Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse


  • This topic is locked This topic is locked
22 replies to this topic

#1 thesmirker

thesmirker

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 18 July 2012 - 08:22 PM

A couple of days back I was browsing youtube and suddenly a new tab opened to a different website. Since then google chrome has slowed down and kept opening new tabs without me doing anything. I decided to run AVG and found out it was a Trojan horse Patched_c.LYU located in services.exe and all i could do was ignore the threat. I need help removing it since I heard it can drastically slow down your computer and open unwanted tabs.

BC AdBot (Login to Remove)

 


#2 thesmirker

thesmirker
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 20 July 2012 - 04:25 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by My Computer at 23:12:23 on 2012-07-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.1093 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\TEMP\mrt99BF.tmp\stdrt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
"C:\Windows\System32\svchost.exe" -k LocalServiceDns
"C:\Windows\System32\svchost.exe" -k LocalServiceDns
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
"C:\Windows\System32\svchost.exe" -k LocalServiceDns
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://isearch.avg.com/?cid={F84D6416-E069-46C7-A3DC-3085209BE10F}&mid=e6d30f24994847d0a022d16c220509ec-de673a44b610376fbaf73c9872f95dbd29c0ece4&lang=en&ds=cv011&pr=sa&d=2012-05-26 09:50:57&v=11.1.0.7&sap=hp
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyD0CyEyB0E0F0C0ByDyEtAtN0D0TzutBtDtCtBtDyCtDyB&cr=365898603
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: uTorrentBar2 Toolbar: {b54561db-0bbb-41b4-a814-df8301fe0a8e} - c:\program files\utorrentbar2\prxtbuTo0.dll
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: uTorrentBar2 Toolbar: {b54561db-0bbb-41b4-a814-df8301fe0a8e} - c:\program files\utorrentbar2\prxtbuTo0.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Updater For Spam Free Search Bar: {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - c:\program files\blekkotb\auxi\blekkoAu.dll
BHO: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: LivingPlay Text: {4a0ba746-d4d6-41a6-81ef-413e52b5f8d6} - c:\program files\livingplay\lplaytl.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Browse For Change BHO: {912c156f-05cf-4b62-851a-96e167a677b0} - mscoree.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: uTorrentBar2 Toolbar: {b54561db-0bbb-41b4-a814-df8301fe0a8e} - c:\program files\utorrentbar2\prxtbuTo0.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SweetPacks Browser Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: Adblock Pro: {f385c231-605b-4d8f-aca9-dbff765bbe17} - c:\program files\adblock pro\AdblockPro.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: uTorrentBar2 Toolbar: {b54561db-0bbb-41b4-a814-df8301fe0a8e} - c:\program files\utorrentbar2\prxtbuTo0.dll
TB: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No File
TB: Spam Free Search Bar: {26c9e18c-3717-4be1-a225-04e4471f5b6e} - c:\program files\blekkotb\blekkoDx.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll"
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: {A5AE8924-4036-420F-B7F6-A47E4B8F692E} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Google Update] "c:\users\my computer\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Sweetpacks Communicator] c:\program files\sweetim\communicator\SweetPacksUpdateManager.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gamers~1.lnk - c:\program files\gamersfirst\live!\Live.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - {7685B225-8229-4321-BA13-A24485B0A760} - c:\program files\adblock pro\AdblockPro.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CBAFA446-9684-4273-AF0D-961884C0CD33} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\my computer\appdata\roaming\mozilla\firefox\profiles\uafjousj.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={F84D6416-E069-46C7-A3DC-3085209BE10F}&mid=e6d30f24994847d0a022d16c220509ec-de673a44b610376fbaf73c9872f95dbd29c0ece4&lang=en&ds=cv011&pr=sa&d=2012-05-26 09:50:57&v=11.1.0.12&sap=hp
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\vizzed\vizzed retro game room\NpVizzedRgr.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_183.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - ce3db543000000000000002564e1e01f
FF - user.js: extensions.BabylonToolbar_i.hardId - ce3db543000000000000002564e1e01f
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15420
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:33:30
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=55555
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt -
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-6-27 1385896]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-30 363344]
R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2011-9-9 4174336]
R2 rtpMIDIService;rtpMIDIService;c:\program files\tobias erichsen\rtpmidi\rtpMIDISvc.exe [2010-11-27 1126400]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 bomebus;Bome's Virtual MIDI Port Bus Service;c:\windows\system32\drivers\bomebus.sys [2011-12-31 27720]
R3 bomemidi;Bome's Virtual MIDI Port;c:\windows\system32\drivers\bomemidi.sys [2011-12-31 24136]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-1-12 245760]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-30 20952]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-12-30 277536]
R3 teVirtualMIDI32;teVirtualMIDI - Virtual MIDI Driver x86;c:\windows\system32\drivers\teVirtualMIDI32.sys [2010-11-15 21888]
S2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\system32\mrvcl32.exe [2011-8-21 819729]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-27 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-1-27 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2011-3-28 29184]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-27 136176]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2011-12-20 97552]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-21 129976]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-6 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-29 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
.
=============== Created Last 30 ================
.
2012-07-17 03:28:37 -------- d-----w- c:\users\my computer\appdata\roaming\AVG2012
2012-07-17 03:27:25 -------- d-----w- c:\program files\AVG Secure Search
2012-07-17 03:25:36 -------- d--h--w- C:\$AVG
2012-07-17 03:25:36 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-17 03:25:36 -------- d-----w- c:\programdata\AVG2012
2012-07-17 03:24:54 -------- d-----w- c:\program files\AVG
2012-07-17 03:22:05 -------- d-----w- c:\programdata\MFAData
2012-07-16 22:17:54 -------- d-----w- c:\users\my computer\appdata\roaming\.minecraft
2012-07-15 18:39:22 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-14 00:36:33 -------- d-----w- c:\users\my computer\appdata\local\Smogon
2012-07-13 15:49:26 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1cb6ddab-2a22-4766-88de-79a3a4c538b1}\mpengine.dll
2012-07-10 19:29:42 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 20:42:48 -------- d-----w- c:\users\my computer\appdata\local\ESN Sonar
2012-06-27 13:40:23 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-06-25 20:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-21 14:23:35 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 14:23:14 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 14:22:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 14:22:59 171904 ----a-w- c:\windows\system32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-12 17:03:07 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 17:03:07 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
============= FINISH: 23:15:38.69 ===============

Here are the logs I forgot to add.
Also AVG has also detected a Trojan horse Generic28.AUQH a few hours after I made the first post.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:06 PM

Posted 22 July 2012 - 12:20 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:06 PM

Posted 24 July 2012 - 11:59 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 thesmirker

thesmirker
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 25 July 2012 - 02:36 PM

Here are the logs you requested. Sorry I took a while.
SecurityCheck:

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java DB 10.5.3.0
Java™ 6 Update 22
Java™ 6 Update 31
Java™ SE Development Kit 6 Update 22
Java 3D 1.5.1
Java version out of Date!
Adobe Flash Player 11.3.300.265
Adobe Reader X (10.1.3)
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 27% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

ComboFix:

ComboFix 12-07-26.03 - My Computer 07/25/2012 14:19:04.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.1065 [GMT -4:00]
Running from: c:\users\My Computer\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\I Want This
c:\program files\I Want This\appAPIinternalWrapper.js
c:\program files\I Want This\fb.js
c:\program files\I Want This\I Want This.exe
c:\program files\I Want This\I Want This.ico
c:\program files\I Want This\I Want ThisGui.exe
c:\program files\I Want This\jquery.js
c:\program files\I Want This\json.js
c:\users\My Computer\AppData\Roaming\Love
c:\users\My Computer\AppData\Roaming\Love\mari0\options.txt
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome.manifest
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\background.html
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\browser.xul
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossrider.js
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossriderapi.js
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\dialog.js
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\facebox\facebox.css
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\facebox\facebox.js
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\facebox\Images\b.png
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\facebox\Images\bl.png
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\facebox\Images\br.png
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\facebox\Images\closelabel.gif
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\facebox\Images\loading.gif
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\facebox\Images\tl.png
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\facebox\Images\tr.png
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\faye-browser-min.js
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\jquery-1.4.2.js
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps-style.css
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps.html
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\messaging.js
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.js
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.xul
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\push.html
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\search_dialog.xul
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\socialapi.js
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\update.html
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\utilityapi.js
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\chrome\content\workers_chain.js
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\defaults\preferences\prefs.js
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\install.rdf
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\locale\en-US\translations.dtd
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\skin\button1.png
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\skin\button2.png
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\skin\button3.png
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\skin\button4.png
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\skin\button5.png
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\skin\crossrider_statusbar.png
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\skin\icon128.png
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\skin\icon16.png
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\skin\icon24.png
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\skin\icon48.png
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\skin\panelarrow-up.png
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\skin\popup.css
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\skin\popup.html
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\skin\popup_binding.xml
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\skin\skin.css
c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\extensions\crossriderapp2258@crossrider.com\skin\update.css
c:\windows\system32\3500_256.dll
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Adobe Licensing Console
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 18:40 . 2012-07-25 18:49 -------- d-----w- c:\users\My Computer\AppData\Local\temp
2012-07-25 18:40 . 2012-07-25 18:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-25 18:40 . 2012-07-25 18:40 -------- d-----w- c:\users\Mario\AppData\Local\temp
2012-07-25 18:39 . 2012-07-25 18:39 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-25 18:39 . 2012-07-25 18:39 -------- d-----w- c:\users\Dora\AppData\Local\temp
2012-07-25 18:39 . 2012-07-25 18:39 -------- d-----w- c:\users\Charlie\AppData\Local\temp
2012-07-20 05:21 . 2012-07-20 05:21 -------- d-----w- c:\users\Dora\AppData\Roaming\AVG2012
2012-07-18 16:45 . 2012-07-18 16:45 -------- d-----w- c:\users\Mario\AppData\Roaming\AVG2012
2012-07-17 16:55 . 2012-07-17 16:55 -------- d-----w- c:\users\Kevin\AppData\Roaming\AVG2012
2012-07-17 03:33 . 2012-07-17 03:33 -------- d-----w- c:\users\Guest\AppData\Roaming\AVG2012
2012-07-17 03:28 . 2012-07-17 03:28 -------- d-----w- c:\users\My Computer\AppData\Roaming\AVG2012
2012-07-17 03:27 . 2012-07-17 03:27 -------- d-----w- c:\program files\AVG Secure Search
2012-07-17 03:25 . 2012-07-25 18:05 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-17 03:25 . 2012-07-19 16:37 -------- d-----w- c:\programdata\AVG2012
2012-07-17 03:25 . 2012-07-17 03:25 -------- d-----w- C:\$AVG
2012-07-17 03:24 . 2012-07-17 03:24 -------- d-----w- c:\program files\AVG
2012-07-17 03:22 . 2012-07-25 18:05 -------- d-----w- c:\programdata\MFAData
2012-07-17 00:38 . 2012-07-17 00:38 -------- d-----w- c:\users\Kevin\AppData\Local\Macromedia
2012-07-17 00:37 . 2012-07-17 00:37 -------- d-----w- c:\users\Kevin\AppData\Local\Wajam
2012-07-16 22:17 . 2012-07-23 19:19 -------- d-----w- c:\users\My Computer\AppData\Roaming\.minecraft
2012-07-15 18:39 . 2012-07-15 18:39 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-14 00:36 . 2012-07-14 00:36 -------- d-----w- c:\users\My Computer\AppData\Local\Smogon
2012-07-13 15:49 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CB6DDAB-2A22-4766-88DE-79A3A4C538B1}\mpengine.dll
2012-07-12 16:27 . 2012-07-12 16:27 -------- d-----w- c:\users\Charlie\AppData\Local\AVG Secure Search
2012-07-10 19:29 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 20:42 . 2012-07-03 00:13 -------- d-----w- c:\users\My Computer\AppData\Local\ESN Sonar
2012-06-27 13:40 . 2012-06-27 13:40 -------- d-----w- c:\program files\LogMeIn Hamachi
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 17:03 . 2012-01-28 01:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 17:03 . 2011-07-05 19:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 14:23 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:23 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:23 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:23 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 14:23 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 14:23 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 14:23 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 14:22 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 14:22 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-01 04:44 . 2012-06-13 22:00 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 22:00 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-18 03:07 . 2011-12-19 01:55 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]
2012-01-17 19:28 262312 ----a-w- c:\program files\blekkotb\auxi\blekkoAu.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
2012-01-17 19:28 86696 ----a-w- c:\program files\blekkotb\blekkoDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-17 03:27 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2011-06-07 21:26 1544192 ----a-w- c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-18 00:40 1492456 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-06-07 1544192]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-18 1492456]
"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files\blekkotb\blekkoDx.dll" [2012-01-17 86696]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-17 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-06-07 1544192]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-09-19 1242448]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-11-26 3082320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-18 395240]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-12-23 2629632]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-17 1107552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2011-8-15 2589808]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=myokent.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]
R3 dsiarhwprog;dsiarhwprog;c:\windows\system32\Drivers\dsiarhwprog.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R3 XDva392;XDva392;c:\windows\system32\XDva392.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 rtpMIDIService;rtpMIDIService;c:\program files\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [x]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 bomebus;Bome's Virtual MIDI Port Bus Service;c:\windows\system32\DRIVERS\bomebus.sys [x]
S3 bomemidi;Bome's Virtual MIDI Port;c:\windows\system32\drivers\bomemidi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 teVirtualMIDI32;teVirtualMIDI - Virtual MIDI Driver x86;c:\windows\system32\DRIVERS\teVirtualMIDI32.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-28 17:03]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 19:40]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 19:40]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1506541173-725849197-1135309587-1001Core.job
- c:\users\My Computer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29 15:59]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1506541173-725849197-1135309587-1001UA.job
- c:\users\My Computer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29 15:59]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1506541173-725849197-1135309587-1004Core.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 15:59]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1506541173-725849197-1135309587-1004UA.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 15:59]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1506541173-725849197-1135309587-1005Core.job
- c:\users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 15:59]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1506541173-725849197-1135309587-1005UA.job
- c:\users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 15:59]
.
2012-05-20 c:\windows\Tasks\Norton Security Scan for My Computer.job
- c:\progra~1\NORTON~2\Engine\300~1.103\Nss.exe [2011-01-28 08:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={F84D6416-E069-46C7-A3DC-3085209BE10F}&mid=e6d30f24994847d0a022d16c220509ec-de673a44b610376fbaf73c9872f95dbd29c0ece4&lang=en&ds=cv011&pr=sa&d=2012-05-26 09:50&v=11.1.0.7&sap=hp
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyD0CyEyB0E0F0C0ByDyEtAtN0D0TzutBtDtCtBtDyCtDyB&cr=365898603
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={F84D6416-E069-46C7-A3DC-3085209BE10F}&mid=e6d30f24994847d0a022d16c220509ec-de673a44b610376fbaf73c9872f95dbd29c0ece4&lang=en&ds=cv011&pr=sa&d=2012-05-26 09:50&v=11.1.0.12&sap=hp
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - user.js: extensions.BabylonToolbar_i.id - ce3db543000000000000002564e1e01f
FF - user.js: extensions.BabylonToolbar_i.hardId - ce3db543000000000000002564e1e01f
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15420
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:33
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=55555
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt -
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{b54561db-0bbb-41b4-a814-df8301fe0a8e} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-{06C7AD57-B655-418D-9AB8-9526A6D2E052} - (no file)
WebBrowser-{A5AE8924-4036-420F-B7F6-A47E4B8F692E} - (no file)
WebBrowser-{B54561DB-0BBB-41B4-A814-DF8301FE0A8E} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
AddRemove-ESN Sonar-0.70.4 - c:\program files\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
AddRemove-Matroska Pack - c:\program files\Matroska Pack\uninstall.exe
AddRemove-{F43120F7-7DBF-4E10-BC9B-19373999AAF4}_is1 - e:\windows password reset standard demo\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"=hex:51,66,7a,6c,4c,1d,38,12,dc,dd,18,
cc,07,c9,a8,01,c2,43,e2,8c,d0,0b,22,6e
"{61539ECD-CC67-4437-A03C-9AACCBD14326}"=hex:51,66,7a,6c,4c,1d,38,12,a3,9d,40,
65,55,82,59,01,df,2a,d9,ec,ce,8f,07,32
"{B54561DB-0BBB-41B4-A814-DF8301FE0A8E}"=hex:51,66,7a,6c,4c,1d,38,12,b5,62,56,
b1,89,45,da,04,d7,02,9c,c3,04,a0,4e,9a
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{4A0BA746-D4D6-41A6-81EF-413E52B5F8D6}"=hex:51,66,7a,6c,4c,1d,38,12,28,a4,18,
4e,e4,9a,c8,04,fe,f9,02,7e,57,eb,bc,c2
"{5BE1ED16-E6DD-4C4E-A596-6CFD5EE7C1EE}"=hex:51,66,7a,6c,4c,1d,38,12,78,ee,f2,
5f,ef,a8,20,09,da,80,2f,bd,5b,b9,85,fa
"{B0CDA128-B425-4EEF-A174-61A11AC5DBF8}"=hex:51,66,7a,6c,4c,1d,38,12,46,a2,de,
b4,17,fa,81,0b,de,62,22,e1,1f,9b,9f,ec
"{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}"=hex:51,66,7a,6c,4c,1d,38,12,a5,b6,f7,
bb,c5,2d,3f,0f,ed,70,22,27,60,03,1f,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:29,ec,33,a0,ce,64,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\taskhost.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-07-25 14:57:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-25 18:57
.
Pre-Run: 131,123,535,872 bytes free
Post-Run: 169,439,768,576 bytes free
.
- - End Of File - - E84FEBA9E5DA568717DE789B3D8BF2BD

