Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans - TR/ATRAPS.gen2 and tr.cutwail.jhg


  • This topic is locked This topic is locked
20 replies to this topic

#1 kunalthechamp

kunalthechamp

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:53 PM

Posted 11 July 2012 - 11:22 PM

So before I say anything, I accept that I was a fool to have visited a porn site thinking I am pretty safe with four anti virus programs installed. Clearly I was wrong. I was browsing the internet when suddenly Avira started going crazy with all the notifications, no matter if I clicked 'details' or 'remove' the notifications kept coming up. The trojans were TR/ATRAPS.gen2, tr.cutwail.jhg and TR/ZAccess.H. I ran an Avira scan and obviously it had no results. I tried going to the hidden AppData folder that Avira said it was in, but the folder itself didnt exist. As I am writing this post, MBAM is still running the scan with three threats detected and Superantispyware has 60 items but its just the usual cookies and adware tracking cookies. Just before the notifications started, I saw a Java icon in the toolbar, and then Windows started giving me popups about allowing Adobe Flash to make changes. Obviously I said 'no'. I closed Firefox and these flash pop ups disappeared(at the same time I killed a process with a long string of weird characters). I have windows updates waiting to be installed, but I dont want to restart my computer cause I am scared it wont boot again ! (I read in some forums about this happening to someone who was infected). Anyhow, I tried some of the basic tools but its not gone. I scanned with Avira, MBAM, Superantispyware, and TDSSKiller. TDSSKiller did not show any weird infections as well. Any address in internet explorer is redirected. Please help !! I already have a backup from about a month back, should I back up my data right now? I used macrium reflect to make a clone. If I clone it will the virus also be transferred? please suggest. Also, I used to get the occassional blue screens (overheat, IQRL NOT LESS OR EQUAL, etc)

Update: I cannot get Windows Defender to switch on, this is probably because of Avira being run.
Also, I check in Windows/system32/drivers and found three recently modified files (around the time as the problem started coming up):
C:\Windows\System32\drivers\pbebsmuz.sys
C:\Windows\System32\drivers\avdvqnbl.sys
C:\Windows\System32\drivers\tmtquamt.sys


Should I delete these?

Thanks.

Thanks.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Kunal at 0:00:47 on 2012-07-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2934.301 [GMT -4:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Connectify\ConnectifyService.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files (x86)\Connectify\ConnectifyD.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Connectify\Connectify.exe
C:\Users\Kunal\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Users\Kunal\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe
C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Real\realplayer\update\realsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.129.1411.0.exe
C:\Windows\system32\MpSigStub.exe
C:\Windows\system32\msfeedssync.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Program Files (x86)\Safari\Safari.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local;<local>
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Kunal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [PureSync] "C:\Program Files (x86)\PureSync\PureSyncTray.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe
uRun: [Akamai NetSession Interface] "C:\Users\Kunal\AppData\Local\Akamai\netsession_win.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Microsoft Help] rundll32.exe "C:\Users\Kunal\AppData\Local\Paint.NET\Microsoft Help\abzdxo.dll",CreateInstance
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_Plugin.exe -update plugin
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-TKPBF.exe" /REG /REGSVRMODE
StartupFolder: C:\Users\Kunal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
StartupFolder: C:\Users\Kunal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\Tudou Downloader\TudouDownloader(xmlbar).exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://johnhopkinsuniversity-baltimore.remotemanager.co.uk/common/activex/MJPEGRender.ocx
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sslconnect.johnshopkins.edu/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74D1471D-5059-4B1C-81E8-5BC41E3B1F5F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74D1471D-5059-4B1C-81E8-5BC41E3B1F5F}\35D6162747027596D26496020402350534 : DhcpNameServer = 205.215.252.10 205.215.247.140
TCP: Interfaces\{74D1471D-5059-4B1C-81E8-5BC41E3B1F5F}\A4847457563747E65647 : DhcpNameServer = 128.220.1.75 162.129.253.134
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe"
mRun-x64: [EaseUs Tray] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce-x64: [InnoSetupRegFile.0000000001] "C:\Windows\is-TKPBF.exe" /REG /REGSVRMODE
IE-X64: {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\Tudou Downloader\TudouDownloader(xmlbar).exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kunal\AppData\Roaming\Mozilla\Firefox\Profiles\jjgyf69c.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Kunal\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;C:\Windows\system32\drivers\dlkmdldr.sys --> C:\Windows\system32\drivers\dlkmdldr.sys [?]
R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]
R0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMON.sys --> C:\Windows\system32\drivers\EUBKMON.sys [?]
R0 EUFS;EUFS;C:\Windows\system32\drivers\eufs.sys --> C:\Windows\system32\drivers\eufs.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 pe3agnqb;Cricket 2007 Environment Driver (pe3agnqb);C:\Windows\system32\drivers\pe3agnqb.sys --> C:\Windows\system32\drivers\pe3agnqb.sys [?]
R0 ps6agnqb;Cricket 2007 Synchronization Driver (ps6agnqb);C:\Windows\system32\drivers\ps6agnqb.sys --> C:\Windows\system32\drivers\ps6agnqb.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 cnnctfy2;Connectify LightWeight Filter;C:\Windows\system32\DRIVERS\cnnctfy2.sys --> C:\Windows\system32\DRIVERS\cnnctfy2.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 dlkmd;dlkmd;C:\Windows\system32\drivers\dlkmd.sys --> C:\Windows\system32\drivers\dlkmd.sys [?]
R3 EUDISK;EASEUS Disk Enumerator;\??\C:\Windows\system32\drivers\eudisk.sys --> C:\Windows\system32\drivers\eudisk.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
S1 avdvqnbl;avdvqnbl;\??\C:\Windows\system32\drivers\avdvqnbl.sys --> C:\Windows\system32\drivers\avdvqnbl.sys [?]
S1 pbebsmuz;pbebsmuz;\??\C:\Windows\system32\drivers\pbebsmuz.sys --> C:\Windows\system32\drivers\pbebsmuz.sys [?]
S1 tmtquamt;tmtquamt;\??\C:\Windows\system32\drivers\tmtquamt.sys --> C:\Windows\system32\drivers\tmtquamt.sys [?]
S3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys --> C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys [?]
S3 DLCopyFilter;DLCopyFilter;C:\Windows\system32\Drivers\wsr_tbf.sys --> C:\Windows\system32\Drivers\wsr_tbf.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 hwa;Wireless USB Host Adapter;C:\Windows\system32\DRIVERS\WSR_HWA.SYS --> C:\Windows\system32\DRIVERS\WSR_HWA.SYS [?]
S3 HWARadio;Wireless USB Host Radio;C:\Windows\system32\DRIVERS\WSR_RCI.SYS --> C:\Windows\system32\DRIVERS\WSR_RCI.SYS [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 PSMounter;Macrium Reflect Image Explorer Service;\??\C:\Windows\system32\drivers\psmounter.sys --> C:\Windows\system32\drivers\psmounter.sys [?]
S3 PSVolAcc;PSVolAcc;C:\Windows\system32\drivers\PSVolAcc.sys --> C:\Windows\system32\drivers\PSVolAcc.sys [?]
S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-20 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-12 03:21:20 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{01D01463-7936-496D-9ABF-AB587EDD93C4}\mpengine.dll
2012-07-12 03:01:18 711240 ----a-w- C:\Windows\is-TKPBF.exe
2012-07-12 02:39:43 50392 ----a-w- C:\Windows\System32\drivers\pbebsmuz.sys
2012-07-12 02:39:20 50392 ----a-w- C:\Windows\System32\drivers\avdvqnbl.sys
2012-07-12 02:34:22 50392 ----a-w- C:\Windows\System32\drivers\tmtquamt.sys
2012-07-12 02:31:21 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0524D8C4-CAE3-4B20-8E8C-300FA6F1AEBA}\offreg.dll
2012-07-11 01:32:05 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0524D8C4-CAE3-4B20-8E8C-300FA6F1AEBA}\mpengine.dll
2012-07-09 22:41:54 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-03 22:19:55 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1CB0F748-1140-410F-9B15-6B86C550D6B1}\gapaengine.dll
2012-06-18 22:11:37 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-18 22:10:56 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-18 22:10:09 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-18 22:10:09 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-18 00:58:52 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-18 00:58:52 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-17 21:44:34 -------- d-----w- C:\Users\Kunal\AppData\Local\Macromedia
2012-06-17 16:09:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-17 16:09:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-14 02:41:57 -------- d-----w- C:\Program Files\iPod
2012-06-14 02:41:56 -------- d-----w- C:\Program Files\iTunes
2012-06-14 02:41:56 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-13 01:01:46 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BC7FA572-0C0C-40A2-B926-3ABE640757A2}\gapaengine.dll
2012-06-12 23:12:40 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-12 23:12:39 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-12 23:12:38 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-12 23:12:38 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-12 23:12:38 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-12 23:12:38 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-12 23:08:13 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-12 23:08:13 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-12 23:01:48 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-12 23:01:48 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-12 23:01:48 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-12 22:54:52 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-12 22:54:50 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-12 22:54:48 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-12 22:54:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-12 22:54:06 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-12 22:54:00 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 01:43:50 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-05-17 01:43:50 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-05-09 04:24:18 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-05-05 05:57:32 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 0:09:56.91 ===============

Edited by kunalthechamp, 12 July 2012 - 08:12 PM.

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


BC AdBot (Login to Remove)

 


#2 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:53 PM

Posted 12 July 2012 - 12:15 AM

Update: I cannot get Windows Defender to switch on, this is probably because of Avira being run.
Also, I check in Windows/system32/drivers and found three recently modified files (around the time as the problem started coming up):
C:\Windows\System32\drivers\pbebsmuz.sys
C:\Windows\System32\drivers\avdvqnbl.sys
C:\Windows\System32\drivers\tmtquamt.sys


Should I delete these?

Thanks.

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 13 July 2012 - 12:24 AM

Greetings and Welcome to The Forums!!


My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Avira Desktop
AV: Microsoft Security Essentials


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:53 PM

Posted 13 July 2012 - 02:14 AM

Gringo,

Thanks a ton for your reply. I have carried out your instructions and the logs are pasted below.
* Problems I faced: Combofix took longer than double the 10 minutes to run, it took more than 'a few seconds' to generate the log file, On restarting I got the 'Illegal operation attempted on a registery key that has been marked for deletion' when I tried opening windows explorer. On restarting it worked fine.

* The computer is doing fine now. I mean atleast I think it is. Even previously when the virus was in I had no way of knowing that my computer was infected if it wasnt for the Avira notifications. Avira is set on realtime protection and no notifications so far. Also I had to kill the MSE processes and MSE would not start from the programs menu before running ComboFix. After running ComboFix MSE worked just fine.

* I forgot to add previously: I have an old version of flash because the latest one was giving me the BSODs regularly. It seems to work like a charm with Flash 9 installed.

* Questions: I have a Windows update waiting, can I shut down my computer so that it installs the updates, or should I wait for further instruction from you? Can I take a backup (clone) on a hard drive or should I wait? (I have a one month old backup of all the files I really need, but I wouldnt mind a more recent one). Which antivirus is the best one, which one should I ultimately keep? Is it worth paying for a PRO version of any of the antiviruses? How powerful is MSE?

