Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CANT GET RID OF Operating memory a variant of Win32/Sirefef.EZ trojan


  • This topic is locked This topic is locked
22 replies to this topic

#1 bone123

bone123

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 25 July 2012 - 06:43 PM

IM RUNNING WINDOWS 7 64 BIT ive ran a esat scan here are the results
C:\Users\BONE\Downloads\DTLite4454-0315.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan

this is the dds logs
im running in safe mode is very laggy and crashes running normally
. ran malawarebytes and avg they dont find anything

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_07
Run by BONE at 19:36:55 on 2012-07-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2769 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 68.87.74.162 68.87.68.162
TCP: Interfaces\{89417281-EF03-40F3-AA98-20D9703880C4} : DhcpNameServer = 68.87.74.162 68.87.68.162
TCP: Interfaces\{89417281-EF03-40F3-AA98-20D9703880C4}\44F67684F6573756 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{89417281-EF03-40F3-AA98-20D9703880C4}\6596374716C416370516C6D6163705F6F6C635F6574786 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{89417281-EF03-40F3-AA98-20D9703880C4}\6596374716D61627 : DhcpNameServer = 8.8.8.8 4.2.2.2 192.169.2.1 192.168.1.1
TCP: Interfaces\{89417281-EF03-40F3-AA98-20D9703880C4}\759464942416C6D6F62716C6 : DhcpNameServer = 192.168.0.1 208.67.222.222 208.67.220.220
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BONE\AppData\Roaming\Mozilla\Firefox\Profiles\7v870efd.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-6 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-11 654408]
S2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-4-20 365952]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 250056]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-4-20 193840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-6 136176]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-25 20:12:24 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-20 16:04:15 39184 ----a-w- C:\Windows\System32\Partizan.exe
2012-07-17 14:09:44 -------- d-----w- C:\ProgramData\RegRun
2012-07-11 20:31:40 -------- d-----w- C:\Users\BONE\AppData\Roaming\AVG2012
2012-07-11 20:30:41 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-07-11 20:29:38 -------- d--h--w- C:\$AVG
2012-07-11 20:29:38 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-07-11 20:29:38 -------- d-----w- C:\ProgramData\AVG2012
2012-07-11 20:28:58 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-11 20:26:14 -------- d--h--w- C:\ProgramData\Common Files
2012-07-11 20:26:14 -------- d-----w- C:\ProgramData\MFAData
2012-07-11 20:18:01 2 --shatr- C:\Windows\winstart.bat
2012-07-11 20:17:53 -------- d-----w- C:\Program Files (x86)\UnHackMe
2012-07-11 20:11:30 -------- d-----w- C:\Users\BONE\AppData\Local\Macromedia
2012-07-11 16:59:01 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 10:36:16 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-11 10:35:59 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2012-07-11 10:35:59 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 10:35:59 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 10:35:59 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 10:35:59 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 10:35:59 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 10:35:59 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-04 00:20:17 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-03 23:47:52 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6E0F0E96-0358-4FCD-8C88-0E314D26EE73}\mpengine.dll
2012-07-02 16:41:30 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2012-07-02 16:41:21 -------- d-----w- C:\ProgramData\Rosetta Stone
2012-07-02 16:41:21 -------- d-----w- C:\Program Files (x86)\Rosetta Stone
2012-07-02 16:22:11 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-07-02 16:22:05 -------- d-----w- C:\Users\BONE\AppData\Roaming\DAEMON Tools Lite
2012-07-02 16:22:03 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-07-02 16:21:36 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
.
==================== Find3M ====================
.
2012-07-11 21:54:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 21:54:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
============= FINISH: 19:37:28.74 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 26 July 2012 - 02:58 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bone123

bone123
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 26 July 2012 - 05:55 PM

here is the checkup file this is run in safe mode
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 7
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (6.0.2)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 26 July 2012 - 06:45 PM

ok I will be waiting for the report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 bone123

bone123
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 26 July 2012 - 07:15 PM

ComboFix 12-07-27.02 - BONE 07/26/2012 19:51:04.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2763 [GMT -4:00]
Running from: c:\users\BONE\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\37084920
c:\users\BONE\AppData\Local\{08AC2FEA-DCD9-477F-AB50-75B9C4C4D77D}
c:\users\BONE\AppData\Local\{08AC2FEA-DCD9-477F-AB50-75B9C4C4D77D}\chrome.manifest
c:\users\BONE\AppData\Local\{08AC2FEA-DCD9-477F-AB50-75B9C4C4D77D}\chrome\content\_cfg.js
c:\users\BONE\AppData\Local\{08AC2FEA-DCD9-477F-AB50-75B9C4C4D77D}\chrome\content\overlay.xul
c:\users\BONE\AppData\Local\{08AC2FEA-DCD9-477F-AB50-75B9C4C4D77D}\install.rdf
c:\users\BONE\AppData\Roaming\Adobe\plugs
c:\users\BONE\AppData\Roaming\Adobe\shed
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\cb.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\cb.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\cid.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\cid.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\ddv.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\ddv.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\delfile.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\delfile.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\delfile.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\dudl.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\dudl.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\eb.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\fan.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\fan.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\fan.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\fan.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\fix.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\FW.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\FW.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\gid.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\gid.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\gid.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\gid.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\grid.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\grid.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\grid.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\hymt.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\pal.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\pal.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\ppal.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\runddl.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\runddl.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\runddl.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\sld.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\sld.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\sld.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\sld.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\SM.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\snl2w.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\snl2w.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\snl2w.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\std.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\std.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\std.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\std.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\std.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp
c:\users\BONE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\00000004.@
c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\1afb2d56
c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\201d3dde
c:\windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\000000cb.@
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 00:03 . 2012-07-27 00:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-25 20:12 . 2012-07-25 20:12 -------- d-----w- c:\program files (x86)\ESET
2012-07-20 16:04 . 2012-07-20 16:04 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-07-17 14:09 . 2012-07-17 14:09 -------- d-----w- c:\programdata\RegRun
2012-07-11 20:31 . 2012-07-11 20:31 -------- d-----w- c:\users\BONE\AppData\Roaming\AVG2012
2012-07-11 20:30 . 2012-07-11 20:30 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-11 20:29 . 2012-07-26 21:52 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-11 20:29 . 2012-07-17 12:40 -------- d-----w- c:\programdata\AVG2012
2012-07-11 20:29 . 2012-07-11 20:29 -------- d-----w- C:\$AVG
2012-07-11 20:28 . 2012-07-11 20:28 -------- d-----w- c:\program files (x86)\AVG
2012-07-11 20:26 . 2012-07-26 22:51 -------- d-----w- c:\programdata\MFAData
2012-07-11 20:26 . 2012-07-11 20:26 -------- d--h--w- c:\programdata\Common Files
2012-07-11 20:18 . 2012-07-11 20:18 2 --shatr- c:\windows\winstart.bat
2012-07-11 20:17 . 2012-07-20 16:20 -------- d-----w- c:\program files (x86)\UnHackMe
2012-07-11 20:11 . 2012-07-11 20:11 -------- d-----w- c:\users\BONE\AppData\Local\Macromedia
2012-07-11 16:59 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 10:36 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 10:35 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 10:35 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 10:35 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 10:35 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 10:35 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 10:35 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 10:35 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-04 00:27 . 2012-07-04 00:27 -------- d-----w- c:\windows\Sun
2012-07-04 00:20 . 2012-07-04 00:20 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-03 23:47 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E0F0E96-0358-4FCD-8C88-0E314D26EE73}\mpengine.dll
2012-07-02 16:41 . 2012-07-02 16:41 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-07-02 16:41 . 2012-07-21 11:47 -------- d-----w- c:\programdata\Rosetta Stone
2012-07-02 16:41 . 2012-07-02 16:41 -------- d-----w- c:\program files (x86)\Rosetta Stone
2012-07-02 16:22 . 2012-07-02 16:22 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-02 16:22 . 2012-07-08 23:02 -------- d-----w- c:\users\BONE\AppData\Roaming\DAEMON Tools Lite
2012-07-02 16:22 . 2012-07-02 16:22 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-07-02 16:21 . 2012-07-02 16:23 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-07-01 21:29 . 2012-07-01 21:29 -------- d-----w- c:\users\Public\CyberLink
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 21:54 . 2012-04-12 12:23 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-11 21:54 . 2011-05-16 16:57 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 16:56 . 2010-05-11 12:18 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 19:16 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 19:16 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 19:16 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 19:16 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 19:16 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 19:16 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 19:16 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 19:16 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 19:16 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-04 11:06 . 2012-06-13 10:59 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 10:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 10:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 10:59 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 10:59 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-06 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-06 136176]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-02 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-10-06 365952]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2007-11-01 293376]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 126976]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-04 216064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - IDSVia64
*Deregistered* - SymEFA
*Deregistered* - SymEvent
*Deregistered* - SYMTDI
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 15:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 21:54]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-06 17:55]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-06 17:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1237288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 68.87.74.162 68.87.68.162
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
FF - ProfilePath - c:\users\BONE\AppData\Roaming\Mozilla\Firefox\Profiles\7v870efd.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-07-26 20:11:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-27 00:11
.
Pre-Run: 190,231,470,080 bytes free
Post-Run: 190,076,903,424 bytes free
.
- - End Of File - - A5D0321A75B7BD9ED33F1D67FF6B4F39