AVG has also detected a Trojan horse Generic28.AUQH when rebooted my computer and I'm wondering if I have to do something else to remove it.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:06 PM

Posted 25 July 2012 - 03:05 PM

Greetings thesmirker

AVG has also detected a Trojan horse Generic28.AUQH when rebooted my computer - if it happens again I need to know the location - don't let AVG do anything

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 thesmirker

thesmirker
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 25 July 2012 - 11:30 PM

Here are the logs that you wanted.
TDSSKiller:


22:44:40.0885 7740 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:44:42.0887 7740 ============================================================
22:44:42.0887 7740 Current date / time: 2012/07/25 22:44:42.0887
22:44:42.0887 7740 SystemInfo:
22:44:42.0887 7740
22:44:42.0887 7740 OS Version: 6.1.7601 ServicePack: 1.0
22:44:42.0887 7740 Product type: Workstation
22:44:42.0888 7740 ComputerName: CHARLIE
22:44:42.0889 7740 UserName: My Computer
22:44:42.0889 7740 Windows directory: C:\Windows
22:44:42.0889 7740 System windows directory: C:\Windows
22:44:42.0889 7740 Processor architecture: Intel x86
22:44:42.0889 7740 Number of processors: 2
22:44:42.0889 7740 Page size: 0x1000
22:44:42.0889 7740 Boot type: Normal boot
22:44:42.0889 7740 ============================================================
22:44:46.0218 7740 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:44:46.0220 7740 ============================================================
22:44:46.0220 7740 \Device\Harddisk0\DR0:
22:44:46.0221 7740 MBR partitions:
22:44:46.0221 7740 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:44:46.0221 7740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
22:44:46.0221 7740 ============================================================
22:44:46.0301 7740 C: <-> \Device\Harddisk0\DR0\Partition1
22:44:46.0301 7740 ============================================================
22:44:46.0301 7740 Initialize success
22:44:46.0301 7740 ============================================================
22:45:27.0776 6504 ============================================================
22:45:27.0776 6504 Scan started
22:45:27.0776 6504 Mode: Manual;
22:45:27.0776 6504 ============================================================
22:45:29.0547 6504 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:45:29.0659 6504 1394ohci - ok
22:45:29.0706 6504 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:45:29.0712 6504 ACPI - ok
22:45:29.0742 6504 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:45:29.0845 6504 AcpiPmi - ok
22:45:29.0954 6504 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:45:29.0955 6504 AdobeARMservice - ok
22:45:30.0042 6504 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:45:30.0065 6504 AdobeFlashPlayerUpdateSvc - ok
22:45:30.0129 6504 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:45:30.0171 6504 adp94xx - ok
22:45:30.0204 6504 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:45:30.0218 6504 adpahci - ok
22:45:30.0239 6504 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:45:30.0259 6504 adpu320 - ok
22:45:30.0302 6504 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
22:45:30.0303 6504 AeLookupSvc - ok
22:45:30.0364 6504 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:45:30.0531 6504 AFD - ok
22:45:30.0591 6504 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:45:30.0602 6504 agp440 - ok
22:45:30.0643 6504 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:45:30.0645 6504 aic78xx - ok
22:45:30.0679 6504 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
22:45:30.0692 6504 ALG - ok
22:45:30.0701 6504 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:45:30.0702 6504 aliide - ok
22:45:30.0714 6504 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:45:30.0715 6504 amdagp - ok
22:45:30.0749 6504 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:45:30.0760 6504 amdide - ok
22:45:30.0828 6504 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:45:30.0935 6504 AmdK8 - ok
22:45:30.0949 6504 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:45:31.0029 6504 AmdPPM - ok
22:45:31.0079 6504 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:45:31.0094 6504 amdsata - ok
22:45:31.0134 6504 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:45:31.0145 6504 amdsbs - ok
22:45:31.0160 6504 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:45:31.0161 6504 amdxata - ok
22:45:31.0211 6504 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:45:31.0368 6504 AppID - ok
22:45:31.0422 6504 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
22:45:31.0423 6504 AppIDSvc - ok
22:45:31.0444 6504 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
22:45:31.0445 6504 Appinfo - ok
22:45:31.0575 6504 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:45:31.0577 6504 Apple Mobile Device - ok
22:45:31.0670 6504 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:45:31.0672 6504 arc - ok
22:45:31.0683 6504 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:45:31.0688 6504 arcsas - ok
22:45:31.0783 6504 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:45:31.0814 6504 aspnet_state - ok
22:45:31.0849 6504 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:45:31.0976 6504 AsyncMac - ok
22:45:32.0100 6504 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:45:32.0100 6504 atapi - ok
22:45:32.0163 6504 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:45:32.0211 6504 AudioEndpointBuilder - ok
22:45:32.0216 6504 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:45:32.0219 6504 Audiosrv - ok
22:45:32.0282 6504 Avgfwfd (c46ba2c177df0b84f9c0bfc1e4574dc7) C:\Windows\system32\DRIVERS\avgfwd6x.sys
22:45:32.0337 6504 Avgfwfd - ok
22:45:32.0605 6504 avgfws (bd5d11cedbcde4fa97d2387e7069b1ff) C:\Program Files\AVG\AVG2012\avgfws.exe
22:45:32.0657 6504 avgfws - ok
22:45:33.0001 6504 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe
22:45:33.0058 6504 AVGIDSAgent - ok
22:45:33.0234 6504 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
22:45:33.0245 6504 AVGIDSDriver - ok
22:45:33.0261 6504 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
22:45:33.0262 6504 AVGIDSFilter - ok
22:45:33.0286 6504 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
22:45:33.0299 6504 AVGIDSHX - ok
22:45:33.0327 6504 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
22:45:33.0328 6504 AVGIDSShim - ok
22:45:33.0373 6504 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
22:45:33.0380 6504 Avgldx86 - ok
22:45:33.0406 6504 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
22:45:33.0408 6504 Avgmfx86 - ok
22:45:33.0486 6504 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
22:45:33.0488 6504 Avgrkx86 - ok
22:45:33.0524 6504 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
22:45:33.0554 6504 Avgtdix - ok
22:45:33.0782 6504 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
22:45:33.0791 6504 avgwd - ok
22:45:33.0835 6504 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
22:45:33.0856 6504 AxInstSV - ok
22:45:33.0917 6504 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:45:34.0079 6504 b06bdrv - ok
22:45:34.0134 6504 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:45:34.0237 6504 b57nd60x - ok
22:45:34.0455 6504 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
22:45:34.0489 6504 BBSvc - ok
22:45:34.0574 6504 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
22:45:34.0589 6504 BBUpdate - ok
22:45:34.0755 6504 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
22:45:34.0774 6504 BDESVC - ok
22:45:34.0808 6504 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:45:34.0906 6504 Beep - ok
22:45:34.0983 6504 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
22:45:35.0029 6504 BFE - ok
22:45:35.0068 6504 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:45:35.0164 6504 blbdrive - ok
22:45:35.0276 6504 bomebus (4ffd431d6714a63d61e6f0d24df6af2e) C:\Windows\system32\DRIVERS\bomebus.sys
22:45:35.0329 6504 bomebus - ok
22:45:35.0376 6504 bomemidi (48dc03f9eccf5fd615652b5424dae98f) C:\Windows\system32\drivers\bomemidi.sys
22:45:35.0513 6504 bomemidi - ok
22:45:35.0627 6504 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:45:35.0637 6504 Bonjour Service - ok
22:45:35.0672 6504 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:45:35.0819 6504 bowser - ok
22:45:35.0909 6504 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:45:36.0014 6504 BrFiltLo - ok
22:45:36.0123 6504 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:45:36.0196 6504 BrFiltUp - ok
22:45:36.0335 6504 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
22:45:36.0408 6504 BridgeMP - ok
22:45:36.0460 6504 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
22:45:36.0464 6504 Browser - ok
22:45:36.0499 6504 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:45:36.0569 6504 Brserid - ok
22:45:36.0588 6504 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:45:36.0672 6504 BrSerWdm - ok
22:45:36.0685 6504 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:45:36.0734 6504 BrUsbMdm - ok
22:45:36.0822 6504 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:45:36.0984 6504 BrUsbSer - ok
22:45:37.0054 6504 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
22:45:37.0061 6504 BrYNSvc - ok
22:45:37.0083 6504 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:45:37.0153 6504 BTHMODEM - ok
22:45:37.0225 6504 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
22:45:37.0232 6504 bthserv - ok
22:45:37.0274 6504 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
22:45:37.0364 6504 BVRPMPR5 - ok
22:45:37.0503 6504 catchme - ok
22:45:37.0534 6504 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:45:37.0613 6504 cdfs - ok
22:45:37.0661 6504 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
22:45:37.0758 6504 cdrom - ok
22:45:37.0794 6504 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:45:37.0809 6504 CertPropSvc - ok
22:45:37.0830 6504 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:45:37.0928 6504 circlass - ok
22:45:38.0025 6504 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:45:38.0081 6504 CLFS - ok
22:45:38.0155 6504 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:45:38.0171 6504 clr_optimization_v2.0.50727_32 - ok
22:45:38.0265 6504 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:45:38.0327 6504 clr_optimization_v4.0.30319_32 - ok
22:45:38.0336 6504 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:45:38.0421 6504 CmBatt - ok
22:45:38.0440 6504 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:45:38.0442 6504 cmdide - ok
22:45:38.0498 6504 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
22:45:38.0524 6504 CNG - ok
22:45:38.0574 6504 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:45:38.0576 6504 Compbatt - ok
22:45:38.0613 6504 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:45:38.0716 6504 CompositeBus - ok
22:45:38.0774 6504 COMSysApp - ok
22:45:38.0789 6504 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:45:38.0791 6504 crcdisk - ok
22:45:38.0838 6504 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
22:45:38.0849 6504 CryptSvc - ok
22:45:38.0915 6504 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:45:38.0941 6504 DcomLaunch - ok
22:45:38.0966 6504 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
22:45:39.0087 6504 defragsvc - ok
22:45:39.0105 6504 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:45:39.0226 6504 DfsC - ok
22:45:39.0319 6504 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
22:45:39.0374 6504 Dhcp - ok
22:45:39.0395 6504 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:45:39.0398 6504 discache - ok
22:45:39.0436 6504 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:45:39.0438 6504 Disk - ok
22:45:39.0460 6504 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
22:45:39.0571 6504 Dnscache - ok
22:45:39.0618 6504 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
22:45:39.0707 6504 dot3svc - ok
22:45:39.0764 6504 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
22:45:39.0899 6504 Dot4 - ok
22:45:39.0939 6504 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
22:45:40.0027 6504 Dot4Print - ok
22:45:40.0056 6504 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
22:45:40.0104 6504 dot4usb - ok
22:45:40.0129 6504 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
22:45:40.0139 6504 DPS - ok
22:45:40.0174 6504 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:45:40.0299 6504 drmkaud - ok
22:45:40.0390 6504 dsiarhwprog (f35b5d0cc142b87e687fc504baa69d82) C:\Windows\system32\Drivers\dsiarhwprog.sys
22:45:40.0493 6504 dsiarhwprog - ok
22:45:40.0552 6504 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:45:40.0579 6504 DXGKrnl - ok
22:45:40.0645 6504 EagleXNt - ok
22:45:40.0746 6504 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
22:45:40.0811 6504 EapHost - ok
22:45:41.0019 6504 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:45:41.0173 6504 ebdrv - ok
22:45:41.0309 6504 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
22:45:41.0358 6504 EFS - ok
22:45:41.0423 6504 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
22:45:41.0500 6504 ehRecvr - ok
22:45:41.0524 6504 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
22:45:41.0562 6504 ehSched - ok
22:45:41.0642 6504 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:45:41.0659 6504 elxstor - ok
22:45:41.0681 6504 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:45:41.0767 6504 ErrDev - ok
22:45:41.0827 6504 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
22:45:41.0833 6504 EventSystem - ok
22:45:41.0854 6504 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:45:41.0981 6504 exfat - ok
22:45:42.0069 6504 Fabs - ok
22:45:42.0093 6504 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:45:42.0198 6504 fastfat - ok
22:45:42.0261 6504 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
22:45:42.0275 6504 Fax - ok
22:45:42.0293 6504 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:45:42.0377 6504 fdc - ok
22:45:42.0453 6504 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
22:45:42.0455 6504 fdPHost - ok
22:45:42.0466 6504 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
22:45:42.0468 6504 FDResPub - ok
22:45:42.0486 6504 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:45:42.0488 6504 FileInfo - ok
22:45:42.0527 6504 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:45:42.0603 6504 Filetrace - ok
22:45:42.0818 6504 FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
22:45:43.0504 6504 FirebirdServerMAGIXInstance - ok
22:45:43.0703 6504 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:45:43.0772 6504 flpydisk - ok
22:45:43.0880 6504 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:45:43.0889 6504 FltMgr - ok
22:45:43.0947 6504 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
22:45:43.0962 6504 FontCache - ok
22:45:44.0032 6504 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:45:44.0047 6504 FontCache3.0.0.0 - ok
22:45:44.0097 6504 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:45:44.0098 6504 FsDepends - ok
22:45:44.0182 6504 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
22:45:44.0210 6504 Fs_Rec - ok
22:45:44.0256 6504 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:45:44.0266 6504 fvevol - ok
22:45:44.0304 6504 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:45:44.0306 6504 gagp30kx - ok
22:45:44.0345 6504 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:45:44.0379 6504 GEARAspiWDM - ok
22:45:44.0421 6504 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
22:45:44.0544 6504 gpsvc - ok
22:45:44.0642 6504 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:45:44.0679 6504 gupdate - ok
22:45:44.0722 6504 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:45:44.0723 6504 gupdatem - ok
22:45:44.0764 6504 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:45:44.0801 6504 gusvc - ok
22:45:44.0826 6504 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
22:45:44.0837 6504 hamachi - ok
22:45:45.0018 6504 Hamachi2Svc (f31d7f8a7699575dbb3b3a3ab4aa6216) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
22:45:45.0056 6504 Hamachi2Svc - ok
22:45:45.0225 6504 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:45:45.0292 6504 hcw85cir - ok
22:45:45.0346 6504 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:45:45.0437 6504 HdAudAddService - ok
22:45:45.0506 6504 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:45:45.0510 6504 HDAudBus - ok
22:45:45.0533 6504 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:45:45.0649 6504 HidBatt - ok
22:45:45.0668 6504 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:45:45.0793 6504 HidBth - ok
22:45:45.0822 6504 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:45:45.0903 6504 HidIr - ok
22:45:45.0964 6504 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
22:45:46.0045 6504 hidserv - ok
22:45:46.0099 6504 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:45:46.0129 6504 HidUsb - ok
22:45:46.0147 6504 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
22:45:46.0290 6504 hkmsvc - ok
22:45:46.0326 6504 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
22:45:46.0343 6504 HomeGroupListener - ok
22:45:46.0367 6504 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
22:45:46.0393 6504 HomeGroupProvider - ok
22:45:46.0592 6504 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:45:46.0600 6504 hpqcxs08 - ok
22:45:46.0634 6504 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:45:46.0646 6504 hpqddsvc - ok
22:45:46.0699 6504 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:45:46.0812 6504 HpSAMD - ok
22:45:46.0900 6504 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
22:45:46.0912 6504 HPSLPSVC - ok
22:45:46.0968 6504 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:45:47.0097 6504 HTTP - ok
22:45:47.0131 6504 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:45:47.0132 6504 hwpolicy - ok
22:45:47.0182 6504 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:45:47.0279 6504 i8042prt - ok
22:45:47.0332 6504 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:45:47.0351 6504 iaStorV - ok
22:45:47.0481 6504 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:45:47.0492 6504 idsvc - ok
22:45:48.0135 6504 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:45:48.0442 6504 igfx - ok
22:45:48.0597 6504 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:45:48.0612 6504 iirsp - ok
22:45:48.0687 6504 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
22:45:48.0700 6504 IKEEXT - ok
22:45:48.0735 6504 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:45:48.0736 6504 intelide - ok
22:45:48.0769 6504 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:45:48.0771 6504 intelppm - ok
22:45:48.0791 6504 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
22:45:48.0793 6504 IPBusEnum - ok
22:45:48.0806 6504 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:45:48.0874 6504 IpFilterDriver - ok
22:45:49.0025 6504 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
22:45:49.0061 6504 iphlpsvc - ok
22:45:49.0088 6504 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:45:49.0127 6504 IPMIDRV - ok
