Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random ads popping up in bottom right hand corner/ ads playing in background + Google redirect


  • This topic is locked This topic is locked
8 replies to this topic

#1 mirz5

mirz5

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 14 July 2012 - 11:40 AM

Hi all. I posted in "Am I infected? What do I do?" and was told, after running a few programs I was instructed to, to come here and post a thread. I'm on Windows 7 64 bit. Recently (maybe 2-3 days ago) I've been having the Google Redirect problem.. I've had this problem on this computer before, but fixed it with system restore. This time around, I guess I waited too long and a day later I got hit with the hide all programs virus, but I fixed that with the unhide.exe from this site. Just yesterday, I started getting ads playing with just audio, and no programs open. These ads play maybe every 30 mins to an hour. Same goes for the ads in the right hand corner of Firefox, but this is constant. AVG has been giving me error messages of a trojan, from c:\Windows\System32\Services.exe, but only gives me an option to ignore and not remove the virus. The threat name, according to AVG is "Trojan horse Dropper.Gerneric_c.MMI" and it says "Detected on open." I don't know if these problems go hand in hand, so sorry if it's off topic a little.

Anyway, here are the logs.

DDS.txt log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Mirza at 12:20:12 on 2012-07-14
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4863.2466 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files (x86)\Creative\Shared Files\CamTray.exe
C:\Program Files (x86)\AVG\AVG10\avgfws.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files (x86)\Red Chair Software\Anapod Explorer\anamgr.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\V0250Mon.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=109935&tt=010712_4&babsrc=HP_ss&mntrId=caac7a520000000000002ab05d6b8d67
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.facemoods.com/?a=bf&s={searchTerms}&f=4
mWinlogon: Userinit=userinit.exe
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: CrossRider: {a876e312-7d08-401a-b7a6-fafc5dc2f292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
uRun: [Creative WebCam Tray] "C:\Program Files (x86)\Creative\Shared Files\CamTray.exe"
uRun: [Apple Computer] rundll32.exe "C:\Users\Mirza\AppData\Local\ArcSoft\Apple Computer\weihnhbw.dll",CreateInstance
uRun: [Google Update] "C:\Users\Mirza\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [V0250Mon.exe] C:\Windows\V0250Mon.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [WinCast] E:\CDSetup\setup.exe -leng
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
mRun: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
StartupFolder: C:\Users\Mirza\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ANAPOD~1.LNK - C:\Program Files (x86)\Red Chair Software\Anapod Explorer\anamgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{7671B34A-FDDA-4C3C-877B-DF8506BDFD29} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7671B34A-FDDA-4C3C-877B-DF8506BDFD29}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{954F5A76-F974-4D79-A324-21BE8244F2DC} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNowToolbarHelper - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: CrossRider: {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files (x86)\CrossriderWebApps\Crossrider.dll
BHO-X64: CrossRider - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [V0250Mon.exe] C:\Windows\V0250Mon.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [WinCast] E:\CDSetup\setup.exe -leng
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
mRun-x64: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
Hosts: 149.5.18.172 www.google-analytics.com.
Hosts: 149.5.18.172 ad-emea.doubleclick.net.
Hosts: 149.5.18.172 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mirza\AppData\Roaming\Mozilla\Firefox\Profiles\2577qsv3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109935&tt=010712_4&babsrc=KW_ss&mntrId=caac7a520000000000002ab05d6b8d67&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Users\Mirza\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mirza\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Mirza\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=010712_4
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - caac7a520000000000002ab05d6b8d67
FF - user.js: extensions.BabylonToolbar_i.hardId - caac7a520000000000002ab05d6b8d67
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15529
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:11:45
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-11-8 1119768]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 WSWNA1100;WSWNA1100;C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2012-6-27 266240]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 hcwhdpvr;Hauppauge HD PVR Capture Device;C:\Windows\system32\DRIVERS\hcwhdpvr.sys --> C:\Windows\system32\DRIVERS\hcwhdpvr.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 250056]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2012-6-27 960992]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\system32\DRIVERS\wg111v3.sys --> C:\Windows\system32\DRIVERS\wg111v3.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 V0250Dev;Live! Cam Notebook Pro;C:\Windows\system32\DRIVERS\V0250Dev.sys --> C:\Windows\system32\DRIVERS\V0250Dev.sys [?]
S3 V0250Vfx;V0250Vfx;C:\Windows\system32\DRIVERS\V0250Vfx.sys --> C:\Windows\system32\DRIVERS\V0250Vfx.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-14 03:53:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-13 07:04:49 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 23:46:29 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-12 19:23:19 -------- d-----w- C:\Users\Mirza\AppData\Local\Google
2012-07-08 06:11:35 -------- d-----w- C:\Users\Mirza\AppData\Roaming\Babylon
2012-07-08 06:11:35 -------- d-----w- C:\ProgramData\Babylon
2012-07-01 01:39:41 -------- d-----w- C:\Program Files (x86)\Boardmaker with SD Pro
2012-06-28 23:37:53 -------- d-----w- C:\Users\Mirza\AppData\Roaming\COWON
2012-06-27 20:48:09 17744 ----a-r- C:\Windows\SysWow64\PCANDIS4.SYS
2012-06-27 20:48:09 17408 ----a-r- C:\Windows\SysWow64\PCANDIS5.SYS
2012-06-27 20:48:09 16073 ----a-r- C:\Windows\SysWow64\PCANDIS3.VXD
2012-06-27 20:15:56 26624 ----a-w- C:\Windows\System32\drivers\jswpslwfx.sys
2012-06-27 20:15:56 25312 ----a-w- C:\Windows\System32\drivers\SCMNdisP.sys
2012-06-27 20:15:56 1924096 ----a-w- C:\Windows\System32\drivers\athurx.sys
2012-06-27 20:15:34 -------- d-----w- C:\temp
2012-06-23 16:01:02 -------- d-----w- C:\Program Files (x86)\SlySoft
2012-06-23 07:57:42 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-23 07:57:24 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-23 07:57:13 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-23 07:57:13 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-23 04:49:01 -------- d-----w- C:\Users\Mirza\AppData\Local\Macromedia
2012-06-21 20:50:37 -------- d-----w- C:\Program Files\iPod
2012-06-21 20:50:36 -------- d-----w- C:\Program Files\iTunes
2012-06-21 20:50:36 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-21 20:47:41 -------- d-----w- C:\Program Files\Bonjour
2012-06-21 20:47:41 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-06-18 03:07:14 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-18 03:07:14 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-07-12 20:31:42 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 20:31:42 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-25 16:11:36 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-04-25 16:11:36 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2009-06-10 21:23:22 1169224 --sh--w- C:\Windows\Temp\svhost.exe
.
============= FINISH: 12:20:59.21 ===============

The attach.txt file is attached below.

Again, thanks in advance!

Attached Files


Edited by mirz5, 14 July 2012 - 03:29 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 PM

Posted 15 July 2012 - 12:50 AM

Greetings and Welcome to The Forums!!