#6 bone123

bone123
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 26 July 2012 - 07:16 PM

it restarted the computer got rid of a couple of things restarted and generated a report
it seems to be ok. i dont seam to be getting redirected and the computer is more rsponsice

Edited by bone123, 26 July 2012 - 07:20 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 26 July 2012 - 08:34 PM

Greetings

Yes that got rid of allot of things

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 29 July 2012 - 01:38 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 01 August 2012 - 05:48 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 bone123

bone123
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 01 August 2012 - 02:42 PM

15:14:08.0642 2440 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:14:09.0110 2440 ============================================================
15:14:09.0110 2440 Current date / time: 2012/08/01 15:14:09.0110
15:14:09.0110 2440 SystemInfo:
15:14:09.0110 2440
15:14:09.0110 2440 OS Version: 6.1.7601 ServicePack: 1.0
15:14:09.0110 2440 Product type: Workstation
15:14:09.0110 2440 ComputerName: BONE-PC
15:14:09.0110 2440 UserName: BONE
15:14:09.0110 2440 Windows directory: C:\Windows
15:14:09.0110 2440 System windows directory: C:\Windows
15:14:09.0110 2440 Running under WOW64
15:14:09.0110 2440 Processor architecture: Intel x64
15:14:09.0110 2440 Number of processors: 2
15:14:09.0110 2440 Page size: 0x1000
15:14:09.0110 2440 Boot type: Normal boot
15:14:09.0110 2440 ============================================================
15:14:12.0090 2440 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:14:12.0105 2440 ============================================================
15:14:12.0105 2440 \Device\Harddisk0\DR0:
15:14:12.0105 2440 MBR partitions:
15:14:12.0105 2440 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1B933800
15:14:12.0105 2440 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B934000, BlocksNum 0x1890000
15:14:12.0105 2440 ============================================================
15:14:12.0121 2440 C: <-> \Device\Harddisk0\DR0\Partition0
15:14:12.0183 2440 D: <-> \Device\Harddisk0\DR0\Partition1
15:14:12.0183 2440 ============================================================
15:14:12.0183 2440 Initialize success
15:14:12.0183 2440 ============================================================
15:14:29.0609 3780 ============================================================
15:14:29.0609 3780 Scan started
15:14:29.0609 3780 Mode: Manual;
15:14:29.0609 3780 ============================================================
15:14:31.0059 3780 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:14:31.0075 3780 1394ohci - ok
15:14:31.0122 3780 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:14:31.0122 3780 ACPI - ok
15:14:31.0137 3780 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:14:31.0153 3780 AcpiPmi - ok
15:14:31.0637 3780 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:14:31.0637 3780 AdobeFlashPlayerUpdateSvc - ok
15:14:31.0730 3780 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:14:31.0730 3780 adp94xx - ok
15:14:31.0808 3780 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:14:31.0808 3780 adpahci - ok
15:14:31.0839 3780 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:14:31.0839 3780 adpu320 - ok
15:14:31.0886 3780 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:14:31.0886 3780 AeLookupSvc - ok
15:14:31.0949 3780 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:14:31.0964 3780 AFD - ok
15:14:31.0995 3780 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:14:32.0011 3780 agp440 - ok
15:14:32.0073 3780 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:14:32.0073 3780 ALG - ok
15:14:32.0089 3780 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:14:32.0089 3780 aliide - ok
15:14:32.0089 3780 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:14:32.0105 3780 amdide - ok
15:14:32.0151 3780 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:14:32.0167 3780 AmdK8 - ok
15:14:32.0183 3780 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:14:32.0198 3780 AmdPPM - ok
15:14:32.0245 3780 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:14:32.0245 3780 amdsata - ok
15:14:32.0292 3780 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:14:32.0292 3780 amdsbs - ok
15:14:32.0307 3780 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:14:32.0307 3780 amdxata - ok
15:14:32.0370 3780 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:14:32.0370 3780 AppID - ok
15:14:32.0417 3780 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:14:32.0432 3780 AppIDSvc - ok
15:14:32.0479 3780 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:14:32.0479 3780 Appinfo - ok
15:14:32.0604 3780 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:14:32.0620 3780 arc - ok
15:14:32.0651 3780 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:14:32.0651 3780 arcsas - ok
15:14:32.0698 3780 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:14:32.0698 3780 AsyncMac - ok
15:14:32.0744 3780 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:14:32.0744 3780 atapi - ok
15:14:32.0885 3780 athr (8c56e93749ba53a4b645963d3439e01e) C:\Windows\system32\DRIVERS\athrx.sys
15:14:32.0932 3780 athr - ok
15:14:33.0134 3780 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:14:33.0150 3780 AudioEndpointBuilder - ok
15:14:33.0166 3780 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:14:33.0166 3780 AudioSrv - ok
15:14:33.0899 3780 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
15:14:34.0055 3780 AVGIDSAgent - ok
15:14:34.0663 3780 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
15:14:34.0663 3780 AVGIDSDriver - ok
15:14:34.0772 3780 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
15:14:34.0772 3780 AVGIDSFilter - ok
15:14:34.0819 3780 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
15:14:34.0819 3780 AVGIDSHA - ok
15:14:34.0944 3780 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
15:14:34.0944 3780 Avgldx64 - ok
15:14:34.0975 3780 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
15:14:34.0975 3780 Avgmfx64 - ok
15:14:35.0006 3780 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
15:14:35.0006 3780 Avgrkx64 - ok
15:14:35.0053 3780 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
15:14:35.0053 3780 Avgtdia - ok
15:14:35.0240 3780 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:14:35.0240 3780 avgwd - ok
15:14:35.0303 3780 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:14:35.0303 3780 AxInstSV - ok
15:14:35.0381 3780 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:14:35.0412 3780 b06bdrv - ok
15:14:35.0474 3780 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:14:35.0506 3780 b57nd60a - ok
15:14:35.0568 3780 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:14:35.0568 3780 BDESVC - ok
15:14:35.0599 3780 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:14:35.0599 3780 Beep - ok
15:14:36.0052 3780 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:14:36.0098 3780 BFE - ok
15:14:36.0488 3780 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
15:14:36.0504 3780 BITS - ok
15:14:36.0754 3780 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:14:36.0769 3780 blbdrive - ok
15:14:36.0816 3780 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:14:36.0816 3780 bowser - ok
15:14:36.0847 3780 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:14:36.0847 3780 BrFiltLo - ok
15:14:36.0863 3780 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:14:36.0878 3780 BrFiltUp - ok
15:14:36.0925 3780 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:14:36.0925 3780 BridgeMP - ok
15:14:36.0972 3780 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:14:36.0972 3780 Browser - ok
15:14:37.0034 3780 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:14:37.0050 3780 Brserid - ok
15:14:37.0081 3780 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:14:37.0081 3780 BrSerWdm - ok
15:14:37.0112 3780 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:14:37.0128 3780 BrUsbMdm - ok
15:14:37.0144 3780 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:14:37.0144 3780 BrUsbSer - ok
15:14:37.0190 3780 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:14:37.0206 3780 BTHMODEM - ok
15:14:37.0268 3780 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:14:37.0268 3780 bthserv - ok
15:14:37.0315 3780 catchme - ok
15:14:37.0518 3780 CAXHWAZL (942bd3cb0933febd194b42d4e489c246) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
15:14:37.0549 3780 CAXHWAZL - ok
15:14:37.0612 3780 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:14:37.0658 3780 cdfs - ok
15:14:38.0002 3780 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:14:38.0017 3780 cdrom - ok
15:14:38.0142 3780 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:14:38.0189 3780 CertPropSvc - ok
15:14:38.0298 3780 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:14:38.0329 3780 circlass - ok
15:14:38.0438 3780 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:14:38.0438 3780 CLFS - ok
15:14:38.0548 3780 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:14:38.0548 3780 clr_optimization_v2.0.50727_32 - ok
