Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan horse dropper.generic_c.mmi


  • This topic is locked This topic is locked
16 replies to this topic

#1 Jaggedsblade

Jaggedsblade

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 27 July 2012 - 01:55 PM

for the past few days AVG has popped up and told me that I've been shielded from this trojan, but it never goes away and is affecting google chrome. I have tried malwarebytes, spybot S&D and a few others but they even if they find and delete it, it returns. I saw someone else post about the same trojan so I have already done as instructed by whomever replied in that thread. I downloaded dds, security check and defogger. Here are the three notepads requested.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 28 July 2012 - 12:43 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Jaggedsblade

Jaggedsblade
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 29 July 2012 - 01:07 PM

I went into the system recovery and ran FRST. However, for the future, the name of the file is now FRST64, not simply FRST. I ran the scan and search as requested. I haven't run the computer normally yet so I have no updates for how it may be acting the same or differently. Here are the notepads:

FRST:
Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 29-07-2012 13:56:24
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-12-01] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-04-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-12-01] (cyberlink)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1107552 2012-07-11] ()
HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-01-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [x]
HKU\Daniel Luper\...\Run: [Google Update] "C:\Users\Daniel Luper\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-08] (Google Inc.)
HKU\Daniel Luper\...\Run: [Facebook Update] "C:\Users\Daniel Luper\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]
HKU\Daniel Luper\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [288128 2012-05-28] (IObit)
HKU\Daniel Luper\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-03-09] (Valve Corporation)
HKU\Daniel Luper\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\Daniel Luper\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [1022352 2012-07-01] (BitTorrent, Inc.)
HKLM\...\Runonce: [GrpConv] grpconv -o [x]
HKLM-x32\...\RunOnce: [PLAV7 Installer] C:\Users\Daniel Luper\Downloads\iexplorer.exe.exe /S /Custom=installdriver /D=C:\Program Files (x86)\ParetoLogic\PLAV [8852592 2012-07-27] (ParetoLogic Inc.)
Tcpip\Parameters: [DhcpNameServer] 24.178.162.3 66.189.0.100 24.217.201.67
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\SafeConnect.lnk
ShortcutTarget: SafeConnect.lnk -> C:\Program Files (x86)\SafeConnect\scClient.exe (Impulse Point, LLC)
Startup: C:\Users\Daniel Luper\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
Startup: C:\Users\Daniel Luper\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Daniel Luper\Start Menu\Programs\Startup\Registration Assassin's Creed.LNK
ShortcutTarget: Registration Assassin's Creed.LNK -> C:\Program Files (x86)\Ubisoft\Assassin's Creed\Register\RegistrationReminder.exe (Ubisoft)

==================== Services (Whitelisted) ======

2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913792 2012-05-26] (IObit)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5106744 2012-04-30] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 CLKMSVC10_38F51D56; "C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe" /svc [241648 2011-02-24] (CyberLink)
2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
3 hpCMSrv; "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" [1098296 2011-05-23] (Hewlett-Packard Development Company L.P.)
2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [821080 2011-06-01] (IObit)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
3 PLAVService; "C:\Program Files (x86)\Common Files\PLAV\PLAVservice.exe" [601008 2012-02-07] (ParetoLogic Inc.)
2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1019328 2012-07-11] (Enigma Software Group USA, LLC.)
2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [244960 2011-10-25] ()
2 vToolbarUpdater11.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-11] ()