My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mirz5

mirz5
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 16 July 2012 - 07:02 AM

First off i'd like to apologize for the late reply

Security check log:


Results of screen317's Security Check version 0.99.42
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security 2011
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java version out of Date!
Mozilla Firefox (13.0.1)
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

ComboFix log:

ComboFix 12-07-14.01 - Mirza 07/16/2012 7:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4863.3323 [GMT -4:00]
Running from: c:\users\Mirza\Downloads\ComboFix.exe
AV: AVG Internet Security 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StartNow Toolbar
c:\programdata\774335p0e210t008t785a0hmt7c3
c:\programdata\86a8b88c
C:\Thumbs.db
c:\users\Mirza\AppData\Roaming\396d8a3b
c:\users\Mirza\AppData\Roaming\Mozilla\Firefox\Profiles\2577qsv3.default\extensions\{943281c3-5753-4908-87a8-1d05b3bf470c}
c:\users\Mirza\AppData\Roaming\Mozilla\Firefox\Profiles\2577qsv3.default\extensions\{943281c3-5753-4908-87a8-1d05b3bf470c}\chrome\xulcache.jar
c:\users\Mirza\AppData\Roaming\Mozilla\Firefox\Profiles\2577qsv3.default\extensions\{943281c3-5753-4908-87a8-1d05b3bf470c}\install.rdf
c:\users\Mirza\AppData\Roaming\Mozilla\Firefox\Profiles\2577qsv3.default\searchplugins\bing-zugo.xml
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{423c4741-bf68-5fac-d4a9-43884add6edd}\@
c:\windows\Installer\{423c4741-bf68-5fac-d4a9-43884add6edd}\L\00000004.@
c:\windows\Installer\{423c4741-bf68-5fac-d4a9-43884add6edd}\L\201d3dde
c:\windows\Installer\{423c4741-bf68-5fac-d4a9-43884add6edd}\U\00000004.@
c:\windows\Installer\{423c4741-bf68-5fac-d4a9-43884add6edd}\U\00000008.@
c:\windows\Installer\{423c4741-bf68-5fac-d4a9-43884add6edd}\U\000000cb.@
c:\windows\Installer\{423c4741-bf68-5fac-d4a9-43884add6edd}\U\80000000.@
c:\windows\Installer\{423c4741-bf68-5fac-d4a9-43884add6edd}\U\80000032.@
c:\windows\Installer\{423c4741-bf68-5fac-d4a9-43884add6edd}\U\80000064.@
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 )))))))))))))))))))))))))))))))
.
.
2012-07-16 04:09 . 2012-07-16 04:09 -------- d-----w- c:\programdata\Geek Squad
2012-07-15 19:03 . 2012-07-16 08:07 -------- d-----w- c:\programdata\STOPzilla!
2012-07-15 19:03 . 2012-07-15 19:03 -------- d-----w- c:\program files (x86)\Common Files\iS3
2012-07-14 03:53 . 2012-07-14 03:53 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-13 07:04 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 23:46 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-07-12 19:23 . 2012-07-12 19:23 -------- d-----w- c:\users\Mirza\AppData\Local\Google
2012-07-08 06:11 . 2012-07-08 06:11 249 ----a-w- C:\user.js
2012-07-08 06:11 . 2012-07-08 06:11 -------- d-----w- c:\users\Mirza\AppData\Roaming\Babylon
2012-07-08 06:11 . 2012-07-08 06:11 -------- d-----w- c:\programdata\Babylon
2012-07-05 18:08 . 2012-07-05 18:08 -------- d-----w- c:\windows\SysWow64\config\systemprofile\php
2012-07-01 01:39 . 2012-07-15 20:12 -------- d-----w- c:\program files (x86)\Boardmaker with SD Pro
2012-06-28 23:37 . 2012-07-15 20:10 -------- d-----w- c:\users\Mirza\AppData\Roaming\COWON
2012-06-27 20:48 . 2004-12-03 02:32 17744 ----a-r- c:\windows\SysWow64\PCANDIS4.SYS
2012-06-27 20:48 . 2004-12-03 02:32 17408 ----a-r- c:\windows\SysWow64\PCANDIS5.SYS
2012-06-27 20:48 . 2004-12-03 02:32 16073 ----a-r- c:\windows\SysWow64\PCANDIS3.VXD
2012-06-27 20:15 . 2010-10-11 05:11 1924096 ----a-w- c:\windows\system32\drivers\athurx.sys
2012-06-27 20:15 . 2008-05-15 06:28 26624 ----a-w- c:\windows\system32\drivers\jswpslwfx.sys
2012-06-27 20:15 . 2007-01-19 22:24 25312 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2012-06-27 20:15 . 2012-07-16 04:10 -------- d-----w- C:\temp
2012-06-23 16:01 . 2012-07-12 17:46 -------- d-----w- c:\program files (x86)\SlySoft
2012-06-23 07:57 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 07:57 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 07:57 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 07:57 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 07:57 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 07:57 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 07:57 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 07:57 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 07:57 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-23 04:49 . 2012-06-23 04:49 -------- d-----w- c:\users\Mirza\AppData\Local\Macromedia
2012-06-21 20:50 . 2012-07-12 17:47 -------- d-----w- c:\program files\iPod
2012-06-21 20:50 . 2012-07-15 20:11 -------- d-----w- c:\program files (x86)\iTunes
2012-06-21 20:50 . 2012-07-15 20:11 -------- d-----w- c:\program files\iTunes
2012-06-21 20:47 . 2012-07-15 20:12 -------- d-----w- c:\program files (x86)\Bonjour
2012-06-21 20:47 . 2012-07-15 20:11 -------- d-----w- c:\program files\Bonjour
2012-06-18 03:07 . 2012-06-18 03:07 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-18 03:07 . 2012-06-18 03:07 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 20:31 . 2012-04-11 21:24 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 20:31 . 2011-06-01 01:02 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-02 05:32 . 2012-06-12 22:51 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-12 22:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:34 . 2012-06-12 22:51 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-12 22:51 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-12 22:51 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-25 16:11 . 2012-04-25 16:11 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-04-25 16:11 . 2012-04-25 16:11 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-04-24 05:59 . 2012-06-12 22:50 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 05:59 . 2012-06-12 22:50 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:59 . 2012-06-12 22:50 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 04:47 . 2012-06-12 22:50 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47 . 2012-06-12 22:50 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47 . 2012-06-12 22:50 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2011-05-18 22631608]
"Creative WebCam Tray"="c:\program files (x86)\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"V0250Mon.exe"="c:\windows\V0250Mon.exe" [2006-06-08 32768]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
.
c:\users\Mirza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Anapod Manager.lnk - c:\program files (x86)\Red Chair Software\Anapod Explorer\anamgr.exe [2008-6-7 1076276]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2012-6-27 4545024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 is3srv;is3srv;c:\windows\SySWOW64\drivers\is3srv64.sys [x]
R0 szkg5;szkg5;c:\windows\SySWOW64\drivers\szkg64.sys [x]
R1 archlp;archlp;SysWOW64\drivers\archlp.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 hcwhdpvr;Hauppauge HD PVR Capture Device;c:\windows\system32\DRIVERS\hcwhdpvr.sys [2011-10-31 191944]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2010-03-23 960992]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\DRIVERS\wg111v3.sys [2009-11-18 446976]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\DRIVERS\V0250Dev.sys [2007-08-30 201632]
R3 V0250Vfx;V0250Vfx;c:\windows\system32\DRIVERS\V0250Vfx.sys [2006-05-05 10752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-01 1255736]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2010-07-12 57696]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [2011-03-10 2708024]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2010-08-04 266240]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-11 6790656]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-11 221184]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-10-11 1924096]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-28 118864]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 20:31]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2808526443-654459566-126296548-1000Core.job
- c:\users\Mirza\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12 19:23]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2808526443-654459566-126296548-1000UA.job
- c:\users\Mirza\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12 19:23]
.
2012-07-07 c:\windows\Tasks\HPCeeScheduleForMIRZA-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-07-07 c:\windows\Tasks\HPCeeScheduleForMirza.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"combofix"="c:\combofix\CF1409.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Mirza\AppData\Roaming\Mozilla\Firefox\Profiles\2577qsv3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109935&tt=010712_4&babsrc=KW_ss&mntrId=caac7a520000000000002ab05d6b8d67&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=010712_4
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - caac7a520000000000002ab05d6b8d67
FF - user.js: extensions.BabylonToolbar_i.hardId - caac7a520000000000002ab05d6b8d67
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15529
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:11
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Apple Computer - c:\users\Mirza\AppData\Local\ArcSoft\Apple Computer\weihnhbw.dll
Wow6432Node-HKLM-Run-ArcSoft Connection Service - c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\NETGEAR\WNA1100\jswtrayutil.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\AVG\AVG10\avgam.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2012-07-16 07:30:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-16 11:30
.
Pre-Run: 83,308,355,584 bytes free
Post-Run: 82,759,372,800 bytes free
.
- - End Of File - - 7F9F1DB892A3448DFCBB720E1075BC92

