55:10.0721 5872 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:55:10.0810 5872 SessionEnv - ok
09:55:10.0941 5872 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:55:11.0024 5872 sffdisk - ok
09:55:11.0044 5872 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:55:11.0090 5872 sffp_mmc - ok
09:55:11.0113 5872 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:55:11.0152 5872 sffp_sd - ok
09:55:11.0181 5872 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:55:11.0252 5872 sfloppy - ok
09:55:11.0718 5872 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
09:55:11.0784 5872 Sftfs - ok
09:55:12.0024 5872 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
09:55:12.0053 5872 sftlist - ok
09:55:12.0332 5872 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
09:55:12.0369 5872 Sftplay - ok
09:55:12.0434 5872 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
09:55:12.0459 5872 Sftredir - ok
09:55:12.0596 5872 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
09:55:12.0622 5872 Sftvol - ok
09:55:12.0882 5872 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
09:55:12.0911 5872 sftvsa - ok
09:55:13.0223 5872 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:55:13.0313 5872 ShellHWDetection - ok
09:55:13.0358 5872 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:55:13.0412 5872 SiSRaid2 - ok
09:55:13.0527 5872 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:55:13.0577 5872 SiSRaid4 - ok
09:55:13.0624 5872 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:55:13.0694 5872 Smb - ok
09:55:13.0814 5872 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:55:13.0897 5872 SNMPTRAP - ok
09:55:13.0977 5872 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:55:14.0008 5872 spldr - ok
09:55:14.0762 5872 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:55:14.0817 5872 Spooler - ok
09:55:16.0183 5872 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:55:16.0268 5872 sppsvc - ok
09:55:16.0764 5872 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:55:16.0887 5872 sppuinotify - ok
09:55:17.0361 5872 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:55:17.0411 5872 srv - ok
09:55:17.0509 5872 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:55:17.0550 5872 srv2 - ok
09:55:17.0759 5872 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:55:17.0813 5872 SrvHsfHDA - ok
09:55:18.0541 5872 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:55:18.0731 5872 SrvHsfV92 - ok
09:55:19.0795 5872 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:55:19.0907 5872 SrvHsfWinac - ok
09:55:20.0205 5872 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:55:20.0234 5872 srvnet - ok
09:55:20.0288 5872 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:55:20.0360 5872 SSDPSRV - ok
09:55:20.0597 5872 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:55:20.0670 5872 SstpSvc - ok
09:55:20.0876 5872 STacSV (b00068ba94f5f306911b14b425aaeb56) C:\Program Files\IDT\WDM\STacSV64.exe
09:55:20.0903 5872 STacSV - ok
09:55:21.0099 5872 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:55:21.0166 5872 stexstor - ok
09:55:21.0338 5872 STHDA (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
09:55:21.0386 5872 STHDA - ok
09:55:21.0705 5872 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:55:21.0849 5872 stisvc - ok
09:55:21.0888 5872 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:55:21.0915 5872 swenum - ok
09:55:22.0013 5872 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:55:22.0106 5872 swprv - ok
09:55:22.0611 5872 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
09:55:22.0714 5872 SynTP - ok
09:55:23.0312 5872 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:55:23.0434 5872 SysMain - ok
09:55:24.0179 5872 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:55:24.0245 5872 TabletInputService - ok
09:55:24.0315 5872 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:55:24.0432 5872 TapiSrv - ok
09:55:24.0596 5872 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:55:24.0672 5872 TBS - ok
09:55:26.0064 5872 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
09:55:26.0152 5872 Tcpip - ok
09:55:27.0230 5872 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
09:55:27.0303 5872 TCPIP6 - ok
09:55:27.0806 5872 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:55:27.0896 5872 tcpipreg - ok
09:55:27.0944 5872 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:55:28.0005 5872 TDPIPE - ok
09:55:28.0099 5872 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
09:55:28.0164 5872 TDTCP - ok
09:55:28.0424 5872 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:55:28.0503 5872 tdx - ok
09:55:28.0703 5872 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:55:28.0758 5872 TermDD - ok
09:55:29.0160 5872 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:55:29.0248 5872 TermService - ok
09:55:29.0515 5872 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:55:29.0569 5872 Themes - ok