22:45:49.0148 6504 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:45:49.0233 6504 IPNAT - ok
22:45:49.0416 6504 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
22:45:49.0454 6504 iPod Service - ok
22:45:49.0490 6504 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:45:49.0555 6504 IRENUM - ok
22:45:49.0575 6504 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:45:49.0582 6504 isapnp - ok
22:45:49.0625 6504 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:45:49.0696 6504 iScsiPrt - ok
22:45:49.0769 6504 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:45:49.0771 6504 kbdclass - ok
22:45:49.0821 6504 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
22:45:49.0863 6504 kbdhid - ok
22:45:49.0884 6504 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:45:49.0885 6504 KeyIso - ok
22:45:49.0924 6504 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
22:45:49.0925 6504 KSecDD - ok
22:45:49.0951 6504 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
22:45:49.0962 6504 KSecPkg - ok
22:45:50.0017 6504 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
22:45:50.0146 6504 KtmRm - ok
22:45:50.0215 6504 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
22:45:50.0266 6504 LanmanServer - ok
22:45:50.0313 6504 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
22:45:50.0334 6504 LanmanWorkstation - ok
22:45:50.0381 6504 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:45:50.0449 6504 lltdio - ok
22:45:50.0508 6504 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
22:45:50.0630 6504 lltdsvc - ok
22:45:50.0644 6504 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
22:45:50.0646 6504 lmhosts - ok
22:45:50.0704 6504 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:45:50.0725 6504 LSI_FC - ok
22:45:50.0747 6504 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:45:50.0749 6504 LSI_SAS - ok
22:45:50.0762 6504 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:45:50.0764 6504 LSI_SAS2 - ok
22:45:50.0786 6504 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:45:50.0798 6504 LSI_SCSI - ok
22:45:50.0829 6504 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:45:50.0898 6504 luafv - ok
22:45:50.0954 6504 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\Windows\system32\drivers\mbam.sys
22:45:50.0955 6504 MBAMProtector - ok
22:45:51.0017 6504 MBAMService (246af5a08b0339231bdd7437ab6ff6b8) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:45:51.0028 6504 MBAMService - ok
22:45:51.0057 6504 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
22:45:51.0157 6504 Mcx2Svc - ok
22:45:51.0190 6504 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:45:51.0191 6504 megasas - ok
22:45:51.0228 6504 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:45:51.0245 6504 MegaSR - ok
22:45:51.0365 6504 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:45:51.0412 6504 Microsoft Office Groove Audit Service - ok
22:45:51.0464 6504 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:45:51.0466 6504 MMCSS - ok
22:45:51.0476 6504 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:45:51.0547 6504 Modem - ok
22:45:51.0582 6504 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:45:51.0583 6504 monitor - ok
22:45:51.0660 6504 MotioninJoyXFilter (787a5f57812f8b9d76d82c80d077c5ca) C:\Windows\system32\DRIVERS\MijXfilt.sys
22:45:51.0714 6504 MotioninJoyXFilter - ok
22:45:51.0752 6504 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:45:51.0753 6504 mouclass - ok
22:45:51.0788 6504 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:45:51.0855 6504 mouhid - ok
22:45:51.0893 6504 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:45:51.0898 6504 mountmgr - ok
22:45:51.0965 6504 MozillaMaintenance (1144c543625a904f836605d0902f8255) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:45:52.0002 6504 MozillaMaintenance - ok
22:45:52.0055 6504 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:45:52.0202 6504 mpio - ok
22:45:52.0233 6504 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:45:52.0305 6504 mpsdrv - ok
22:45:52.0425 6504 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
22:45:52.0510 6504 MpsSvc - ok
22:45:52.0584 6504 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:45:52.0661 6504 MRxDAV - ok
22:45:52.0702 6504 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:45:52.0788 6504 mrxsmb - ok
22:45:52.0884 6504 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:45:52.0979 6504 mrxsmb10 - ok
22:45:53.0003 6504 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:45:53.0080 6504 mrxsmb20 - ok
22:45:53.0100 6504 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:45:53.0101 6504 msahci - ok
22:45:53.0130 6504 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:45:53.0211 6504 msdsm - ok
22:45:53.0240 6504 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
22:45:53.0417 6504 MSDTC - ok
22:45:53.0459 6504 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:45:53.0554 6504 Msfs - ok
22:45:53.0567 6504 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:45:53.0642 6504 mshidkmdf - ok
22:45:53.0663 6504 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:45:53.0664 6504 msisadrv - ok
22:45:53.0709 6504 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
22:45:53.0790 6504 MSiSCSI - ok
22:45:53.0793 6504 msiserver - ok
22:45:53.0835 6504 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:45:53.0878 6504 MSKSSRV - ok
22:45:53.0915 6504 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:45:53.0970 6504 MSPCLOCK - ok
22:45:53.0984 6504 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:45:54.0045 6504 MSPQM - ok
22:45:54.0063 6504 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:45:54.0073 6504 MsRPC - ok
22:45:54.0099 6504 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:45:54.0100 6504 mssmbios - ok
22:45:54.0144 6504 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:45:54.0209 6504 MSTEE - ok
22:45:54.0247 6504 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:45:54.0316 6504 MTConfig - ok
22:45:54.0340 6504 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:45:54.0342 6504 Mup - ok
22:45:54.0407 6504 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
22:45:54.0435 6504 napagent - ok
22:45:54.0485 6504 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:45:54.0576 6504 NativeWifiP - ok
22:45:54.0641 6504 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:45:54.0651 6504 NDIS - ok
22:45:54.0685 6504 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:45:54.0764 6504 NdisCap - ok
22:45:54.0802 6504 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:45:54.0851 6504 NdisTapi - ok
22:45:54.0905 6504 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:45:54.0965 6504 Ndisuio - ok
22:45:54.0996 6504 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:45:55.0051 6504 NdisWan - ok
22:45:55.0075 6504 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:45:55.0130 6504 NDProxy - ok
22:45:55.0187 6504 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
22:45:55.0189 6504 Net Driver HPZ12 - ok
22:45:55.0229 6504 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:45:55.0271 6504 NetBIOS - ok
22:45:55.0297 6504 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:45:55.0414 6504 NetBT - ok
22:45:55.0442 6504 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:45:55.0443 6504 Netlogon - ok
22:45:55.0566 6504 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
22:45:55.0612 6504 Netman - ok
22:45:55.0757 6504 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:45:55.0786 6504 NetMsmqActivator - ok
22:45:55.0802 6504 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:45:55.0803 6504 NetPipeActivator - ok
22:45:55.0842 6504 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
22:45:55.0845 6504 netprofm - ok
22:45:55.0859 6504 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:45:55.0861 6504 NetTcpActivator - ok
22:45:55.0864 6504 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:45:55.0865 6504 NetTcpPortSharing - ok
22:45:55.0946 6504 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:45:55.0947 6504 nfrd960 - ok
22:45:56.0269 6504 NIHardwareService (3d1b3941d0651ff8e81c6985b6676fbc) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
22:45:56.0312 6504 NIHardwareService - ok
22:45:56.0456 6504 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
22:45:56.0478 6504 NlaSvc - ok
22:45:56.0517 6504 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:45:56.0596 6504 Npfs - ok
22:45:56.0628 6504 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
22:45:56.0720 6504 nsi - ok
22:45:56.0733 6504 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:45:56.0792 6504 nsiproxy - ok
22:45:56.0886 6504 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:45:56.0905 6504 Ntfs - ok
22:45:57.0017 6504 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:45:57.0070 6504 Null - ok
22:45:57.0137 6504 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:45:57.0158 6504 nvraid - ok
22:45:57.0194 6504 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:45:57.0205 6504 nvstor - ok
22:45:57.0233 6504 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:45:57.0246 6504 nv_agp - ok
22:45:57.0432 6504 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:45:57.0458 6504 odserv - ok
22:45:57.0498 6504 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:45:57.0588 6504 ohci1394 - ok
22:45:57.0679 6504 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:45:57.0699 6504 ose - ok
22:45:57.0749 6504 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:45:57.0756 6504 p2pimsvc - ok
22:45:57.0794 6504 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
22:45:57.0807 6504 p2psvc - ok
22:45:57.0836 6504 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:45:57.0841 6504 Parport - ok
22:45:57.0928 6504 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
22:45:57.0955 6504 partmgr - ok
22:45:57.0968 6504 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:45:58.0047 6504 Parvdm - ok
22:45:58.0069 6504 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
22:45:58.0079 6504 PcaSvc - ok
22:45:58.0099 6504 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:45:58.0109 6504 pci - ok
22:45:58.0124 6504 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:45:58.0125 6504 pciide - ok
22:45:58.0145 6504 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:45:58.0180 6504 pcmcia - ok
22:45:58.0198 6504 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:45:58.0200 6504 pcw - ok
22:45:58.0236 6504 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:45:58.0245 6504 PEAUTH - ok
22:45:58.0353 6504 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
22:45:58.0533 6504 pla - ok
22:45:58.0663 6504 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
22:45:58.0749 6504 PlugPlay - ok
22:45:58.0786 6504 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
22:45:58.0788 6504 Pml Driver HPZ12 - ok
22:45:58.0847 6504 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\Windows\system32\PnkBstrA.exe
22:45:58.0852 6504 PnkBstrA - ok
22:45:58.0867 6504 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
22:45:58.0976 6504 PNRPAutoReg - ok
22:45:58.0999 6504 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:45:59.0002 6504 PNRPsvc - ok
22:45:59.0038 6504 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
22:45:59.0049 6504 PolicyAgent - ok
22:45:59.0083 6504 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
22:45:59.0095 6504 Power - ok
22:45:59.0158 6504 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:45:59.0251 6504 PptpMiniport - ok
22:45:59.0275 6504 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:45:59.0497 6504 Processor - ok
22:45:59.0562 6504 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
22:45:59.0674 6504 ProfSvc - ok
22:45:59.0700 6504 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:45:59.0701 6504 ProtectedStorage - ok
22:45:59.0734 6504 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:45:59.0738 6504 Psched - ok
22:45:59.0828 6504 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:45:59.0848 6504 ql2300 - ok
22:45:59.0960 6504 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:45:59.0962 6504 ql40xx - ok
22:46:00.0015 6504 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
22:46:00.0139 6504 QWAVE - ok
22:46:00.0151 6504 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:46:00.0196 6504 QWAVEdrv - ok
22:46:00.0205 6504 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:46:00.0241 6504 RasAcd - ok
22:46:00.0282 6504 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:46:00.0365 6504 RasAgileVpn - ok
22:46:00.0397 6504 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
22:46:00.0469 6504 RasAuto - ok
22:46:00.0489 6504 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:46:00.0547 6504 Rasl2tp - ok
22:46:00.0618 6504 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
22:46:00.0641 6504 RasMan - ok
22:46:00.0659 6504 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:46:00.0701 6504 RasPppoe - ok
22:46:00.0719 6504 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:46:00.0797 6504 RasSstp - ok
22:46:00.0869 6504 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:46:00.0959 6504 rdbss - ok
22:46:00.0993 6504 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:46:01.0094 6504 rdpbus - ok
22:46:01.0119 6504 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:46:01.0167 6504 RDPCDD - ok
22:46:01.0200 6504 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:46:01.0272 6504 RDPENCDD - ok
22:46:01.0332 6504 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:46:01.0339 6504 RDPREFMP - ok
22:46:01.0382 6504 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
22:46:01.0453 6504 RDPWD - ok
22:46:01.0503 6504 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:46:01.0513 6504 rdyboost - ok
22:46:01.0533 6504 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
22:46:01.0678 6504 RemoteAccess - ok
22:46:01.0699 6504 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
22:46:01.0772 6504 RemoteRegistry - ok
22:46:01.0816 6504 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
22:46:01.0849 6504 RimUsb - ok
22:46:01.0889 6504 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
22:46:01.0944 6504 RpcEptMapper - ok
22:46:02.0042 6504 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
22:46:02.0104 6504 RpcLocator - ok
22:46:02.0139 6504 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:46:02.0142 6504 RpcSs - ok
22:46:02.0188 6504 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:46:02.0286 6504 rspndr - ok
22:46:02.0335 6504 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
22:46:02.0401 6504 RTL8167 - ok
22:46:02.0564 6504 rtpMIDIService (651f33c42d88ec9b577ea5e9ac4b6970) C:\Program Files\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
22:46:02.0588 6504 rtpMIDIService - ok
22:46:02.0758 6504 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:46:02.0759 6504 SamSs - ok
22:46:02.0828 6504 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:46:02.0904 6504 sbp2port - ok
22:46:02.0932 6504 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
22:46:03.0067 6504 SCardSvr - ok
22:46:03.0087 6504 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:46:03.0168 6504 scfilter - ok
22:46:03.0242 6504 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
22:46:03.0327 6504 Schedule - ok
22:46:03.0343 6504 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:46:03.0343 6504 SCPolicySvc - ok
22:46:03.0372 6504 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
22:46:03.0384 6504 SDRSVC - ok
22:46:03.0450 6504 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:46:03.0451 6504 secdrv - ok
22:46:03.0474 6504 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
22:46:03.0476 6504 seclogon - ok
22:46:03.0485 6504 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
22:46:03.0488 6504 SENS - ok
22:46:03.0508 6504 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
22:46:03.0575 6504 SensrSvc - ok
22:46:03.0593 6504 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:46:03.0657 6504 Serenum - ok
22:46:03.0697 6504 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:46:03.0751 6504 Serial - ok
22:46:03.0769 6504 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:46:03.0846 6504 sermouse - ok
22:46:03.0875 6504 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
22:46:04.0001 6504 SessionEnv - ok
22:46:04.0052 6504 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:46:04.0115 6504 sffdisk - ok
22:46:04.0121 6504 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:46:04.0170 6504 sffp_mmc - ok
22:46:04.0180 6504 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:46:04.0249 6504 sffp_sd - ok
22:46:04.0316 6504 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:46:04.0359 6504 sfloppy - ok
22:46:04.0441 6504 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
22:46:04.0487 6504 SharedAccess - ok
22:46:04.0561 6504 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
22:46:04.0667 6504 ShellHWDetection - ok
22:46:04.0718 6504 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:46:04.0720 6504 sisagp - ok
22:46:04.0750 6504 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:46:04.0751 6504 SiSRaid2 - ok
22:46:04.0806 6504 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:46:04.0808 6504 SiSRaid4 - ok
22:46:04.0855 6504 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:46:04.0948 6504 Smb - ok
22:46:04.0995 6504 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
22:46:04.0998 6504 SNMPTRAP - ok
22:46:05.0005 6504 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:46:05.0007 6504 spldr - ok
22:46:05.0061 6504 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
22:46:05.0080 6504 Spooler - ok
22:46:05.0260 6504 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
22:46:05.0293 6504 sppsvc - ok
22:46:05.0427 6504 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
22:46:05.0595 6504 sppuinotify - ok
22:46:05.0694 6504 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:46:05.0707 6504 srv - ok
22:46:05.0742 6504 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:46:05.0800 6504 srv2 - ok
22:46:05.0827 6504 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:46:05.0914 6504 srvnet - ok
22:46:05.0937 6504 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
22:46:05.0947 6504 SSDPSRV - ok
22:46:05.0965 6504 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
22:46:05.0970 6504 SstpSvc - ok
22:46:06.0036 6504 Steam Client Service - ok
22:46:06.0070 6504 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:46:06.0071 6504 stexstor - ok
22:46:06.0123 6504 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
22:46:06.0184 6504 StillCam - ok
22:46:06.0236 6504 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
22:46:06.0251 6504 StiSvc - ok
22:46:06.0274 6504 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:46:06.0284 6504 swenum - ok
22:46:06.0319 6504 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:46:06.0396 6504 swprv - ok
22:46:06.0477 6504 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
22:46:06.0508 6504 SysMain - ok