Log from SecurityCheck:
Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Avira Desktop
Microsoft Security Essentials
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 11% Defragment your hard drive soon!
````````````````````End of Log``````````````````````


Log from ComboFix:
ComboFix 12-07-13.01 - Kunal 07/13/2012 2:17.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2934.1266 [GMT -4:00]
Running from: c:\users\Kunal\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kunal\AppData\Local\{32a5bb9a-ff9a-4234-a9c5-dc83f3b52fe9}
c:\users\Kunal\AppData\Local\{32a5bb9a-ff9a-4234-a9c5-dc83f3b52fe9}\@
c:\users\Kunal\AppData\Local\{32a5bb9a-ff9a-4234-a9c5-dc83f3b52fe9}\n
c:\users\Kunal\AppData\Local\{32a5bb9a-ff9a-4234-a9c5-dc83f3b52fe9}\U\00000004.@
c:\users\Kunal\AppData\Local\{32a5bb9a-ff9a-4234-a9c5-dc83f3b52fe9}\U\00000008.@
c:\users\Kunal\AppData\Local\{32a5bb9a-ff9a-4234-a9c5-dc83f3b52fe9}\U\000000cb.@
c:\users\Kunal\AppData\Local\{32a5bb9a-ff9a-4234-a9c5-dc83f3b52fe9}\U\80000000.@
c:\users\Kunal\AppData\Local\{32a5bb9a-ff9a-4234-a9c5-dc83f3b52fe9}\U\80000032.@
c:\users\Kunal\AppData\Local\{32a5bb9a-ff9a-4234-a9c5-dc83f3b52fe9}\U\80000064.@
c:\users\Kunal\AppData\Local\Microsoft\Windows\Temporary Internet Files\{11F63FB5-29CC-44BC-9F44-97AD04CBDD40}.xps
c:\users\Kunal\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1B782B35-F63B-4A7A-A8CC-739DFCCE1654}.xps
c:\users\Kunal\AppData\Local\Microsoft\Windows\Temporary Internet Files\{26280C04-76AF-475B-91AE-83CC983211ED}.xps
c:\users\Kunal\AppData\Local\Microsoft\Windows\Temporary Internet Files\{27F2D1C3-9FDC-430E-90BD-5673818AD776}.xps
c:\users\Kunal\AppData\Local\Microsoft\Windows\Temporary Internet Files\{40624EFC-6B87-4032-9EC4-9899AC8777E7}.xps
c:\users\Kunal\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5CBAEE51-146D-4646-BDB2-87AE41CD734C}.xps
c:\users\Kunal\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8C096E04-D9C4-416F-9865-50164F4F0EBA}.xps
c:\users\Kunal\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B322D3E0-2C98-4037-914E-8366510C6F65}.xps
c:\users\Kunal\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B4EF3E82-AF56-4DC4-8249-AF0DDB4FC417}.xps
c:\users\Kunal\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EE34F37F-8C3B-43D7-BAC6-57401F4788C1}.xps
c:\users\Kunal\AppData\Local\Paint.NET\Microsoft Help\abzdxo.dll
c:\windows\iun6002.exe
c:\windows\SysWow64\Nagasoft
c:\windows\SysWow64\Nagasoft\32.ICO
c:\windows\SysWow64\Nagasoft\vjocx.exe
c:\windows\SysWow64\tmpF91B.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 06:31 . 2012-07-13 06:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-12 03:21 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01D01463-7936-496D-9ABF-AB587EDD93C4}\mpengine.dll
2012-07-12 03:01 . 2012-07-12 03:01 711240 ----a-w- c:\windows\isRS-000.tmp
2012-07-11 01:32 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-03 22:19 . 2012-02-10 09:09 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CB0F748-1140-410F-9B15-6B86C550D6B1}\gapaengine.dll
2012-06-18 22:11 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-18 22:11 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-18 22:11 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-18 22:11 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-18 22:10 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-18 22:10 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-18 22:10 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-18 22:10 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-18 22:10 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 00:58 . 2012-06-18 00:58 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-18 00:58 . 2012-06-18 00:58 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-17 21:44 . 2012-06-17 21:44 -------- d-----w- c:\users\Kunal\AppData\Local\Macromedia
2012-06-17 16:09 . 2012-05-18 01:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-17 16:09 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-14 02:41 . 2012-06-14 02:41 -------- d-----w- c:\program files\iPod
2012-06-14 02:41 . 2012-06-14 02:43 -------- d-----w- c:\program files\iTunes
2012-06-14 02:41 . 2012-06-14 02:43 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:46 . 2010-09-18 08:04 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-17 01:43 . 2012-05-17 01:43 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-17 01:43 . 2012-05-17 01:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-15 01:32 . 2012-06-12 22:54 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 04:24 . 2011-11-08 06:59 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-09 04:24 . 2011-11-08 06:59 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-05 05:57 . 2012-04-29 23:57 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06 . 2012-06-12 22:54 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 22:54 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 22:54 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 22:54 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-12 22:54 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-12 23:01 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-12 23:01 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-12 23:01 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-12 23:12 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-12 23:12 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-12 23:12 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-12 23:12 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-12 23:12 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-12 23:12 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-09-28 1715768]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-24 4786048]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Connectify"="c:\program files (x86)\Connectify\Connectify.exe" [2012-02-24 3941192]
"Akamai NetSession Interface"="c:\users\Kunal\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-06-20 12163848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"EaseUs Watch"="c:\program files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe" [2011-04-22 69000]
"EaseUs Tray"="c:\program files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe" [2011-04-26 733576]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-17 296056]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Kunal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft SharePoint Workspace.lnk - c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 avdvqnbl;avdvqnbl;c:\windows\system32\drivers\avdvqnbl.sys [x]
R1 msmityds;msmityds;c:\windows\system32\drivers\msmityds.sys [x]
R1 pbebsmuz;pbebsmuz;c:\windows\system32\drivers\pbebsmuz.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 136176]
R2 pr2agnqb;Cricket 2007 Drivers Auto Removal (pr2agnqb);c:\windows\system32\pr2agnqb.exe svc [x]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 253088]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys [2010-12-23 17408]
R3 DLCopyFilter;DLCopyFilter;c:\windows\system32\Drivers\wsr_tbf.sys [2010-02-21 51712]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 136176]
R3 hwa;Wireless USB Host Adapter;c:\windows\system32\DRIVERS\WSR_HWA.SYS [2010-03-17 911360]
R3 HWARadio;Wireless USB Host Radio;c:\windows\system32\DRIVERS\WSR_RCI.SYS [2010-03-16 159232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2011-07-01 40600]
R3 PSVolAcc;PSVolAcc; [x]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2010-01-27 13936]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-04-22 36232]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-04-22 42888]
S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-04-22 26504]
S0 pe3agnqb;Cricket 2007 Environment Driver (pe3agnqb);c:\windows\system32\drivers\pe3agnqb.sys [2007-03-03 72576]
S0 ps6agnqb;Cricket 2007 Synchronization Driver (ps6agnqb);c:\windows\system32\drivers\ps6agnqb.sys [2007-03-03 73096]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [2012-04-02 31344]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-04-22 17800]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe [2012-02-24 69632]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2010-01-27 8610664]
S2 EASEUS Agent;EASEUS Agent;c:\program files (x86)\EASEUS\Todo Backup\bin\Agent.exe [2011-04-22 56200]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 MSSQL$INFLOWSQL;SQL Server (INFLOWSQL);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-03-25 204304]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2011-07-01 301720]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-01 206120]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-01 185640]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-08-02 32880]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2010-01-27 185968]
S3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [2011-04-22 193928]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-09-29 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-03-05 271872]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2010-08-24 74320]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2010-08-24 13392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-09-08 1225832]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 18:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 00:58]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 06:18]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 06:18]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-674566640-1698649700-413755185-1001Core.job
- c:\users\Kunal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 06:18]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-674566640-1698649700-413755185-1001UA.job
- c:\users\Kunal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 06:18]
.
2012-07-12 c:\windows\Tasks\HPCeeScheduleForKunal.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-25 6489704]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{612F6E5C-B314-4bab-93D1-D266AAFBE700} - c:\program files (x86)\Xmlbar\Tudou Downloader\TudouDownloader(xmlbar).exe
TCP: DhcpNameServer = 192.168.1.1
DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://johnhopkinsuniversity-baltimore.remotemanager.co.uk/common/activex/MJPEGRender.ocx
FF - ProfilePath - c:\users\Kunal\AppData\Roaming\Mozilla\Firefox\Profiles\jjgyf69c.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-PureSync - c:\program files (x86)\PureSync\PureSyncTray.exe
Wow6432Node-HKCU-Run-Microsoft Help - c:\users\Kunal\AppData\Local\Paint.NET\Microsoft Help\abzdxo.dll
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BlueVoda_Website_Builder_1.0 - c:\windows\iun6002.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\06\01\00#\10g"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Connectify\ConnectifyD.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\progra~2\PHAROS~1\Core\CTskMstr.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2012-07-13 02:49:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-13 06:49
.
Pre-Run: 80,271,540,224 bytes free
Post-Run: 86,434,574,336 bytes free
.
- - End Of File - - 57E4AFC52328BA3053446361D8587E51

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 13 July 2012 - 12:32 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:53 PM

Posted 13 July 2012 - 06:20 PM

18:39:17.0530 4648 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
18:39:18.0175 4648 ============================================================
18:39:18.0175 4648 Current date / time: 2012/07/13 18:39:18.0175
18:39:18.0175 4648 SystemInfo:
18:39:18.0175 4648
18:39:18.0175 4648 OS Version: 6.1.7601 ServicePack: 1.0
18:39:18.0175 4648 Product type: Workstation
18:39:18.0175 4648 ComputerName: KUNAL-HP
18:39:18.0175 4648 UserName: Kunal
18:39:18.0175 4648 Windows directory: C:\Windows
18:39:18.0175 4648 System windows directory: C:\Windows
18:39:18.0175 4648 Running under WOW64
18:39:18.0175 4648 Processor architecture: Intel x64
18:39:18.0175 4648 Number of processors: 2
18:39:18.0175 4648 Page size: 0x1000
18:39:18.0175 4648 Boot type: Normal boot
18:39:18.0175 4648 ============================================================
18:39:18.0970 4648 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:39:18.0980 4648 Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:39:18.0985 4648 ============================================================
18:39:18.0985 4648 \Device\Harddisk0\DR0:
18:39:18.0985 4648 MBR partitions:
18:39:18.0985 4648 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:39:18.0985 4648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x2370E800
18:39:18.0985 4648 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23772800, BlocksNum 0x1C88000
18:39:18.0985 4648 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
18:39:18.0985 4648 \Device\Harddisk1\DR1:
18:39:18.0990 4648 MBR partitions:
18:39:18.0990 4648 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
18:39:18.0990 4648 ============================================================
18:39:19.0015 4648 C: <-> \Device\Harddisk0\DR0\Partition1
18:39:19.0055 4648 D: <-> \Device\Harddisk0\DR0\Partition2
18:39:19.0075 4648 E: <-> \Device\Harddisk0\DR0\Partition3
18:39:19.0075 4648 ============================================================
18:39:19.0075 4648 Initialize success
18:39:19.0075 4648 ============================================================
18:39:36.0807 6736 ============================================================
18:39:36.0807 6736 Scan started
18:39:36.0807 6736 Mode: Manual;
18:39:36.0807 6736 ============================================================
18:39:39.0244 6736 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:39:39.0254 6736 !SASCORE - ok
18:39:39.0499 6736 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:39:39.0504 6736 1394ohci - ok
18:39:39.0564 6736 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:39:39.0569 6736 ACPI - ok
18:39:39.0604 6736 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:39:39.0604 6736 AcpiPmi - ok
18:39:39.0779 6736 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:39:39.0794 6736 AdobeARMservice - ok
18:39:39.0999 6736 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:39:40.0019 6736 AdobeFlashPlayerUpdateSvc - ok
18:39:40.0074 6736 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:39:40.0094 6736 adp94xx - ok
18:39:40.0139 6736 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:39:40.0154 6736 adpahci - ok
18:39:40.0189 6736 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:39:40.0204 6736 adpu320 - ok
18:39:40.0239 6736 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:39:40.0244 6736 AeLookupSvc - ok
18:39:40.0346 6736 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:39:40.0357 6736 AERTFilters - ok
18:39:40.0437 6736 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:39:40.0446 6736 AFD - ok
18:39:40.0560 6736 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