The pc has been running like new! Granted I removed the trojan Services.exe using a simple command prompt which replaced the services.exe to the factory file.. No pop-ups since the scans, no redirecting off of google, Audio ads have vanished, Firefox is running fast.. Thanks Gringo for your assistance! it is greatly appreciated. If you need me to run more tests just let me know..

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 PM

Posted 16 July 2012 - 11:32 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mirz5

mirz5
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 16 July 2012 - 01:08 PM

TDSSkiller log:

13:57:25.0734 26452 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
13:57:26.0846 26452 ============================================================
13:57:26.0846 26452 Current date / time: 2012/07/16 13:57:26.0846
13:57:26.0846 26452 SystemInfo:
13:57:26.0846 26452
13:57:26.0846 26452 OS Version: 6.1.7600 ServicePack: 0.0
13:57:26.0846 26452 Product type: Workstation
13:57:26.0847 26452 ComputerName: MIRZA-HP
13:57:26.0847 26452 UserName: Mirza
13:57:26.0847 26452 Windows directory: C:\Windows
13:57:26.0847 26452 System windows directory: C:\Windows
13:57:26.0847 26452 Running under WOW64
13:57:26.0847 26452 Processor architecture: Intel x64
13:57:26.0847 26452 Number of processors: 4
13:57:26.0847 26452 Page size: 0x1000
13:57:26.0847 26452 Boot type: Normal boot
13:57:26.0847 26452 ============================================================
13:57:28.0367 26452 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:57:28.0396 26452 ============================================================
13:57:28.0396 26452 \Device\Harddisk0\DR0:
13:57:28.0396 26452 MBR partitions:
13:57:28.0396 26452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:57:28.0396 26452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x55AAF000
13:57:28.0396 26452 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x55AE1800, BlocksNum 0x1A64000
13:57:28.0396 26452 ============================================================
13:57:28.0434 26452 C: <-> \Device\Harddisk0\DR0\Partition1
13:57:28.0468 26452 D: <-> \Device\Harddisk0\DR0\Partition2
13:57:28.0469 26452 ============================================================
13:57:28.0469 26452 Initialize success
13:57:28.0469 26452 ============================================================
13:57:30.0794 26568 ============================================================
13:57:30.0794 26568 Scan started
13:57:30.0794 26568 Mode: Manual;
13:57:30.0795 26568 ============================================================
13:57:32.0264 26568 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:57:32.0272 26568 1394ohci - ok
13:57:32.0345 26568 ACDaemon - ok
13:57:32.0403 26568 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:57:32.0410 26568 ACPI - ok
13:57:32.0430 26568 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:57:32.0436 26568 AcpiPmi - ok
13:57:32.0586 26568 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:57:32.0592 26568 AdobeFlashPlayerUpdateSvc - ok
13:57:32.0646 26568 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:57:32.0653 26568 adp94xx - ok
13:57:32.0694 26568 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:57:32.0699 26568 adpahci - ok
13:57:32.0713 26568 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:57:32.0717 26568 adpu320 - ok
13:57:32.0739 26568 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:57:32.0740 26568 AeLookupSvc - ok
13:57:32.0825 26568 Afc (0d0e5281784c2c526ba43c2ecd374288) C:\Windows\syswow64\drivers\Afc.sys
13:57:32.0830 26568 Afc - ok
13:57:32.0908 26568 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
13:57:32.0922 26568 AFD - ok
13:57:32.0945 26568 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:57:32.0950 26568 agp440 - ok
13:57:32.0968 26568 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:57:32.0973 26568 ALG - ok
13:57:32.0993 26568 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:57:32.0997 26568 aliide - ok
13:57:33.0058 26568 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
13:57:33.0063 26568 AMD External Events Utility - ok
13:57:33.0086 26568 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:57:33.0090 26568 amdide - ok
13:57:33.0120 26568 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:57:33.0124 26568 AmdK8 - ok
13:57:33.0524 26568 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
13:57:33.0680 26568 amdkmdag - ok
13:57:33.0797 26568 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
13:57:33.0805 26568 amdkmdap - ok
13:57:33.0820 26568 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:57:33.0822 26568 AmdPPM - ok
13:57:33.0867 26568 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
13:57:33.0873 26568 amdsata - ok
13:57:33.0903 26568 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:57:33.0911 26568 amdsbs - ok
13:57:33.0936 26568 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
13:57:33.0938 26568 amdxata - ok
13:57:33.0957 26568 amd_sata (8a2b4818215d8a6ff54dc3f0d63cbb2d) C:\Windows\system32\DRIVERS\amd_sata.sys
13:57:33.0959 26568 amd_sata - ok
13:57:33.0971 26568 amd_xata (a2d8977623e13591b15f6370c6cc37b0) C:\Windows\system32\DRIVERS\amd_xata.sys
13:57:33.0974 26568 amd_xata - ok
13:57:34.0012 26568 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:57:34.0015 26568 AppID - ok
13:57:34.0032 26568 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:57:34.0035 26568 AppIDSvc - ok
13:57:34.0044 26568 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
13:57:34.0045 26568 Appinfo - ok
13:57:34.0183 26568 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:57:34.0187 26568 Apple Mobile Device - ok
13:57:34.0266 26568 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:57:34.0271 26568 arc - ok
13:57:34.0344 26568 archlp - ok
13:57:34.0369 26568 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:57:34.0374 26568 arcsas - ok
13:57:34.0390 26568 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:57:34.0395 26568 AsyncMac - ok
13:57:34.0413 26568 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:57:34.0417 26568 atapi - ok
13:57:34.0562 26568 athur (c24a645aedbdf5fa0a23f7581c6f9c63) C:\Windows\system32\DRIVERS\athurx.sys
13:57:34.0603 26568 athur - ok
13:57:34.0742 26568 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
13:57:34.0742 26568 AtiPcie - ok
13:57:34.0771 26568 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:57:34.0777 26568 AudioEndpointBuilder - ok
13:57:34.0784 26568 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:57:34.0788 26568 AudioSrv - ok
13:57:34.0864 26568 Avgfwfd (705417fd6c165ccf926aca943b478d68) C:\Windows\system32\DRIVERS\avgfwd6a.sys
13:57:34.0867 26568 Avgfwfd - ok
13:57:35.0075 26568 avgfws (2f0c5ae2352f22b587edc2829c971262) C:\Program Files (x86)\AVG\AVG10\avgfws.exe
13:57:35.0128 26568 avgfws - ok
13:57:35.0471 26568 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
13:57:35.0617 26568 AVGIDSAgent - ok
13:57:35.0706 26568 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
13:57:35.0708 26568 AVGIDSDriver - ok
13:57:35.0742 26568 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
13:57:35.0743 26568 AVGIDSEH - ok
13:57:35.0759 26568 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
13:57:35.0763 26568 AVGIDSFilter - ok
13:57:35.0815 26568 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
13:57:35.0824 26568 Avgldx64 - ok
13:57:35.0857 26568 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
13:57:35.0859 26568 Avgmfx64 - ok
13:57:35.0903 26568 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
13:57:35.0905 26568 Avgrkx64 - ok
13:57:35.0976 26568 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
13:57:35.0986 26568 Avgtdia - ok
13:57:36.0025 26568 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
13:57:36.0031 26568 avgwd - ok
13:57:36.0085 26568 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
13:57:36.0091 26568 AxInstSV - ok
13:57:36.0168 26568 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:57:36.0182 26568 b06bdrv - ok
13:57:36.0227 26568 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:57:36.0235 26568 b57nd60a - ok
13:57:36.0274 26568 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:57:36.0281 26568 BDESVC - ok
13:57:36.0288 26568 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:57:36.0292 26568 Beep - ok
13:57:36.0374 26568 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
13:57:36.0388 26568 BFE - ok
13:57:36.0436 26568 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
13:57:36.0447 26568 BITS - ok
13:57:36.0481 26568 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:57:36.0485 26568 blbdrive - ok
13:57:36.0648 26568 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:57:36.0656 26568 Bonjour Service - ok
13:57:36.0706 26568 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:57:36.0708 26568 bowser - ok
13:57:36.0722 26568 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:57:36.0725 26568 BrFiltLo - ok
13:57:36.0741 26568 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:57:36.0743 26568 BrFiltUp - ok
13:57:36.0790 26568 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:57:36.0795 26568 BridgeMP - ok
13:57:36.0825 26568 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
13:57:36.0828 26568 Browser - ok
13:57:36.0860 26568 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:57:36.0869 26568 Brserid - ok
13:57:36.0887 26568 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:57:36.0892 26568 BrSerWdm - ok
13:57:36.0910 26568 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:57:36.0913 26568 BrUsbMdm - ok
13:57:36.0926 26568 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:57:36.0929 26568 BrUsbSer - ok
13:57:36.0947 26568 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:57:36.0950 26568 BTHMODEM - ok