15:14:38.0626 3780 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:14:38.0641 3780 clr_optimization_v2.0.50727_64 - ok
15:14:38.0844 3780 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:14:38.0922 3780 clr_optimization_v4.0.30319_32 - ok
15:14:39.0016 3780 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:14:39.0016 3780 clr_optimization_v4.0.30319_64 - ok
15:14:39.0031 3780 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:14:39.0047 3780 CmBatt - ok
15:14:39.0109 3780 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:14:39.0109 3780 cmdide - ok
15:14:39.0187 3780 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:14:39.0203 3780 CNG - ok
15:14:39.0312 3780 CnxtHdAudService (d760753a9b2489a317d722133ce67efc) C:\Windows\system32\drivers\CHDRT64.sys
15:14:39.0359 3780 CnxtHdAudService - ok
15:14:39.0686 3780 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
15:14:39.0686 3780 Com4QLBEx - ok
15:14:39.0764 3780 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:14:39.0764 3780 Compbatt - ok
15:14:39.0827 3780 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:14:39.0858 3780 CompositeBus - ok
15:14:39.0889 3780 COMSysApp - ok
15:14:39.0920 3780 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:14:39.0920 3780 crcdisk - ok
15:14:40.0108 3780 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:14:40.0108 3780 CryptSvc - ok
15:14:40.0326 3780 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:14:40.0326 3780 DcomLaunch - ok
15:14:40.0388 3780 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:14:40.0404 3780 defragsvc - ok
15:14:40.0451 3780 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:14:40.0466 3780 DfsC - ok
15:14:40.0560 3780 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:14:40.0560 3780 Dhcp - ok
15:14:40.0607 3780 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:14:40.0607 3780 discache - ok
15:14:40.0654 3780 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:14:40.0654 3780 Disk - ok
15:14:40.0685 3780 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:14:40.0700 3780 Dnscache - ok
15:14:40.0747 3780 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:14:40.0763 3780 dot3svc - ok
15:14:40.0810 3780 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:14:40.0810 3780 DPS - ok
15:14:40.0856 3780 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:14:40.0872 3780 drmkaud - ok
15:14:40.0934 3780 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:14:40.0934 3780 dtsoftbus01 - ok
15:14:41.0044 3780 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:14:41.0044 3780 DXGKrnl - ok
15:14:41.0106 3780 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:14:41.0106 3780 EapHost - ok
15:14:41.0371 3780 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:14:41.0434 3780 ebdrv - ok
15:14:41.0574 3780 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:14:41.0574 3780 EFS - ok
15:14:41.0683 3780 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:14:41.0699 3780 ehRecvr - ok
15:14:41.0730 3780 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:14:41.0730 3780 ehSched - ok
15:14:41.0855 3780 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:14:41.0870 3780 elxstor - ok
15:14:41.0917 3780 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:14:41.0917 3780 ErrDev - ok
15:14:41.0980 3780 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:14:41.0980 3780 EventSystem - ok
15:14:42.0011 3780 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:14:42.0026 3780 exfat - ok
15:14:42.0089 3780 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:14:42.0104 3780 fastfat - ok
15:14:42.0198 3780 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:14:42.0198 3780 Fax - ok
15:14:42.0245 3780 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:14:42.0260 3780 fdc - ok
15:14:42.0307 3780 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:14:42.0307 3780 fdPHost - ok
15:14:42.0338 3780 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:14:42.0338 3780 FDResPub - ok
15:14:42.0370 3780 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:14:42.0370 3780 FileInfo - ok
15:14:42.0463 3780 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:14:42.0479 3780 Filetrace - ok
15:14:42.0775 3780 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:14:42.0791 3780 FLEXnet Licensing Service - ok
15:14:42.0822 3780 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:14:42.0838 3780 flpydisk - ok
15:14:42.0884 3780 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:14:42.0900 3780 FltMgr - ok
15:14:42.0994 3780 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:14:43.0009 3780 FontCache - ok
15:14:43.0118 3780 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:14:43.0118 3780 FontCache3.0.0.0 - ok
15:14:43.0181 3780 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:14:43.0196 3780 FsDepends - ok
15:14:43.0212 3780 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:14:43.0228 3780 Fs_Rec - ok
15:14:43.0274 3780 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:14:43.0274 3780 fvevol - ok
15:14:43.0306 3780 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:14:43.0306 3780 gagp30kx - ok
15:14:43.0446 3780 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
15:14:43.0477 3780 GameConsoleService - ok
15:14:43.0867 3780 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:14:43.0883 3780 gpsvc - ok
15:14:44.0054 3780 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:14:44.0070 3780 gupdate - ok
15:14:44.0101 3780 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:14:44.0101 3780 gupdatem - ok
15:14:44.0164 3780 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:14:44.0164 3780 gusvc - ok
15:14:44.0242 3780 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:14:44.0257 3780 hcw85cir - ok
15:14:44.0288 3780 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:14:44.0304 3780 HDAudBus - ok
15:14:44.0335 3780 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:14:44.0335 3780 HidBatt - ok
15:14:44.0382 3780 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:14:44.0398 3780 HidBth - ok
15:14:44.0413 3780 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:14:44.0429 3780 HidIr - ok
15:14:44.0460 3780 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:14:44.0476 3780 hidserv - ok
15:14:44.0491 3780 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:14:44.0507 3780 HidUsb - ok
15:14:44.0554 3780 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:14:44.0569 3780 hkmsvc - ok
15:14:44.0616 3780 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:14:44.0632 3780 HomeGroupListener - ok
15:14:44.0678 3780 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:14:44.0678 3780 HomeGroupProvider - ok
15:14:44.0788 3780 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:14:44.0803 3780 HP Health Check Service - ok
15:14:44.0834 3780 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
15:14:44.0850 3780 HpqKbFiltr - ok
15:14:44.0959 3780 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:14:44.0959 3780 hpqwmiex - ok
15:14:44.0990 3780 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:14:44.0990 3780 HpSAMD - ok
15:14:45.0146 3780 HSF_DPV (dda869537ae9ce501954cb7793134d96) C:\Windows\system32\DRIVERS\CAX_DPV.sys
15:14:45.0178 3780 HSF_DPV - ok
15:14:45.0380 3780 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:14:45.0396 3780 HTTP - ok
15:14:45.0427 3780 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:14:45.0427 3780 hwpolicy - ok
15:14:45.0474 3780 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:14:45.0490 3780 i8042prt - ok
15:14:45.0552 3780 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:14:45.0568 3780 iaStorV - ok
15:14:45.0661 3780 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:14:45.0677 3780 IDriverT - ok
15:14:45.0848 3780 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:14:45.0864 3780 idsvc - ok
15:14:47.0408 3780 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:14:47.0705 3780 igfx - ok
15:14:47.0892 3780 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:14:47.0908 3780 iirsp - ok
15:14:48.0048 3780 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:14:48.0048 3780 IKEEXT - ok
15:14:48.0110 3780 IntcHdmiAddService (bd37227c07179b1040a8896b9c0c146b) C:\Windows\system32\drivers\IntcHdmi.sys
15:14:48.0126 3780 IntcHdmiAddService - ok
15:14:48.0157 3780 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:14:48.0157 3780 intelide - ok
15:14:48.0220 3780 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:14:48.0235 3780 intelppm - ok
15:14:48.0298 3780 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:14:48.0298 3780 IPBusEnum - ok
15:14:48.0344 3780 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:14:48.0360 3780 IpFilterDriver - ok
15:14:48.0407 3780 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:14:48.0422 3780 iphlpsvc - ok
15:14:48.0454 3780 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:14:48.0469 3780 IPMIDRV - ok
15:14:48.0516 3780 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:14:48.0547 3780 IPNAT - ok
15:14:48.0578 3780 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:14:48.0594 3780 IRENUM - ok
15:14:48.0610 3780 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:14:48.0610 3780 isapnp - ok
15:14:48.0656 3780 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:14:48.0672 3780 iScsiPrt - ok