22:46:06.0547 6504 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
22:46:06.0593 6504 TabletInputService - ok
22:46:06.0627 6504 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
22:46:06.0634 6504 TapiSrv - ok
22:46:06.0654 6504 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:46:06.0657 6504 TBS - ok
22:46:06.0894 6504 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
22:46:06.0917 6504 Tcpip - ok
22:46:07.0112 6504 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
22:46:07.0118 6504 TCPIP6 - ok
22:46:07.0189 6504 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:46:07.0190 6504 tcpipreg - ok
22:46:07.0215 6504 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:46:07.0283 6504 TDPIPE - ok
22:46:07.0321 6504 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
22:46:07.0379 6504 TDTCP - ok
22:46:07.0450 6504 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:46:07.0549 6504 tdx - ok
22:46:07.0569 6504 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:46:07.0571 6504 TermDD - ok
22:46:07.0611 6504 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
22:46:07.0712 6504 TermService - ok
22:46:07.0777 6504 teVirtualMIDI32 (18c7c68dc3e243ee76e1e84f4008c712) C:\Windows\system32\DRIVERS\teVirtualMIDI32.sys
22:46:07.0834 6504 teVirtualMIDI32 - ok
22:46:07.0856 6504 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:46:07.0893 6504 Themes - ok
22:46:07.0922 6504 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:46:07.0924 6504 THREADORDER - ok
22:46:07.0980 6504 TPkd (8f7f06ede2c6b8767b5c7de3a4118bd3) C:\Windows\system32\drivers\TPkd.sys
22:46:08.0019 6504 TPkd - ok
22:46:08.0063 6504 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:46:08.0086 6504 TrkWks - ok
22:46:08.0167 6504 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
22:46:08.0183 6504 TrustedInstaller - ok
22:46:08.0222 6504 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:46:08.0268 6504 tssecsrv - ok
22:46:08.0299 6504 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:46:08.0345 6504 TsUsbFlt - ok
22:46:08.0431 6504 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:46:08.0516 6504 tunnel - ok
22:46:08.0552 6504 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:46:08.0553 6504 uagp35 - ok
22:46:08.0597 6504 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:46:08.0715 6504 udfs - ok
22:46:08.0739 6504 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:46:08.0933 6504 UI0Detect - ok
22:46:08.0957 6504 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:46:08.0966 6504 uliagpkx - ok
22:46:09.0001 6504 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
22:46:09.0065 6504 umbus - ok
22:46:09.0085 6504 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:46:09.0086 6504 UmPass - ok
22:46:09.0125 6504 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:46:09.0131 6504 upnphost - ok
22:46:09.0183 6504 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
22:46:09.0258 6504 USBAAPL - ok
22:46:09.0315 6504 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
22:46:09.0406 6504 usbaudio - ok
22:46:09.0422 6504 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:46:09.0471 6504 usbccgp - ok
22:46:09.0555 6504 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:46:09.0624 6504 usbcir - ok
22:46:09.0642 6504 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:46:09.0707 6504 usbehci - ok
22:46:09.0743 6504 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:46:09.0828 6504 usbhub - ok
22:46:09.0843 6504 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
22:46:09.0963 6504 usbohci - ok
22:46:09.0982 6504 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:46:10.0041 6504 usbprint - ok
22:46:10.0075 6504 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
22:46:10.0116 6504 usbscan - ok
22:46:10.0178 6504 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:46:10.0241 6504 USBSTOR - ok
22:46:10.0252 6504 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:46:10.0318 6504 usbuhci - ok
22:46:10.0335 6504 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:46:10.0379 6504 UxSms - ok
22:46:10.0425 6504 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:46:10.0426 6504 VaultSvc - ok
22:46:10.0501 6504 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:46:10.0503 6504 vdrvroot - ok
22:46:10.0541 6504 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
22:46:10.0610 6504 vds - ok
22:46:10.0671 6504 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:46:10.0712 6504 vga - ok
22:46:10.0730 6504 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:46:10.0756 6504 VgaSave - ok
22:46:10.0785 6504 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:46:10.0842 6504 vhdmp - ok
22:46:10.0884 6504 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:46:10.0886 6504 viaagp - ok
22:46:10.0902 6504 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:46:10.0959 6504 ViaC7 - ok
22:46:10.0981 6504 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:46:10.0982 6504 viaide - ok
22:46:10.0995 6504 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:46:10.0997 6504 volmgr - ok
22:46:11.0024 6504 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:46:11.0038 6504 volmgrx - ok
22:46:11.0057 6504 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:46:11.0064 6504 volsnap - ok
22:46:11.0105 6504 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:46:11.0132 6504 vsmraid - ok
22:46:11.0211 6504 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
22:46:11.0287 6504 VSS - ok
22:46:11.0473 6504 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
22:46:11.0483 6504 vToolbarUpdater11.2.0 - ok
22:46:11.0631 6504 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
22:46:11.0694 6504 vwifibus - ok
22:46:11.0724 6504 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:46:11.0787 6504 W32Time - ok
22:46:11.0838 6504 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:46:11.0887 6504 WacomPen - ok
22:46:11.0930 6504 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:46:11.0996 6504 WANARP - ok
22:46:11.0999 6504 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:46:12.0000 6504 Wanarpv6 - ok
22:46:12.0172 6504 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
22:46:12.0393 6504 WatAdminSvc - ok
22:46:12.0591 6504 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
22:46:12.0784 6504 wbengine - ok
22:46:12.0825 6504 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
22:46:12.0897 6504 WbioSrvc - ok
22:46:12.0933 6504 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
22:46:12.0970 6504 wcncsvc - ok
22:46:13.0015 6504 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
22:46:13.0143 6504 WcsPlugInService - ok
22:46:13.0178 6504 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:46:13.0179 6504 Wd - ok
22:46:13.0215 6504 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:46:13.0220 6504 Wdf01000 - ok
22:46:13.0243 6504 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:46:13.0246 6504 WdiServiceHost - ok
22:46:13.0248 6504 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:46:13.0251 6504 WdiSystemHost - ok
22:46:13.0280 6504 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
22:46:13.0352 6504 WebClient - ok
22:46:13.0376 6504 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
22:46:13.0423 6504 Wecsvc - ok
22:46:13.0474 6504 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
22:46:13.0501 6504 wercplsupport - ok
22:46:13.0548 6504 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
22:46:13.0551 6504 WerSvc - ok
22:46:13.0586 6504 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:46:13.0643 6504 WfpLwf - ok
22:46:13.0694 6504 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:46:13.0695 6504 WIMMount - ok
22:46:13.0833 6504 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:46:13.0980 6504 WinDefend - ok
22:46:13.0999 6504 WinHttpAutoProxySvc - ok
22:46:14.0053 6504 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
22:46:14.0063 6504 Winmgmt - ok
22:46:14.0149 6504 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
22:46:14.0244 6504 WinRM - ok
22:46:14.0326 6504 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
22:46:14.0378 6504 WinUsb - ok
22:46:14.0482 6504 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
22:46:14.0583 6504 Wlansvc - ok
22:46:14.0638 6504 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:46:14.0691 6504 WmiAcpi - ok
22:46:14.0773 6504 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
22:46:14.0844 6504 wmiApSrv - ok
22:46:14.0980 6504 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:46:14.0993 6504 WMPNetworkSvc - ok
22:46:15.0107 6504 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
22:46:15.0161 6504 WPCSvc - ok
22:46:15.0223 6504 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
22:46:15.0228 6504 WPDBusEnum - ok
22:46:15.0257 6504 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:46:15.0307 6504 ws2ifsl - ok
22:46:15.0349 6504 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
22:46:15.0354 6504 wscsvc - ok
22:46:15.0394 6504 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:46:15.0477 6504 WSDPrintDevice - ok
22:46:15.0523 6504 WSDScan (7dc0270cfd4a05b4112e3ebbf083b595) C:\Windows\system32\DRIVERS\WSDScan.sys
22:46:15.0594 6504 WSDScan - ok
22:46:15.0597 6504 WSearch - ok
22:46:15.0816 6504 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
22:46:15.0839 6504 wuauserv - ok
22:46:15.0973 6504 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:46:16.0029 6504 WudfPf - ok
22:46:16.0088 6504 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:46:16.0173 6504 WUDFRd - ok
22:46:16.0210 6504 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
22:46:16.0283 6504 wudfsvc - ok
22:46:16.0309 6504 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
22:46:16.0485 6504 WwanSvc - ok
22:46:16.0513 6504 XDva392 - ok
22:46:16.0571 6504 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
22:46:16.0610 6504 xusb21 - ok
22:46:16.0647 6504 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:46:16.0862 6504 \Device\Harddisk0\DR0 - ok
22:46:16.0865 6504 Boot (0x1200) (9e01af3bef866efbd81a6b8b5ab5a465) \Device\Harddisk0\DR0\Partition0
22:46:16.0866 6504 \Device\Harddisk0\DR0\Partition0 - ok
22:46:16.0892 6504 Boot (0x1200) (ad12c464974271461aefd9bb9abaff78) \Device\Harddisk0\DR0\Partition1
22:46:16.0894 6504 \Device\Harddisk0\DR0\Partition1 - ok
22:46:16.0894 6504 ============================================================
22:46:16.0894 6504 Scan finished
22:46:16.0894 6504 ============================================================
22:46:16.0904 6980 Detected object count: 0
22:46:16.0904 6980 Actual detected object count: 0
22:46:29.0148 6796 ============================================================
22:46:29.0148 6796 Scan started
22:46:29.0148 6796 Mode: Manual;
22:46:29.0148 6796 ============================================================
22:46:29.0495 6796 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:46:29.0496 6796 1394ohci - ok
22:46:29.0520 6796 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:46:29.0522 6796 ACPI - ok
22:46:29.0540 6796 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:46:29.0541 6796 AcpiPmi - ok
22:46:29.0610 6796 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:46:29.0611 6796 AdobeARMservice - ok
22:46:29.0656 6796 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:46:29.0657 6796 AdobeFlashPlayerUpdateSvc - ok
22:46:29.0694 6796 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:46:29.0697 6796 adp94xx - ok
22:46:29.0726 6796 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:46:29.0728 6796 adpahci - ok
22:46:29.0745 6796 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:46:29.0746 6796 adpu320 - ok
22:46:29.0767 6796 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
22:46:29.0767 6796 AeLookupSvc - ok
22:46:29.0802 6796 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:46:29.0804 6796 AFD - ok
22:46:29.0822 6796 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:46:29.0823 6796 agp440 - ok
22:46:29.0841 6796 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:46:29.0842 6796 aic78xx - ok
22:46:29.0860 6796 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
22:46:29.0861 6796 ALG - ok
22:46:29.0873 6796 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:46:29.0874 6796 aliide - ok
22:46:29.0886 6796 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:46:29.0887 6796 amdagp - ok
22:46:29.0947 6796 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:46:29.0948 6796 amdide - ok
22:46:29.0960 6796 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:46:29.0960 6796 AmdK8 - ok
22:46:29.0972 6796 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:46:29.0973 6796 AmdPPM - ok
22:46:30.0002 6796 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:46:30.0002 6796 amdsata - ok
22:46:30.0024 6796 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:46:30.0025 6796 amdsbs - ok
22:46:30.0041 6796 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:46:30.0042 6796 amdxata - ok
22:46:30.0074 6796 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:46:30.0075 6796 AppID - ok
22:46:30.0102 6796 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
22:46:30.0102 6796 AppIDSvc - ok
22:46:30.0116 6796 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
22:46:30.0117 6796 Appinfo - ok
22:46:30.0222 6796 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:46:30.0223 6796 Apple Mobile Device - ok
22:46:30.0242 6796 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:46:30.0242 6796 arc - ok
22:46:30.0255 6796 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:46:30.0256 6796 arcsas - ok
22:46:30.0322 6796 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:46:30.0322 6796 aspnet_state - ok
22:46:30.0338 6796 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:46:30.0339 6796 AsyncMac - ok
22:46:30.0363 6796 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:46:30.0364 6796 atapi - ok
22:46:30.0411 6796 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:46:30.0414 6796 AudioEndpointBuilder - ok
22:46:30.0418 6796 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:46:30.0421 6796 Audiosrv - ok
22:46:30.0454 6796 Avgfwfd (c46ba2c177df0b84f9c0bfc1e4574dc7) C:\Windows\system32\DRIVERS\avgfwd6x.sys
22:46:30.0455 6796 Avgfwfd - ok
22:46:30.0729 6796 avgfws (bd5d11cedbcde4fa97d2387e7069b1ff) C:\Program Files\AVG\AVG2012\avgfws.exe
22:46:30.0741 6796 avgfws - ok
22:46:31.0039 6796 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files\AVG\AVG2012\avgidsagent.exe
22:46:31.0065 6796 AVGIDSAgent - ok
22:46:31.0223 6796 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
22:46:31.0224 6796 AVGIDSDriver - ok
22:46:31.0241 6796 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
22:46:31.0241 6796 AVGIDSFilter - ok
22:46:31.0266 6796 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
22:46:31.0267 6796 AVGIDSHX - ok
22:46:31.0282 6796 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
22:46:31.0283 6796 AVGIDSShim - ok
22:46:31.0345 6796 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
22:46:31.0346 6796 Avgldx86 - ok
22:46:31.0369 6796 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
22:46:31.0370 6796 Avgmfx86 - ok
22:46:31.0400 6796 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
22:46:31.0401 6796 Avgrkx86 - ok
22:46:31.0437 6796 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
22:46:31.0439 6796 Avgtdix - ok
22:46:31.0613 6796 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
22:46:31.0614 6796 avgwd - ok
22:46:31.0657 6796 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
22:46:31.0657 6796 AxInstSV - ok
22:46:31.0693 6796 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:46:31.0695 6796 b06bdrv - ok
22:46:31.0723 6796 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:46:31.0724 6796 b57nd60x - ok
22:46:31.0845 6796 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
22:46:31.0846 6796 BBSvc - ok
22:46:31.0905 6796 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
22:46:31.0907 6796 BBUpdate - ok
22:46:31.0935 6796 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
22:46:31.0936 6796 BDESVC - ok
22:46:31.0947 6796 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:46:31.0947 6796 Beep - ok
22:46:31.0995 6796 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
22:46:31.0997 6796 BFE - ok
22:46:32.0014 6796 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:46:32.0015 6796 blbdrive - ok
22:46:32.0056 6796 bomebus (4ffd431d6714a63d61e6f0d24df6af2e) C:\Windows\system32\DRIVERS\bomebus.sys
22:46:32.0057 6796 bomebus - ok
22:46:32.0065 6796 bomemidi (48dc03f9eccf5fd615652b5424dae98f) C:\Windows\system32\drivers\bomemidi.sys
22:46:32.0066 6796 bomemidi - ok
22:46:32.0118 6796 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
22:46:32.0120 6796 Bonjour Service - ok
22:46:32.0177 6796 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:46:32.0178 6796 bowser - ok
22:46:32.0197 6796 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:46:32.0198 6796 BrFiltLo - ok
22:46:32.0212 6796 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:46:32.0212 6796 BrFiltUp - ok
22:46:32.0224 6796 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
22:46:32.0225 6796 BridgeMP - ok
22:46:32.0256 6796 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
22:46:32.0257 6796 Browser - ok
22:46:32.0287 6796 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:46:32.0288 6796 Brserid - ok
22:46:32.0302 6796 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:46:32.0303 6796 BrSerWdm - ok
22:46:32.0315 6796 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:46:32.0316 6796 BrUsbMdm - ok
22:46:32.0328 6796 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:46:32.0328 6796 BrUsbSer - ok
22:46:32.0375 6796 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
22:46:32.0377 6796 BrYNSvc - ok
22:46:32.0388 6796 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:46:32.0389 6796 BTHMODEM - ok
22:46:32.0422 6796 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
22:46:32.0423 6796 bthserv - ok
22:46:32.0462 6796 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
22:46:32.0463 6796 BVRPMPR5 - ok
22:46:32.0558 6796 catchme - ok
22:46:32.0581 6796 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:46:32.0582 6796 cdfs - ok
22:46:32.0609 6796 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
22:46:32.0610 6796 cdrom - ok
22:46:32.0633 6796 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:46:32.0635 6796 CertPropSvc - ok
22:46:32.0652 6796 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:46:32.0653 6796 circlass - ok
22:46:32.0680 6796 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:46:32.0681 6796 CLFS - ok
22:46:32.0760 6796 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:46:32.0761 6796 clr_optimization_v2.0.50727_32 - ok
22:46:32.0862 6796 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:46:32.0863 6796 clr_optimization_v4.0.30319_32 - ok
22:46:32.0875 6796 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:46:32.0876 6796 CmBatt - ok
22:46:32.0888 6796 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:46:32.0888 6796 cmdide - ok