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110929.001\BHDrvx64.sys [1152632 2011-09-29] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-08-09] (Symantec Corporation)
3 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [20336 2011-04-27] ()
3 HP8207_8307; C:\Windows\System32\Drivers\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111007.030\IDSvia64.sys [488568 2011-08-22] (Symantec Corporation)
1 kl1; C:\Windows\System32\Drivers\kl1.sys [460888 2010-08-09] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [354320 2010-05-28] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [27736 2010-08-09] (Kaspersky Lab ZAO)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111006.032\ENG64.SYS [117880 2011-09-06] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111006.032\EX64.SYS [2048632 2011-09-06] (Symantec Corporation)
2 PfFilter; \??\C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [36792 2011-03-16] (IObit Information Technology)
3 RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [33184 2011-03-22] (IObit.com)
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-08-09] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
3 UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21328 2011-03-22] (IObit.com)
3 ALSysIO; \??\C:\Users\DANIEL~1\AppData\Local\Temp\ALSysIO64.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-27 10:17 - 2012-07-27 10:17 - 00015988 ____A C:\Users\Daniel Luper\Desktop\Attach.txt
2012-07-27 10:10 - 2012-07-27 10:10 - 00034518 ____A C:\Users\Daniel Luper\Desktop\DDS.txt
2012-07-27 10:08 - 2012-07-27 10:08 - 00607260 ____R (Swearware) C:\Users\Daniel Luper\Downloads\dds.com
2012-07-27 10:08 - 2012-07-27 10:08 - 00001152 ____A C:\Users\Daniel Luper\Desktop\checkup.txt
2012-07-27 10:07 - 2012-07-27 10:07 - 00881494 ____A C:\Users\Daniel Luper\Downloads\SecurityCheck.exe
2012-07-27 10:06 - 2012-07-27 10:06 - 00000486 ____A C:\Users\Daniel Luper\Downloads\defogger_disable.log
2012-07-27 10:06 - 2012-07-27 10:06 - 00000000 ____A C:\Users\Daniel Luper\defogger_reenable
2012-07-27 10:04 - 2012-07-27 10:04 - 00050477 ____A C:\Users\Daniel Luper\Downloads\Defogger.exe
2012-07-27 10:03 - 2012-07-27 10:03 - 00001154 ____A C:\Users\Public\Desktop\ParetoLogic Anti-Virus PLUS.lnk
2012-07-27 10:03 - 2012-07-27 10:03 - 00000508 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2012-07-27 10:03 - 2012-07-27 10:03 - 00000456 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2012-07-27 10:03 - 2012-07-27 10:03 - 00000000 ____D C:\Users\All Users\ParetoLogic
2012-07-27 10:03 - 2012-07-27 10:03 - 00000000 ____D C:\Program Files (x86)\ParetoLogic
2012-07-27 10:02 - 2012-07-27 10:02 - 08852592 ____A (ParetoLogic Inc.) C:\Users\Daniel Luper\Downloads\iexplorer.exe.exe
2012-07-27 08:44 - 2012-07-27 09:09 - 00013736 ____A C:\Users\Daniel Luper\Desktop\avgrep.txt
2012-07-27 07:02 - 2012-07-27 07:02 - 00002272 ____A C:\Users\Daniel Luper\Desktop\SpyHunter.lnk
2012-07-27 07:02 - 2012-07-27 07:02 - 00000000 ____D C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-27 07:02 - 2012-07-27 07:02 - 00000000 ____D C:\sh4ldr
2012-07-27 07:02 - 2012-07-27 07:02 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-07-26 22:30 - 2012-07-26 22:30 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-26 22:30 - 2012-07-26 22:30 - 00000000 ____D C:\Users\Daniel Luper\AppData\Roaming\Malwarebytes
2012-07-26 22:30 - 2012-07-26 22:30 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-26 22:30 - 2012-07-26 22:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-26 22:30 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-26 19:58 - 2012-07-26 19:58 - 605688525 ____A C:\Windows\MEMORY.DMP
2012-07-26 19:58 - 2012-07-26 19:58 - 00275024 ____A C:\Windows\Minidump\072612-30451-01.dmp
2012-07-26 15:05 - 2012-07-27 07:58 - 00007286 ____A C:\Windows\PFRO.log
2012-07-26 15:03 - 2012-07-26 15:03 - 00001368 ____A C:\Windows\wininit.ini
2012-07-26 14:16 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20120726-181647.backup
2012-07-26 13:40 - 2012-07-26 15:04 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-07-26 13:40 - 2012-07-26 14:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-26 13:40 - 2012-07-26 13:40 - 00001262 ____A C:\Users\Daniel Luper\Desktop\Spybot - Search & Destroy.lnk
2012-07-26 09:08 - 2012-07-27 08:39 - 00000448 ____A C:\Windows\setupact.log
2012-07-26 09:08 - 2012-07-26 09:08 - 00000000 ____A C:\Windows\setuperr.log
2012-07-26 09:06 - 2012-07-26 09:06 - 00003352 ____N C:\bootsqm.dat
2012-07-24 08:46 - 2012-07-24 08:46 - 00000000 ____D C:\Program Files (x86)\IObit Toolbar