09:55:29.0594 5872 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:55:29.0654 5872 THREADORDER - ok
09:55:29.0840 5872 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:55:29.0966 5872 TrkWks - ok
09:55:30.0453 5872 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:55:30.0545 5872 TrustedInstaller - ok
09:55:30.0690 5872 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:55:30.0838 5872 tssecsrv - ok
09:55:31.0022 5872 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:55:31.0093 5872 TsUsbFlt - ok
09:55:31.0320 5872 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:55:31.0389 5872 tunnel - ok
09:55:31.0717 5872 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:55:31.0787 5872 uagp35 - ok
09:55:32.0064 5872 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:55:32.0146 5872 udfs - ok
09:55:32.0368 5872 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:55:32.0438 5872 UI0Detect - ok
09:55:32.0516 5872 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:55:32.0574 5872 uliagpkx - ok
09:55:32.0628 5872 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
09:55:32.0687 5872 umbus - ok
09:55:32.0813 5872 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:55:32.0898 5872 UmPass - ok
09:55:33.0380 5872 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:55:33.0525 5872 upnphost - ok
09:55:33.0773 5872 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:55:33.0846 5872 usbccgp - ok
09:55:33.0975 5872 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:55:34.0091 5872 usbcir - ok
09:55:34.0211 5872 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
09:55:34.0300 5872 usbehci - ok
09:55:34.0414 5872 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
09:55:34.0464 5872 usbfilter - ok
09:55:34.0593 5872 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:55:34.0656 5872 usbhub - ok
09:55:34.0889 5872 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
09:55:34.0982 5872 usbohci - ok
09:55:35.0162 5872 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:55:35.0257 5872 usbprint - ok
09:55:35.0303 5872 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
09:55:35.0344 5872 USBSTOR - ok
09:55:35.0464 5872 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
09:55:35.0596 5872 usbuhci - ok
09:55:35.0893 5872 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
09:55:35.0969 5872 usbvideo - ok
09:55:36.0012 5872 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:55:36.0090 5872 UxSms - ok
09:55:36.0283 5872 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:55:36.0311 5872 VaultSvc - ok
09:55:36.0909 5872 vcsFPService (2662f24c7aee2a32cebdec907a5366f1) C:\Windows\system32\vcsFPService.exe
09:55:36.0962 5872 vcsFPService - ok
09:55:37.0362 5872 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:55:37.0391 5872 vdrvroot - ok
09:55:37.0493 5872 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:55:37.0562 5872 vds - ok
09:55:37.0714 5872 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:55:37.0767 5872 vga - ok
09:55:37.0982 5872 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:55:38.0072 5872 VgaSave - ok
09:55:38.0384 5872 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:55:38.0431 5872 vhdmp - ok
09:55:38.0450 5872 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:55:38.0503 5872 viaide - ok
09:55:38.0562 5872 vmwvusb (f9d116ef357c1026b4f6bf670541426a) C:\Windows\system32\Drivers\vmwvusb.sys
09:55:38.0607 5872 vmwvusb - ok
09:55:38.0646 5872 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:55:38.0678 5872 volmgr - ok
09:55:38.0898 5872 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:55:38.0931 5872 volmgrx - ok
09:55:38.0979 5872 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:55:39.0000 5872 volsnap - ok
09:55:39.0444 5872 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:55:39.0642 5872 vsmraid - ok
09:55:40.0082 5872 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:55:40.0361 5872 VSS - ok
09:55:41.0575 5872 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
09:55:41.0611 5872 vToolbarUpdater11.2.0 - ok
09:55:41.0888 5872 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:55:41.0949 5872 vwifibus - ok
09:55:42.0005 5872 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:55:42.0099 5872 vwififlt - ok
09:55:42.0564 5872 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:55:42.0650 5872 W32Time - ok
09:55:42.0855 5872 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:55:42.0960 5872 WacomPen - ok
09:55:43.0381 5872 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:55:43.0473 5872 WANARP - ok
09:55:43.0498 5872 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:55:43.0539 5872 Wanarpv6 - ok
09:55:43.0856 5872 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:55:44.0137 5872 WatAdminSvc - ok
09:55:44.0441 5872 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:55:44.0623 5872 wbengine - ok
09:55:44.0932 5872 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:55:44.0984 5872 WbioSrvc - ok