13:57:36.0992 26568 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:57:36.0998 26568 bthserv - ok
13:57:37.0138 26568 catchme - ok
13:57:37.0170 26568 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:57:37.0173 26568 cdfs - ok
13:57:37.0266 26568 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:57:37.0271 26568 cdrom - ok
13:57:37.0305 26568 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:57:37.0307 26568 CertPropSvc - ok
13:57:37.0324 26568 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:57:37.0327 26568 circlass - ok
13:57:37.0355 26568 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:57:37.0360 26568 CLFS - ok
13:57:37.0463 26568 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:57:37.0466 26568 clr_optimization_v2.0.50727_32 - ok
13:57:37.0510 26568 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:57:37.0513 26568 clr_optimization_v2.0.50727_64 - ok
13:57:37.0610 26568 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:57:37.0614 26568 clr_optimization_v4.0.30319_32 - ok
13:57:37.0637 26568 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:57:37.0641 26568 clr_optimization_v4.0.30319_64 - ok
13:57:37.0657 26568 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:57:37.0659 26568 CmBatt - ok
13:57:37.0673 26568 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:57:37.0675 26568 cmdide - ok
13:57:37.0710 26568 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
13:57:37.0716 26568 CNG - ok
13:57:37.0733 26568 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:57:37.0736 26568 Compbatt - ok
13:57:37.0767 26568 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:57:37.0769 26568 CompositeBus - ok
13:57:37.0787 26568 COMSysApp - ok
13:57:37.0863 26568 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:57:37.0866 26568 crcdisk - ok
13:57:37.0914 26568 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
13:57:37.0917 26568 CryptSvc - ok
13:57:38.0056 26568 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:57:38.0066 26568 cvhsvc - ok
13:57:38.0118 26568 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:57:38.0123 26568 DcomLaunch - ok
13:57:38.0167 26568 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:57:38.0177 26568 defragsvc - ok
13:57:38.0241 26568 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
13:57:38.0244 26568 DfsC - ok
13:57:38.0276 26568 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
13:57:38.0284 26568 Dhcp - ok
13:57:38.0300 26568 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:57:38.0305 26568 discache - ok
13:57:38.0358 26568 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:57:38.0360 26568 Disk - ok
13:57:38.0386 26568 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
13:57:38.0391 26568 Dnscache - ok
13:57:38.0467 26568 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
13:57:38.0479 26568 dot3svc - ok
13:57:38.0533 26568 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
13:57:38.0539 26568 DPS - ok
13:57:38.0563 26568 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:57:38.0567 26568 drmkaud - ok
13:57:38.0642 26568 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:57:38.0664 26568 DXGKrnl - ok
13:57:38.0686 26568 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:57:38.0690 26568 EapHost - ok
13:57:38.0883 26568 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:57:38.0970 26568 ebdrv - ok
13:57:39.0078 26568 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
13:57:39.0081 26568 EFS - ok
13:57:39.0181 26568 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
13:57:39.0198 26568 ehRecvr - ok
13:57:39.0232 26568 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:57:39.0239 26568 ehSched - ok
13:57:39.0333 26568 ElbyCDFL (9387a484d31209d7fc3f795a787294db) C:\Windows\system32\Drivers\ElbyCDFL.sys
13:57:39.0337 26568 ElbyCDFL - ok
13:57:39.0349 26568 ElbyCDIO (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:57:39.0353 26568 ElbyCDIO - ok
13:57:39.0423 26568 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:57:39.0437 26568 elxstor - ok
13:57:39.0450 26568 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:57:39.0455 26568 ErrDev - ok
13:57:39.0526 26568 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:57:39.0535 26568 EventSystem - ok
13:57:39.0563 26568 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:57:39.0567 26568 exfat - ok
13:57:39.0592 26568 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:57:39.0596 26568 fastfat - ok
13:57:39.0646 26568 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
13:57:39.0655 26568 Fax - ok
13:57:39.0687 26568 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:57:39.0689 26568 fdc - ok
13:57:39.0720 26568 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:57:39.0722 26568 fdPHost - ok
13:57:39.0735 26568 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:57:39.0738 26568 FDResPub - ok
13:57:39.0757 26568 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:57:39.0759 26568 FileInfo - ok
13:57:39.0774 26568 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:57:39.0776 26568 Filetrace - ok
13:57:39.0789 26568 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:57:39.0791 26568 flpydisk - ok
13:57:39.0812 26568 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:57:39.0816 26568 FltMgr - ok
13:57:39.0881 26568 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
13:57:39.0903 26568 FontCache - ok
13:57:39.0961 26568 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:57:39.0963 26568 FontCache3.0.0.0 - ok
13:57:39.0989 26568 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:57:39.0993 26568 FsDepends - ok
13:57:40.0042 26568 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
13:57:40.0047 26568 Fs_Rec - ok
13:57:40.0083 26568 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:57:40.0086 26568 fvevol - ok
13:57:40.0100 26568 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:57:40.0103 26568 gagp30kx - ok
13:57:40.0229 26568 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
13:57:40.0237 26568 GameConsoleService - ok
13:57:40.0283 26568 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:57:40.0287 26568 GEARAspiWDM - ok
13:57:40.0357 26568 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
13:57:40.0373 26568 gpsvc - ok
13:57:40.0401 26568 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:57:40.0406 26568 hcw85cir - ok
13:57:40.0460 26568 hcwhdpvr (66ff6e6540bc124b023bd4681cd85b8f) C:\Windows\system32\DRIVERS\hcwhdpvr.sys
13:57:40.0467 26568 hcwhdpvr - ok
13:57:40.0522 26568 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:57:40.0532 26568 HdAudAddService - ok
13:57:40.0586 26568 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:57:40.0590 26568 HDAudBus - ok
13:57:40.0609 26568 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:57:40.0614 26568 HidBatt - ok
13:57:40.0636 26568 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:57:40.0642 26568 HidBth - ok
13:57:40.0661 26568 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:57:40.0665 26568 HidIr - ok
13:57:40.0684 26568 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:57:40.0688 26568 hidserv - ok
13:57:40.0706 26568 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:57:40.0711 26568 HidUsb - ok
13:57:40.0727 26568 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
13:57:40.0731 26568 hkmsvc - ok
13:57:40.0755 26568 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
13:57:40.0759 26568 HomeGroupListener - ok
13:57:40.0810 26568 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
13:57:40.0812 26568 HomeGroupProvider - ok
13:57:40.0938 26568 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
13:57:40.0942 26568 HP Support Assistant Service - ok
13:57:41.0074 26568 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
13:57:41.0079 26568 HPClientSvc - ok
13:57:41.0126 26568 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
13:57:41.0129 26568 HPDrvMntSvc.exe - ok
13:57:41.0204 26568 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
13:57:41.0219 26568 hpqwmiex - ok
13:57:41.0367 26568 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:57:41.0373 26568 HpSAMD - ok
13:57:41.0452 26568 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:57:41.0464 26568 HTTP - ok
13:57:41.0498 26568 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:57:41.0499 26568 hwpolicy - ok
13:57:41.0516 26568 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:57:41.0519 26568 i8042prt - ok
13:57:41.0555 26568 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
13:57:41.0562 26568 iaStorV - ok
13:57:41.0668 26568 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:57:41.0680 26568 idsvc - ok
13:57:41.0703 26568 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:57:41.0705 26568 iirsp - ok
13:57:41.0763 26568 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
13:57:41.0774 26568 IKEEXT - ok
13:57:41.0917 26568 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
13:57:42.0006 26568 IntcAzAudAddService - ok
13:57:42.0066 26568 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:57:42.0069 26568 intelide - ok
13:57:42.0080 26568 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:57:42.0083 26568 intelppm - ok
13:57:42.0099 26568 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:57:42.0103 26568 IPBusEnum - ok
13:57:42.0116 26568 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:57:42.0118 26568 IpFilterDriver - ok
13:57:42.0172 26568 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
13:57:42.0180 26568 iphlpsvc - ok
13:57:42.0196 26568 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:57:42.0199 26568 IPMIDRV - ok
13:57:42.0210 26568 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:57:42.0213 26568 IPNAT - ok
13:57:42.0367 26568 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
13:57:42.0381 26568 iPod Service - ok