15:14:48.0703 3780 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:14:48.0703 3780 kbdclass - ok
15:14:48.0734 3780 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:14:48.0750 3780 kbdhid - ok
15:14:48.0766 3780 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:14:48.0766 3780 KeyIso - ok
15:14:48.0828 3780 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:14:48.0828 3780 KSecDD - ok
15:14:48.0844 3780 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:14:48.0844 3780 KSecPkg - ok
15:14:48.0875 3780 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:14:48.0890 3780 ksthunk - ok
15:14:48.0953 3780 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:14:48.0968 3780 KtmRm - ok
15:14:49.0031 3780 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:14:49.0031 3780 LanmanServer - ok
15:14:49.0078 3780 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:14:49.0078 3780 LanmanWorkstation - ok
15:14:49.0171 3780 LightScribeService (47269f0de1e5089c6f23bc1ec48cfc31) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:14:49.0171 3780 LightScribeService - ok
15:14:49.0202 3780 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:14:49.0202 3780 lltdio - ok
15:14:49.0249 3780 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:14:49.0265 3780 lltdsvc - ok
15:14:49.0280 3780 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:14:49.0296 3780 lmhosts - ok
15:14:49.0343 3780 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:14:49.0343 3780 LSI_FC - ok
15:14:49.0374 3780 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:14:49.0374 3780 LSI_SAS - ok
15:14:49.0405 3780 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:14:49.0405 3780 LSI_SAS2 - ok
15:14:49.0436 3780 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:14:49.0436 3780 LSI_SCSI - ok
15:14:49.0468 3780 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:14:49.0468 3780 luafv - ok
15:14:49.0530 3780 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:14:49.0530 3780 MBAMProtector - ok
15:14:49.0748 3780 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:14:49.0748 3780 MBAMService - ok
15:14:49.0795 3780 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:14:49.0811 3780 Mcx2Svc - ok
15:14:49.0842 3780 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:14:49.0842 3780 mdmxsdk - ok
15:14:49.0873 3780 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:14:49.0889 3780 megasas - ok
15:14:49.0920 3780 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:14:49.0936 3780 MegaSR - ok
15:14:49.0982 3780 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:14:49.0998 3780 MMCSS - ok
15:14:50.0014 3780 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:14:50.0029 3780 Modem - ok
15:14:50.0045 3780 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:14:50.0060 3780 monitor - ok
15:14:50.0123 3780 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:14:50.0123 3780 mouclass - ok
15:14:50.0154 3780 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:14:50.0170 3780 mouhid - ok
15:14:50.0216 3780 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:14:50.0216 3780 mountmgr - ok
15:14:50.0248 3780 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:14:50.0263 3780 mpio - ok
15:14:50.0310 3780 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:14:50.0310 3780 mpsdrv - ok
15:14:50.0450 3780 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:14:50.0450 3780 MpsSvc - ok
15:14:50.0497 3780 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:14:50.0513 3780 MRxDAV - ok
15:14:50.0560 3780 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:14:50.0560 3780 mrxsmb - ok
15:14:50.0606 3780 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:14:50.0606 3780 mrxsmb10 - ok
15:14:50.0622 3780 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:14:50.0622 3780 mrxsmb20 - ok
15:14:50.0638 3780 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:14:50.0638 3780 msahci - ok
15:14:50.0684 3780 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:14:50.0684 3780 msdsm - ok
15:14:50.0731 3780 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:14:50.0762 3780 MSDTC - ok
15:14:50.0825 3780 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:14:50.0840 3780 Msfs - ok
15:14:50.0856 3780 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:14:50.0872 3780 mshidkmdf - ok
15:14:50.0887 3780 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:14:50.0887 3780 msisadrv - ok
15:14:50.0934 3780 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:14:50.0950 3780 MSiSCSI - ok
15:14:50.0950 3780 msiserver - ok
15:14:50.0981 3780 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:14:50.0981 3780 MSKSSRV - ok
15:14:51.0012 3780 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:14:51.0012 3780 MSPCLOCK - ok
15:14:51.0043 3780 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:14:51.0043 3780 MSPQM - ok
15:14:51.0106 3780 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:14:51.0106 3780 MsRPC - ok
15:14:51.0137 3780 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:14:51.0137 3780 mssmbios - ok
15:14:51.0184 3780 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:14:51.0184 3780 MSTEE - ok
15:14:51.0215 3780 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:14:51.0230 3780 MTConfig - ok
15:14:51.0262 3780 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:14:51.0262 3780 Mup - ok
15:14:51.0308 3780 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:14:51.0308 3780 napagent - ok
15:14:51.0355 3780 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:14:51.0355 3780 NativeWifiP - ok
15:14:51.0511 3780 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:14:51.0527 3780 NDIS - ok
15:14:51.0574 3780 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:14:51.0589 3780 NdisCap - ok
15:14:51.0620 3780 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:14:51.0636 3780 NdisTapi - ok
15:14:51.0667 3780 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:14:51.0667 3780 Ndisuio - ok
15:14:51.0979 3780 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:14:52.0026 3780 NdisWan - ok
15:14:52.0057 3780 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:14:52.0088 3780 NDProxy - ok
15:14:52.0135 3780 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:14:52.0151 3780 NetBIOS - ok
15:14:52.0213 3780 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:14:52.0229 3780 NetBT - ok
15:14:52.0276 3780 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:14:52.0276 3780 Netlogon - ok
15:14:52.0416 3780 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:14:52.0416 3780 Netman - ok
15:14:52.0525 3780 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:14:52.0525 3780 netprofm - ok
15:14:52.0634 3780 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:14:52.0634 3780 NetTcpPortSharing - ok
15:14:52.0697 3780 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:14:52.0697 3780 nfrd960 - ok
15:14:52.0759 3780 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:14:52.0759 3780 NlaSvc - ok
15:14:52.0790 3780 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:14:52.0806 3780 Npfs - ok
15:14:52.0837 3780 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:14:52.0837 3780 nsi - ok
15:14:52.0853 3780 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:14:52.0853 3780 nsiproxy - ok
15:14:52.0978 3780 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:14:52.0993 3780 Ntfs - ok
15:14:53.0149 3780 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:14:53.0165 3780 Null - ok
15:14:53.0212 3780 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:14:53.0227 3780 nvraid - ok
15:14:53.0274 3780 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:14:53.0290 3780 nvstor - ok
15:14:53.0368 3780 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:14:53.0368 3780 nv_agp - ok
15:14:53.0539 3780 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:14:53.0539 3780 odserv - ok
15:14:53.0617 3780 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:14:53.0617 3780 ohci1394 - ok
15:14:53.0664 3780 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:14:53.0695 3780 ose - ok
15:14:53.0742 3780 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:14:53.0773 3780 p2pimsvc - ok
15:14:53.0804 3780 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:14:53.0836 3780 p2psvc - ok
15:14:53.0867 3780 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:14:53.0898 3780 Parport - ok
15:14:53.0914 3780 Partizan - ok
15:14:53.0945 3780 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:14:53.0945 3780 partmgr - ok
15:14:53.0976 3780 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:14:53.0976 3780 PcaSvc - ok
15:14:54.0007 3780 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:14:54.0007 3780 pci - ok
15:14:54.0038 3780 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:14:54.0038 3780 pciide - ok
15:14:54.0070 3780 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:14:54.0070 3780 pcmcia - ok
15:14:54.0101 3780 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:14:54.0101 3780 pcw - ok
15:14:54.0148 3780 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:14:54.0148 3780 PEAUTH - ok
15:14:54.0257 3780 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:14:54.0272 3780 PerfHost - ok