09:55:45.0109 5872 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:55:45.0213 5872 wcncsvc - ok
09:55:45.0470 5872 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:55:45.0563 5872 WcsPlugInService - ok
09:55:45.0670 5872 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:55:45.0711 5872 Wd - ok
09:55:45.0788 5872 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:55:45.0817 5872 Wdf01000 - ok
09:55:45.0883 5872 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:55:45.0942 5872 WdiServiceHost - ok
09:55:45.0950 5872 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:55:45.0983 5872 WdiSystemHost - ok
09:55:46.0358 5872 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:55:46.0445 5872 WebClient - ok
09:55:46.0825 5872 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:55:46.0948 5872 Wecsvc - ok
09:55:47.0190 5872 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:55:47.0296 5872 wercplsupport - ok
09:55:47.0537 5872 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:55:47.0672 5872 WerSvc - ok
09:55:47.0777 5872 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:55:47.0879 5872 WfpLwf - ok
09:55:47.0994 5872 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:55:48.0042 5872 WIMMount - ok
09:55:48.0217 5872 WinDefend - ok
09:55:48.0233 5872 WinHttpAutoProxySvc - ok
09:55:48.0612 5872 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:55:48.0687 5872 Winmgmt - ok
09:55:49.0671 5872 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:55:49.0947 5872 WinRM - ok
09:55:50.0477 5872 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
09:55:50.0535 5872 WinUSB - ok
09:55:50.0811 5872 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:55:50.0896 5872 Wlansvc - ok
09:55:52.0152 5872 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:55:52.0206 5872 wlidsvc - ok
09:55:52.0616 5872 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:55:52.0657 5872 WmiAcpi - ok
09:55:53.0257 5872 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:55:53.0370 5872 wmiApSrv - ok
09:55:53.0442 5872 WMPNetworkSvc - ok
09:55:53.0540 5872 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:55:53.0623 5872 WPCSvc - ok
09:55:53.0693 5872 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:55:53.0724 5872 WPDBusEnum - ok
09:55:53.0785 5872 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:55:53.0859 5872 ws2ifsl - ok
09:55:53.0904 5872 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
09:55:53.0942 5872 wscsvc - ok
09:55:53.0948 5872 WSearch - ok
09:55:54.0262 5872 wsnm (d50cd7e45963f42f54b045bfb22a41ef) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
09:55:54.0290 5872 wsnm - ok
09:55:54.0712 5872 wsnm_usbctrl (0872b00981a1d64abed903023d2d7f26) C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe
09:55:54.0752 5872 wsnm_usbctrl - ok
09:55:55.0802 5872 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
09:55:55.0920 5872 wuauserv - ok
09:55:56.0638 5872 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:55:56.0754 5872 WudfPf - ok
09:55:56.0793 5872 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:55:56.0865 5872 WUDFRd - ok
09:55:57.0129 5872 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:55:57.0190 5872 wudfsvc - ok
09:55:57.0580 5872 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:55:57.0670 5872 WwanSvc - ok
09:55:57.0917 5872 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
09:55:57.0949 5872 YahooAUService - ok
09:55:58.0359 5872 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
09:55:58.0437 5872 yukonw7 - ok
09:55:58.0485 5872 MBR (0x1B8) (cfe16bd7213e046ece1af93dd052aafc) \Device\Harddisk0\DR0
09:55:59.0329 5872 \Device\Harddisk0\DR0 - ok
09:55:59.0340 5872 Boot (0x1200) (5f967ab500e1fc009a0c2362d88a828f) \Device\Harddisk0\DR0\Partition0
09:55:59.0372 5872 \Device\Harddisk0\DR0\Partition0 - ok
09:55:59.0388 5872 Boot (0x1200) (2adb7a10071d584d8004d9f11c5e2bcd) \Device\Harddisk0\DR0\Partition1
09:55:59.0391 5872 \Device\Harddisk0\DR0\Partition1 - ok
09:55:59.0418 5872 Boot (0x1200) (94a6f609f3ceb90bebb1a0047c900bbc) \Device\Harddisk0\DR0\Partition2
09:55:59.0522 5872 \Device\Harddisk0\DR0\Partition2 - ok
09:55:59.0641 5872 Boot (0x1200) (76935d1ed4d210bc4505ed124b1cafdb) \Device\Harddisk0\DR0\Partition3
09:55:59.0711 5872 \Device\Harddisk0\DR0\Partition3 - ok
09:55:59.0712 5872 ============================================================
09:55:59.0712 5872 Scan finished
09:55:59.0712 5872 ============================================================
09:55:59.0740 5156 Detected object count: 2
09:55:59.0740 5156 Actual detected object count: 2
10:37:48.0706 5156 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
10:37:48.0706 5156 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:37:48.0706 5156 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - skipped by user
10:37:48.0706 5156 PCPitstop Scheduling ( UnsignedFile.Multi.Generic ) - User select action: Skip