13:57:42.0398 26568 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:57:42.0401 26568 IRENUM - ok
13:57:42.0476 26568 is3srv - ok
13:57:42.0498 26568 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:57:42.0502 26568 isapnp - ok
13:57:42.0526 26568 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:57:42.0531 26568 iScsiPrt - ok
13:57:42.0698 26568 jswpsapi (cf9ba304b8047b9582d72d9bfef42eae) C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
13:57:42.0718 26568 jswpsapi - ok
13:57:42.0756 26568 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
13:57:42.0758 26568 JSWPSLWF - ok
13:57:42.0771 26568 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:57:42.0774 26568 kbdclass - ok
13:57:42.0785 26568 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:57:42.0788 26568 kbdhid - ok
13:57:42.0823 26568 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:57:42.0825 26568 KeyIso - ok
13:57:42.0859 26568 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
13:57:42.0861 26568 KSecDD - ok
13:57:42.0880 26568 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
13:57:42.0882 26568 KSecPkg - ok
13:57:42.0889 26568 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:57:42.0892 26568 ksthunk - ok
13:57:42.0934 26568 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:57:42.0941 26568 KtmRm - ok
13:57:42.0999 26568 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
13:57:43.0007 26568 LanmanServer - ok
13:57:43.0045 26568 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
13:57:43.0049 26568 LanmanWorkstation - ok
13:57:43.0163 26568 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:57:43.0166 26568 LightScribeService - ok
13:57:43.0212 26568 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:57:43.0217 26568 lltdio - ok
13:57:43.0253 26568 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:57:43.0264 26568 lltdsvc - ok
13:57:43.0273 26568 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:57:43.0277 26568 lmhosts - ok
13:57:43.0328 26568 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:57:43.0332 26568 LSI_FC - ok
13:57:43.0344 26568 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:57:43.0348 26568 LSI_SAS - ok
13:57:43.0358 26568 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:57:43.0361 26568 LSI_SAS2 - ok
13:57:43.0377 26568 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:57:43.0381 26568 LSI_SCSI - ok
13:57:43.0395 26568 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:57:43.0397 26568 luafv - ok
13:57:43.0442 26568 MarvinBus (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
13:57:43.0449 26568 MarvinBus - ok
13:57:43.0500 26568 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
13:57:43.0508 26568 Mcx2Svc - ok
13:57:43.0523 26568 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:57:43.0528 26568 megasas - ok
13:57:43.0561 26568 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:57:43.0570 26568 MegaSR - ok
13:57:43.0591 26568 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:57:43.0594 26568 MMCSS - ok
13:57:43.0609 26568 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:57:43.0612 26568 Modem - ok
13:57:43.0633 26568 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:57:43.0634 26568 monitor - ok
13:57:43.0645 26568 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:57:43.0647 26568 mouclass - ok
13:57:43.0685 26568 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:57:43.0687 26568 mouhid - ok
13:57:43.0703 26568 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:57:43.0705 26568 mountmgr - ok
13:57:43.0801 26568 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:57:43.0806 26568 MozillaMaintenance - ok
13:57:43.0828 26568 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:57:43.0833 26568 mpio - ok
13:57:43.0850 26568 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:57:43.0853 26568 mpsdrv - ok
13:57:43.0925 26568 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
13:57:43.0936 26568 MpsSvc - ok
13:57:43.0957 26568 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:57:43.0961 26568 MRxDAV - ok
13:57:43.0988 26568 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:57:43.0991 26568 mrxsmb - ok
13:57:44.0038 26568 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:57:44.0042 26568 mrxsmb10 - ok
13:57:44.0058 26568 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:57:44.0060 26568 mrxsmb20 - ok
13:57:44.0082 26568 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys
13:57:44.0084 26568 msahci - ok
13:57:44.0103 26568 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:57:44.0107 26568 msdsm - ok
13:57:44.0128 26568 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:57:44.0132 26568 MSDTC - ok
13:57:44.0143 26568 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:57:44.0144 26568 Msfs - ok
13:57:44.0181 26568 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:57:44.0184 26568 mshidkmdf - ok
13:57:44.0195 26568 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:57:44.0196 26568 msisadrv - ok
13:57:44.0227 26568 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:57:44.0231 26568 MSiSCSI - ok
13:57:44.0235 26568 msiserver - ok
13:57:44.0255 26568 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:57:44.0258 26568 MSKSSRV - ok
13:57:44.0266 26568 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:57:44.0268 26568 MSPCLOCK - ok
13:57:44.0273 26568 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:57:44.0275 26568 MSPQM - ok
13:57:44.0300 26568 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:57:44.0305 26568 MsRPC - ok
13:57:44.0316 26568 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:57:44.0317 26568 mssmbios - ok
13:57:44.0329 26568 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:57:44.0331 26568 MSTEE - ok
13:57:44.0344 26568 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:57:44.0345 26568 MTConfig - ok
13:57:44.0391 26568 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:57:44.0391 26568 Mup - ok
13:57:44.0445 26568 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
13:57:44.0458 26568 napagent - ok
13:57:44.0505 26568 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:57:44.0511 26568 NativeWifiP - ok
13:57:44.0558 26568 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:57:44.0570 26568 NDIS - ok
13:57:44.0576 26568 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:57:44.0579 26568 NdisCap - ok
13:57:44.0611 26568 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:57:44.0616 26568 NdisTapi - ok
13:57:44.0660 26568 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:57:44.0664 26568 Ndisuio - ok
13:57:44.0689 26568 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:57:44.0696 26568 NdisWan - ok
13:57:44.0710 26568 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:57:44.0713 26568 NDProxy - ok
13:57:44.0721 26568 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:57:44.0723 26568 NetBIOS - ok
13:57:44.0742 26568 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:57:44.0745 26568 NetBT - ok
13:57:44.0779 26568 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:57:44.0780 26568 Netlogon - ok
13:57:44.0831 26568 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:57:44.0841 26568 Netman - ok
13:57:44.0897 26568 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:57:44.0904 26568 netprofm - ok
13:57:44.0975 26568 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:57:44.0981 26568 NetTcpPortSharing - ok
13:57:45.0016 26568 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:57:45.0021 26568 nfrd960 - ok
13:57:45.0050 26568 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
13:57:45.0058 26568 NlaSvc - ok
13:57:45.0070 26568 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:57:45.0071 26568 Npfs - ok
13:57:45.0084 26568 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:57:45.0086 26568 nsi - ok
13:57:45.0098 26568 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:57:45.0100 26568 nsiproxy - ok
13:57:45.0219 26568 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
13:57:45.0254 26568 Ntfs - ok
13:57:45.0323 26568 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:57:45.0326 26568 Null - ok
13:57:45.0355 26568 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
13:57:45.0359 26568 nvraid - ok
13:57:45.0387 26568 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
13:57:45.0390 26568 nvstor - ok
13:57:45.0434 26568 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:57:45.0437 26568 nv_agp - ok
13:57:45.0453 26568 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:57:45.0455 26568 ohci1394 - ok
13:57:45.0556 26568 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:57:45.0562 26568 ose - ok
13:57:45.0937 26568 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:57:45.0963 26568 osppsvc - ok
13:57:46.0021 26568 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:57:46.0025 26568 p2pimsvc - ok
13:57:46.0048 26568 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:57:46.0053 26568 p2psvc - ok
13:57:46.0070 26568 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:57:46.0072 26568 Parport - ok
13:57:46.0102 26568 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
13:57:46.0103 26568 partmgr - ok
13:57:46.0128 26568 PCANDIS5 - ok
13:57:46.0163 26568 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:57:46.0169 26568 PcaSvc - ok
13:57:46.0215 26568 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:57:46.0219 26568 pci - ok
13:57:46.0280 26568 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:57:46.0284 26568 pciide - ok
13:57:46.0313 26568 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:57:46.0321 26568 pcmcia - ok
13:57:46.0346 26568 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:57:46.0348 26568 pcw - ok
13:57:46.0413 26568 pdfcDispatcher - ok
13:57:46.0471 26568 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:57:46.0480 26568 PEAUTH - ok