15:14:54.0818 3780 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:14:54.0928 3780 pla - ok
15:14:54.0990 3780 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:14:54.0990 3780 PlugPlay - ok
15:14:55.0037 3780 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:14:55.0052 3780 PNRPAutoReg - ok
15:14:55.0084 3780 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:14:55.0099 3780 PNRPsvc - ok
15:14:55.0146 3780 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:14:55.0162 3780 PolicyAgent - ok
15:14:55.0224 3780 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:14:55.0224 3780 Power - ok
15:14:55.0302 3780 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:14:55.0318 3780 PptpMiniport - ok
15:14:55.0349 3780 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:14:55.0364 3780 Processor - ok
15:14:55.0411 3780 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
15:14:55.0411 3780 ProfSvc - ok
15:14:55.0458 3780 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:14:55.0458 3780 ProtectedStorage - ok
15:14:55.0505 3780 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:14:55.0505 3780 Psched - ok
15:14:55.0630 3780 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:14:55.0645 3780 ql2300 - ok
15:14:55.0879 3780 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:14:55.0879 3780 ql40xx - ok
15:14:55.0942 3780 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:14:55.0957 3780 QWAVE - ok
15:14:55.0973 3780 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:14:55.0973 3780 QWAVEdrv - ok
15:14:55.0988 3780 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:14:56.0004 3780 RasAcd - ok
15:14:56.0051 3780 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:14:56.0066 3780 RasAgileVpn - ok
15:14:56.0098 3780 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:14:56.0113 3780 RasAuto - ok
15:14:56.0144 3780 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:14:56.0160 3780 Rasl2tp - ok
15:14:56.0222 3780 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:14:56.0238 3780 RasMan - ok
15:14:56.0254 3780 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:14:56.0410 3780 RasPppoe - ok
15:14:56.0456 3780 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:14:56.0472 3780 RasSstp - ok
15:14:56.0550 3780 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:14:56.0581 3780 rdbss - ok
15:14:56.0628 3780 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:14:56.0644 3780 rdpbus - ok
15:14:56.0675 3780 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:14:56.0675 3780 RDPCDD - ok
15:14:56.0706 3780 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:14:56.0706 3780 RDPENCDD - ok
15:14:56.0737 3780 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:14:56.0753 3780 RDPREFMP - ok
15:14:56.0784 3780 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:14:56.0800 3780 RDPWD - ok
15:14:56.0862 3780 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:14:56.0862 3780 rdyboost - ok
15:14:57.0080 3780 Recovery Service for Windows (0d362785bef9bdf5a6e1f4628d06716d) C:\Program Files (x86)\SMINST\BLService.exe
15:14:57.0096 3780 Recovery Service for Windows - ok
15:14:57.0190 3780 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:14:57.0392 3780 RemoteAccess - ok
15:14:57.0439 3780 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:14:57.0455 3780 RemoteRegistry - ok
15:14:57.0704 3780 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
15:14:57.0704 3780 RichVideo - ok
15:14:57.0751 3780 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:14:57.0751 3780 RpcEptMapper - ok
15:14:57.0782 3780 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:14:57.0782 3780 RpcLocator - ok
15:14:57.0860 3780 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:14:57.0860 3780 RpcSs - ok
15:14:57.0923 3780 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:14:57.0923 3780 rspndr - ok
15:14:57.0970 3780 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
15:14:57.0970 3780 RSUSBSTOR - ok
15:14:58.0032 3780 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:14:58.0032 3780 RTL8167 - ok
15:14:58.0094 3780 RTL8169 (f49d8df8895d809cb0a4deb44113de6f) C:\Windows\system32\DRIVERS\Rtlh64.sys
15:14:58.0110 3780 RTL8169 - ok
15:14:58.0141 3780 RTSTOR (aa3987386cf7d9005c42bc974634bd56) C:\Windows\system32\drivers\RTSTOR64.SYS
15:14:58.0157 3780 RTSTOR - ok
15:14:58.0157 3780 RtsUIR - ok
15:14:58.0188 3780 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:14:58.0188 3780 SamSs - ok
15:14:58.0235 3780 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:14:58.0235 3780 sbp2port - ok
15:14:58.0282 3780 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:14:58.0297 3780 SCardSvr - ok
15:14:58.0328 3780 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:14:58.0344 3780 scfilter - ok
15:14:58.0672 3780 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:14:58.0687 3780 Schedule - ok
15:14:58.0828 3780 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:14:58.0828 3780 SCPolicySvc - ok
15:14:58.0874 3780 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:14:58.0890 3780 SDRSVC - ok
15:14:59.0015 3780 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:14:59.0015 3780 SeaPort - ok
15:14:59.0077 3780 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:14:59.0077 3780 secdrv - ok
15:14:59.0108 3780 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:14:59.0108 3780 seclogon - ok
15:14:59.0140 3780 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:14:59.0155 3780 SENS - ok
15:14:59.0171 3780 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:14:59.0186 3780 SensrSvc - ok
15:14:59.0202 3780 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:14:59.0218 3780 Serenum - ok
15:14:59.0249 3780 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:14:59.0264 3780 Serial - ok
15:14:59.0296 3780 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:14:59.0311 3780 sermouse - ok
15:14:59.0374 3780 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:14:59.0389 3780 SessionEnv - ok
15:14:59.0405 3780 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:14:59.0420 3780 sffdisk - ok
15:14:59.0436 3780 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:14:59.0452 3780 sffp_mmc - ok
15:14:59.0467 3780 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:14:59.0483 3780 sffp_sd - ok
15:14:59.0514 3780 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:14:59.0530 3780 sfloppy - ok
15:14:59.0810 3780 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:14:59.0826 3780 SharedAccess - ok
15:15:00.0013 3780 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:15:00.0013 3780 ShellHWDetection - ok
15:15:00.0076 3780 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:15:00.0076 3780 SiSRaid2 - ok
15:15:00.0138 3780 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:15:00.0138 3780 SiSRaid4 - ok
15:15:00.0216 3780 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:15:00.0247 3780 Smb - ok
15:15:00.0325 3780 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:15:00.0341 3780 SNMPTRAP - ok
15:15:00.0403 3780 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:15:00.0403 3780 spldr - ok
15:15:00.0544 3780 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:15:00.0544 3780 Spooler - ok
15:15:01.0901 3780 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:15:01.0994 3780 sppsvc - ok
15:15:02.0213 3780 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:15:02.0228 3780 sppuinotify - ok
15:15:02.0322 3780 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:15:02.0338 3780 srv - ok
15:15:02.0400 3780 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:15:02.0416 3780 srv2 - ok
15:15:02.0447 3780 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:15:02.0462 3780 srvnet - ok
15:15:02.0540 3780 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:15:02.0556 3780 SSDPSRV - ok
15:15:02.0587 3780 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:15:02.0587 3780 SstpSvc - ok
15:15:02.0618 3780 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:15:02.0618 3780 stexstor - ok
15:15:02.0806 3780 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:15:02.0806 3780 stisvc - ok
15:15:02.0852 3780 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:15:02.0852 3780 swenum - ok
15:15:02.0930 3780 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:15:02.0977 3780 swprv - ok
15:15:03.0055 3780 SynTP (e33b57c4aa60288e9971277d88ce9b67) C:\Windows\system32\DRIVERS\SynTP.sys
15:15:03.0071 3780 SynTP - ok
15:15:03.0211 3780 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:15:03.0242 3780 SysMain - ok
15:15:03.0367 3780 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:15:03.0383 3780 TabletInputService - ok
15:15:03.0414 3780 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:15:03.0430 3780 TapiSrv - ok
15:15:03.0461 3780 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:15:03.0476 3780 TBS - ok
15:15:03.0632 3780 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:15:03.0648 3780 Tcpip - ok
15:15:03.0929 3780 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:15:03.0960 3780 TCPIP6 - ok
15:15:04.0038 3780 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:15:04.0038 3780 tcpipreg - ok