22:46:32.0943 6796 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
22:46:32.0945 6796 CNG - ok
22:46:32.0963 6796 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:46:32.0964 6796 Compbatt - ok
22:46:32.0977 6796 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:46:32.0978 6796 CompositeBus - ok
22:46:32.0981 6796 COMSysApp - ok
22:46:32.0995 6796 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:46:32.0996 6796 crcdisk - ok
22:46:33.0093 6796 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
22:46:33.0094 6796 CryptSvc - ok
22:46:33.0145 6796 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:46:33.0149 6796 DcomLaunch - ok
22:46:33.0180 6796 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
22:46:33.0182 6796 defragsvc - ok
22:46:33.0211 6796 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:46:33.0212 6796 DfsC - ok
22:46:33.0240 6796 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
22:46:33.0241 6796 Dhcp - ok
22:46:33.0251 6796 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:46:33.0251 6796 discache - ok
22:46:33.0258 6796 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:46:33.0259 6796 Disk - ok
22:46:33.0282 6796 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
22:46:33.0283 6796 Dnscache - ok
22:46:33.0333 6796 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
22:46:33.0335 6796 dot3svc - ok
22:46:33.0362 6796 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
22:46:33.0363 6796 Dot4 - ok
22:46:33.0379 6796 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys
22:46:33.0379 6796 Dot4Print - ok
22:46:33.0404 6796 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
22:46:33.0404 6796 dot4usb - ok
22:46:33.0434 6796 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
22:46:33.0435 6796 DPS - ok
22:46:33.0463 6796 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:46:33.0464 6796 drmkaud - ok
22:46:33.0488 6796 dsiarhwprog (f35b5d0cc142b87e687fc504baa69d82) C:\Windows\system32\Drivers\dsiarhwprog.sys
22:46:33.0488 6796 dsiarhwprog - ok
22:46:33.0542 6796 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:46:33.0545 6796 DXGKrnl - ok
22:46:33.0549 6796 EagleXNt - ok
22:46:33.0627 6796 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
22:46:33.0628 6796 EapHost - ok
22:46:33.0800 6796 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:46:33.0814 6796 ebdrv - ok
22:46:33.0956 6796 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
22:46:33.0958 6796 EFS - ok
22:46:34.0027 6796 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
22:46:34.0030 6796 ehRecvr - ok
22:46:34.0080 6796 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
22:46:34.0081 6796 ehSched - ok
22:46:34.0131 6796 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:46:34.0133 6796 elxstor - ok
22:46:34.0154 6796 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:46:34.0154 6796 ErrDev - ok
22:46:34.0192 6796 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
22:46:34.0194 6796 EventSystem - ok
22:46:34.0218 6796 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:46:34.0219 6796 exfat - ok
22:46:34.0259 6796 Fabs - ok
22:46:34.0315 6796 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:46:34.0316 6796 fastfat - ok
22:46:34.0360 6796 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
22:46:34.0363 6796 Fax - ok
22:46:34.0374 6796 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:46:34.0374 6796 fdc - ok
22:46:34.0384 6796 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
22:46:34.0385 6796 fdPHost - ok
22:46:34.0397 6796 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
22:46:34.0399 6796 FDResPub - ok
22:46:34.0410 6796 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:46:34.0411 6796 FileInfo - ok
22:46:34.0425 6796 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:46:34.0426 6796 Filetrace - ok
22:46:34.0628 6796 FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
22:46:34.0643 6796 FirebirdServerMAGIXInstance - ok
22:46:34.0792 6796 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:46:34.0793 6796 flpydisk - ok
22:46:34.0820 6796 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:46:34.0821 6796 FltMgr - ok
22:46:34.0961 6796 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
22:46:34.0976 6796 FontCache - ok
22:46:35.0038 6796 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:46:35.0039 6796 FontCache3.0.0.0 - ok
22:46:35.0053 6796 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:46:35.0054 6796 FsDepends - ok
22:46:35.0104 6796 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
22:46:35.0106 6796 Fs_Rec - ok
22:46:35.0138 6796 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:46:35.0140 6796 fvevol - ok
22:46:35.0177 6796 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:46:35.0178 6796 gagp30kx - ok
22:46:35.0201 6796 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:46:35.0202 6796 GEARAspiWDM - ok
22:46:35.0241 6796 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
22:46:35.0250 6796 gpsvc - ok
22:46:35.0315 6796 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:46:35.0317 6796 gupdate - ok
22:46:35.0320 6796 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:46:35.0321 6796 gupdatem - ok
22:46:35.0370 6796 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:46:35.0371 6796 gusvc - ok
22:46:35.0398 6796 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
22:46:35.0399 6796 hamachi - ok
22:46:35.0523 6796 Hamachi2Svc (f31d7f8a7699575dbb3b3a3ab4aa6216) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
22:46:35.0530 6796 Hamachi2Svc - ok
22:46:35.0673 6796 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:46:35.0673 6796 hcw85cir - ok
22:46:35.0710 6796 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:46:35.0723 6796 HdAudAddService - ok
22:46:35.0738 6796 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:46:35.0741 6796 HDAudBus - ok
22:46:35.0755 6796 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:46:35.0757 6796 HidBatt - ok
22:46:35.0773 6796 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:46:35.0774 6796 HidBth - ok
22:46:35.0812 6796 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:46:35.0812 6796 HidIr - ok
22:46:35.0837 6796 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
22:46:35.0839 6796 hidserv - ok
22:46:35.0847 6796 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:46:35.0848 6796 HidUsb - ok
22:46:35.0870 6796 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
22:46:35.0872 6796 hkmsvc - ok
22:46:35.0898 6796 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
22:46:35.0908 6796 HomeGroupListener - ok
22:46:35.0931 6796 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
22:46:35.0941 6796 HomeGroupProvider - ok
22:46:36.0090 6796 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:46:36.0091 6796 hpqcxs08 - ok
22:46:36.0107 6796 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:46:36.0108 6796 hpqddsvc - ok
22:46:36.0130 6796 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:46:36.0131 6796 HpSAMD - ok
22:46:36.0190 6796 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
22:46:36.0194 6796 HPSLPSVC - ok
22:46:36.0232 6796 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:46:36.0245 6796 HTTP - ok
22:46:36.0262 6796 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:46:36.0264 6796 hwpolicy - ok
22:46:36.0280 6796 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:46:36.0281 6796 i8042prt - ok
22:46:36.0319 6796 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:46:36.0321 6796 iaStorV - ok
22:46:36.0421 6796 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:46:36.0425 6796 idsvc - ok
22:46:36.0941 6796 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:46:36.0985 6796 igfx - ok
22:46:37.0104 6796 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:46:37.0104 6796 iirsp - ok
22:46:37.0151 6796 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
22:46:37.0164 6796 IKEEXT - ok
22:46:37.0190 6796 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:46:37.0191 6796 intelide - ok
22:46:37.0207 6796 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:46:37.0209 6796 intelppm - ok
22:46:37.0229 6796 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
22:46:37.0231 6796 IPBusEnum - ok
22:46:37.0244 6796 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:46:37.0246 6796 IpFilterDriver - ok
22:46:37.0292 6796 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
22:46:37.0299 6796 iphlpsvc - ok
22:46:37.0327 6796 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:46:37.0328 6796 IPMIDRV - ok
22:46:37.0354 6796 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:46:37.0359 6796 IPNAT - ok
22:46:37.0446 6796 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
22:46:37.0451 6796 iPod Service - ok
22:46:37.0462 6796 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:46:37.0464 6796 IRENUM - ok
22:46:37.0480 6796 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:46:37.0481 6796 isapnp - ok
22:46:37.0522 6796 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:46:37.0529 6796 iScsiPrt - ok
22:46:37.0558 6796 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:46:37.0559 6796 kbdclass - ok
22:46:37.0576 6796 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
22:46:37.0577 6796 kbdhid - ok
22:46:37.0598 6796 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:46:37.0599 6796 KeyIso - ok
22:46:37.0628 6796 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
22:46:37.0630 6796 KSecDD - ok
22:46:37.0656 6796 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
22:46:37.0658 6796 KSecPkg - ok
22:46:37.0696 6796 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
22:46:37.0709 6796 KtmRm - ok
22:46:37.0745 6796 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
22:46:37.0755 6796 LanmanServer - ok
22:46:37.0785 6796 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
22:46:37.0789 6796 LanmanWorkstation - ok
22:46:37.0812 6796 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:46:37.0813 6796 lltdio - ok
22:46:37.0838 6796 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
22:46:37.0848 6796 lltdsvc - ok
22:46:37.0866 6796 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
22:46:37.0868 6796 lmhosts - ok
22:46:37.0885 6796 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:46:37.0886 6796 LSI_FC - ok
22:46:37.0902 6796 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:46:37.0903 6796 LSI_SAS - ok
22:46:37.0918 6796 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:46:37.0919 6796 LSI_SAS2 - ok
22:46:37.0932 6796 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:46:37.0933 6796 LSI_SCSI - ok
22:46:37.0951 6796 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:46:37.0956 6796 luafv - ok
22:46:37.0976 6796 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\Windows\system32\drivers\mbam.sys
22:46:37.0977 6796 MBAMProtector - ok
22:46:38.0039 6796 MBAMService (246af5a08b0339231bdd7437ab6ff6b8) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:46:38.0041 6796 MBAMService - ok
22:46:38.0071 6796 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
22:46:38.0074 6796 Mcx2Svc - ok
22:46:38.0095 6796 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:46:38.0096 6796 megasas - ok
22:46:38.0142 6796 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:46:38.0144 6796 MegaSR - ok
22:46:38.0236 6796 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:46:38.0237 6796 Microsoft Office Groove Audit Service - ok
22:46:38.0270 6796 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:46:38.0271 6796 MMCSS - ok
22:46:38.0282 6796 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:46:38.0283 6796 Modem - ok
22:46:38.0296 6796 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:46:38.0297 6796 monitor - ok
22:46:38.0332 6796 MotioninJoyXFilter (787a5f57812f8b9d76d82c80d077c5ca) C:\Windows\system32\DRIVERS\MijXfilt.sys
22:46:38.0333 6796 MotioninJoyXFilter - ok
22:46:38.0382 6796 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:46:38.0383 6796 mouclass - ok
22:46:38.0394 6796 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:46:38.0395 6796 mouhid - ok
22:46:38.0415 6796 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:46:38.0420 6796 mountmgr - ok
22:46:38.0456 6796 MozillaMaintenance (1144c543625a904f836605d0902f8255) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:46:38.0457 6796 MozillaMaintenance - ok
22:46:38.0502 6796 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:46:38.0514 6796 mpio - ok
22:46:38.0538 6796 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:46:38.0539 6796 mpsdrv - ok
22:46:38.0590 6796 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
22:46:38.0608 6796 MpsSvc - ok
22:46:38.0640 6796 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:46:38.0643 6796 MRxDAV - ok
22:46:38.0682 6796 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:46:38.0694 6796 mrxsmb - ok
22:46:38.0723 6796 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:46:38.0731 6796 mrxsmb10 - ok
22:46:38.0741 6796 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:46:38.0746 6796 mrxsmb20 - ok
22:46:38.0755 6796 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:46:38.0756 6796 msahci - ok
22:46:38.0785 6796 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:46:38.0789 6796 msdsm - ok
22:46:38.0820 6796 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
22:46:38.0832 6796 MSDTC - ok
22:46:38.0848 6796 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:46:38.0850 6796 Msfs - ok
22:46:38.0856 6796 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:46:38.0857 6796 mshidkmdf - ok
22:46:38.0868 6796 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:46:38.0869 6796 msisadrv - ok
22:46:38.0898 6796 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
22:46:38.0902 6796 MSiSCSI - ok
22:46:38.0906 6796 msiserver - ok
22:46:38.0924 6796 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:46:38.0926 6796 MSKSSRV - ok
22:46:38.0937 6796 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:46:38.0938 6796 MSPCLOCK - ok
22:46:38.0948 6796 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:46:38.0949 6796 MSPQM - ok
22:46:39.0002 6796 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:46:39.0012 6796 MsRPC - ok
22:46:39.0029 6796 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:46:39.0030 6796 mssmbios - ok
22:46:39.0042 6796 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:46:39.0043 6796 MSTEE - ok
22:46:39.0052 6796 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:46:39.0053 6796 MTConfig - ok
22:46:39.0071 6796 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:46:39.0072 6796 Mup - ok
22:46:39.0103 6796 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
22:46:39.0115 6796 napagent - ok
22:46:39.0140 6796 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:46:39.0147 6796 NativeWifiP - ok
22:46:39.0214 6796 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:46:39.0218 6796 NDIS - ok
22:46:39.0232 6796 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:46:39.0234 6796 NdisCap - ok
22:46:39.0249 6796 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:46:39.0251 6796 NdisTapi - ok
22:46:39.0277 6796 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:46:39.0278 6796 Ndisuio - ok
22:46:39.0301 6796 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:46:39.0313 6796 NdisWan - ok
22:46:39.0331 6796 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:46:39.0332 6796 NDProxy - ok
22:46:39.0351 6796 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
22:46:39.0352 6796 Net Driver HPZ12 - ok
22:46:39.0360 6796 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:46:39.0361 6796 NetBIOS - ok
22:46:39.0386 6796 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:46:39.0395 6796 NetBT - ok
22:46:39.0423 6796 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:46:39.0424 6796 Netlogon - ok
22:46:39.0453 6796 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
22:46:39.0459 6796 Netman - ok
22:46:39.0521 6796 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:46:39.0523 6796 NetMsmqActivator - ok
22:46:39.0526 6796 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:46:39.0527 6796 NetPipeActivator - ok
22:46:39.0556 6796 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
22:46:39.0573 6796 netprofm - ok
22:46:39.0576 6796 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:46:39.0577 6796 NetTcpActivator - ok
22:46:39.0580 6796 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:46:39.0582 6796 NetTcpPortSharing - ok
22:46:39.0597 6796 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:46:39.0598 6796 nfrd960 - ok
22:46:39.0899 6796 NIHardwareService (3d1b3941d0651ff8e81c6985b6676fbc) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
22:46:39.0919 6796 NIHardwareService - ok
22:46:40.0036 6796 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
22:46:40.0050 6796 NlaSvc - ok
22:46:40.0089 6796 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:46:40.0090 6796 Npfs - ok
22:46:40.0109 6796 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
22:46:40.0111 6796 nsi - ok
22:46:40.0123 6796 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:46:40.0124 6796 nsiproxy - ok
22:46:40.0210 6796 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:46:40.0216 6796 Ntfs - ok
22:46:40.0281 6796 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:46:40.0282 6796 Null - ok
22:46:40.0309 6796 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:46:40.0310 6796 nvraid - ok
22:46:40.0333 6796 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:46:40.0335 6796 nvstor - ok
22:46:40.0364 6796 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:46:40.0365 6796 nv_agp - ok
22:46:40.0498 6796 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:46:40.0501 6796 odserv - ok
22:46:40.0537 6796 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:46:40.0538 6796 ohci1394 - ok
22:46:40.0568 6796 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:46:40.0569 6796 ose - ok
22:46:40.0605 6796 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:46:40.0611 6796 p2pimsvc - ok
22:46:40.0649 6796 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
22:46:40.0663 6796 p2psvc - ok
22:46:40.0708 6796 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:46:40.0709 6796 Parport - ok
22:46:40.0750 6796 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
22:46:40.0751 6796 partmgr - ok
22:46:40.0765 6796 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:46:40.0766 6796 Parvdm - ok
22:46:40.0791 6796 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
22:46:40.0802 6796 PcaSvc - ok
22:46:40.0821 6796 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:46:40.0822 6796 pci - ok
22:46:40.0838 6796 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:46:40.0840 6796 pciide - ok
22:46:40.0859 6796 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:46:40.0860 6796 pcmcia - ok
22:46:40.0879 6796 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:46:40.0880 6796 pcw - ok
22:46:40.0917 6796 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:46:40.0927 6796 PEAUTH - ok