13:57:46.0564 26568 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:57:46.0567 26568 PerfHost - ok
13:57:46.0678 26568 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
13:57:46.0707 26568 pla - ok
13:57:46.0744 26568 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
13:57:46.0749 26568 PlugPlay - ok
13:57:46.0761 26568 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:57:46.0764 26568 PNRPAutoReg - ok
13:57:46.0787 26568 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:57:46.0789 26568 PNRPsvc - ok
13:57:46.0828 26568 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
13:57:46.0833 26568 PolicyAgent - ok
13:57:46.0854 26568 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:57:46.0857 26568 Power - ok
13:57:46.0914 26568 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:57:46.0919 26568 PptpMiniport - ok
13:57:46.0937 26568 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:57:46.0940 26568 Processor - ok
13:57:46.0988 26568 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
13:57:46.0995 26568 ProfSvc - ok
13:57:47.0036 26568 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:57:47.0039 26568 ProtectedStorage - ok
13:57:47.0087 26568 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:57:47.0092 26568 Psched - ok
13:57:47.0193 26568 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:57:47.0223 26568 ql2300 - ok
13:57:47.0316 26568 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:57:47.0322 26568 ql40xx - ok
13:57:47.0350 26568 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:57:47.0355 26568 QWAVE - ok
13:57:47.0362 26568 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:57:47.0365 26568 QWAVEdrv - ok
13:57:47.0375 26568 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:57:47.0377 26568 RasAcd - ok
13:57:47.0407 26568 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:57:47.0409 26568 RasAgileVpn - ok
13:57:47.0423 26568 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:57:47.0426 26568 RasAuto - ok
13:57:47.0441 26568 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:57:47.0444 26568 Rasl2tp - ok
13:57:47.0462 26568 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
13:57:47.0466 26568 RasMan - ok
13:57:47.0482 26568 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:57:47.0485 26568 RasPppoe - ok
13:57:47.0512 26568 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:57:47.0514 26568 RasSstp - ok
13:57:47.0534 26568 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:57:47.0537 26568 rdbss - ok
13:57:47.0552 26568 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:57:47.0554 26568 rdpbus - ok
13:57:47.0565 26568 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:57:47.0567 26568 RDPCDD - ok
13:57:47.0606 26568 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:57:47.0608 26568 RDPENCDD - ok
13:57:47.0625 26568 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:57:47.0628 26568 RDPREFMP - ok
13:57:47.0677 26568 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
13:57:47.0684 26568 RDPWD - ok
13:57:47.0714 26568 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:57:47.0719 26568 rdyboost - ok
13:57:47.0778 26568 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:57:47.0785 26568 RemoteAccess - ok
13:57:47.0810 26568 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:57:47.0819 26568 RemoteRegistry - ok
13:57:47.0898 26568 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
13:57:47.0905 26568 RoxioNow Service - ok
13:57:47.0937 26568 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:57:47.0939 26568 RpcEptMapper - ok
13:57:47.0962 26568 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:57:47.0964 26568 RpcLocator - ok
13:57:47.0990 26568 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:57:47.0993 26568 RpcSs - ok
13:57:48.0032 26568 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:57:48.0038 26568 rspndr - ok
13:57:48.0109 26568 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:57:48.0119 26568 RTL8167 - ok
13:57:48.0194 26568 RTL8187B (4a06585c8673f4458e9fbbc9dddb4d28) C:\Windows\system32\DRIVERS\wg111v3.sys
13:57:48.0206 26568 RTL8187B - ok
13:57:48.0243 26568 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:57:48.0244 26568 SamSs - ok
13:57:48.0265 26568 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:57:48.0269 26568 sbp2port - ok
13:57:48.0289 26568 SBRE - ok
13:57:48.0320 26568 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:57:48.0326 26568 SCardSvr - ok
13:57:48.0335 26568 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:57:48.0337 26568 scfilter - ok
13:57:48.0446 26568 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
13:57:48.0478 26568 Schedule - ok
13:57:48.0520 26568 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
13:57:48.0521 26568 SCMNdisP - ok
13:57:48.0561 26568 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:57:48.0564 26568 SCPolicySvc - ok
13:57:48.0586 26568 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
13:57:48.0595 26568 SDRSVC - ok
13:57:48.0717 26568 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
13:57:48.0721 26568 SeaPort - ok
13:57:48.0756 26568 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:57:48.0761 26568 secdrv - ok
13:57:48.0778 26568 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
13:57:48.0783 26568 seclogon - ok
13:57:48.0797 26568 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:57:48.0802 26568 SENS - ok
13:57:48.0812 26568 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:57:48.0816 26568 SensrSvc - ok
13:57:48.0851 26568 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:57:48.0854 26568 Serenum - ok
13:57:48.0870 26568 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:57:48.0873 26568 Serial - ok
13:57:48.0892 26568 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:57:48.0895 26568 sermouse - ok
13:57:48.0926 26568 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
13:57:48.0929 26568 SessionEnv - ok
13:57:48.0957 26568 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:57:48.0960 26568 sffdisk - ok
13:57:48.0976 26568 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:57:48.0978 26568 sffp_mmc - ok
13:57:48.0989 26568 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:57:48.0991 26568 sffp_sd - ok
13:57:49.0020 26568 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:57:49.0022 26568 sfloppy - ok
13:57:49.0072 26568 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
13:57:49.0080 26568 Sftfs - ok
13:57:49.0173 26568 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
13:57:49.0184 26568 sftlist - ok
13:57:49.0226 26568 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
13:57:49.0231 26568 Sftplay - ok
13:57:49.0242 26568 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
13:57:49.0243 26568 Sftredir - ok
13:57:49.0250 26568 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
13:57:49.0253 26568 Sftvol - ok
13:57:49.0268 26568 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
13:57:49.0271 26568 sftvsa - ok
13:57:49.0329 26568 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:57:49.0341 26568 SharedAccess - ok
13:57:49.0371 26568 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
13:57:49.0378 26568 ShellHWDetection - ok
13:57:49.0391 26568 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:57:49.0394 26568 SiSRaid2 - ok
13:57:49.0411 26568 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:57:49.0414 26568 SiSRaid4 - ok
13:57:49.0487 26568 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:57:49.0493 26568 SkypeUpdate - ok
13:57:49.0535 26568 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:57:49.0540 26568 Smb - ok
13:57:49.0589 26568 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:57:49.0596 26568 SNMPTRAP - ok
13:57:49.0607 26568 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:57:49.0609 26568 spldr - ok
13:57:49.0652 26568 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
13:57:49.0661 26568 Spooler - ok
13:57:49.0818 26568 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
13:57:49.0894 26568 sppsvc - ok
13:57:49.0983 26568 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:57:49.0987 26568 sppuinotify - ok
13:57:50.0024 26568 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
13:57:50.0030 26568 srv - ok
13:57:50.0053 26568 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
13:57:50.0058 26568 srv2 - ok
13:57:50.0094 26568 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
13:57:50.0096 26568 srvnet - ok
13:57:50.0144 26568 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:57:50.0152 26568 SSDPSRV - ok
13:57:50.0163 26568 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:57:50.0166 26568 SstpSvc - ok
13:57:50.0185 26568 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:57:50.0188 26568 stexstor - ok
13:57:50.0268 26568 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
13:57:50.0280 26568 stisvc - ok
13:57:50.0294 26568 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:57:50.0297 26568 swenum - ok
13:57:50.0327 26568 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:57:50.0335 26568 swprv - ok
13:57:50.0423 26568 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
13:57:50.0457 26568 SysMain - ok
13:57:50.0517 26568 szkg5 - ok
13:57:50.0578 26568 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
13:57:50.0586 26568 TabletInputService - ok
13:57:50.0617 26568 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
13:57:50.0622 26568 TapiSrv - ok
13:57:50.0630 26568 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:57:50.0634 26568 TBS - ok
13:57:50.0778 26568 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
13:57:50.0820 26568 Tcpip - ok
13:57:50.0974 26568 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
13:57:50.0988 26568 TCPIP6 - ok