18:39:40.0586 6736 AgereSoftModem - ok
18:39:40.0633 6736 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:39:40.0643 6736 agp440 - ok
18:39:40.0683 6736 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:39:40.0698 6736 ALG - ok
18:39:40.0743 6736 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:39:40.0748 6736 aliide - ok
18:39:40.0758 6736 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:39:40.0763 6736 amdide - ok
18:39:40.0808 6736 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:39:40.0808 6736 AmdK8 - ok
18:39:40.0863 6736 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:39:40.0863 6736 AmdPPM - ok
18:39:40.0898 6736 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:39:40.0908 6736 amdsata - ok
18:39:40.0943 6736 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:39:40.0958 6736 amdsbs - ok
18:39:40.0969 6736 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:39:40.0984 6736 amdxata - ok
18:39:41.0129 6736 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:39:41.0129 6736 AntiVirSchedulerService - ok
18:39:41.0164 6736 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:39:41.0169 6736 AntiVirService - ok
18:39:41.0227 6736 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:39:41.0230 6736 AppID - ok
18:39:41.0258 6736 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:39:41.0271 6736 AppIDSvc - ok
18:39:41.0310 6736 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:39:41.0313 6736 Appinfo - ok
18:39:41.0423 6736 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:39:41.0456 6736 Apple Mobile Device - ok
18:39:41.0505 6736 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:39:41.0518 6736 arc - ok
18:39:41.0544 6736 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:39:41.0552 6736 arcsas - ok
18:39:41.0580 6736 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:39:41.0581 6736 AsyncMac - ok
18:39:41.0625 6736 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:39:41.0630 6736 atapi - ok
18:39:41.0703 6736 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:39:41.0716 6736 AudioEndpointBuilder - ok
18:39:41.0731 6736 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:39:41.0738 6736 AudioSrv - ok
18:39:41.0755 6736 avdvqnbl - ok
18:39:41.0822 6736 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
18:39:41.0833 6736 avgntflt - ok
18:39:41.0877 6736 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
18:39:41.0901 6736 avipbb - ok
18:39:41.0931 6736 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:39:41.0947 6736 avkmgr - ok
18:39:41.0998 6736 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:39:42.0012 6736 AxInstSV - ok
18:39:42.0069 6736 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:39:42.0078 6736 b06bdrv - ok
18:39:42.0119 6736 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:39:42.0123 6736 b57nd60a - ok
18:39:42.0161 6736 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:39:42.0169 6736 BDESVC - ok
18:39:42.0177 6736 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:39:42.0178 6736 Beep - ok
18:39:42.0270 6736 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:39:42.0284 6736 BFE - ok
18:39:42.0354 6736 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:39:42.0392 6736 BITS - ok
18:39:42.0458 6736 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:39:42.0460 6736 blbdrive - ok
18:39:42.0571 6736 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:39:42.0579 6736 Bonjour Service - ok
18:39:42.0623 6736 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:39:42.0626 6736 bowser - ok
18:39:42.0672 6736 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:39:42.0674 6736 BrFiltLo - ok
18:39:42.0692 6736 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:39:42.0693 6736 BrFiltUp - ok
18:39:42.0734 6736 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:39:42.0736 6736 Bridge - ok
18:39:42.0752 6736 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:39:42.0754 6736 BridgeMP - ok
18:39:42.0795 6736 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:39:42.0797 6736 Browser - ok
18:39:42.0821 6736 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:39:42.0825 6736 Brserid - ok
18:39:42.0840 6736 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:39:42.0842 6736 BrSerWdm - ok
18:39:42.0852 6736 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:39:42.0853 6736 BrUsbMdm - ok
18:39:42.0860 6736 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:39:42.0861 6736 BrUsbSer - ok
18:39:42.0889 6736 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:39:42.0891 6736 BTHMODEM - ok
18:39:42.0933 6736 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:39:42.0942 6736 bthserv - ok
18:39:42.0945 6736 catchme - ok
18:39:42.0974 6736 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:39:42.0974 6736 cdfs - ok
18:39:43.0019 6736 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:39:43.0024 6736 cdrom - ok
18:39:43.0074 6736 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:39:43.0084 6736 CertPropSvc - ok
18:39:43.0099 6736 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:39:43.0099 6736 circlass - ok
18:39:43.0139 6736 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:39:43.0144 6736 CLFS - ok
18:39:43.0209 6736 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:39:43.0224 6736 clr_optimization_v2.0.50727_32 - ok
18:39:43.0264 6736 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:39:43.0279 6736 clr_optimization_v2.0.50727_64 - ok
18:39:43.0344 6736 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:39:43.0379 6736 clr_optimization_v4.0.30319_32 - ok
18:39:43.0404 6736 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:39:43.0409 6736 clr_optimization_v4.0.30319_64 - ok
18:39:43.0449 6736 clwvd (45379507ecc5e406237bff32c7390675) C:\Windows\system32\DRIVERS\clwvd.sys
18:39:43.0469 6736 clwvd - ok
18:39:43.0494 6736 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:39:43.0499 6736 CmBatt - ok
18:39:43.0534 6736 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:39:43.0544 6736 cmdide - ok
18:39:43.0599 6736 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:39:43.0624 6736 CNG - ok
18:39:43.0669 6736 cnnctfy2 (040ff3b09f26926a3792e047db0f47dd) C:\Windows\system32\DRIVERS\cnnctfy2.sys
18:39:43.0679 6736 cnnctfy2 - ok
18:39:43.0709 6736 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:39:43.0714 6736 Compbatt - ok
18:39:43.0739 6736 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:39:43.0739 6736 CompositeBus - ok
18:39:43.0749 6736 COMSysApp - ok
18:39:43.0919 6736 Connectify (5a64518fd2339d4fda7a419a9fd89f78) C:\Program Files (x86)\Connectify\ConnectifyService.exe
18:39:43.0919 6736 Connectify - ok
18:39:43.0944 6736 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:39:43.0949 6736 crcdisk - ok
18:39:43.0989 6736 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:39:43.0994 6736 CryptSvc - ok
18:39:44.0069 6736 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
18:39:44.0079 6736 ctxusbm - ok
18:39:44.0159 6736 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:39:44.0174 6736 DcomLaunch - ok
18:39:44.0214 6736 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:39:44.0249 6736 defragsvc - ok
18:39:44.0284 6736 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:39:44.0289 6736 DfsC - ok
18:39:44.0344 6736 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:39:44.0349 6736 Dhcp - ok
18:39:44.0374 6736 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:39:44.0379 6736 discache - ok
18:39:44.0424 6736 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:39:44.0424 6736 Disk - ok
18:39:45.0056 6736 DisplayLinkService (ecda7d5b479f6c38c9d3d74868cb6401) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
18:39:45.0192 6736 DisplayLinkService - ok
18:39:45.0326 6736 DisplayLinkUsbPort (64ff7eaa324702e824affd24d4b33412) C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys
18:39:45.0328 6736 DisplayLinkUsbPort - ok
18:39:45.0378 6736 DLCopyFilter (b32c082b4bd254bfa2441f357636bc3a) C:\Windows\system32\Drivers\wsr_tbf.sys
18:39:45.0381 6736 DLCopyFilter - ok
18:39:45.0419 6736 dlkmd (b77de8ece8c423cc2de0812feb13bf5e) C:\Windows\system32\drivers\dlkmd.sys
18:39:45.0433 6736 dlkmd - ok
18:39:45.0456 6736 dlkmdldr (389fb1d69a1b0e2403327590bf50084b) C:\Windows\system32\drivers\dlkmdldr.sys
18:39:45.0461 6736 dlkmdldr - ok
18:39:45.0506 6736 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:39:45.0511 6736 Dnscache - ok
18:39:45.0561 6736 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:39:45.0586 6736 dot3svc - ok
18:39:45.0626 6736 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
18:39:45.0631 6736 Dot4 - ok
18:39:45.0676 6736 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:39:45.0676 6736 Dot4Print - ok
18:39:45.0701 6736 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
18:39:45.0701 6736 dot4usb - ok
18:39:45.0751 6736 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:39:45.0756 6736 DPS - ok
18:39:45.0781 6736 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:39:45.0781 6736 drmkaud - ok
18:39:45.0821 6736 dsNcAdpt (0040a0132aac1004e50055f8fbb14c08) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
18:39:45.0826 6736 dsNcAdpt - ok
18:39:46.0061 6736 dsNcService (ce235d0af501d4a622b0b8cfe7963b32) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
18:39:46.0121 6736 dsNcService - ok
18:39:46.0211 6736 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:39:46.0251 6736 DXGKrnl - ok
18:39:46.0296 6736 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:39:46.0301 6736 EapHost - ok
18:39:46.0411 6736 EASEUS Agent (ec7819b90ee202bdc5a5059cf6cb6faa) C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
18:39:46.0411 6736 EASEUS Agent - ok
18:39:46.0666 6736 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:39:46.0721 6736 ebdrv - ok
18:39:46.0849 6736 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:39:46.0853 6736 EFS - ok
18:39:46.0947 6736 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:39:46.0961 6736 ehRecvr - ok
18:39:46.0992 6736 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:39:46.0995 6736 ehSched - ok
18:39:47.0080 6736 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:39:47.0097 6736 elxstor - ok
18:39:47.0124 6736 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:39:47.0126 6736 ErrDev - ok
18:39:47.0191 6736 EUBAKUP (09a6390583c629532407ca7af026ff91) C:\Windows\system32\drivers\eubakup.sys
18:39:47.0193 6736 EUBAKUP - ok
18:39:47.0206 6736 EUBKMON (29f22c20748e3696af0d57dc71cc6a10) C:\Windows\system32\drivers\EUBKMON.sys
18:39:47.0208 6736 EUBKMON - ok
18:39:47.0241 6736 EUDISK (97cd68db973de9c17be205dd2de21563) C:\Windows\system32\drivers\eudisk.sys
18:39:47.0245 6736 EUDISK - ok
18:39:47.0260 6736 EUDSKACS (449070112444b188cf755add0627cd00) C:\Windows\system32\drivers\eudskacs.sys
18:39:47.0261 6736 EUDSKACS - ok
18:39:47.0269 6736 EUFS (6791502d2e6cb3ca67e43fe003e29e0a) C:\Windows\system32\drivers\eufs.sys
18:39:47.0270 6736 EUFS - ok
18:39:47.0334 6736 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:39:47.0341 6736 EventSystem - ok
18:39:47.0382 6736 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:39:47.0386 6736 exfat - ok
18:39:47.0410 6736 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:39:47.0414 6736 fastfat - ok
18:39:47.0498 6736 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:39:47.0511 6736 Fax - ok
18:39:47.0542 6736 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:39:47.0544 6736 fdc - ok
18:39:47.0569 6736 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:39:47.0570 6736 fdPHost - ok
18:39:47.0586 6736 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:39:47.0597 6736 FDResPub - ok
18:39:47.0611 6736 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:39:47.0622 6736 FileInfo - ok
18:39:47.0638 6736 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:39:47.0639 6736 Filetrace - ok
18:39:47.0666 6736 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:39:47.0668 6736 flpydisk - ok
18:39:47.0726 6736 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:39:47.0731 6736 FltMgr - ok
18:39:47.0831 6736 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:39:47.0878 6736 FontCache - ok
18:39:47.0936 6736 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:39:47.0959 6736 FontCache3.0.0.0 - ok
18:39:48.0002 6736 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:39:48.0012 6736 FsDepends - ok
18:39:48.0057 6736 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
18:39:48.0072 6736 fssfltr - ok
18:39:48.0267 6736 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:39:48.0317 6736 fsssvc - ok
18:39:48.0432 6736 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:39:48.0442 6736 Fs_Rec - ok
18:39:48.0492 6736 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:39:48.0497 6736 fvevol - ok
18:39:48.0527 6736 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:39:48.0537 6736 gagp30kx - ok
18:39:48.0662 6736 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:39:48.0697 6736 GamesAppService - ok
18:39:48.0737 6736 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:39:48.0747 6736 GEARAspiWDM - ok
18:39:48.0842 6736 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:39:48.0857 6736 gpsvc - ok
18:39:48.0922 6736 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:39:48.0922 6736 gupdate - ok
18:39:48.0942 6736 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:39:48.0942 6736 gupdatem - ok
18:39:48.0998 6736 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:39:49.0058 6736 gusvc - ok
18:39:49.0103 6736 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:39:49.0103 6736 hcw85cir - ok
18:39:49.0158 6736 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:39:49.0163 6736 HdAudAddService - ok
18:39:49.0198 6736 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:39:49.0198 6736 HDAudBus - ok
18:39:49.0233 6736 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
18:39:49.0258 6736 HECIx64 - ok
18:39:49.0273 6736 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:39:49.0275 6736 HidBatt - ok
18:39:49.0308 6736 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:39:49.0310 6736 HidBth - ok
18:39:49.0330 6736 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:39:49.0331 6736 HidIr - ok
18:39:49.0354 6736 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:39:49.0356 6736 hidserv - ok
18:39:49.0371 6736 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
18:39:49.0373 6736 HidUsb - ok
18:39:49.0404 6736 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:39:49.0422 6736 hkmsvc - ok
18:39:49.0472 6736 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:39:49.0491 6736 HomeGroupListener - ok
18:39:49.0531 6736 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:39:49.0536 6736 HomeGroupProvider - ok
18:39:49.0676 6736 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:39:49.0681 6736 hpqcxs08 - ok