22:46:41.0035 6796 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
22:46:41.0057 6796 pla - ok
22:46:41.0185 6796 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
22:46:41.0200 6796 PlugPlay - ok
22:46:41.0218 6796 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
22:46:41.0220 6796 Pml Driver HPZ12 - ok
22:46:41.0245 6796 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\Windows\system32\PnkBstrA.exe
22:46:41.0247 6796 PnkBstrA - ok
22:46:41.0266 6796 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
22:46:41.0268 6796 PNRPAutoReg - ok
22:46:41.0291 6796 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:46:41.0294 6796 PNRPsvc - ok
22:46:41.0344 6796 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
22:46:41.0356 6796 PolicyAgent - ok
22:46:41.0390 6796 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
22:46:41.0402 6796 Power - ok
22:46:41.0440 6796 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:46:41.0442 6796 PptpMiniport - ok
22:46:41.0457 6796 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:46:41.0458 6796 Processor - ok
22:46:41.0503 6796 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
22:46:41.0513 6796 ProfSvc - ok
22:46:41.0548 6796 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:46:41.0550 6796 ProtectedStorage - ok
22:46:41.0566 6796 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:46:41.0570 6796 Psched - ok
22:46:41.0652 6796 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:46:41.0659 6796 ql2300 - ok
22:46:41.0751 6796 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:46:41.0752 6796 ql40xx - ok
22:46:41.0779 6796 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
22:46:41.0796 6796 QWAVE - ok
22:46:41.0808 6796 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:46:41.0809 6796 QWAVEdrv - ok
22:46:41.0820 6796 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:46:41.0821 6796 RasAcd - ok
22:46:41.0840 6796 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:46:41.0842 6796 RasAgileVpn - ok
22:46:41.0854 6796 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
22:46:41.0867 6796 RasAuto - ok
22:46:41.0879 6796 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:46:41.0881 6796 Rasl2tp - ok
22:46:41.0910 6796 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
22:46:41.0948 6796 RasMan - ok
22:46:41.0999 6796 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:46:42.0001 6796 RasPppoe - ok
22:46:42.0008 6796 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:46:42.0009 6796 RasSstp - ok
22:46:42.0068 6796 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:46:42.0074 6796 rdbss - ok
22:46:42.0091 6796 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:46:42.0092 6796 rdpbus - ok
22:46:42.0118 6796 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:46:42.0119 6796 RDPCDD - ok
22:46:42.0132 6796 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:46:42.0134 6796 RDPENCDD - ok
22:46:42.0139 6796 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:46:42.0141 6796 RDPREFMP - ok
22:46:42.0181 6796 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
22:46:42.0191 6796 RDPWD - ok
22:46:42.0219 6796 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:46:42.0221 6796 rdyboost - ok
22:46:42.0248 6796 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
22:46:42.0251 6796 RemoteAccess - ok
22:46:42.0264 6796 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
22:46:42.0276 6796 RemoteRegistry - ok
22:46:42.0298 6796 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
22:46:42.0299 6796 RimUsb - ok
22:46:42.0322 6796 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
22:46:42.0324 6796 RpcEptMapper - ok
22:46:42.0349 6796 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
22:46:42.0351 6796 RpcLocator - ok
22:46:42.0387 6796 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:46:42.0390 6796 RpcSs - ok
22:46:42.0403 6796 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:46:42.0405 6796 rspndr - ok
22:46:42.0435 6796 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
22:46:42.0436 6796 RTL8167 - ok
22:46:42.0563 6796 rtpMIDIService (651f33c42d88ec9b577ea5e9ac4b6970) C:\Program Files\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
22:46:42.0569 6796 rtpMIDIService - ok
22:46:42.0715 6796 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:46:42.0716 6796 SamSs - ok
22:46:42.0769 6796 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:46:42.0770 6796 sbp2port - ok
22:46:42.0807 6796 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
22:46:42.0818 6796 SCardSvr - ok
22:46:42.0844 6796 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:46:42.0845 6796 scfilter - ok
22:46:42.0925 6796 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
22:46:42.0934 6796 Schedule - ok
22:46:42.0949 6796 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:46:42.0951 6796 SCPolicySvc - ok
22:46:42.0979 6796 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
22:46:42.0991 6796 SDRSVC - ok
22:46:43.0015 6796 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:46:43.0016 6796 secdrv - ok
22:46:43.0031 6796 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
22:46:43.0033 6796 seclogon - ok
22:46:43.0043 6796 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
22:46:43.0045 6796 SENS - ok
22:46:43.0064 6796 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
22:46:43.0067 6796 SensrSvc - ok
22:46:43.0075 6796 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:46:43.0076 6796 Serenum - ok
22:46:43.0096 6796 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:46:43.0100 6796 Serial - ok
22:46:43.0118 6796 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:46:43.0119 6796 sermouse - ok
22:46:43.0148 6796 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
22:46:43.0160 6796 SessionEnv - ok
22:46:43.0185 6796 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:46:43.0186 6796 sffdisk - ok
22:46:43.0195 6796 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:46:43.0197 6796 sffp_mmc - ok
22:46:43.0212 6796 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:46:43.0213 6796 sffp_sd - ok
22:46:43.0223 6796 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:46:43.0224 6796 sfloppy - ok
22:46:43.0255 6796 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
22:46:43.0269 6796 SharedAccess - ok
22:46:43.0308 6796 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
22:46:43.0320 6796 ShellHWDetection - ok
22:46:43.0334 6796 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:46:43.0335 6796 sisagp - ok
22:46:43.0349 6796 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:46:43.0349 6796 SiSRaid2 - ok
22:46:43.0364 6796 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:46:43.0365 6796 SiSRaid4 - ok
22:46:43.0379 6796 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:46:43.0381 6796 Smb - ok
22:46:43.0394 6796 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
22:46:43.0397 6796 SNMPTRAP - ok
22:46:43.0404 6796 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:46:43.0405 6796 spldr - ok
22:46:43.0433 6796 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
22:46:43.0436 6796 Spooler - ok
22:46:43.0609 6796 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
22:46:43.0625 6796 sppsvc - ok
22:46:43.0776 6796 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
22:46:43.0779 6796 sppuinotify - ok
22:46:43.0818 6796 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:46:43.0823 6796 srv - ok
22:46:43.0857 6796 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:46:43.0870 6796 srv2 - ok
22:46:43.0885 6796 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:46:43.0898 6796 srvnet - ok
22:46:43.0920 6796 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
22:46:43.0922 6796 SSDPSRV - ok
22:46:43.0964 6796 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
22:46:43.0969 6796 SstpSvc - ok
22:46:44.0010 6796 Steam Client Service - ok
22:46:44.0044 6796 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:46:44.0045 6796 stexstor - ok
22:46:44.0089 6796 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
22:46:44.0090 6796 StillCam - ok
22:46:44.0126 6796 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
22:46:44.0132 6796 StiSvc - ok
22:46:44.0155 6796 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:46:44.0156 6796 swenum - ok
22:46:44.0183 6796 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:46:44.0196 6796 swprv - ok
22:46:44.0273 6796 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
22:46:44.0296 6796 SysMain - ok
22:46:44.0312 6796 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
22:46:44.0315 6796 TabletInputService - ok
22:46:44.0351 6796 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
22:46:44.0357 6796 TapiSrv - ok
22:46:44.0369 6796 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:46:44.0371 6796 TBS - ok
22:46:44.0492 6796 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
22:46:44.0499 6796 Tcpip - ok
22:46:44.0679 6796 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
22:46:44.0686 6796 TCPIP6 - ok
22:46:44.0745 6796 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:46:44.0747 6796 tcpipreg - ok
22:46:44.0772 6796 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:46:44.0773 6796 TDPIPE - ok
22:46:44.0811 6796 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
22:46:44.0813 6796 TDTCP - ok
22:46:44.0840 6796 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:46:44.0841 6796 tdx - ok
22:46:44.0859 6796 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:46:44.0861 6796 TermDD - ok
22:46:44.0901 6796 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
22:46:44.0914 6796 TermService - ok
22:46:44.0933 6796 teVirtualMIDI32 (18c7c68dc3e243ee76e1e84f4008c712) C:\Windows\system32\DRIVERS\teVirtualMIDI32.sys
22:46:44.0934 6796 teVirtualMIDI32 - ok
22:46:44.0962 6796 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:46:44.0965 6796 Themes - ok
22:46:44.0995 6796 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:46:44.0997 6796 THREADORDER - ok
22:46:45.0046 6796 TPkd (8f7f06ede2c6b8767b5c7de3a4118bd3) C:\Windows\system32\drivers\TPkd.sys
22:46:45.0047 6796 TPkd - ok
22:46:45.0062 6796 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:46:45.0067 6796 TrkWks - ok
22:46:45.0106 6796 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
22:46:45.0107 6796 TrustedInstaller - ok
22:46:45.0121 6796 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:46:45.0122 6796 tssecsrv - ok
22:46:45.0139 6796 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:46:45.0140 6796 TsUsbFlt - ok
22:46:45.0162 6796 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:46:45.0165 6796 tunnel - ok
22:46:45.0191 6796 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:46:45.0192 6796 uagp35 - ok
22:46:45.0236 6796 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:46:45.0243 6796 udfs - ok
22:46:45.0271 6796 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:46:45.0273 6796 UI0Detect - ok
22:46:45.0297 6796 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:46:45.0298 6796 uliagpkx - ok
22:46:45.0316 6796 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
22:46:45.0317 6796 umbus - ok
22:46:45.0333 6796 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:46:45.0334 6796 UmPass - ok
22:46:45.0365 6796 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:46:45.0371 6796 upnphost - ok
22:46:45.0406 6796 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
22:46:45.0407 6796 USBAAPL - ok
22:46:45.0438 6796 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
22:46:45.0443 6796 usbaudio - ok
22:46:45.0462 6796 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:46:45.0464 6796 usbccgp - ok
22:46:45.0495 6796 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:46:45.0496 6796 usbcir - ok
22:46:45.0532 6796 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
22:46:45.0534 6796 usbehci - ok
22:46:45.0558 6796 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:46:45.0565 6796 usbhub - ok
22:46:45.0574 6796 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
22:46:45.0576 6796 usbohci - ok
22:46:45.0588 6796 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:46:45.0590 6796 usbprint - ok
22:46:45.0607 6796 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
22:46:45.0608 6796 usbscan - ok
22:46:45.0635 6796 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:46:45.0637 6796 USBSTOR - ok
22:46:45.0650 6796 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
22:46:45.0651 6796 usbuhci - ok
22:46:45.0659 6796 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:46:45.0661 6796 UxSms - ok
22:46:45.0681 6796 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:46:45.0683 6796 VaultSvc - ok
22:46:45.0691 6796 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:46:45.0693 6796 vdrvroot - ok
22:46:45.0739 6796 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
22:46:45.0748 6796 vds - ok
22:46:45.0761 6796 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:46:45.0762 6796 vga - ok
22:46:45.0778 6796 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:46:45.0779 6796 VgaSave - ok
22:46:45.0809 6796 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:46:45.0819 6796 vhdmp - ok
22:46:45.0841 6796 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:46:45.0842 6796 viaagp - ok
22:46:45.0859 6796 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:46:45.0860 6796 ViaC7 - ok
22:46:45.0870 6796 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:46:45.0871 6796 viaide - ok
22:46:45.0885 6796 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:46:45.0887 6796 volmgr - ok
22:46:45.0914 6796 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:46:45.0919 6796 volmgrx - ok
22:46:45.0938 6796 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:46:45.0940 6796 volsnap - ok
22:46:45.0969 6796 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:46:45.0970 6796 vsmraid - ok
22:46:46.0034 6796 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
22:46:46.0052 6796 VSS - ok
22:46:46.0205 6796 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
22:46:46.0210 6796 vToolbarUpdater11.2.0 - ok
22:46:46.0346 6796 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
22:46:46.0347 6796 vwifibus - ok
22:46:46.0381 6796 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:46:46.0396 6796 W32Time - ok
22:46:46.0411 6796 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:46:46.0412 6796 WacomPen - ok
22:46:46.0437 6796 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:46:46.0439 6796 WANARP - ok
22:46:46.0441 6796 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:46:46.0442 6796 Wanarpv6 - ok
22:46:46.0538 6796 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
22:46:46.0545 6796 WatAdminSvc - ok
22:46:46.0689 6796 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
22:46:46.0708 6796 wbengine - ok
22:46:46.0731 6796 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
22:46:46.0742 6796 WbioSrvc - ok
22:46:46.0781 6796 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
22:46:46.0795 6796 wcncsvc - ok
22:46:46.0813 6796 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
22:46:46.0816 6796 WcsPlugInService - ok
22:46:46.0852 6796 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:46:46.0852 6796 Wd - ok
22:46:46.0884 6796 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:46:46.0887 6796 Wdf01000 - ok
22:46:46.0900 6796 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:46:46.0905 6796 WdiServiceHost - ok
22:46:46.0908 6796 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:46:46.0911 6796 WdiSystemHost - ok
22:46:46.0937 6796 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
22:46:46.0946 6796 WebClient - ok
22:46:46.0956 6796 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
22:46:46.0960 6796 Wecsvc - ok
22:46:46.0973 6796 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
22:46:46.0975 6796 wercplsupport - ok
22:46:46.0988 6796 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
22:46:46.0991 6796 WerSvc - ok
22:46:47.0001 6796 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:46:47.0003 6796 WfpLwf - ok
22:46:47.0017 6796 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:46:47.0019 6796 WIMMount - ok
22:46:47.0115 6796 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:46:47.0127 6796 WinDefend - ok
22:46:47.0133 6796 WinHttpAutoProxySvc - ok
22:46:47.0186 6796 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
22:46:47.0195 6796 Winmgmt - ok
22:46:47.0264 6796 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
22:46:47.0284 6796 WinRM - ok
22:46:47.0333 6796 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
22:46:47.0335 6796 WinUsb - ok
22:46:47.0422 6796 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
22:46:47.0435 6796 Wlansvc - ok
22:46:47.0453 6796 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:46:47.0454 6796 WmiAcpi - ok
22:46:47.0505 6796 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
22:46:47.0516 6796 wmiApSrv - ok
22:46:47.0619 6796 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:46:47.0625 6796 WMPNetworkSvc - ok
22:46:47.0764 6796 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
22:46:47.0767 6796 WPCSvc - ok
22:46:47.0788 6796 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
22:46:47.0801 6796 WPDBusEnum - ok
22:46:47.0839 6796 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:46:47.0840 6796 ws2ifsl - ok
22:46:47.0898 6796 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
22:46:47.0903 6796 wscsvc - ok
22:46:47.0943 6796 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:46:47.0943 6796 WSDPrintDevice - ok
22:46:47.0980 6796 WSDScan (7dc0270cfd4a05b4112e3ebbf083b595) C:\Windows\system32\DRIVERS\WSDScan.sys
22:46:47.0980 6796 WSDScan - ok
22:46:47.0984 6796 WSearch - ok
22:46:48.0095 6796 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
22:46:48.0106 6796 wuauserv - ok
22:46:48.0180 6796 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:46:48.0185 6796 WudfPf - ok
22:46:48.0203 6796 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:46:48.0214 6796 WUDFRd - ok
22:46:48.0234 6796 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
22:46:48.0239 6796 wudfsvc - ok
22:46:48.0267 6796 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
22:46:48.0276 6796 WwanSvc - ok
22:46:48.0279 6796 XDva392 - ok
22:46:48.0319 6796 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
22:46:48.0320 6796 xusb21 - ok
22:46:48.0363 6796 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:46:48.0571 6796 \Device\Harddisk0\DR0 - ok
22:46:48.0573 6796 Boot (0x1200) (9e01af3bef866efbd81a6b8b5ab5a465) \Device\Harddisk0\DR0\Partition0
22:46:48.0575 6796 \Device\Harddisk0\DR0\Partition0 - ok
22:46:48.0608 6796 Boot (0x1200) (ad12c464974271461aefd9bb9abaff78) \Device\Harddisk0\DR0\Partition1
22:46:48.0609 6796 \Device\Harddisk0\DR0\Partition1 - ok
22:46:48.0610 6796 ============================================================
22:46:48.0610 6796 Scan finished
22:46:48.0610 6796 ============================================================
22:46:48.0617 3284 Detected object count: 0
22:46:48.0617 3284 Actual detected object count: 0