13:57:51.0039 26568 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:57:51.0041 26568 tcpipreg - ok
13:57:51.0060 26568 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:57:51.0062 26568 TDPIPE - ok
13:57:51.0099 26568 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
13:57:51.0101 26568 TDTCP - ok
13:57:51.0116 26568 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:57:51.0118 26568 tdx - ok
13:57:51.0124 26568 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:57:51.0126 26568 TermDD - ok
13:57:51.0159 26568 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
13:57:51.0167 26568 TermService - ok
13:57:51.0178 26568 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:57:51.0180 26568 Themes - ok
13:57:51.0207 26568 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:57:51.0210 26568 THREADORDER - ok
13:57:51.0232 26568 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:57:51.0238 26568 TrkWks - ok
13:57:51.0309 26568 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
13:57:51.0314 26568 TrustedInstaller - ok
13:57:51.0335 26568 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:57:51.0337 26568 tssecsrv - ok
13:57:51.0376 26568 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:57:51.0379 26568 tunnel - ok
13:57:51.0393 26568 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:57:51.0396 26568 uagp35 - ok
13:57:51.0421 26568 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:57:51.0427 26568 udfs - ok
13:57:51.0460 26568 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:57:51.0464 26568 UI0Detect - ok
13:57:51.0498 26568 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:57:51.0501 26568 uliagpkx - ok
13:57:51.0516 26568 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:57:51.0519 26568 umbus - ok
13:57:51.0531 26568 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:57:51.0533 26568 UmPass - ok
13:57:51.0583 26568 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:57:51.0594 26568 upnphost - ok
13:57:51.0639 26568 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
13:57:51.0642 26568 USBAAPL64 - ok
13:57:51.0679 26568 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
13:57:51.0682 26568 usbccgp - ok
13:57:51.0718 26568 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:57:51.0724 26568 usbcir - ok
13:57:51.0754 26568 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
13:57:51.0759 26568 usbehci - ok
13:57:51.0789 26568 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
13:57:51.0794 26568 usbfilter - ok
13:57:51.0831 26568 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
13:57:51.0840 26568 usbhub - ok
13:57:51.0856 26568 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
13:57:51.0859 26568 usbohci - ok
13:57:51.0871 26568 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:57:51.0873 26568 usbprint - ok
13:57:51.0895 26568 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:57:51.0898 26568 USBSTOR - ok
13:57:51.0917 26568 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
13:57:51.0920 26568 usbuhci - ok
13:57:51.0937 26568 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:57:51.0940 26568 UxSms - ok
13:57:51.0995 26568 V0250Dev (d1022b4ce46d257aa2d3492d4ea1244b) C:\Windows\system32\DRIVERS\V0250Dev.sys
13:57:52.0003 26568 V0250Dev - ok
13:57:52.0025 26568 V0250Vfx (8b97dcd5d0c379696bc9dc74c7a23cc1) C:\Windows\system32\DRIVERS\V0250Vfx.sys
13:57:52.0029 26568 V0250Vfx - ok
13:57:52.0064 26568 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:57:52.0065 26568 VaultSvc - ok
13:57:52.0078 26568 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:57:52.0080 26568 vdrvroot - ok
13:57:52.0111 26568 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
13:57:52.0121 26568 vds - ok
13:57:52.0134 26568 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:57:52.0137 26568 vga - ok
13:57:52.0148 26568 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:57:52.0151 26568 VgaSave - ok
13:57:52.0177 26568 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:57:52.0182 26568 vhdmp - ok
13:57:52.0205 26568 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:57:52.0207 26568 viaide - ok
13:57:52.0221 26568 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:57:52.0223 26568 volmgr - ok
13:57:52.0250 26568 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:57:52.0254 26568 volmgrx - ok
13:57:52.0277 26568 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:57:52.0281 26568 volsnap - ok
13:57:52.0319 26568 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:57:52.0323 26568 vsmraid - ok
13:57:52.0399 26568 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
13:57:52.0432 26568 VSS - ok
13:57:52.0518 26568 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:57:52.0523 26568 vwifibus - ok
13:57:52.0564 26568 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:57:52.0569 26568 vwififlt - ok
13:57:52.0612 26568 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:57:52.0617 26568 vwifimp - ok
13:57:52.0660 26568 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:57:52.0673 26568 W32Time - ok
13:57:52.0696 26568 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:57:52.0699 26568 WacomPen - ok
13:57:52.0731 26568 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:57:52.0734 26568 WANARP - ok
13:57:52.0754 26568 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:57:52.0755 26568 Wanarpv6 - ok
13:57:52.0875 26568 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:57:52.0916 26568 WatAdminSvc - ok
13:57:52.0993 26568 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
13:57:53.0022 26568 wbengine - ok
13:57:53.0075 26568 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:57:53.0079 26568 WbioSrvc - ok
13:57:53.0123 26568 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
13:57:53.0129 26568 wcncsvc - ok
13:57:53.0138 26568 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:57:53.0141 26568 WcsPlugInService - ok
13:57:53.0156 26568 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:57:53.0158 26568 Wd - ok
13:57:53.0199 26568 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:57:53.0205 26568 Wdf01000 - ok
13:57:53.0216 26568 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:57:53.0218 26568 WdiServiceHost - ok
13:57:53.0221 26568 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:57:53.0222 26568 WdiSystemHost - ok
13:57:53.0280 26568 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
13:57:53.0292 26568 WebClient - ok
13:57:53.0340 26568 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:57:53.0351 26568 Wecsvc - ok
13:57:53.0393 26568 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:57:53.0399 26568 wercplsupport - ok
13:57:53.0455 26568 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:57:53.0464 26568 WerSvc - ok
13:57:53.0509 26568 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:57:53.0513 26568 WfpLwf - ok
13:57:53.0533 26568 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:57:53.0538 26568 WIMMount - ok
13:57:53.0594 26568 WinDefend - ok
13:57:53.0609 26568 WinHttpAutoProxySvc - ok
13:57:53.0671 26568 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:57:53.0677 26568 Winmgmt - ok
13:57:53.0777 26568 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
13:57:53.0817 26568 WinRM - ok
13:57:53.0933 26568 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
13:57:53.0937 26568 WinUsb - ok
13:57:54.0000 26568 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:57:54.0012 26568 Wlansvc - ok
13:57:54.0204 26568 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:57:54.0217 26568 wlidsvc - ok
13:57:54.0269 26568 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:57:54.0270 26568 WmiAcpi - ok
13:57:54.0289 26568 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:57:54.0292 26568 wmiApSrv - ok
13:57:54.0304 26568 WMPNetworkSvc - ok
13:57:54.0329 26568 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:57:54.0332 26568 WPCSvc - ok
13:57:54.0351 26568 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
13:57:54.0353 26568 WPDBusEnum - ok
13:57:54.0360 26568 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:57:54.0362 26568 ws2ifsl - ok
13:57:54.0422 26568 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
13:57:54.0428 26568 wscsvc - ok
13:57:54.0436 26568 WSearch - ok
13:57:54.0515 26568 WSWNA1100 (35a20217c4d06d1d36a3addfd8ce58c2) C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
13:57:54.0521 26568 WSWNA1100 - ok
13:57:54.0693 26568 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:57:54.0743 26568 wuauserv - ok
13:57:54.0851 26568 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:57:54.0857 26568 WudfPf - ok
13:57:54.0908 26568 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:57:54.0912 26568 WUDFRd - ok
13:57:54.0922 26568 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
13:57:54.0925 26568 wudfsvc - ok
13:57:54.0944 26568 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:57:54.0950 26568 WwanSvc - ok
13:57:55.0006 26568 MBR (0x1B8) (acbc6d903dd671a9c04bd36c21bfb0d6) \Device\Harddisk0\DR0
13:57:55.0189 26568 \Device\Harddisk0\DR0 - ok
13:57:55.0194 26568 Boot (0x1200) (fa71b9045400538f711edfdb8b612ae5) \Device\Harddisk0\DR0\Partition0
13:57:55.0196 26568 \Device\Harddisk0\DR0\Partition0 - ok
13:57:55.0214 26568 Boot (0x1200) (804e20028b5cb1e2caf452fee4816788) \Device\Harddisk0\DR0\Partition1
13:57:55.0216 26568 \Device\Harddisk0\DR0\Partition1 - ok
13:57:55.0246 26568 Boot (0x1200) (5879efd110404aa15293a094fcb19b20) \Device\Harddisk0\DR0\Partition2
13:57:55.0248 26568 \Device\Harddisk0\DR0\Partition2 - ok
13:57:55.0249 26568 ============================================================
13:57:55.0249 26568 Scan finished
13:57:55.0249 26568 ============================================================
13:57:55.0263 26560 Detected object count: 0
13:57:55.0263 26560 Actual detected object count: 0