18:39:49.0716 6736 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:39:49.0716 6736 hpqddsvc - ok
18:39:49.0856 6736 hpqwmiex (cc518f83732860997c3faf56d15627a7) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
18:39:49.0871 6736 hpqwmiex - ok
18:39:50.0017 6736 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:39:50.0032 6736 HpSAMD - ok
18:39:50.0202 6736 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
18:39:50.0222 6736 HPSLPSVC - ok
18:39:50.0297 6736 HPWMISVC (b6492d01712a22ff3fea25a999dbd321) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
18:39:50.0302 6736 HPWMISVC - ok
18:39:50.0382 6736 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:39:50.0397 6736 HTTP - ok
18:39:50.0482 6736 hwa (8f2f54b751e3b1774f16db8f4ba236e5) C:\Windows\system32\DRIVERS\WSR_HWA.SYS
18:39:50.0502 6736 hwa - ok
18:39:50.0537 6736 HWARadio (a93de149e77eac1b9649f0b3b35787fd) C:\Windows\system32\DRIVERS\WSR_RCI.SYS
18:39:50.0542 6736 HWARadio - ok
18:39:50.0572 6736 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:39:50.0572 6736 hwpolicy - ok
18:39:50.0632 6736 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:39:50.0637 6736 i8042prt - ok
18:39:50.0702 6736 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
18:39:50.0707 6736 iaStor - ok
18:39:50.0762 6736 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:39:50.0782 6736 iaStorV - ok
18:39:50.0912 6736 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:39:50.0987 6736 idsvc - ok
18:39:51.0767 6736 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:39:52.0007 6736 igfx - ok
18:39:52.0119 6736 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:39:52.0129 6736 iirsp - ok
18:39:52.0219 6736 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:39:52.0239 6736 IKEEXT - ok
18:39:52.0274 6736 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
18:39:52.0279 6736 Impcd - ok
18:39:52.0464 6736 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
18:39:52.0529 6736 IntcAzAudAddService - ok
18:39:52.0669 6736 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:39:52.0674 6736 IntcDAud - ok
18:39:52.0729 6736 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:39:52.0734 6736 intelide - ok
18:39:52.0774 6736 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:39:52.0774 6736 intelppm - ok
18:39:52.0809 6736 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:39:52.0834 6736 IPBusEnum - ok
18:39:52.0874 6736 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:39:52.0874 6736 IpFilterDriver - ok
18:39:52.0929 6736 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:39:52.0939 6736 iphlpsvc - ok
18:39:52.0989 6736 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:39:52.0989 6736 IPMIDRV - ok
18:39:53.0014 6736 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:39:53.0014 6736 IPNAT - ok
18:39:53.0164 6736 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
18:39:53.0184 6736 iPod Service - ok
18:39:53.0214 6736 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:39:53.0214 6736 IRENUM - ok
18:39:53.0244 6736 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:39:53.0254 6736 isapnp - ok
18:39:53.0304 6736 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:39:53.0334 6736 iScsiPrt - ok
18:39:53.0359 6736 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:39:53.0369 6736 kbdclass - ok
18:39:53.0389 6736 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:39:53.0389 6736 kbdhid - ok
18:39:53.0424 6736 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:39:53.0429 6736 KeyIso - ok
18:39:53.0444 6736 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:39:53.0459 6736 KSecDD - ok
18:39:53.0494 6736 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:39:53.0509 6736 KSecPkg - ok
18:39:53.0529 6736 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:39:53.0534 6736 ksthunk - ok
18:39:53.0579 6736 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:39:53.0604 6736 KtmRm - ok
18:39:53.0679 6736 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:39:53.0684 6736 LanmanServer - ok
18:39:53.0739 6736 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:39:53.0744 6736 LanmanWorkstation - ok
18:39:53.0879 6736 LBTServ (4adc135f525d38a498f83b089228cc2d) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:39:53.0904 6736 LBTServ - ok
18:39:53.0944 6736 LEqdUsb (00ba093a3f316d43a4c3e098a96ae912) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
18:39:53.0954 6736 LEqdUsb - ok
18:39:53.0984 6736 LHidEqd (3067cfad2baa4a208130cd0afb130bc9) C:\Windows\system32\DRIVERS\LHidEqd.Sys
18:39:53.0994 6736 LHidEqd - ok
18:39:54.0004 6736 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:39:54.0014 6736 LHidFilt - ok
18:39:54.0119 6736 LightScribeService (fa4a45c179ab0e0f1a31b9751d4b18d7) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:39:54.0119 6736 LightScribeService - ok
18:39:54.0154 6736 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:39:54.0154 6736 lltdio - ok
18:39:54.0199 6736 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:39:54.0214 6736 lltdsvc - ok
18:39:54.0239 6736 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:39:54.0254 6736 lmhosts - ok
18:39:54.0294 6736 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:39:54.0319 6736 LMouFilt - ok
18:39:54.0424 6736 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:39:54.0424 6736 LMS - ok
18:39:54.0464 6736 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:39:54.0474 6736 LSI_FC - ok
18:39:54.0489 6736 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:39:54.0504 6736 LSI_SAS - ok
18:39:54.0529 6736 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:39:54.0534 6736 LSI_SAS2 - ok
18:39:54.0559 6736 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:39:54.0564 6736 LSI_SCSI - ok
18:39:54.0579 6736 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:39:54.0584 6736 luafv - ok
18:39:54.0634 6736 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
18:39:54.0639 6736 mcdbus - ok
18:39:54.0674 6736 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:39:54.0684 6736 Mcx2Svc - ok
18:39:54.0714 6736 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:39:54.0719 6736 megasas - ok
18:39:54.0759 6736 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:39:54.0779 6736 MegaSR - ok
18:39:54.0874 6736 Microsoft SharePoint Workspace Audit Service - ok
18:39:54.0909 6736 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:39:54.0924 6736 MMCSS - ok
18:39:54.0954 6736 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:39:54.0959 6736 Modem - ok
18:39:54.0974 6736 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:39:54.0974 6736 monitor - ok
18:39:55.0024 6736 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:39:55.0039 6736 mouclass - ok
18:39:55.0064 6736 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:39:55.0069 6736 mouhid - ok
18:39:55.0109 6736 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:39:55.0109 6736 mountmgr - ok
18:39:55.0199 6736 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:39:55.0234 6736 MozillaMaintenance - ok
18:39:55.0319 6736 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
18:39:55.0319 6736 MpFilter - ok
18:39:55.0369 6736 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:39:55.0404 6736 mpio - ok
18:39:55.0429 6736 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:39:55.0434 6736 mpsdrv - ok
18:39:55.0519 6736 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:39:55.0534 6736 MpsSvc - ok
18:39:55.0579 6736 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:39:55.0584 6736 MRxDAV - ok
18:39:55.0629 6736 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:39:55.0634 6736 mrxsmb - ok
18:39:55.0689 6736 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:39:55.0694 6736 mrxsmb10 - ok
18:39:55.0714 6736 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:39:55.0714 6736 mrxsmb20 - ok
18:39:55.0744 6736 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:39:55.0749 6736 msahci - ok
18:39:55.0784 6736 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:39:55.0794 6736 msdsm - ok
18:39:55.0829 6736 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:39:55.0854 6736 MSDTC - ok
18:39:55.0889 6736 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:39:55.0889 6736 Msfs - ok
18:39:55.0909 6736 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:39:55.0909 6736 mshidkmdf - ok
18:39:55.0924 6736 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:39:55.0929 6736 msisadrv - ok
18:39:55.0959 6736 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:39:55.0969 6736 MSiSCSI - ok
18:39:55.0974 6736 msiserver - ok
18:39:56.0004 6736 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:39:56.0004 6736 MSKSSRV - ok
18:39:56.0009 6736 msmityds - ok
18:39:56.0134 6736 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:39:56.0134 6736 MsMpSvc - ok
18:39:56.0149 6736 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:39:56.0149 6736 MSPCLOCK - ok
18:39:56.0179 6736 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:39:56.0179 6736 MSPQM - ok
18:39:56.0234 6736 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:39:56.0259 6736 MsRPC - ok
18:39:56.0294 6736 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:39:56.0294 6736 mssmbios - ok
18:39:56.0409 6736 MSSQL$INFLOWSQL - ok
18:39:56.0469 6736 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:39:56.0479 6736 MSSQLServerADHelper - ok
18:39:56.0514 6736 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:39:56.0514 6736 MSTEE - ok
18:39:56.0534 6736 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:39:56.0534 6736 MTConfig - ok
18:39:56.0564 6736 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:39:56.0574 6736 Mup - ok
18:39:56.0639 6736 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:39:56.0649 6736 napagent - ok
18:39:56.0689 6736 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:39:56.0694 6736 NativeWifiP - ok
18:39:56.0774 6736 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:39:56.0794 6736 NDIS - ok
18:39:56.0819 6736 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:39:56.0819 6736 NdisCap - ok
18:39:56.0844 6736 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:39:56.0844 6736 NdisTapi - ok
18:39:56.0889 6736 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:39:56.0889 6736 Ndisuio - ok
18:39:56.0934 6736 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:39:56.0939 6736 NdisWan - ok
18:39:56.0974 6736 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:39:56.0974 6736 NDProxy - ok
18:39:57.0025 6736 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
18:39:57.0055 6736 Net Driver HPZ12 - ok
18:39:57.0090 6736 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:39:57.0090 6736 NetBIOS - ok
18:39:57.0130 6736 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:39:57.0140 6736 NetBT - ok
18:39:57.0175 6736 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:39:57.0175 6736 Netlogon - ok
18:39:57.0230 6736 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:39:57.0240 6736 Netman - ok
18:39:57.0280 6736 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:39:57.0290 6736 netprofm - ok
18:39:57.0355 6736 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:39:57.0385 6736 NetTcpPortSharing - ok
18:39:57.0755 6736 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:39:57.0840 6736 netw5v64 - ok
18:39:57.0990 6736 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:39:58.0000 6736 nfrd960 - ok
18:39:58.0065 6736 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:39:58.0080 6736 NisDrv - ok
18:39:58.0210 6736 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
18:39:58.0225 6736 NisSrv - ok
18:39:58.0325 6736 NitroReaderDriverReadSpool2 (720d689ad05c6da167ae959569c59bdc) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
18:39:58.0345 6736 NitroReaderDriverReadSpool2 - ok
18:39:58.0410 6736 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:39:58.0415 6736 NlaSvc - ok
18:39:58.0440 6736 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:39:58.0445 6736 Npfs - ok
18:39:58.0485 6736 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:39:58.0490 6736 nsi - ok
18:39:58.0505 6736 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:39:58.0505 6736 nsiproxy - ok
18:39:58.0640 6736 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:39:58.0800 6736 Ntfs - ok
18:39:58.0915 6736 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:39:58.0915 6736 Null - ok
18:39:58.0980 6736 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:39:58.0985 6736 nvraid - ok
18:39:59.0010 6736 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:39:59.0035 6736 nvstor - ok
18:39:59.0061 6736 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:39:59.0082 6736 nv_agp - ok
18:39:59.0097 6736 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:39:59.0102 6736 ohci1394 - ok
18:39:59.0182 6736 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:39:59.0217 6736 ose - ok
18:39:59.0577 6736 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:39:59.0657 6736 osppsvc - ok
18:39:59.0792 6736 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:39:59.0802 6736 p2pimsvc - ok
18:39:59.0852 6736 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:39:59.0867 6736 p2psvc - ok
18:39:59.0932 6736 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:39:59.0937 6736 Parport - ok
18:39:59.0977 6736 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:40:00.0002 6736 partmgr - ok
18:40:00.0032 6736 pbebsmuz - ok
18:40:00.0067 6736 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:40:00.0072 6736 PcaSvc - ok
18:40:00.0104 6736 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:40:00.0104 6736 pci - ok
18:40:00.0134 6736 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:40:00.0139 6736 pciide - ok
18:40:00.0184 6736 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:40:00.0204 6736 pcmcia - ok
18:40:00.0219 6736 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:40:00.0229 6736 pcw - ok
18:40:00.0259 6736 pe3agnqb (e4d5a565a2c424e72e0bafe8e3d65bea) C:\Windows\system32\drivers\pe3agnqb.sys
18:40:00.0264 6736 pe3agnqb - ok
18:40:00.0314 6736 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:40:00.0329 6736 PEAUTH - ok
18:40:00.0414 6736 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:40:00.0414 6736 PerfHost - ok
18:40:00.0544 6736 Pharos Systems ComTaskMaster (bd24e98e6546adf6a31a41485483eb6c) C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
18:40:00.0549 6736 Pharos Systems ComTaskMaster - ok
18:40:00.0759 6736 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:40:00.0809 6736 pla - ok
18:40:00.0874 6736 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:40:00.0884 6736 PlugPlay - ok
18:40:00.0959 6736 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
18:40:00.0979 6736 Pml Driver HPZ12 - ok
18:40:01.0014 6736 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:40:01.0049 6736 PNRPAutoReg - ok
18:40:01.0086 6736 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:40:01.0091 6736 PNRPsvc - ok