15:15:04.0054 3780 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:15:04.0069 3780 TDPIPE - ok
15:15:04.0100 3780 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:15:04.0116 3780 TDTCP - ok
15:15:04.0163 3780 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:15:04.0178 3780 tdx - ok
15:15:04.0210 3780 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:15:04.0210 3780 TermDD - ok
15:15:04.0288 3780 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:15:04.0319 3780 TermService - ok
15:15:04.0366 3780 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:15:04.0381 3780 Themes - ok
15:15:04.0412 3780 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:15:04.0412 3780 THREADORDER - ok
15:15:04.0428 3780 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:15:04.0428 3780 TrkWks - ok
15:15:04.0522 3780 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:15:04.0522 3780 TrustedInstaller - ok
15:15:04.0568 3780 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:15:04.0584 3780 tssecsrv - ok
15:15:04.0631 3780 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:15:04.0646 3780 TsUsbFlt - ok
15:15:04.0724 3780 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:15:04.0724 3780 tunnel - ok
15:15:04.0771 3780 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:15:04.0771 3780 uagp35 - ok
15:15:04.0834 3780 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:15:04.0849 3780 udfs - ok
15:15:04.0896 3780 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:15:04.0912 3780 UI0Detect - ok
15:15:04.0958 3780 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:15:04.0958 3780 uliagpkx - ok
15:15:04.0990 3780 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:15:04.0990 3780 umbus - ok
15:15:05.0036 3780 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:15:05.0052 3780 UmPass - ok
15:15:05.0083 3780 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:15:05.0099 3780 upnphost - ok
15:15:05.0114 3780 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:15:05.0130 3780 usbccgp - ok
15:15:05.0146 3780 USBCCID - ok
15:15:05.0177 3780 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:15:05.0192 3780 usbcir - ok
15:15:05.0208 3780 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:15:05.0224 3780 usbehci - ok
15:15:05.0286 3780 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:15:05.0302 3780 usbhub - ok
15:15:05.0317 3780 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:15:05.0317 3780 usbohci - ok
15:15:05.0364 3780 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:15:05.0364 3780 usbprint - ok
15:15:05.0395 3780 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:15:05.0411 3780 USBSTOR - ok
15:15:05.0426 3780 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:15:05.0442 3780 usbuhci - ok
15:15:05.0473 3780 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
15:15:05.0489 3780 usbvideo - ok
15:15:05.0567 3780 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:15:05.0567 3780 UxSms - ok
15:15:05.0614 3780 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:15:05.0614 3780 VaultSvc - ok
15:15:05.0629 3780 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:15:05.0629 3780 vdrvroot - ok
15:15:05.0754 3780 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:15:05.0770 3780 vds - ok
15:15:05.0816 3780 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:15:05.0832 3780 vga - ok
15:15:05.0848 3780 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:15:05.0863 3780 VgaSave - ok
15:15:05.0910 3780 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:15:05.0910 3780 vhdmp - ok
15:15:05.0926 3780 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:15:05.0941 3780 viaide - ok
15:15:05.0957 3780 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:15:05.0957 3780 volmgr - ok
15:15:06.0082 3780 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:15:06.0082 3780 volmgrx - ok
15:15:06.0253 3780 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:15:06.0253 3780 volsnap - ok
15:15:06.0394 3780 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:15:06.0425 3780 vsmraid - ok
15:15:06.0893 3780 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:15:06.0924 3780 VSS - ok
15:15:07.0096 3780 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
15:15:07.0111 3780 vwifibus - ok
15:15:07.0142 3780 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
15:15:07.0158 3780 vwififlt - ok
15:15:07.0174 3780 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
15:15:07.0189 3780 vwifimp - ok
15:15:07.0252 3780 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:15:07.0252 3780 W32Time - ok
15:15:07.0283 3780 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:15:07.0298 3780 WacomPen - ok
15:15:07.0345 3780 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:15:07.0361 3780 WANARP - ok
15:15:07.0361 3780 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:15:07.0376 3780 Wanarpv6 - ok
15:15:07.0486 3780 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:15:07.0517 3780 WatAdminSvc - ok
15:15:07.0969 3780 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:15:08.0032 3780 wbengine - ok
15:15:08.0422 3780 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:15:08.0437 3780 WbioSrvc - ok
15:15:08.0531 3780 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:15:08.0780 3780 wcncsvc - ok
15:15:08.0827 3780 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:15:08.0843 3780 WcsPlugInService - ok
15:15:08.0905 3780 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:15:08.0905 3780 Wd - ok
15:15:08.0968 3780 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:15:08.0968 3780 Wdf01000 - ok
15:15:08.0999 3780 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:15:08.0999 3780 WdiServiceHost - ok
15:15:08.0999 3780 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:15:09.0014 3780 WdiSystemHost - ok
15:15:09.0077 3780 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:15:09.0092 3780 WebClient - ok
15:15:09.0139 3780 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:15:09.0155 3780 Wecsvc - ok
15:15:09.0170 3780 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:15:09.0186 3780 wercplsupport - ok
15:15:09.0202 3780 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:15:09.0202 3780 WerSvc - ok
15:15:09.0264 3780 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:15:09.0264 3780 WfpLwf - ok
15:15:09.0295 3780 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:15:09.0295 3780 WIMMount - ok
15:15:09.0373 3780 winachsf (590812dd01a4fe83c6e92fdb701e59a6) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
15:15:09.0404 3780 winachsf - ok
15:15:09.0482 3780 WinDefend - ok
15:15:09.0498 3780 WinHttpAutoProxySvc - ok
15:15:09.0592 3780 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:15:09.0607 3780 Winmgmt - ok
15:15:09.0826 3780 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:15:09.0872 3780 WinRM - ok
15:15:10.0216 3780 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:15:10.0231 3780 Wlansvc - ok
15:15:10.0871 3780 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:15:10.0886 3780 wlidsvc - ok
15:15:11.0042 3780 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:15:11.0042 3780 WmiAcpi - ok
15:15:11.0136 3780 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:15:11.0152 3780 wmiApSrv - ok
15:15:11.0214 3780 WMPNetworkSvc - ok
15:15:11.0261 3780 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:15:11.0276 3780 WPCSvc - ok
15:15:11.0308 3780 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:15:11.0323 3780 WPDBusEnum - ok
15:15:11.0354 3780 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:15:11.0354 3780 ws2ifsl - ok
15:15:11.0386 3780 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:15:11.0386 3780 wscsvc - ok
15:15:11.0386 3780 WSearch - ok
15:15:11.0588 3780 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:15:11.0620 3780 wuauserv - ok
15:15:11.0776 3780 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:15:11.0776 3780 WudfPf - ok
15:15:11.0854 3780 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:15:11.0869 3780 WUDFRd - ok
15:15:11.0947 3780 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:15:11.0947 3780 wudfsvc - ok
15:15:12.0134 3780 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:15:12.0150 3780 WwanSvc - ok
15:15:12.0181 3780 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
15:15:12.0181 3780 XAudio - ok
15:15:12.0228 3780 XAudioService (963c27034bba4ac52a13f7a3c657c708) C:\Windows\system32\DRIVERS\xaudio64.exe
15:15:12.0244 3780 XAudioService - ok
15:15:12.0275 3780 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:15:12.0727 3780 \Device\Harddisk0\DR0 - ok
15:15:12.0727 3780 Boot (0x1200) (b410517322cccbb166482dfd1dbbaae8) \Device\Harddisk0\DR0\Partition0
15:15:12.0727 3780 \Device\Harddisk0\DR0\Partition0 - ok
15:15:12.0758 3780 Boot (0x1200) (44dd7298b205eeb62af693f6e5deacda) \Device\Harddisk0\DR0\Partition1
15:15:12.0758 3780 \Device\Harddisk0\DR0\Partition1 - ok
15:15:12.0758 3780 ============================================================
15:15:12.0758 3780 Scan finished
15:15:12.0758 3780 ============================================================
15:15:12.0774 3796 Detected object count: 0
15:15:12.0774 3796 Actual detected object count: 0