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-16 14:00:24
-----------------------------
14:00:24.375 OS Version: Windows x64 6.1.7600
14:00:24.375 Number of processors: 4 586 0x503
14:00:24.376 ComputerName: MIRZA-HP UserName: Mirza
14:00:28.495 Initialize success
14:01:20.202 AVAST engine defs: 12071600
14:06:12.312 The log file has been saved successfully to "C:\Users\Mirza\Desktop\aswMBR.txt"


PC is still running great, not noticing any problems. Thanks.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 PM

Posted 16 July 2012 - 09:03 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Mirza\AppData\Roaming\Babylon
c:\programdata\Babylon

File::
C:\user.js

Firefox::
FF - ProfilePath - c:\users\Mirza\AppData\Roaming\Mozilla\Firefox\Profiles\2577qsv3.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109935&tt=010712_4&babsrc=KW_ss&mntrId=caac7a520000000000002ab05d6b8d67&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=010712_4
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - caac7a520000000000002ab05d6b8d67
FF - user.js: extensions.BabylonToolbar_i.hardId - caac7a520000000000002ab05d6b8d67
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15529
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:11
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 PM

Posted 19 July 2012 - 12:18 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 PM

Posted 21 July 2012 - 11:11 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 PM

Posted 24 July 2012 - 11:43 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users