18:40:01.0151 6736 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:40:01.0161 6736 PolicyAgent - ok
18:40:01.0191 6736 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:40:01.0196 6736 Power - ok
18:40:01.0266 6736 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:40:01.0271 6736 PptpMiniport - ok
18:40:01.0301 6736 pr2agnqb - ok
18:40:01.0326 6736 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:40:01.0326 6736 Processor - ok
18:40:01.0366 6736 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:40:01.0371 6736 ProfSvc - ok
18:40:01.0406 6736 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:40:01.0411 6736 ProtectedStorage - ok
18:40:01.0451 6736 ps6agnqb (7e417498a898d9720009c8688c16013a) C:\Windows\system32\drivers\ps6agnqb.sys
18:40:01.0451 6736 ps6agnqb - ok
18:40:01.0506 6736 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:40:01.0511 6736 Psched - ok
18:40:01.0556 6736 PSMounter (838e03c9da764467edd9b99d1efb809c) C:\Windows\system32\drivers\psmounter.sys
18:40:01.0561 6736 PSMounter - ok
18:40:01.0591 6736 PSVolAcc (f428cb5ecb3f2cc77e13764b34a0871a) C:\Windows\system32\drivers\PSVolAcc.sys
18:40:01.0591 6736 PSVolAcc - ok
18:40:01.0716 6736 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:40:01.0766 6736 ql2300 - ok
18:40:01.0866 6736 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:40:01.0876 6736 ql40xx - ok
18:40:01.0921 6736 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:40:01.0941 6736 QWAVE - ok
18:40:01.0971 6736 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:40:01.0971 6736 QWAVEdrv - ok
18:40:01.0991 6736 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:40:01.0996 6736 RasAcd - ok
18:40:02.0026 6736 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:40:02.0026 6736 RasAgileVpn - ok
18:40:02.0047 6736 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:40:02.0068 6736 RasAuto - ok
18:40:02.0108 6736 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:40:02.0108 6736 Rasl2tp - ok
18:40:02.0133 6736 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:40:02.0153 6736 RasMan - ok
18:40:02.0173 6736 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:40:02.0173 6736 RasPppoe - ok
18:40:02.0188 6736 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:40:02.0188 6736 RasSstp - ok
18:40:02.0233 6736 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
18:40:02.0238 6736 rcmirror - ok
18:40:02.0288 6736 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:40:02.0293 6736 rdbss - ok
18:40:02.0308 6736 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:40:02.0308 6736 rdpbus - ok
18:40:02.0338 6736 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:40:02.0338 6736 RDPCDD - ok
18:40:02.0363 6736 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:40:02.0363 6736 RDPENCDD - ok
18:40:02.0378 6736 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:40:02.0378 6736 RDPREFMP - ok
18:40:02.0413 6736 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:40:02.0418 6736 RDPWD - ok
18:40:02.0478 6736 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:40:02.0493 6736 rdyboost - ok
18:40:02.0603 6736 ReflectService (be9861e1a18e01c38338feacd75c5ead) C:\Program Files\Macrium\Reflect\ReflectService.exe
18:40:02.0608 6736 ReflectService - ok
18:40:02.0638 6736 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:40:02.0658 6736 RemoteAccess - ok
18:40:02.0713 6736 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:40:02.0733 6736 RemoteRegistry - ok
18:40:02.0848 6736 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:40:02.0853 6736 RichVideo - ok
18:40:02.0898 6736 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:40:02.0898 6736 RimUsb - ok
18:40:02.0958 6736 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
18:40:02.0963 6736 RimVSerPort - ok
18:40:02.0983 6736 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
18:40:02.0983 6736 ROOTMODEM - ok
18:40:03.0023 6736 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:40:03.0028 6736 RpcEptMapper - ok
18:40:03.0058 6736 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:40:03.0064 6736 RpcLocator - ok
18:40:03.0130 6736 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:40:03.0135 6736 RpcSs - ok
18:40:03.0160 6736 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:40:03.0160 6736 rspndr - ok
18:40:03.0215 6736 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
18:40:03.0220 6736 RSUSBSTOR - ok
18:40:03.0295 6736 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:40:03.0310 6736 RTL8167 - ok
18:40:03.0420 6736 rtl8192se (ce594045b2969f5fc3f77b824629ac7f) C:\Windows\system32\DRIVERS\rtl8192se.sys
18:40:03.0465 6736 rtl8192se - ok
18:40:03.0555 6736 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
18:40:03.0560 6736 RtVOsdService - ok
18:40:03.0675 6736 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:40:03.0675 6736 SamSs - ok
18:40:03.0750 6736 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:40:03.0750 6736 SASDIFSV - ok
18:40:03.0775 6736 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:40:03.0780 6736 SASKUTIL - ok
18:40:03.0835 6736 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:40:03.0860 6736 sbp2port - ok
18:40:03.0900 6736 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:40:03.0930 6736 SCardSvr - ok
18:40:03.0960 6736 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:40:03.0960 6736 scfilter - ok
18:40:04.0060 6736 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:40:04.0075 6736 Schedule - ok
18:40:04.0120 6736 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:40:04.0120 6736 SCPolicySvc - ok
18:40:04.0170 6736 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
18:40:04.0175 6736 sdbus - ok
18:40:04.0210 6736 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:40:04.0215 6736 SDRSVC - ok
18:40:04.0245 6736 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:40:04.0250 6736 secdrv - ok
18:40:04.0265 6736 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:40:04.0275 6736 seclogon - ok
18:40:04.0305 6736 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:40:04.0305 6736 SENS - ok
18:40:04.0320 6736 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:40:04.0330 6736 SensrSvc - ok
18:40:04.0355 6736 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:40:04.0355 6736 Serenum - ok
18:40:04.0375 6736 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:40:04.0380 6736 Serial - ok
18:40:04.0410 6736 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:40:04.0420 6736 sermouse - ok
18:40:04.0470 6736 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:40:04.0490 6736 SessionEnv - ok
18:40:04.0530 6736 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:40:04.0530 6736 sffdisk - ok
18:40:04.0545 6736 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:40:04.0545 6736 sffp_mmc - ok
18:40:04.0550 6736 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:40:04.0550 6736 sffp_sd - ok
18:40:04.0575 6736 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:40:04.0580 6736 sfloppy - ok
18:40:04.0625 6736 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:40:04.0645 6736 SharedAccess - ok
18:40:04.0710 6736 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:40:04.0720 6736 ShellHWDetection - ok
18:40:04.0745 6736 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:40:04.0765 6736 SiSRaid2 - ok
18:40:04.0795 6736 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:40:04.0805 6736 SiSRaid4 - ok
18:40:04.0910 6736 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:40:04.0910 6736 SkypeUpdate - ok
18:40:04.0950 6736 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:40:04.0950 6736 Smb - ok
18:40:04.0990 6736 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:40:04.0995 6736 SNMPTRAP - ok
18:40:05.0010 6736 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:40:05.0020 6736 spldr - ok
18:40:05.0085 6736 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:40:05.0095 6736 Spooler - ok
18:40:05.0345 6736 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:40:05.0405 6736 sppsvc - ok
18:40:05.0515 6736 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:40:05.0530 6736 sppuinotify - ok
18:40:05.0635 6736 sprtsvc_verizondm - ok
18:40:05.0745 6736 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:40:05.0775 6736 SQLBrowser - ok
18:40:05.0860 6736 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:40:05.0890 6736 SQLWriter - ok
18:40:05.0980 6736 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:40:05.0990 6736 srv - ok
18:40:06.0035 6736 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:40:06.0045 6736 srv2 - ok
18:40:06.0085 6736 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:40:06.0090 6736 SrvHsfHDA - ok
18:40:06.0200 6736 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:40:06.0225 6736 SrvHsfV92 - ok
18:40:06.0380 6736 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:40:06.0390 6736 SrvHsfWinac - ok
18:40:06.0445 6736 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:40:06.0450 6736 srvnet - ok
18:40:06.0500 6736 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:40:06.0505 6736 SSDPSRV - ok
18:40:06.0525 6736 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:40:06.0530 6736 SstpSvc - ok
18:40:06.0560 6736 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:40:06.0570 6736 stexstor - ok
18:40:06.0615 6736 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
18:40:06.0620 6736 StillCam - ok
18:40:06.0705 6736 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:40:06.0730 6736 stisvc - ok
18:40:06.0770 6736 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:40:06.0780 6736 swenum - ok
18:40:06.0825 6736 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:40:06.0850 6736 swprv - ok
18:40:06.0930 6736 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
18:40:06.0950 6736 SynTP - ok
18:40:07.0095 6736 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:40:07.0130 6736 SysMain - ok
18:40:07.0240 6736 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:40:07.0255 6736 TabletInputService - ok
18:40:07.0285 6736 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:40:07.0295 6736 TapiSrv - ok
18:40:07.0325 6736 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:40:07.0330 6736 TBS - ok
18:40:07.0490 6736 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:40:07.0550 6736 Tcpip - ok
18:40:07.0766 6736 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:40:07.0791 6736 TCPIP6 - ok
18:40:07.0866 6736 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:40:07.0866 6736 tcpipreg - ok
18:40:07.0901 6736 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:40:07.0901 6736 TDPIPE - ok
18:40:07.0941 6736 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:40:07.0941 6736 TDTCP - ok
18:40:07.0976 6736 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:40:07.0981 6736 tdx - ok
18:40:08.0186 6736 TeamViewer6 (8a9828975a857e477efef5a61ba45ac0) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
18:40:08.0221 6736 TeamViewer6 - ok
18:40:08.0621 6736 TeamViewer7 (3e85bdd019e3db66d9471dad7fd6a887) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
18:40:08.0676 6736 TeamViewer7 - ok
18:40:08.0801 6736 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:40:08.0811 6736 TermDD - ok
18:40:08.0891 6736 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:40:08.0926 6736 TermService - ok
18:40:09.0011 6736 tgsrvc_verizondm - ok
18:40:09.0051 6736 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:40:09.0061 6736 Themes - ok
18:40:09.0086 6736 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:40:09.0091 6736 THREADORDER - ok
18:40:09.0106 6736 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:40:09.0111 6736 TrkWks - ok
18:40:09.0171 6736 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:40:09.0176 6736 TrustedInstaller - ok
18:40:09.0215 6736 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:40:09.0218 6736 tssecsrv - ok
18:40:09.0258 6736 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:40:09.0258 6736 TsUsbFlt - ok
18:40:09.0318 6736 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:40:09.0323 6736 tunnel - ok
18:40:09.0348 6736 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:40:09.0358 6736 uagp35 - ok
18:40:09.0403 6736 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:40:09.0413 6736 udfs - ok
18:40:09.0448 6736 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:40:09.0463 6736 UI0Detect - ok
18:40:09.0503 6736 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:40:09.0513 6736 uliagpkx - ok
18:40:09.0568 6736 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:40:09.0568 6736 umbus - ok
18:40:09.0593 6736 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:40:09.0598 6736 UmPass - ok
18:40:09.0873 6736 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:40:09.0913 6736 UNS - ok
18:40:10.0033 6736 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:40:10.0043 6736 upnphost - ok
18:40:10.0083 6736 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
18:40:10.0083 6736 USBAAPL64 - ok
18:40:10.0148 6736 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:40:10.0148 6736 usbaudio - ok
18:40:10.0183 6736 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:40:10.0188 6736 usbccgp - ok
18:40:10.0213 6736 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:40:10.0213 6736 usbcir - ok
18:40:10.0243 6736 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:40:10.0243 6736 usbehci - ok
18:40:10.0293 6736 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:40:10.0303 6736 usbhub - ok
18:40:10.0333 6736 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:40:10.0338 6736 usbohci - ok
18:40:10.0358 6736 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:40:10.0363 6736 usbprint - ok
18:40:10.0398 6736 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:40:10.0398 6736 usbscan - ok
18:40:10.0418 6736 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:40:10.0418 6736 USBSTOR - ok
18:40:10.0448 6736 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:40:10.0448 6736 usbuhci - ok
18:40:10.0513 6736 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:40:10.0513 6736 usbvideo - ok
18:40:10.0543 6736 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:40:10.0558 6736 UxSms - ok
18:40:10.0593 6736 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:40:10.0593 6736 VaultSvc - ok
18:40:10.0623 6736 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:40:10.0633 6736 vdrvroot - ok
18:40:10.0698 6736 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:40:10.0728 6736 vds - ok
18:40:10.0753 6736 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:40:10.0753 6736 vga - ok
18:40:10.0778 6736 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:40:10.0778 6736 VgaSave - ok
18:40:10.0813 6736 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:40:10.0843 6736 vhdmp - ok