#6 Belouve

Belouve
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 13 July 2012 - 11:22 AM

Windows still has plain white welcome screen (lock screen). Windows Explorer crashes and reloads on bootup. Previously mentioned issues still remain, though it does seem that the computer is connecting out for more updates (was unable to find updates before, either failed or said was up to date...things (Firefox, Java, Flash) are updating to the proper version now)

aswMBR log is pasted below:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-13 10:41:40
-----------------------------
10:41:40.145 OS Version: Windows x64 6.1.7601 Service Pack 1
10:41:40.145 Number of processors: 3 586 0x503
10:41:40.146 ComputerName: CUSHIN-HP UserName: Cushin
10:41:45.508 Initialize success
10:48:58.885 AVAST engine defs: 12071300
10:49:25.143 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:49:25.150 Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OCA1G Size: 476940MB BusType: 11
10:49:25.164 Disk 0 MBR read successfully
10:49:25.172 Disk 0 MBR scan
10:49:25.182 Disk 0 unknown MBR code
10:49:25.195 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
10:49:25.210 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 453150 MB offset 409600
10:49:25.240 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 23486 MB offset 928460800
10:49:25.263 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
10:49:25.301 Disk 0 scanning C:\Windows\system32\drivers
10:49:38.462 Service scanning
10:50:16.880 Modules scanning
10:50:16.903 Disk 0 trace - called modules:
10:50:16.932 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:50:16.944 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004358060]
10:50:16.954 3 CLASSPNP.SYS[fffff8800197843f] -> nt!IofCallDriver -> [0xfffffa8004357a10]
10:50:16.964 5 hpdskflt.sys[fffff8800191f189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042d1060]
10:50:19.924 AVAST engine scan C:\Windows
10:50:25.513 AVAST engine scan C:\Windows\system32
10:54:19.837 AVAST engine scan C:\Windows\system32\drivers
10:54:36.449 AVAST engine scan C:\Users\Cushin
11:17:32.442 Disk 0 MBR has been saved successfully to "C:\Users\Cushin\Desktop\Virus Cleanup\MBR.dat"
11:17:32.454 The log file has been saved successfully to "C:\Users\Cushin\Desktop\Virus Cleanup\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:50 PM

Posted 13 July 2012 - 12:48 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Belouve

Belouve
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 13 July 2012 - 03:30 PM

Here is the log files:

Scan result of Farbar Recovery Scan Tool Version: 11-07-2012
Ran by SYSTEM at 13-07-2012 14:10:06
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-09-14] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [611896 2010-08-31] ()
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-09-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-03-01] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE [1115536 2011-03-24] (Discordia, LTD)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2084 2011-09-11] ()
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1107552 2012-07-09] ()
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [273528 2011-11-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-01-15] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Cushin\...\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [3407496 2012-07-10] (Electronic Arts)
HKU\Cushin\...\Run: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2084 2011-09-11] ()
HKU\Cushin\...\Run: [Google Update] "C:\Users\Cushin\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-03-13] (Google Inc.)
HKU\Cushin\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-84UKH.exe" /REG /REGSVRMODE [711240 2012-07-13] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe, [739664 2010-09-15] (DigitalPersona, Inc.)
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
Tcpip\..\Interfaces\{03E2D4D8-4331-4BF1-807E-B2127DD99B44}: [NameServer]4.2.2.2,4.2.2.3
Tcpip\..\Interfaces\{2A907A11-940D-4C2F-BAD7-A1C33153ADAE}: [NameServer]4.2.2.2,4.2.2.3
Lsa: [Notification Packages] DPPassFilter
scecli
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Cushin\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) ======