2012-07-19 12:59 - 2012-07-26 09:08 - 00000360 ____A C:\Windows\Tasks\HPCeeScheduleForDaniel Luper.job
2012-07-19 12:59 - 2012-07-19 12:59 - 00000000 ___AH C:\Users\Daniel Luper\BITFFA.tmp
2012-07-16 00:13 - 2012-07-16 00:13 - 00000000 ____D C:\Users\Daniel Luper\AppData\Roaming\Tific
2012-07-16 00:13 - 2012-07-16 00:13 - 00000000 ____D C:\Users\Daniel Luper\AppData\Local\Symantec
2012-07-14 10:52 - 2012-07-14 10:52 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-11 10:30 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 23:01 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 23:01 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 23:01 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 23:01 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 23:01 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 23:01 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 23:01 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 23:01 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 23:01 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 23:01 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 23:01 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 23:01 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 23:01 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 23:01 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 23:01 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 23:01 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 23:01 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 23:01 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 23:00 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 23:00 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 23:00 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 23:00 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 23:00 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 23:00 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 23:00 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 23:00 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 23:00 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 23:00 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 18:53 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 18:53 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 18:53 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 18:53 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 18:53 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 18:53 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 18:53 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 18:53 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 18:53 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 18:53 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 18:53 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 18:53 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 18:53 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 18:53 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 18:53 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 18:53 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 18:53 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 18:53 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 18:53 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-06 20:42 - 2012-07-06 20:42 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-07-06 20:42 - 2012-07-06 20:42 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-06 20:23 - 2012-07-06 20:23 - 64270336 ____A C:\Windows\System32\config\software.iobit
2012-07-06 20:23 - 2012-07-06 20:23 - 43868160 ____A C:\Windows\System32\config\components.iobit
2012-07-06 20:23 - 2012-07-06 20:23 - 16384000 ____A C:\Windows\System32\config\system.iobit
2012-07-06 20:23 - 2012-07-06 20:23 - 00475136 ____A C:\Windows\System32\config\default.iobit
2012-07-06 20:23 - 2012-07-06 20:23 - 00061440 ____A C:\Windows\System32\config\sam.iobit
2012-07-06 20:23 - 2012-07-06 20:23 - 00024576 ____A C:\Windows\System32\config\security.iobit
2012-07-03 19:21 - 2012-07-03 19:21 - 00038912 ____A C:\Users\Daniel Luper\Downloads\cucarachacalculator.xls
2012-07-03 07:17 - 2012-07-03 07:17 - 00031232 ____A C:\Users\Daniel Luper\Downloads\Accounting (Change Info).xls
2012-07-03 07:17 - 2012-07-03 07:17 - 00008704 ____A C:\Users\Daniel Luper\Downloads\Resources.xls
2012-07-01 19:54 - 2012-07-25 09:47 - 00000354 ____A C:\Windows\Tasks\HPCeeScheduleForDANIELS-LAPTOP$.job
2012-06-29 18:37 - 2012-06-30 20:18 - 1566425088 ____A C:\Users\Daniel Luper\Documents\Amadeus-DVDRip.DC.AC3.5,1[Eng]1984.avi