18:40:10.0863 6736 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:40:10.0873 6736 viaide - ok
18:40:10.0898 6736 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:40:10.0908 6736 volmgr - ok
18:40:10.0968 6736 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:40:10.0973 6736 volmgrx - ok
18:40:11.0028 6736 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:40:11.0033 6736 volsnap - ok
18:40:11.0073 6736 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:40:11.0098 6736 vsmraid - ok
18:40:11.0233 6736 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:40:11.0278 6736 VSS - ok
18:40:11.0398 6736 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:40:11.0403 6736 vwifibus - ok
18:40:11.0433 6736 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:40:11.0433 6736 vwififlt - ok
18:40:11.0458 6736 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
18:40:11.0463 6736 vwifimp - ok
18:40:11.0513 6736 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:40:11.0523 6736 W32Time - ok
18:40:11.0553 6736 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:40:11.0553 6736 WacomPen - ok
18:40:11.0603 6736 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:40:11.0608 6736 WANARP - ok
18:40:11.0613 6736 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:40:11.0618 6736 Wanarpv6 - ok
18:40:11.0733 6736 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:40:11.0783 6736 WatAdminSvc - ok
18:40:11.0903 6736 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:40:11.0948 6736 wbengine - ok
18:40:12.0053 6736 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:40:12.0068 6736 WbioSrvc - ok
18:40:12.0118 6736 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:40:12.0138 6736 wcncsvc - ok
18:40:12.0153 6736 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:40:12.0168 6736 WcsPlugInService - ok
18:40:12.0213 6736 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:40:12.0223 6736 Wd - ok
18:40:12.0288 6736 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:40:12.0313 6736 Wdf01000 - ok
18:40:12.0333 6736 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:40:12.0338 6736 WdiServiceHost - ok
18:40:12.0343 6736 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:40:12.0348 6736 WdiSystemHost - ok
18:40:12.0403 6736 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:40:12.0433 6736 WebClient - ok
18:40:12.0478 6736 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:40:12.0498 6736 Wecsvc - ok
18:40:12.0513 6736 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:40:12.0533 6736 wercplsupport - ok
18:40:12.0553 6736 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:40:12.0568 6736 WerSvc - ok
18:40:12.0628 6736 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:40:12.0628 6736 WfpLwf - ok
18:40:12.0648 6736 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:40:12.0658 6736 WIMMount - ok
18:40:12.0693 6736 WinDefend - ok
18:40:12.0708 6736 WinHttpAutoProxySvc - ok
18:40:12.0783 6736 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:40:12.0788 6736 Winmgmt - ok
18:40:12.0948 6736 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:40:12.0988 6736 WinRM - ok
18:40:13.0133 6736 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:40:13.0133 6736 WinUsb - ok
18:40:13.0213 6736 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:40:13.0228 6736 Wlansvc - ok
18:40:13.0298 6736 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:40:13.0308 6736 wlcrasvc - ok
18:40:13.0533 6736 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:40:13.0598 6736 wlidsvc - ok
18:40:13.0728 6736 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:40:13.0733 6736 WmiAcpi - ok
18:40:13.0793 6736 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:40:13.0798 6736 wmiApSrv - ok
18:40:13.0853 6736 WMPNetworkSvc - ok
18:40:13.0898 6736 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:40:13.0903 6736 WPCSvc - ok
18:40:13.0948 6736 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:40:13.0953 6736 WPDBusEnum - ok
18:40:13.0978 6736 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:40:13.0978 6736 ws2ifsl - ok
18:40:13.0998 6736 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:40:14.0008 6736 wscsvc - ok
18:40:14.0058 6736 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
18:40:14.0058 6736 WSDPrintDevice - ok
18:40:14.0068 6736 WSearch - ok
18:40:14.0268 6736 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:40:14.0313 6736 wuauserv - ok
18:40:14.0453 6736 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:40:14.0458 6736 WudfPf - ok
18:40:14.0483 6736 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:40:14.0488 6736 WUDFRd - ok
18:40:14.0523 6736 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:40:14.0528 6736 wudfsvc - ok
18:40:14.0563 6736 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:40:14.0573 6736 WwanSvc - ok
18:40:14.0638 6736 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:40:14.0648 6736 yukonw7 - ok
18:40:14.0698 6736 MBR (0x1B8) (30a95eec7834ccd84883cdd8251e35b3) \Device\Harddisk0\DR0
18:40:14.0918 6736 \Device\Harddisk0\DR0 - ok
18:40:14.0928 6736 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
18:40:14.0933 6736 \Device\Harddisk1\DR1 - ok
18:40:14.0943 6736 Boot (0x1200) (96b610eb9ea2613accc0caf3023aa2c9) \Device\Harddisk0\DR0\Partition0
18:40:14.0943 6736 \Device\Harddisk0\DR0\Partition0 - ok
18:40:14.0953 6736 Boot (0x1200) (1d2e443aef181ebf946df3a239d35fd1) \Device\Harddisk0\DR0\Partition1
18:40:14.0953 6736 \Device\Harddisk0\DR0\Partition1 - ok
18:40:14.0988 6736 Boot (0x1200) (0c2af7089dddce2dd7ec2c4fbe35febb) \Device\Harddisk0\DR0\Partition2
18:40:14.0993 6736 \Device\Harddisk0\DR0\Partition2 - ok
18:40:15.0008 6736 Boot (0x1200) (daa0c4143dd4d0a3cc9582b3bff4c53f) \Device\Harddisk0\DR0\Partition3
18:40:15.0008 6736 \Device\Harddisk0\DR0\Partition3 - ok
18:40:15.0023 6736 Boot (0x1200) (0e2772ca43931ca36d11856687ed8619) \Device\Harddisk1\DR1\Partition0
18:40:15.0023 6736 \Device\Harddisk1\DR1\Partition0 - ok
18:40:15.0033 6736 ============================================================
18:40:15.0033 6736 Scan finished
18:40:15.0033 6736 ============================================================
18:40:15.0058 4716 Detected object count: 0
18:40:15.0058 4716 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-13 18:43:03
-----------------------------
18:43:03.808 OS Version: Windows x64 6.1.7601 Service Pack 1
18:43:03.808 Number of processors: 2 586 0x2502
18:43:03.823 ComputerName: KUNAL-HP UserName: Kunal
18:43:05.533 Initialize success
18:57:41.813 AVAST engine defs: 12071301
19:10:15.205 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:10:15.210 Disk 0 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 3
19:10:15.220 Disk 0 MBR read successfully
19:10:15.225 Disk 0 MBR scan
19:10:15.311 Disk 0 unknown MBR code
19:10:15.327 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:10:15.340 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 290333 MB offset 409600
19:10:15.368 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14608 MB offset 595011584
19:10:15.387 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
19:10:15.451 Disk 0 scanning C:\Windows\system32\drivers
19:10:31.689 Service scanning
19:11:11.830 Modules scanning
19:11:11.877 Disk 0 trace - called modules:
19:11:12.237 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:11:12.248 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800326d430]
19:11:12.259 3 CLASSPNP.SYS[fffff88001bc343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80030f3050]
19:11:13.810 AVAST engine scan C:\Windows
19:11:19.244 AVAST engine scan C:\Windows\system32
19:16:18.859 AVAST engine scan C:\Windows\system32\drivers
19:16:44.902 AVAST engine scan C:\Users\Kunal
19:19:32.611 Disk 0 MBR has been saved successfully to "C:\Users\Kunal\Desktop\MBR.dat"
19:19:32.667 The log file has been saved successfully to "C:\Users\Kunal\Desktop\aswMBR.txt"

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 13 July 2012 - 06:58 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Firefox::
FF - ProfilePath - c:\users\Kunal\AppData\Roaming\Mozilla\Firefox\Profiles\jjgyf69c.default\
FF - prefs.js: browser.search.selectedEngine - Blekko

Driver::
avdvqnbl
msmityds
pbebsmuz

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:53 PM

Posted 13 July 2012 - 11:06 PM

No problems while running ComboFix as such, but on the blue screen it said that the atapi.sys system file was infected, then I got a popup saying "A readily available replacement was not found. ComboFix needs to do an intensive search. This may take some time'. So I clicked on ok. Then ComboFix rebooted the computer. Well as I said before I have no way of saying whether my computer has been fixed since the virus did not change anything other the Avira notifications. So the computer is doing the same as it did after running ComboFix for the first time (no notifications from Avira anymore)


ComboFix 12-07-13.03 - Kunal 07/13/2012 23:05:02.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2934.1413 [GMT -4:00]
Running from: c:\users\Kunal\Desktop\ComboFix.exe
Command switches used :: c:\users\Kunal\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Drivers\atapi.sys . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_avdvqnbl
-------\Service_msmityds
-------\Service_pbebsmuz
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 03:30 . 2012-07-14 03:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 03:30 . 2012-07-14 03:30 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-13 07:05 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5D48B94-4205-4EAA-B7CB-2B9637BB3989}\mpengine.dll
2012-07-12 03:21 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-03 22:19 . 2012-02-10 09:09 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CB0F748-1140-410F-9B15-6B86C550D6B1}\gapaengine.dll
2012-06-18 22:11 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-18 22:11 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-18 22:11 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-18 22:11 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-18 22:10 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-18 22:10 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-18 22:10 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-18 22:10 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-18 22:10 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 00:58 . 2012-06-18 00:58 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-18 00:58 . 2012-06-18 00:58 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-17 21:44 . 2012-06-17 21:44 -------- d-----w- c:\users\Kunal\AppData\Local\Macromedia
2012-06-17 16:09 . 2012-05-18 01:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-17 16:09 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:46 . 2010-09-18 08:04 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-17 01:43 . 2012-05-17 01:43 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-17 01:43 . 2012-05-17 01:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-05-15 01:32 . 2012-06-12 22:54 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 04:24 . 2011-11-08 06:59 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-09 04:24 . 2011-11-08 06:59 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-05 05:57 . 2012-04-29 23:57 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06 . 2012-06-12 22:54 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 22:54 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 22:54 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 22:54 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-12 22:54 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-12 23:01 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-12 23:01 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-12 23:01 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-12 23:12 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-12 23:12 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-12 23:12 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-12 23:12 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-12 23:12 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-12 23:12 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-13_06.38.49 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-13 06:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-14 03:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-13 06:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-14 03:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-13 06:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-14 03:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-16 17:11 . 2012-07-13 06:56 67362 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-14 03:34 56772 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-03 10:12 . 2012-07-14 03:34 18880 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-674566640-1698649700-413755185-1001_UserData.bin
- 2012-07-13 06:36 . 2012-07-13 06:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-14 03:32 . 2012-07-14 03:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-13 06:36 . 2012-07-13 06:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-14 03:32 . 2012-07-14 03:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-03 15:49 . 2012-07-13 21:50 470236 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-13 04:55 676782 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-13 22:02 676782 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-13 04:55 126840 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-13 22:02 126840 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-14 03:30 397408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-13 06:34 397408 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-03 10:09 . 2012-07-14 03:31 829000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-674566640-1698649700-413755185-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-09-28 1715768]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-24 4786048]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Connectify"="c:\program files (x86)\Connectify\Connectify.exe" [2012-02-24 3941192]
"Akamai NetSession Interface"="c:\users\Kunal\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-06-20 12163848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"EaseUs Watch"="c:\program files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe" [2011-04-22 69000]
"EaseUs Tray"="c:\program files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe" [2011-04-26 733576]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-17 296056]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Kunal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft SharePoint Workspace.lnk - c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 136176]
R2 pr2agnqb;Cricket 2007 Drivers Auto Removal (pr2agnqb);c:\windows\system32\pr2agnqb.exe svc [x]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 253088]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys [2010-12-23 17408]