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5106744 2012-04-30] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 CLKMSVC10_C6F09094; "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe" /svc [245232 2010-09-21] (CyberLink)
2 DpHost; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [440144 2010-09-15] (DigitalPersona, Inc.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
4 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [77312 2008-10-21] ()
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 vToolbarUpdater11.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-09] ()
2 wsnm; "C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe" -SCMStartup [494192 2011-09-07] (VMware, Inc.)
2 wsnm_usbctrl; "C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe" -SCMStartup [1125488 2011-09-07] (VMware, Inc.)

========================== Drivers (Whitelisted) =============

3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3678720 2012-06-20] (Qualcomm Atheros Communications, Inc.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 vmwvusb; C:\Windows\System32\Drivers\vmwvusb.sys [48240 2011-09-07] (VMware, Inc.)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-13 11:04 - 2012-07-13 11:04 - 00711240 ____A C:\Windows\is-84UKH.exe
2012-07-13 11:04 - 2012-07-13 11:04 - 00010550 ____A C:\Windows\is-84UKH.msg
2012-07-13 11:04 - 2012-07-13 11:04 - 00000459 ____A C:\Windows\is-84UKH.lst
2012-07-13 06:51 - 2012-07-13 06:52 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Cushin\Desktop\tdsskiller.exe
2012-07-13 06:51 - 2012-07-13 06:51 - 04731392 ____A (AVAST Software) C:\Users\Cushin\Desktop\aswMBR.exe
2012-07-13 06:50 - 2012-07-13 06:51 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Cushin\Desktop\tdsskiller.exe.part
2012-07-12 11:08 - 2012-07-12 11:08 - 04576941 ____R (Swearware) C:\Users\Cushin\Desktop\ComboFix.exe
2012-07-12 05:29 - 2012-07-12 05:29 - 00881475 ____A C:\Users\Cushin\Desktop\SecurityCheck.exe
2012-07-11 17:30 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 17:05 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 17:05 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 17:05 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 17:05 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 17:05 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 17:05 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 17:05 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 17:05 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 17:05 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 17:05 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 17:05 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 17:05 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 17:05 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 17:05 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 17:05 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 17:05 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 17:05 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 17:05 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 17:05 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 17:05 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 17:05 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 17:05 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 17:05 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 17:05 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 17:04 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 17:04 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 17:04 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 17:04 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 17:02 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-11 17:02 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-07-11 16:51 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 16:51 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 16:51 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 16:51 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 16:51 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 16:51 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 16:51 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 16:51 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 16:51 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 16:51 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 16:51 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 16:51 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 16:51 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 16:51 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 16:51 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 16:51 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 16:51 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-11 16:50 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 16:50 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 16:37 - 2012-07-11 16:37 - 00607260 ____R (Swearware) C:\Users\Cushin\Desktop\dds.scr
2012-07-11 09:42 - 2012-07-12 14:27 - 00000000 ___SD C:\32788R22FWJFW
2012-07-11 09:42 - 2012-07-11 09:42 - 00000000 ____D C:\Windows\erdnt
2012-07-11 09:42 - 2012-07-11 09:42 - 00000000 ____D C:\Qoobox
2012-07-10 16:52 - 2012-07-13 08:17 - 00000000 ____D C:\Users\Cushin\Desktop\Virus Cleanup
2012-07-10 16:13 - 2012-07-10 16:13 - 00000000 ____D C:\Users\Cushin\AppData\Roaming\Malwarebytes
2012-07-10 16:12 - 2012-07-13 11:04 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-10 16:12 - 2012-07-13 11:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-10 16:12 - 2012-07-10 16:12 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-10 16:12 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-10 10:27 - 2012-07-10 10:52 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2012-07-09 10:09 - 2012-07-09 10:09 - 00000000 ____D C:\Users\Cushin\AppData\Roaming\Tific
2012-07-09 10:09 - 2012-07-09 10:09 - 00000000 ____D C:\Users\Cushin\AppData\Local\Symantec
2012-07-09 07:36 - 2012-07-09 09:40 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-07-09 07:36 - 2012-07-09 07:36 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-09 07:13 - 2012-07-09 07:13 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-06 12:38 - 2012-07-06 12:38 - 00000000 ____D C:\Users\Cushin\AppData\Roaming\VMware
2012-07-06 12:26 - 2012-07-06 12:38 - 00000000 ____D C:\Users\All Users\VMware
2012-07-06 12:26 - 2012-07-06 12:26 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_vmwvusb_01009.Wdf
2012-07-06 12:26 - 2011-09-07 15:43 - 00048240 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmwvusb.sys
2012-07-06 12:25 - 2012-07-06 12:25 - 00001314 ____A C:\Users\Public\Desktop\VMware View Client.lnk
2012-07-06 12:25 - 2012-07-06 12:25 - 00000000 ____D C:\Users\Cushin\AppData\Local\VMware
2012-07-06 12:25 - 2012-07-06 12:25 - 00000000 ____D C:\Program Files\VMware
2012-06-21 00:50 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 00:50 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 00:50 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 00:50 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 00:49 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 00:49 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 00:49 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 00:48 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 00:48 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 06:42 - 2012-06-20 06:42 - 03678720 ____A (Qualcomm Atheros Communications, Inc.) C:\Windows\System32\Drivers\athrx.sys
2012-06-19 18:42 - 2012-06-19 18:42 - 00000000 ____D C:\Users\Cushin\AppData\Local\{F8C62712-12BC-4804-B8D6-EDB270BE3EEE}
2012-06-13 03:50 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 03:50 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 03:50 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 03:50 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 03:50 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 03:50 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 03:50 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 03:49 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 03:49 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 03:49 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 03:49 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 03:49 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 03:49 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 03:49 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 03:49 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 03:49 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll


============ 3 Months Modified Files ========================

2012-07-13 11:05 - 2011-12-28 19:59 - 00262144 ____A C:\Windows\System32\Ikeext.etl
2012-07-13 11:05 - 2011-03-15 10:36 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1024258457-2477654221-1235416308-1000Core.job
2012-07-13 11:05 - 2011-01-27 00:48 - 01354984 ____A C:\Windows\WindowsUpdate.log
2012-07-13 11:04 - 2012-07-13 11:04 - 00711240 ____A C:\Windows\is-84UKH.exe
2012-07-13 11:04 - 2012-07-13 11:04 - 00010550 ____A C:\Windows\is-84UKH.msg
2012-07-13 11:04 - 2012-07-13 11:04 - 00000459 ____A C:\Windows\is-84UKH.lst
2012-07-13 11:04 - 2012-07-10 16:12 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-13 11:03 - 2011-03-15 10:36 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1024258457-2477654221-1235416308-1000UA.job
2012-07-13 11:03 - 2011-03-13 08:08 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-13 11:03 - 2011-03-13 08:08 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-13 06:53 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-13 06:53 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-13 06:52 - 2012-07-13 06:51 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Cushin\Desktop\tdsskiller.exe
2012-07-13 06:51 - 2012-07-13 06:51 - 04731392 ____A (AVAST Software) C:\Users\Cushin\Desktop\aswMBR.exe
2012-07-13 06:51 - 2012-07-13 06:50 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Cushin\Desktop\tdsskiller.exe.part
2012-07-13 06:45 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-13 06:45 - 2009-07-13 20:51 - 00060854 ____A C:\Windows\setupact.log
2012-07-12 11:29 - 2012-05-31 08:44 - 00288256 __ASH C:\Users\Cushin\Desktop\Thumbs.db
2012-07-12 11:08 - 2012-07-12 11:08 - 04576941 ____R (Swearware) C:\Users\Cushin\Desktop\ComboFix.exe
2012-07-12 05:33 - 2011-01-27 00:51 - 00332470 ____A C:\Windows\PFRO.log
2012-07-12 05:33 - 2009-07-13 20:45 - 00303856 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 05:29 - 2012-07-12 05:29 - 00881475 ____A C:\Users\Cushin\Desktop\SecurityCheck.exe
2012-07-11 17:11 - 2011-03-12 08:45 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-11 16:37 - 2012-07-11 16:37 - 00607260 ____R (Swearware) C:\Users\Cushin\Desktop\dds.scr
2012-07-10 16:33 - 2011-08-24 09:33 - 00001048 ____A C:\Windows\KB893803v2.log
2012-07-08 14:56 - 2011-03-06 21:32 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-07-08 14:55 - 2011-10-27 14:54 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-07-06 12:26 - 2012-07-06 12:26 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_vmwvusb_01009.Wdf
2012-07-06 12:25 - 2012-07-06 12:25 - 00001314 ____A C:\Users\Public\Desktop\VMware View Client.lnk
2012-07-03 10:46 - 2012-07-10 16:12 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-27 14:22 - 2011-03-05 08:35 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForCushin.job
2012-06-20 06:42 - 2012-06-20 06:42 - 03678720 ____A (Qualcomm Atheros Communications, Inc.) C:\Windows\System32\Drivers\athrx.sys
2012-06-14 03:47 - 2009-07-13 21:13 - 00747898 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-11 19:08 - 2012-07-11 17:30 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-11 16:51 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 16:51 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-11 16:51 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 16:51 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 16:50 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 16:51 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 16:51 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 16:50 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 15:26 - 2012-06-05 15:26 - 00014672 ____A C:\Users\Cushin\~WRD0695.tmp
2012-06-02 14:19 - 2012-06-21 00:50 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 00:50 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 00:50 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 00:49 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 00:49 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 00:50 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 00:49 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-21 00:48 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-21 00:48 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 17:04 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 17:04 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 17:05 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 17:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 17:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 17:05 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 17:05 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 17:05 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 17:05 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 17:05 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 17:05 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 17:05 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 17:05 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 17:05 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 17:04 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 17:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 17:05 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 17:05 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 17:05 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 17:05 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 17:05 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 17:05 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 17:05 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 17:05 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 17:05 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 17:05 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 17:05 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 17:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-11 16:51 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 16:51 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 16:51 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 16:51 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 16:51 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-11 16:51 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 16:51 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-11 16:51 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 16:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 07:53 - 2011-03-05 08:34 - 00068784 ____A C:\Users\Cushin\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-23 13:17 - 2012-05-23 13:17 - 01359209 ____A C:\Users\Cushin\Downloads\Video_d1433b7c-7d02-43e1-9b0a-c2bb8549a5d8.wmv
2012-05-11 10:20 - 2012-05-11 10:20 - 04708183 ____A C:\Users\Cushin\Downloads\Attachments_2012_05_11.zip
2012-05-08 06:52 - 2012-05-08 06:52 - 00014411 ____H C:\Users\Cushin\~WRL0003.tmp
2012-05-04 03:06 - 2012-06-13 03:50 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 03:00 - 2012-07-11 17:02 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-04 02:03 - 2012-06-13 03:50 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 03:50 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 01:59 - 2012-07-11 17:02 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-04-30 21:40 - 2012-06-13 03:50 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 03:49 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 03:50 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 03:50 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 03:50 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 03:49 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 03:49 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 03:49 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 03:49 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 03:49 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 03:49 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-19 01:50 - 2012-04-19 01:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys


ZeroAccess:
C:\Windows\Installer\{85e348ef-0021-8b4c-d136-3b45ee0e9d48}
C:\Windows\Installer\{85e348ef-0021-8b4c-d136-3b45ee0e9d48}\@
C:\Windows\Installer\{85e348ef-0021-8b4c-d136-3b45ee0e9d48}\L
C:\Windows\Installer\{85e348ef-0021-8b4c-d136-3b45ee0e9d48}\U
C:\Windows\Installer\{85e348ef-0021-8b4c-d136-3b45ee0e9d48}\L\00000004.@
C:\Windows\Installer\{85e348ef-0021-8b4c-d136-3b45ee0e9d48}\L\1afb2d56
C:\Windows\Installer\{85e348ef-0021-8b4c-d136-3b45ee0e9d48}\L\201d3dde
C:\Windows\Installer\{85e348ef-0021-8b4c-d136-3b45ee0e9d48}\U\00000004.@
C:\Windows\Installer\{85e348ef-0021-8b4c-d136-3b45ee0e9d48}\U\000000cb.@
C:\Windows\Installer\{85e348ef-0021-8b4c-d136-3b45ee0e9d48}\U\80000000.@
C:\Windows\Installer\{85e348ef-0021-8b4c-d136-3b45ee0e9d48}\U\80000032.@
C:\Windows\Installer\{85e348ef-0021-8b4c-d136-3b45ee0e9d48}\U\80000064.@