aswMBR:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-25 22:51:49
-----------------------------
22:51:49.149 OS Version: Windows 6.1.7601 Service Pack 1
22:51:49.149 Number of processors: 2 586 0x170A
22:51:49.152 ComputerName: CHARLIE UserName:
22:52:03.260 Initialize success
22:52:45.214 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:52:45.216 Disk 0 Vendor: WDC_WD3200AAKS-75L9A0 02.03E02 Size: 305245MB BusType: 11
22:52:45.229 Disk 0 MBR read successfully
22:52:45.231 Disk 0 MBR scan
22:52:45.233 Disk 0 Windows 7 default MBR code
22:52:45.237 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:52:45.249 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
22:52:45.252 Disk 0 scanning sectors +625139712
22:52:45.335 Disk 0 scanning C:\Windows\system32\drivers
22:52:53.159 Service scanning
22:53:05.518 Modules scanning
22:53:09.373 Disk 0 trace - called modules:
22:53:09.387 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
22:53:09.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a59030]
22:53:09.395 3 CLASSPNP.SYS[88dda59e] -> nt!IofCallDriver -> [0x855a6c10]
22:53:09.400 5 ACPI.sys[888af3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85558908]
22:53:09.404 Scan finished successfully
22:56:15.251 Disk 0 MBR has been saved successfully to "C:\Users\My Computer\Desktop\counter measures\logs\MBR.dat"
22:56:15.256 The log file has been saved successfully to "C:\Users\My Computer\Desktop\counter measures\logs\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:06 PM