R3 DLCopyFilter;DLCopyFilter;c:\windows\system32\Drivers\wsr_tbf.sys [2010-02-21 51712]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 136176]
R3 hwa;Wireless USB Host Adapter;c:\windows\system32\DRIVERS\WSR_HWA.SYS [2010-03-17 911360]
R3 HWARadio;Wireless USB Host Radio;c:\windows\system32\DRIVERS\WSR_RCI.SYS [2010-03-16 159232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2011-07-01 40600]
R3 PSVolAcc;PSVolAcc; [x]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-07 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2010-01-27 13936]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-04-22 36232]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-04-22 42888]
S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-04-22 26504]
S0 pe3agnqb;Cricket 2007 Environment Driver (pe3agnqb);c:\windows\system32\drivers\pe3agnqb.sys [2007-03-03 72576]
S0 ps6agnqb;Cricket 2007 Synchronization Driver (ps6agnqb);c:\windows\system32\drivers\ps6agnqb.sys [2007-03-03 73096]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [2012-04-02 31344]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-04-22 17800]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe [2012-02-24 69632]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2010-01-27 8610664]
S2 EASEUS Agent;EASEUS Agent;c:\program files (x86)\EASEUS\Todo Backup\bin\Agent.exe [2011-04-22 56200]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 MSSQL$INFLOWSQL;SQL Server (INFLOWSQL);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-03-25 204304]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2011-07-01 301720]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-01 206120]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-01 185640]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-08-02 32880]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2010-01-27 185968]
S3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [2011-04-22 193928]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-09-29 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-03-05 271872]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2010-08-24 74320]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2010-08-24 13392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-09-08 1225832]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 18:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 00:58]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 06:18]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 06:18]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-674566640-1698649700-413755185-1001Core.job
- c:\users\Kunal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 06:18]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-674566640-1698649700-413755185-1001UA.job
- c:\users\Kunal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 06:18]
.
2012-07-12 c:\windows\Tasks\HPCeeScheduleForKunal.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-20 23:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-25 6489704]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{612F6E5C-B314-4bab-93D1-D266AAFBE700} - c:\program files (x86)\Xmlbar\Tudou Downloader\TudouDownloader(xmlbar).exe
TCP: DhcpNameServer = 192.168.1.1
DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://johnhopkinsuniversity-baltimore.remotemanager.co.uk/common/activex/MJPEGRender.ocx
FF - ProfilePath - c:\users\Kunal\AppData\Roaming\Mozilla\Firefox\Profiles\jjgyf69c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\06\01\00#\10g"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Connectify\ConnectifyD.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\progra~2\PHAROS~1\Core\CTskMstr.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-07-13 23:43:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-14 03:43
ComboFix2.txt 2012-07-13 06:49
.
Pre-Run: 86,111,887,360 bytes free
Post-Run: 87,661,096,960 bytes free
.
- - End Of File - - 75254A7FB3992A171596030F411E2736

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 14 July 2012 - 10:45 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:53 PM

Posted 14 July 2012 - 03:58 PM

Scan result of Farbar Recovery Scan Tool Version: 14-07-2012 01
Ran by SYSTEM at 14-07-2012 16:43:18
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6489704 2011-01-25] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1680976 2010-10-28] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-08-31] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-31] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-08-31] (Intel Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe" [69000 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe" [733576 2011-04-25] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348624 2012-05-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM [206120 2011-12-01] (SupportSoft, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-05-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Kunal\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Kunal\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-11-22] (Hewlett-Packard Company)
HKU\Kunal\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-21] (Microsoft Corporation)
HKU\Kunal\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\Kunal\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-06-23] (SUPERAntiSpyware.com)
HKU\Kunal\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Kunal\...\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe [3941192 2012-02-24] (Connectify)
HKU\Kunal\...\Run: [Akamai NetSession Interface] "C:\Users\Kunal\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\Kunal\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [12163848 2012-06-20] (Google)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Kunal\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Kunal\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [69632 2012-02-24] ()
2 DisplayLinkService; "C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe" [8610664 2010-01-27] (DisplayLink Corp.)
2 EASEUS Agent; C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [56200 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 MSSQL$INFLOWSQL; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sINFLOWSQL [29293408 2010-12-10] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 NitroReaderDriverReadSpool2; "C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe" [204304 2012-03-25] (Nitro PDF Software)
2 Pharos Systems ComTaskMaster; "C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe" [345600 2010-01-14] (Pharos Systems International)
2 pr2agnqb; C:\Windows\System32\pr2agnqb.exe svc [754304 2007-03-03] (Codemasters)
2 ReflectService; "C:\Program Files\Macrium\Reflect\ReflectService.exe" [301720 2011-07-01] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe /p verizondm [185640 2011-12-01] (SupportSoft, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-09-30] (Intel Corporation)

========================== Drivers (Whitelisted) =============

2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-05-08] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2011-10-19] (Avira GmbH)
3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [32880 2010-08-02] (Windows ® Win 7 DDK provider)
1 cnnctfy2; C:\Windows\System32\Drivers\cnnctfy2.sys [31344 2012-04-01] (Connectify)
1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2009-09-08] (Citrix Systems, Inc.)
3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys [17408 2010-12-22] (http://libusb-win32.sourceforge.net)
3 DLCopyFilter; C:\Windows\System32\Drivers\wsr_tbf.sys [51712 2010-02-21] ()
3 dlkmd; C:\Windows\System32\Drivers\dlkmd.sys [185968 2010-01-27] (DisplayLink Corp.)
0 dlkmdldr; C:\Windows\System32\Drivers\dlkmdldr.sys [13936 2010-01-27] (DisplayLink Corp.)
0 EUBAKUP; C:\Windows\System32\Drivers\EUBAKUP.sys [36232 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
0 EUBKMON; C:\Windows\System32\Drivers\EUBKMON.sys [42888 2011-04-22] ()
3 EUDISK; C:\Windows\System32\Drivers\EUDISK.sys [193928 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
1 EUDSKACS; C:\Windows\System32\Drivers\EUDSKACS.sys [17800 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
0 EUFS; C:\Windows\System32\Drivers\EUFS.sys [26504 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
3 hwa; C:\Windows\System32\DRIVERS\WSR_HWA.SYS [911360 2010-03-16] ()
3 HWARadio; C:\Windows\System32\DRIVERS\WSR_RCI.SYS [159232 2010-03-16] ()
0 pe3agnqb; C:\Windows\System32\Drivers\pe3agnqb.sys [72576 2007-03-03] (Codemasters)
0 ps6agnqb; C:\Windows\System32\Drivers\ps6agnqb.sys [73096 2007-03-03] (Codemasters)
3 PSMounter; C:\Windows\System32\Drivers\PSMounter.sys [40600 2011-07-01] (Macrium Software)
3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [13464 2011-07-01] (Paramount Software UK Ltd)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-13 19:43 - 2012-07-13 19:43 - 00027351 ____A C:\ComboFix.txt
2012-07-13 15:19 - 2012-07-13 15:19 - 00001896 ____A C:\Users\Kunal\Desktop\aswMBR.txt
2012-07-13 15:19 - 2012-07-13 15:19 - 00000512 ____A C:\Users\Kunal\Desktop\MBR.dat
2012-07-13 14:41 - 2012-07-13 14:42 - 04731392 ____A (AVAST Software) C:\Users\Kunal\Desktop\aswMBR.exe
2012-07-13 14:40 - 2012-07-13 14:41 - 00074129 ____A C:\Users\Kunal\Desktop\report.txt
2012-07-13 14:37 - 2012-07-13 14:37 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Kunal\Desktop\tdsskiller-1.exe
2012-07-12 22:14 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-12 22:14 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-12 22:14 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-12 22:14 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-12 22:14 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-12 22:14 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-12 22:14 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-12 22:14 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-12 22:11 - 2012-07-13 19:43 - 00000000 ____D C:\Qoobox
2012-07-12 22:10 - 2012-07-13 19:33 - 00000000 ____D C:\Windows\erdnt
2012-07-12 22:05 - 2012-07-13 19:00 - 04577833 ____R (Swearware) C:\Users\Kunal\Desktop\ComboFix.exe
2012-07-12 22:03 - 2012-07-12 22:03 - 00001079 ____A C:\Users\Kunal\Desktop\checkup.txt
2012-07-12 21:50 - 2012-07-12 21:51 - 00881475 ____A C:\Users\Kunal\Desktop\SecurityCheck.exe
2012-07-11 20:15 - 2012-07-11 20:15 - 00035460 ____A C:\Users\Kunal\Desktop\DDS.txt
2012-07-11 20:15 - 2012-07-11 20:15 - 00014499 ____A C:\Users\Kunal\Desktop\Attach.txt
2012-07-11 19:59 - 2012-07-11 19:59 - 00607260 ____R (Swearware) C:\Users\Kunal\Downloads\dds.scr
2012-07-11 19:37 - 2012-07-11 19:38 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Kunal\Downloads\tdsskiller.exe
2012-07-11 18:53 - 2012-07-11 18:58 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Kunal\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-03 18:13 - 2012-07-03 18:13 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-06-30 11:13 - 2012-06-30 11:13 - 08645211 ____A C:\Users\Kunal\Desktop\luray caverns.zip
2012-06-20 14:37 - 2012-06-20 14:34 - 00901103 ____A C:\Users\Kunal\Desktop\sessionstore.js
2012-06-20 14:37 - 2012-06-19 16:55 - 00312941 ____A C:\Users\Kunal\Desktop\sessionstore.bak
2012-06-20 14:37 - 2012-06-17 17:10 - 00001456 ____A C:\Users\Kunal\Desktop\sessionstore.old
2012-06-20 14:37 - 2012-04-08 13:30 - 39019029 ____A C:\Users\Kunal\Desktop\sessionstore-1.js
2012-06-18 14:11 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-18 14:11 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-18 14:11 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-18 14:11 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-18 14:10 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-18 14:10 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-18 14:10 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-18 14:10 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-18 14:10 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-17 16:58 - 2012-07-14 12:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-17 16:58 - 2012-06-17 16:58 - 00418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-17 16:58 - 2012-06-17 16:58 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-17 15:56 - 2012-06-17 16:52 - 167064386 ____A C:\Users\Kunal\Downloads\fp_11.2.202.233_archive.zip
2012-06-17 14:47 - 2012-06-17 14:50 - 00000022 ____A C:\Users\Kunal\Downloads\memtest86-4.0a.iso.zip
2012-06-17 14:40 - 2012-06-17 14:40 - 00134866 ____A C:\Users\Kunal\Downloads\memtest86-4.0a.tar.gz
2012-06-17 13:44 - 2012-06-17 13:44 - 00000000 ____D C:\Users\Kunal\AppData\Local\Macromedia
2012-06-17 08:09 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-17 08:09 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-17 08:08 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-17 08:08 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-17 08:08 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-17 08:08 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-17 08:08 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-17 08:08 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-17 08:08 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-17 08:08 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-17 08:08 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-17 08:08 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-17 08:08 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-17 08:08 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-17 08:08 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-17 08:08 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-17 08:08 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-17 08:08 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-17 08:08 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-17 08:08 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-17 08:08 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-17 08:08 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-17 08:08 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-17 08:08 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-17 08:08 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-17 08:08 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-17 08:08 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-17 08:08 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll


============ 3 Months Modified Files ========================

2012-07-14 12:37 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-14 12:37 - 2009-07-13 20:51 - 00148128 ____A C:\Windows\setupact.log
2012-07-14 12:35 - 2010-09-03 04:57 - 06379968 ____A C:\Windows\PFRO.log
2012-07-14 12:34 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-14 12:34 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-14 12:33 - 2010-07-20 00:17 - 01641522 ____A C:\Windows\WindowsUpdate.log