#11 bone123

bone123
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 01 August 2012 - 02:44 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-01 15:16:26
-----------------------------
15:16:26.201 OS Version: Windows x64 6.1.7601 Service Pack 1
15:16:26.201 Number of processors: 2 586 0x170A
15:16:26.201 ComputerName: BONE-PC UserName: BONE
15:16:28.541 Initialize success
15:24:11.885 AVAST engine defs: 12080100
15:25:42.053 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:25:42.053 Disk 0 Vendor: Hitachi_HTS543225L9A300 FBEOC40J Size: 238475MB BusType: 11
15:25:42.084 Disk 0 MBR read successfully
15:25:42.100 Disk 0 MBR scan
15:25:42.100 Disk 0 Windows 7 default MBR code
15:25:42.131 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 225895 MB offset 2048
15:25:42.162 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12576 MB offset 462635008
15:25:42.178 Disk 0 scanning C:\Windows\system32\drivers
15:26:03.144 Service scanning
15:26:49.944 Modules scanning
15:26:49.944 Disk 0 trace - called modules:
15:26:49.975 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
15:26:49.975 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004912740]
15:26:49.991 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046ba1f0]
15:26:51.098 AVAST engine scan C:\Windows
15:26:56.137 AVAST engine scan C:\Windows\system32
15:30:56.768 AVAST engine scan C:\Windows\system32\drivers
15:31:12.259 AVAST engine scan C:\Users\BONE
15:32:38.168 AVAST engine scan C:\ProgramData
15:43:35.320 Disk 0 MBR has been saved successfully to "C:\Users\BONE\Desktop\MBR.dat"
15:43:35.336 The log file has been saved successfully to "C:\Users\BONE\Desktop\aswMBR.txt"