ZeroAccess:
C:\Users\Cushin\AppData\Local\{85e348ef-0021-8b4c-d136-3b45ee0e9d48}
C:\Users\Cushin\AppData\Local\{85e348ef-0021-8b4c-d136-3b45ee0e9d48}\@
C:\Users\Cushin\AppData\Local\{85e348ef-0021-8b4c-d136-3b45ee0e9d48}\L
C:\Users\Cushin\AppData\Local\{85e348ef-0021-8b4c-d136-3b45ee0e9d48}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3834.9 MB
Available physical RAM: 3112.91 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3107.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:442.53 GB) (Free:279.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:22.94 GB) (Free:3.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: () (Removable) (Total:3.73 GB) (Free:3.69 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 442 GB 200 MB
Partition 3 Primary 22 GB 442 GB
Partition 4 Primary 103 MB 465 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 442 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 22 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 64 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H NTFS Removable 3823 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-28 09:48

======================= End Of Log ==========================

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:50 PM

Posted 13 July 2012 - 03:32 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{85e348ef-0021-8b4c-d136-3b45ee0e9d48}
C:\Users\Cushin\AppData\Local\{85e348ef-0021-8b4c-d136-3b45ee0e9d48}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Belouve

Belouve
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 15 July 2012 - 10:07 AM

I ran and attached the FRST64 tool. Log is below. I do still see a message from MBAM when launching Firefox. I am including it here, from MBAM logs:
IP-BLOCK 207.232.22.60 (Type: outgoing, Port: 49698, Process: firefox.exe)

FRST64 Log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012
Ran by SYSTEM at 2012-07-15 09:55:36 Run:1
Running from H:\

==============================================

C:\Windows\Installer\{85e348ef-0021-8b4c-d136-3b45ee0e9d48} moved successfully.
C:\Users\Cushin\AppData\Local\{85e348ef-0021-8b4c-d136-3b45ee0e9d48} moved successfully.

==== End of Fixlog ====

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:50 PM

Posted 15 July 2012 - 11:24 AM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Belouve

Belouve
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 16 July 2012 - 02:56 PM

ComboFix does progress further than it did before, however it fails to fully complete.

It stalls after completing Stage 4

Rebooted twice, and tried running it 3 times, only to have it stall in the same spot. I have not tried to run it in Safe Mode.

The final time I tried to run it, it asked to update to a new version. I successfully updated it and tried to run it again.

AVG is disabled until next reboot, MBAM and Spybot are closed out. I will try it once more, having used taskkill on any AVG processes.

#13 Belouve

Belouve
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 16 July 2012 - 03:08 PM

Still stalls after completing Stage_4 , even when AVG tasks are killed.

No Combofix log available, as ComboFix did not fully complete. It did progress further than prior to the FRST64 tool being used.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:50 PM

Posted 17 July 2012 - 12:16 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Belouve

Belouve
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 17 July 2012 - 06:28 PM

OK, I've noted a couple of things. OTL would just hang, and so I checked that the AV was indeed disabled. I found a version of McAfee listed, and also signs that there were two versions of AVG. As I am cleaning this for someone else, I was not aware of all the products installed on this machine.

I removed both versions of AVG with some difficulty, and removed McAfee, and the system seems to be running better, but is clearly still infected. I can run MBAM to confirm something is still there.

OTL continues to hang, even in safe Mode. I have included a screenshot of the settings, which also includes the spot where it hangs each time. (Which is: Manual File Scan - Getting Folder Structure... )

I'll standby for more instructions, and will check with MBAM if anything is still infected. Just to confirm, there is no AV installed anymore. MBAM is the only thing active. Windows Firewall still fails to load, so I assume there is no active firewall. As such, online connectivity is limited, and is disabled most of the time now.

Attached File  OTLhang.jpg   141.2KB   2 downloads

Edited by Belouve, 17 July 2012 - 06:30 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users