2012-07-14 12:31 - 2012-06-17 16:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-14 12:30 - 2010-09-09 22:18 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-14 12:17 - 2010-09-09 22:18 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-14 12:17 - 2009-07-13 21:13 - 00800898 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-14 12:04 - 2010-09-19 11:04 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-674566640-1698649700-413755185-1001UA.job
2012-07-14 09:15 - 2010-09-19 11:04 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-674566640-1698649700-413755185-1001Core.job
2012-07-13 19:43 - 2012-07-13 19:43 - 00027351 ____A C:\ComboFix.txt
2012-07-13 19:33 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-07-13 19:00 - 2012-07-12 22:05 - 04577833 ____R (Swearware) C:\Users\Kunal\Desktop\ComboFix.exe
2012-07-13 15:19 - 2012-07-13 15:19 - 00001896 ____A C:\Users\Kunal\Desktop\aswMBR.txt
2012-07-13 15:19 - 2012-07-13 15:19 - 00000512 ____A C:\Users\Kunal\Desktop\MBR.dat
2012-07-13 14:42 - 2012-07-13 14:41 - 04731392 ____A (AVAST Software) C:\Users\Kunal\Desktop\aswMBR.exe
2012-07-13 14:41 - 2012-07-13 14:40 - 00074129 ____A C:\Users\Kunal\Desktop\report.txt
2012-07-13 14:37 - 2012-07-13 14:37 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Kunal\Desktop\tdsskiller-1.exe
2012-07-12 22:03 - 2012-07-12 22:03 - 00001079 ____A C:\Users\Kunal\Desktop\checkup.txt
2012-07-12 21:51 - 2012-07-12 21:50 - 00881475 ____A C:\Users\Kunal\Desktop\SecurityCheck.exe
2012-07-11 20:15 - 2012-07-11 20:15 - 00035460 ____A C:\Users\Kunal\Desktop\DDS.txt
2012-07-11 20:15 - 2012-07-11 20:15 - 00014499 ____A C:\Users\Kunal\Desktop\Attach.txt
2012-07-11 19:59 - 2012-07-11 19:59 - 00607260 ____R (Swearware) C:\Users\Kunal\Downloads\dds.scr
2012-07-11 19:38 - 2012-07-11 19:37 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Kunal\Downloads\tdsskiller.exe
2012-07-11 19:18 - 2010-09-04 22:02 - 00007646 ____A C:\Users\Kunal\AppData\Local\Resmon.ResmonCfg
2012-07-11 18:58 - 2012-07-11 18:53 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Kunal\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-11 17:32 - 2011-01-18 13:41 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForKunal.job
2012-07-03 18:13 - 2012-07-03 18:13 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2012-07-03 09:46 - 2010-09-18 00:04 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-30 11:13 - 2012-06-30 11:13 - 08645211 ____A C:\Users\Kunal\Desktop\luray caverns.zip
2012-06-20 14:34 - 2012-06-20 14:37 - 00901103 ____A C:\Users\Kunal\Desktop\sessionstore.js
2012-06-19 16:55 - 2012-06-20 14:37 - 00312941 ____A C:\Users\Kunal\Desktop\sessionstore.bak
2012-06-17 17:10 - 2012-06-20 14:37 - 00001456 ____A C:\Users\Kunal\Desktop\sessionstore.old
2012-06-17 16:58 - 2012-06-17 16:58 - 00418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-17 16:58 - 2012-06-17 16:58 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-17 16:52 - 2012-06-17 15:56 - 167064386 ____A C:\Users\Kunal\Downloads\fp_11.2.202.233_archive.zip
2012-06-17 14:50 - 2012-06-17 14:47 - 00000022 ____A C:\Users\Kunal\Downloads\memtest86-4.0a.iso.zip
2012-06-17 14:50 - 2011-08-18 12:20 - 00882688 ____A C:\Users\Kunal\Desktop\Memtest86_4.0a.iso
2012-06-17 14:40 - 2012-06-17 14:40 - 00134866 ____A C:\Users\Kunal\Downloads\memtest86-4.0a.tar.gz
2012-06-17 13:22 - 2009-07-13 20:45 - 00431568 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-17 08:30 - 2010-09-07 19:22 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-13 18:43 - 2012-06-13 18:43 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-08 16:58 - 2012-06-08 16:58 - 00000165 ___AH C:\Users\Kunal\Desktop\~$Money.xlsx
2012-06-08 14:42 - 2012-06-08 14:42 - 00000077 ____A C:\Users\Kunal\AppData\Roaming\Rim.Transcoder.Exception.log
2012-06-08 14:42 - 2011-06-16 18:22 - 00003080 ____A C:\Users\Kunal\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-06-08 14:42 - 2010-10-08 20:55 - 00009943 ____A C:\Users\Kunal\AppData\Roaming\Rim.Desktop.Exception.log
2012-06-07 19:49 - 2012-06-07 19:49 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
2012-06-07 19:48 - 2012-06-07 19:48 - 00002191 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2012-06-07 19:48 - 2010-09-08 22:30 - 00004975 ____A C:\Users\Kunal\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-06-05 20:05 - 2012-06-05 20:04 - 02162326 ____A () C:\Users\Kunal\Downloads\NetSafeSetup.exe
2012-06-02 14:19 - 2012-06-18 14:11 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 14:11 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 14:11 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 14:10 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 14:10 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-18 14:11 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 14:10 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-18 14:10 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-18 14:10 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-20 21:15 - 2012-05-20 21:15 - 00001657 ____A C:\Users\Kunal\Desktop\Google Drive.lnk
2012-05-17 18:47 - 2012-06-17 08:08 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-17 08:08 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-17 08:08 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-17 08:08 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-17 08:08 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-17 08:08 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-17 08:08 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-17 08:08 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-17 08:08 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-17 08:08 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-17 08:08 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-17 08:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-17 08:08 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-17 08:08 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-17 08:08 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-17 08:08 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-17 08:08 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-17 08:08 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-17 08:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-17 08:08 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-17 08:08 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-17 08:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-17 08:08 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-17 08:08 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-17 08:08 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-17 08:08 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-17 08:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-17 08:08 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-16 17:45 - 2012-05-16 17:45 - 00001042 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-05-16 17:44 - 2012-05-16 17:44 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-05-16 17:44 - 2012-05-16 17:44 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-05-16 17:44 - 2012-05-16 17:44 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-05-16 17:44 - 2012-05-16 17:44 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-05-16 17:43 - 2012-05-16 17:43 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-05-16 17:43 - 2012-05-16 17:43 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-05-14 17:32 - 2012-06-12 14:54 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 20:52 - 2010-11-03 21:37 - 00007680 ____A C:\Users\Kunal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-08 20:24 - 2011-11-07 22:59 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-05-08 20:24 - 2011-11-07 22:59 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-05-05 08:57 - 2012-05-05 08:48 - 11605360 ____A (Citrix Systems, Inc.) C:\Users\Kunal\Downloads\CitrixOnlinePluginWeb.exe
2012-05-05 08:47 - 2012-05-05 08:47 - 00001584 ____A C:\Users\Kunal\Downloads\NDS2375933.ica
2012-05-04 21:57 - 2012-04-29 15:57 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 03:06 - 2012-06-12 14:54 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 14:54 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 14:54 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-02 21:21 - 2012-05-02 21:21 - 00120979 ____A C:\Users\Kunal\Downloads\bulletspassview_setup.exe
2012-05-02 20:29 - 2012-05-02 20:23 - 08684736 ____A C:\Users\Kunal\Downloads\Adobe_Acrobat_9_Pro_Extended-AkamaiDLM.exe
2012-05-02 19:26 - 2012-05-02 19:25 - 00341352 ____A (Adobe Systems Incorporated) C:\Users\Kunal\Downloads\Setup.exe
2012-04-30 21:40 - 2012-06-12 14:54 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 23:04 - 2012-01-26 11:01 - 00001945 ____A C:\Windows\epplauncher.mif
2012-04-28 23:03 - 2011-06-16 16:51 - 00815048 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-28 19:44 - 2012-04-28 19:44 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-27 22:51 - 2011-05-16 07:21 - 00208287 ____A C:\Windows\hpoins43.dat
2012-04-27 22:51 - 2010-09-10 03:07 - 00025988 ____A C:\Users\All Users\hpzinstall.log
2012-04-27 22:48 - 2009-07-13 18:34 - 00000513 ____A C:\Windows\win.ini
2012-04-27 19:55 - 2012-06-12 14:54 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-12 15:01 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 15:01 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 15:01 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-12 15:12 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-12 15:12 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-12 15:12 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-12 15:12 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-12 15:12 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 15:12 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-18 16:56 - 2012-04-18 16:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 16:56 - 2012-04-18 16:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 23%
Total physical RAM: 2933.86 MB
Available physical RAM: 2250.25 MB
Total Pagefile: 2932.01 MB
Available Pagefile: 2247.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:283.53 GB) (Free:82.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:14.27 GB) (Free:2.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
4 Drive g: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.25 GB) (Free:0 GB) UDF
5 Drive h: () (Removable) (Total:7.45 GB) (Free:7.28 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 283 GB 200 MB
Partition 3 Primary 14 GB 283 GB
Partition 4 Primary 103 MB 297 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 283 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 7633 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-13 21:25

======================= End Of Log ==========================

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 14 July 2012 - 04:48 PM

Greetings

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

atapi.sys

It then should look like:

Search: atapi.sys

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:53 PM

Posted 14 July 2012 - 06:04 PM

I am running the tool from the Windows repair disc that I created when I first bought the computer





Farbar Recovery Scan Tool Version: 14-07-2012 01
Ran by SYSTEM at 2012-07-14 18:48:06
Running from H:\

================== Search: "atapi.sys" ===================

C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009-07-13 15:19] - [2009-07-13 17:52] - 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C

C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009-07-13 15:19] - [2009-07-13 17:52] - 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C

C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009-07-13 15:19] - [2009-07-13 17:52] - 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C

C:\Windows\System32\drivers\atapi.sys
[2009-07-13 15:19] - [2009-07-13 17:52] - 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C

C:\Windows\erdnt\cache64\atapi.sys
[2012-07-12 22:45] - [2009-07-13 17:52] - 0024128 ____A (Microsoft Corporation) 02062C0B390B7729EDC9E69C680A6F3C

====== End Of Search ======

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 14 July 2012 - 08:26 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 31
Vuze
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:53 PM

Posted 14 July 2012 - 10:09 PM

So has the infected atapi.sys system file been repaired? I have run Vuze once. I even forgot that it was on the computer. I have removed it and will not use any P2P program in the future. I had to install both the 32 bit and 64 bit Java versions. Also, I still have a Java 6 Update 24 (64 Bit) yet installed. Should I remove this?


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.15.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kunal :: KUNAL-HP [administrator]

7/14/2012 10:44:00 PM
mbam-log-2012-07-14 (22-44-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 235323
Time elapsed: 5 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:56:56 PM, on 7/14/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Connectify\Connectify.exe
C:\Users\Kunal\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Kunal\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Users\Kunal\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe"
O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Kunal\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Run TudouDownloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\Tudou Downloader\TudouDownloader(xmlbar).exe (file missing)
O9 - Extra 'Tools' menuitem: Tudou Downloader - {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\Tudou Downloader\TudouDownloader(xmlbar).exe (file missing)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://johnhopkinsuniversity-baltimore.remotemanager.co.uk/common/activex/MJPEGRender.ocx
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://sslconnect.johnshopkins.edu/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Connectify - Unknown owner - C:\Program Files (x86)\Connectify\ConnectifyService.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: EASEUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
O23 - Service: Cricket 2007 Drivers Auto Removal (pr2agnqb) (pr2agnqb) - Unknown owner - C:\Windows\system32\pr2agnqb.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19541 bytes

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:23 AM

Posted 14 July 2012 - 10:27 PM

greetings


So has the infected atapi.sys system file been repaired? - it came back clean when I checked it

I still have a Java 6 Update 24 (64 Bit) yet installed. Should I remove this? - yes do remove this



These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Kunal\AppData\Local\Akamai\netsession_win.exe"
      O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users