sorry for the long wait had a long work week first time im turning on my laptop

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 02 August 2012 - 09:18 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 05 August 2012 - 03:12 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 bone123

bone123
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 05 August 2012 - 01:02 PM

ComboFix 12-08-05.02 - BONE 08/05/2012 13:31:36.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3999.2896 [GMT -4:00]
Running from: c:\users\BONE\Desktop\ComboFix.exe
Command switches used :: c:\users\BONE\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 17:42 . 2012-08-05 17:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-25 20:12 . 2012-07-25 20:12 -------- d-----w- c:\program files (x86)\ESET
2012-07-20 16:04 . 2012-07-20 16:04 39184 ----a-w- c:\windows\system32\Partizan.exe
2012-07-17 14:09 . 2012-07-17 14:09 -------- d-----w- c:\programdata\RegRun
2012-07-11 20:31 . 2012-07-11 20:31 -------- d-----w- c:\users\BONE\AppData\Roaming\AVG2012
2012-07-11 20:30 . 2012-07-11 20:30 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-11 20:29 . 2012-08-05 17:03 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-11 20:29 . 2012-07-17 12:40 -------- d-----w- c:\programdata\AVG2012
2012-07-11 20:29 . 2012-07-11 20:29 -------- d-----w- C:\$AVG
2012-07-11 20:28 . 2012-07-11 20:28 -------- d-----w- c:\program files (x86)\AVG
2012-07-11 20:26 . 2012-08-05 17:03 -------- d-----w- c:\programdata\MFAData
2012-07-11 20:26 . 2012-07-11 20:26 -------- d--h--w- c:\programdata\Common Files
2012-07-11 20:18 . 2012-07-11 20:18 2 --shatr- c:\windows\winstart.bat
2012-07-11 20:17 . 2012-07-20 16:20 -------- d-----w- c:\program files (x86)\UnHackMe
2012-07-11 20:11 . 2012-07-11 20:11 -------- d-----w- c:\users\BONE\AppData\Local\Macromedia
2012-07-11 16:59 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 10:36 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 10:35 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 10:35 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 10:35 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 10:35 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 10:35 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 10:35 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 10:35 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-29 13:54 . 2012-04-12 12:23 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-29 13:54 . 2011-05-16 16:57 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 16:56 . 2010-05-11 12:18 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-02 16:22 . 2012-07-02 16:22 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-02 22:19 . 2012-06-21 19:16 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 19:16 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 19:16 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 19:16 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 19:16 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 19:16 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 19:16 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 19:16 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 19:16 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 04:04 . 2012-07-03 23:47 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E0F0E96-0358-4FCD-8C88-0E314D26EE73}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-27_00.05.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-15 20:24 . 2012-08-05 17:45 68958 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-05 17:45 53672 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-15 13:48 . 2012-08-05 17:45 23134 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-24312557-4108399456-464390043-1000_UserData.bin
- 2010-02-15 23:40 . 2012-07-24 23:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-15 23:40 . 2012-08-05 17:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-15 23:40 . 2012-08-05 17:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-15 23:40 . 2012-07-24 23:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-05 17:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-24 23:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-05 17:43 . 2012-08-05 17:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-27 00:05 . 2012-07-27 00:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-27 00:05 . 2012-07-27 00:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-05 17:43 . 2012-08-05 17:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-29 13:54 . 2012-07-29 13:54 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe
+ 2012-07-29 13:53 . 2012-07-29 13:53 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
+ 2012-07-29 13:53 . 2012-07-29 13:53 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.dll
- 2012-04-12 12:23 . 2012-07-11 21:54 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-12 12:23 . 2012-07-29 13:54 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2009-07-14 04:54 . 2012-07-29 13:54 524288 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-11 21:54 524288 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-14 23:09 . 2012-08-02 01:39 236858 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-07-29 13:54 . 2012-07-29 13:54 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_Plugin.exe
+ 2012-07-29 13:53 . 2012-07-29 13:53 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.exe
+ 2012-07-29 13:53 . 2012-07-29 13:53 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.dll
+ 2009-07-14 05:01 . 2012-08-05 17:42 313396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-27 00:04 313396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-29 13:54 . 2012-07-29 13:54 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
+ 2012-07-29 13:54 . 2012-07-29 13:54 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
+ 2009-07-14 04:54 . 2012-07-29 13:54 4407296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-11 21:54 4407296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-06 13:32 . 2012-07-22 19:00 4096848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-24312557-4108399456-464390043-1000-8192.dat
+ 2011-08-06 13:32 . 2012-08-05 17:42 4096848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-24312557-4108399456-464390043-1000-8192.dat
+ 2011-07-31 20:11 . 2012-07-28 12:42 1203890 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-24312557-4108399456-464390043-1000-12288.dat
- 2011-07-31 20:11 . 2012-07-11 21:22 1203890 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-24312557-4108399456-464390043-1000-12288.dat
- 2009-07-14 04:54 . 2012-07-11 21:54 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-29 13:54 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-07-11 17:03 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-07-31 16:54 11010048 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-07-29 13:54 . 2012-07-29 13:54 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll
+ 2011-07-04 20:48 . 2012-08-03 01:29 20264824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-24312557-4108399456-464390043-1000-4096.dat
- 2011-07-04 20:48 . 2012-07-24 23:07 20264824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-24312557-4108399456-464390043-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-06 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 250056]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-06 136176]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-02 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe [2008-10-06 365952]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2007-11-01 293376]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 126976]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-04 216064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - eeCtrl
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - IDSVia64
*Deregistered* - SymEFA
*Deregistered* - SymEvent
*Deregistered* - SYMTDI
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 15:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 13:54]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-06 17:55]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-06 17:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1237288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 68.87.74.162 68.87.68.162
DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
FF - ProfilePath - c:\users\BONE\AppData\Roaming\Mozilla\Firefox\Profiles\7v870efd.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-08-05 13:49:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-05 17:49
ComboFix2.txt 2012-07-27 00:11
.
Pre-Run: 189,946,580,992 bytes free
Post-Run: 189,934,452,736 bytes free
.
- - End Of File - - D9D0359E7E9FBA21576808F793EC4E89

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 05 August 2012 - 01:04 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users