Posted 25 July 2012 - 11:59 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 thesmirker

thesmirker
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 27 July 2012 - 12:38 AM

My computer is running fine now thanks to you and I had no problems so far.
Here is the log you asked for.


ComboFix 12-07-27.02 - My Computer 07/26/2012 14:33:39.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2013.1026 [GMT -4:00]
Running from: c:\users\My Computer\Desktop\counter measures\ComboFix.exe
Command switches used :: c:\users\My Computer\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-26 18:47 . 2012-07-26 18:47 -------- d-----w- c:\users\Mario\AppData\Local\temp
2012-07-26 18:47 . 2012-07-26 18:47 -------- d-----w- c:\users\Kevin\AppData\Local\temp
2012-07-26 18:47 . 2012-07-26 18:47 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-26 18:47 . 2012-07-26 18:47 -------- d-----w- c:\users\Dora\AppData\Local\temp
2012-07-26 18:47 . 2012-07-26 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-26 18:47 . 2012-07-26 18:47 -------- d-----w- c:\users\Charlie\AppData\Local\temp
2012-07-25 18:40 . 2012-07-26 18:50 -------- d-----w- c:\users\My Computer\AppData\Local\temp
2012-07-20 05:21 . 2012-07-20 05:21 -------- d-----w- c:\users\Dora\AppData\Roaming\AVG2012
2012-07-18 16:45 . 2012-07-18 16:45 -------- d-----w- c:\users\Mario\AppData\Roaming\AVG2012
2012-07-17 16:55 . 2012-07-17 16:55 -------- d-----w- c:\users\Kevin\AppData\Roaming\AVG2012
2012-07-17 03:33 . 2012-07-17 03:33 -------- d-----w- c:\users\Guest\AppData\Roaming\AVG2012
2012-07-17 03:28 . 2012-07-17 03:28 -------- d-----w- c:\users\My Computer\AppData\Roaming\AVG2012
2012-07-17 03:27 . 2012-07-17 03:27 -------- d-----w- c:\program files\AVG Secure Search
2012-07-17 03:25 . 2012-07-26 17:27 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-17 03:25 . 2012-07-19 16:37 -------- d-----w- c:\programdata\AVG2012
2012-07-17 03:25 . 2012-07-17 03:25 -------- d-----w- C:\$AVG
2012-07-17 03:24 . 2012-07-17 03:24 -------- d-----w- c:\program files\AVG
2012-07-17 03:22 . 2012-07-26 17:27 -------- d-----w- c:\programdata\MFAData
2012-07-17 00:38 . 2012-07-17 00:38 -------- d-----w- c:\users\Kevin\AppData\Local\Macromedia
2012-07-17 00:37 . 2012-07-17 00:37 -------- d-----w- c:\users\Kevin\AppData\Local\Wajam
2012-07-16 22:17 . 2012-07-23 19:19 -------- d-----w- c:\users\My Computer\AppData\Roaming\.minecraft
2012-07-15 18:39 . 2012-07-15 18:39 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-14 00:36 . 2012-07-14 00:36 -------- d-----w- c:\users\My Computer\AppData\Local\Smogon
2012-07-13 15:49 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CB6DDAB-2A22-4766-88DE-79A3A4C538B1}\mpengine.dll
2012-07-12 16:27 . 2012-07-12 16:27 -------- d-----w- c:\users\Charlie\AppData\Local\AVG Secure Search
2012-07-10 19:29 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 20:42 . 2012-07-03 00:13 -------- d-----w- c:\users\My Computer\AppData\Local\ESN Sonar
2012-06-27 13:40 . 2012-06-27 13:40 -------- d-----w- c:\program files\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 17:03 . 2012-01-28 01:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 17:03 . 2011-07-05 19:33 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-02 22:19 . 2012-06-21 14:23 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 14:23 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 14:23 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 14:23 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 14:23 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 14:23 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 14:23 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 14:22 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-21 14:22 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-01 04:44 . 2012-06-13 22:00 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 22:00 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-18 03:07 . 2011-12-19 01:55 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}]
2012-01-17 19:28 262312 ----a-w- c:\program files\blekkotb\auxi\blekkoAu.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
2012-01-17 19:28 86696 ----a-w- c:\program files\blekkotb\blekkoDx.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-17 03:27 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2011-06-07 21:26 1544192 ----a-w- c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-18 00:40 1492456 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-06-07 1544192]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-18 1492456]
"{26c9e18c-3717-4be1-a225-04e4471f5b6e}"= "c:\program files\blekkotb\blekkoDx.dll" [2012-01-17 86696]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-17 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{26c9e18c-3717-4be1-a225-04e4471f5b6e}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-06-07 1544192]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2011-09-19 1242448]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-11-26 3082320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-18 395240]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-12-23 2629632]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-01-17 232616]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-17 1107552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2011-8-15 2589808]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MIDI1"=myokent.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 dsiarhwprog;dsiarhwprog;c:\windows\system32\Drivers\dsiarhwprog.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R3 XDva392;XDva392;c:\windows\system32\XDva392.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 rtpMIDIService;rtpMIDIService;c:\program files\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [x]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
S3 bomebus;Bome's Virtual MIDI Port Bus Service;c:\windows\system32\DRIVERS\bomebus.sys [x]
S3 bomemidi;Bome's Virtual MIDI Port;c:\windows\system32\drivers\bomemidi.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 teVirtualMIDI32;teVirtualMIDI - Virtual MIDI Driver x86;c:\windows\system32\DRIVERS\teVirtualMIDI32.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-01-28 17:03]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 19:40]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-27 19:40]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1506541173-725849197-1135309587-1001Core.job
- c:\users\My Computer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29 15:59]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1506541173-725849197-1135309587-1001UA.job
- c:\users\My Computer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29 15:59]
.
2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1506541173-725849197-1135309587-1004Core.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 15:59]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1506541173-725849197-1135309587-1004UA.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-05 15:59]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1506541173-725849197-1135309587-1005Core.job
- c:\users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 15:59]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1506541173-725849197-1135309587-1005UA.job
- c:\users\Mario\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-10 15:59]
.
2012-05-20 c:\windows\Tasks\Norton Security Scan for My Computer.job
- c:\progra~1\NORTON~2\Engine\300~1.103\Nss.exe [2011-01-28 08:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://isearch.avg.com/?cid={F84D6416-E069-46C7-A3DC-3085209BE10F}&mid=e6d30f24994847d0a022d16c220509ec-de673a44b610376fbaf73c9872f95dbd29c0ece4&lang=en&ds=cv011&pr=sa&d=2012-05-26 09:50&v=11.1.0.7&sap=hp
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyD0CyEyB0E0F0C0ByDyEtAtN0D0TzutBtDtCtBtDyCtDyB&cr=365898603
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\My Computer\AppData\Roaming\Mozilla\Firefox\Profiles\uafjousj.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={F84D6416-E069-46C7-A3DC-3085209BE10F}&mid=e6d30f24994847d0a022d16c220509ec-de673a44b610376fbaf73c9872f95dbd29c0ece4&lang=en&ds=cv011&pr=sa&d=2012-05-26 09:50&v=11.1.0.12&sap=hp
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - user.js: extensions.BabylonToolbar_i.id - ce3db543000000000000002564e1e01f
FF - user.js: extensions.BabylonToolbar_i.hardId - ce3db543000000000000002564e1e01f
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15420
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:33
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=55555
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt -
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"=hex:51,66,7a,6c,4c,1d,38,12,dc,dd,18,
cc,07,c9,a8,01,c2,43,e2,8c,d0,0b,22,6e
"{61539ECD-CC67-4437-A03C-9AACCBD14326}"=hex:51,66,7a,6c,4c,1d,38,12,a3,9d,40,
65,55,82,59,01,df,2a,d9,ec,ce,8f,07,32
"{B54561DB-0BBB-41B4-A814-DF8301FE0A8E}"=hex:51,66,7a,6c,4c,1d,38,12,b5,62,56,
b1,89,45,da,04,d7,02,9c,c3,04,a0,4e,9a
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{4A0BA746-D4D6-41A6-81EF-413E52B5F8D6}"=hex:51,66,7a,6c,4c,1d,38,12,28,a4,18,
4e,e4,9a,c8,04,fe,f9,02,7e,57,eb,bc,c2
"{5BE1ED16-E6DD-4C4E-A596-6CFD5EE7C1EE}"=hex:51,66,7a,6c,4c,1d,38,12,78,ee,f2,
5f,ef,a8,20,09,da,80,2f,bd,5b,b9,85,fa
"{B0CDA128-B425-4EEF-A174-61A11AC5DBF8}"=hex:51,66,7a,6c,4c,1d,38,12,46,a2,de,
b4,17,fa,81,0b,de,62,22,e1,1f,9b,9f,ec
"{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}"=hex:51,66,7a,6c,4c,1d,38,12,a5,b6,f7,
bb,c5,2d,3f,0f,ed,70,22,27,60,03,1f,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:29,ec,33,a0,ce,64,cc,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-26 14:53:52
ComboFix-quarantined-files.txt 2012-07-26 18:53
ComboFix2.txt 2012-07-25 18:57
.
Pre-Run: 168,867,225,600 bytes free
Post-Run: 168,941,719,552 bytes free
.
- - End Of File - - B668FCE4378393CE22FB9ADEA10657BE

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:06 PM

Posted 27 July 2012 - 12:45 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 thesmirker

thesmirker
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 27 July 2012 - 12:55 AM

Here is the report I got.

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Ace of Spades
Action Replay DSi Code Manager
Adblock Pro 3.4
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Anti-phishing Domain Advisor
AOL Messaging Toolbar
APB Reloaded
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
AVG 2012
Babylon toolbar on IE
Battlefield Heroes
Battlelog Web Plugins
Bing Bar
Bing Rewards Client Installer
Bome's Virtual MIDI Port 1.0.0.11
Bonjour
Brother MFL-Pro Suite MFC-J430W
Browse For Change
BufferChm
C4700
Cave Story Deluxe
Combat Arms
Compatibility Pack for the 2007 Office system
CopyToy 1.0.0.0
Destinations
DeviceDiscovery
Dogpile Bundle Toolbar
Download Updater (AOL LLC)
Drumaxx
Firebird SQL Server - MAGIX Edition
FL Studio 10
Fliptoast
GamersFirst LIVE!
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
Hardcore
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
iCloud
iCopyBot for Windows 7.2.5
IL Download Manager
iTunes
Java 3D 1.5.1
Java Auto Updater
Java DB 10.5.3.0
Java™ 6 Update 22
Java™ 6 Update 31
Java™ SE Development Kit 6 Update 22
K-Lite Codec Pack 6.8.0 (Full)
KAG 0.95A
Live 8.2.1
Live 8.2.2
LogMeIn Hamachi
MAGIX Goya burnR (MSI)
MAGIX Music Maker MX Download Version
MAGIX Screenshare
Malwarebytes' Anti-Malware
MarketResearch
Mavis Beacon Teaches Typing Platinum 20
Max 5.1.9
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Help Actualización (KB963678)
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Spanish) 2007
Microsoft Office InfoPath MUI (Spanish) 2007 (Beta)
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office Outlook 2007 Help Actualización (KB963677)
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Word 2007 Help Actualización (KB963665)
Microsoft Office Word MUI (Spanish) 2007
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
MIDI Yoke
MobileMe Control Panel
MotioninJoy ds3 driver version 0.6.0004
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Native Instruments Audio 2 DJ
Native Instruments Audio 4 DJ
Native Instruments Audio 8 DJ
Native Instruments Controller Editor
Native Instruments FM8
Native Instruments Massive
Native Instruments Reaktor 5
Native Instruments Reaktor Factory Selection
Native Instruments Service Center
Native Instruments Traktor 2
Native Instruments Traktor Audio 10
Native Instruments Traktor Audio 2
Native Instruments Traktor Audio 6
Native Instruments Traktor Kontrol S2
Native Instruments Traktor Kontrol S4
Native Instruments Traktor Kontrol X1
NetBeans IDE 6.9.1
Network
Nexon Game Manager
Norton Security Scan
NVIDIA PhysX
Ohm Force - Ohmicide VST
OpenAL
OpenOffice.org 3.3
Paint.NET v3.5.10
Panda USB Vaccine 1.0.1.4
Pando Media Booster
Pd-0.42.5-extended
Picasa 3
PoiZone
Portal
Post Apocalyptic Mayhem
PricePeep for Google Chrome
PS_AIO_06_C4700_SW_Min
PunkBuster Services
PX5 Advanced Sound Editor
QuickTime
QuickTransfer
Realtek Ethernet Controller Driver For Windows 7
rtpMIDI
Safari
Sakura
Sawer
Scan
Search-Results Toolbar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Shop for HP Supplies
ShufflePlusVLOI
SmartWebPrinting
SolutionCenter
Spam Free Search Bar
Status
Steam
Stella 3.1.2
SweetPacks Toolbar for Internet Explorer 4.5
swMSM
Synthesia (remove only)
System Requirements Lab CYRI
System Requirements Lab for Intel
Team Fortress 2
Terraria version 1.0.4
Text-To-Speech-Runtime
Toolbox
TouchOSC Bridge version 1.0
Toxic Biohazard
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update Manager for SweetPacks 1.0
VirtualDJ Home FREE
Vizzed Retro Game Room
Voxatron 0.1.3
War Inc Battlezone version 1.0.0
War Inc. Battlezone
Warhammer® 40,000®: Dawn of War® II – Retribution™
WebReg
Windows Media Player Firefox Plugin
WinRAR 4.00 beta 3 (32-bit)
World of Warcraft

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:06 PM

Posted 27 July 2012 - 01:00 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java 3D 1.5.1
Java DB 10.5.3.0
Java™ 6 Update 22
Java™ 6 Update 31
Java™ SE Development Kit 6 Update 22
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 thesmirker

thesmirker
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 27 July 2012 - 04:05 PM

Here are the logs from hijackthis and mbam


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 912072709

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7/27/2012 3:56:21 PM
mbam-log-2012-07-27 (15-56-21).txt

Scan type: Quick scan
Objects scanned: 315289
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077227758} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Kevin\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
c:\Users\Kevin\local settings\application data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.

HiJackThis:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:13:06 PM, on 7/27/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Users\My Computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\My Computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\My Computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\My Computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\My Computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\My Computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\My Computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\My Computer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\My Computer\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={F84D6416-E069-46C7-A3DC-3085209BE10F}&mid=e6d30f24994847d0a022d16c220509ec-de673a44b610376fbaf73c9872f95dbd29c0ece4&lang=en&ds=cv011&pr=sa&d=2012-05-26 09:50:57&v=11.1.0.7&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzuyB0AyBzytDyD0CyEyB0E0F0C0ByDyEtAtN0D0TzutBtDtCtBtDyCtDyB&cr=365898603
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Updater For Spam Free Search Bar - {20a0be68-8fd9-4539-8712-ce3d1c1fdfc6} - C:\Program Files\blekkotb\auxi\blekkoAu.dll
O2 - BHO: Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: AOL Messaging Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: FCTBPos00Pos - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Search-Results Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Adblock Pro - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files\Adblock Pro\AdblockPro.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Dogpile Bundle Toolbar - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files\Dogpile Bundle Toolbar\Toolbar.dll
O3 - Toolbar: AOL Messaging Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Softonic Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Spam Free Search Bar - {26c9e18c-3717-4be1-a225-04e4471f5b6e} - C:\Program Files\blekkotb\blekkoDx.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll
O9 - Extra 'Tools' menuitem: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files\Adblock Pro\AdblockPro.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://74.72.192.1
O15 - ESC Trusted IP range: http://74.72.192.1
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: rtpMIDIService - Tobias Erichsen - C:\Program Files\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

--
End of file - 13252 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:06 PM

Posted 27 July 2012 - 05:26 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
      O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
      O4 - Global Startup: GamersFirst LIVE!.lnk = C:\Program Files\GamersFirst\LIVE!\Live.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 thesmirker

thesmirker
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 28 July 2012 - 11:43 PM

I got the report from ESET SCAN



C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application
C:\Program Files\PDFReader\Uninstall\Uninstall.exe a variant of Win32/Kryptik.HAZ trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{405f8173-b612-00ba-044d-c4118210fa38}\n.vir Win32/Sirefef.EV trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{405f8173-b612-00ba-044d-c4118210fa38}\U\00000004.@.vir Win32/Conedex.D trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{405f8173-b612-00ba-044d-c4118210fa38}\U\80000000.@.vir a variant of Win32/Sirefef.FA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{405f8173-b612-00ba-044d-c4118210fa38}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win32/Sirefef.FC trojan
C:\Users\Charlie\Downloads\gamebooster.exe a variant of Win32/Toolbar.Widgi application
C:\Users\Charlie\Downloads\PlayItAll-Setup-win32_2.exe Win32/Toolbar.Zugo application
C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@lplay.com\components\lptlf.dll a variant of Win32/Adware.Gamevance.BH application
C:\Users\Kevin\Downloads\minecraft setup (1).exe a variant of Win32/Soft32Downloader.B application
C:\Users\Kevin\Downloads\PDFReaderSetup.exe a variant of Win32/Kryptik.HAZ trojan
C:\Users\Kevin\Downloads\SoftonicDownloader_for_adblock.exe Win32/SoftonicDownloader.D application
C:\Users\Kevin\Downloads\SoftonicDownloader_for_minecraft.exe Win32/SoftonicDownloader.D application
C:\Users\My Computer\AppData\Local\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application
C:\Users\My Computer\Desktop\apbreloded\APB_Reloaded_Installer.exe Win32/OpenCandy application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2VS4XF4T\2jzgte[1].htm JS/Kryptik.EN trojan
C:\Windows\System32\config\systemprofile\AppData\Local\{405f8173-b612-00ba-044d-c4118210fa38}\n Win32/Sirefef.EV trojan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users