============ 3 Months Modified Files ========================

2012-07-27 10:17 - 2012-07-27 10:17 - 00015988 ____A C:\Users\Daniel Luper\Desktop\Attach.txt
2012-07-27 10:10 - 2012-07-27 10:10 - 00034518 ____A C:\Users\Daniel Luper\Desktop\DDS.txt
2012-07-27 10:08 - 2012-07-27 10:08 - 00607260 ____R (Swearware) C:\Users\Daniel Luper\Downloads\dds.com
2012-07-27 10:08 - 2012-07-27 10:08 - 00001152 ____A C:\Users\Daniel Luper\Desktop\checkup.txt
2012-07-27 10:07 - 2012-07-27 10:07 - 00881494 ____A C:\Users\Daniel Luper\Downloads\SecurityCheck.exe
2012-07-27 10:06 - 2012-07-27 10:06 - 00000486 ____A C:\Users\Daniel Luper\Downloads\defogger_disable.log
2012-07-27 10:06 - 2012-07-27 10:06 - 00000000 ____A C:\Users\Daniel Luper\defogger_reenable
2012-07-27 10:04 - 2012-07-27 10:04 - 00050477 ____A C:\Users\Daniel Luper\Downloads\Defogger.exe
2012-07-27 10:03 - 2012-07-27 10:03 - 00001154 ____A C:\Users\Public\Desktop\ParetoLogic Anti-Virus PLUS.lnk
2012-07-27 10:03 - 2012-07-27 10:03 - 00000508 ____A C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2012-07-27 10:03 - 2012-07-27 10:03 - 00000456 ____A C:\Windows\Tasks\ParetoLogic Update Version3.job
2012-07-27 10:02 - 2012-07-27 10:02 - 08852592 ____A (ParetoLogic Inc.) C:\Users\Daniel Luper\Downloads\iexplorer.exe.exe
2012-07-27 09:09 - 2012-07-27 08:44 - 00013736 ____A C:\Users\Daniel Luper\Desktop\avgrep.txt
2012-07-27 08:39 - 2012-07-26 09:08 - 00000448 ____A C:\Windows\setupact.log
2012-07-27 08:39 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-27 08:29 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-27 08:29 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-27 07:58 - 2012-07-26 15:05 - 00007286 ____A C:\Windows\PFRO.log
2012-07-27 07:02 - 2012-07-27 07:02 - 00002272 ____A C:\Users\Daniel Luper\Desktop\SpyHunter.lnk
2012-07-27 06:58 - 2011-08-28 14:28 - 00000956 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2599439575-1251536791-2059299188-1002UA.job
2012-07-27 06:58 - 2011-08-08 15:18 - 00000936 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2599439575-1251536791-2059299188-1002UA.job
2012-07-26 22:30 - 2012-07-26 22:30 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-26 19:58 - 2012-07-26 19:58 - 605688525 ____A C:\Windows\MEMORY.DMP
2012-07-26 19:58 - 2012-07-26 19:58 - 00275024 ____A C:\Windows\Minidump\072612-30451-01.dmp
2012-07-26 16:00 - 2012-05-28 19:06 - 00000288 ____A C:\Windows\Tasks\RGames Updater.job
2012-07-26 15:03 - 2012-07-26 15:03 - 00001368 ____A C:\Windows\wininit.ini
2012-07-26 13:42 - 2009-07-13 21:13 - 00779982 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-26 13:40 - 2012-07-26 13:40 - 00001262 ____A C:\Users\Daniel Luper\Desktop\Spybot - Search & Destroy.lnk
2012-07-26 09:08 - 2012-07-26 09:08 - 00000000 ____A C:\Windows\setuperr.log
2012-07-26 09:08 - 2012-07-19 12:59 - 00000360 ____A C:\Windows\Tasks\HPCeeScheduleForDaniel Luper.job
2012-07-26 09:06 - 2012-07-26 09:06 - 00003352 ____N C:\bootsqm.dat
2012-07-25 20:54 - 2011-08-08 15:18 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2599439575-1251536791-2059299188-1002Core.job
2012-07-25 20:47 - 2011-08-28 14:28 - 00000934 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2599439575-1251536791-2059299188-1002Core.job
2012-07-25 11:31 - 2011-10-29 11:20 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-07-25 11:31 - 2011-08-10 11:40 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-07-25 09:47 - 2012-07-01 19:54 - 00000354 ____A C:\Windows\Tasks\HPCeeScheduleForDANIELS-LAPTOP$.job
2012-07-21 21:44 - 2011-07-26 09:12 - 01495594 ____A C:\Windows\WindowsUpdate.log
2012-07-19 12:59 - 2012-07-19 12:59 - 00000000 ___AH C:\Users\Daniel Luper\BITFFA.tmp
2012-07-13 14:51 - 2011-08-08 15:19 - 00002442 ____A C:\Users\Daniel Luper\Desktop\Google Chrome.lnk
2012-07-11 11:26 - 2011-08-23 16:18 - 00001044 ____A C:\Users\Daniel Luper\Desktop\Dropbox.lnk
2012-07-11 11:18 - 2009-07-13 20:45 - 00315912 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 23:01 - 2011-08-15 21:37 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-06 20:42 - 2012-07-06 20:42 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-07-06 20:42 - 2012-07-06 20:42 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-07-06 20:23 - 2012-07-06 20:23 - 64270336 ____A C:\Windows\System32\config\software.iobit
2012-07-06 20:23 - 2012-07-06 20:23 - 43868160 ____A C:\Windows\System32\config\components.iobit
2012-07-06 20:23 - 2012-07-06 20:23 - 16384000 ____A C:\Windows\System32\config\system.iobit
2012-07-06 20:23 - 2012-07-06 20:23 - 00475136 ____A C:\Windows\System32\config\default.iobit
2012-07-06 20:23 - 2012-07-06 20:23 - 00061440 ____A C:\Windows\System32\config\sam.iobit
2012-07-06 20:23 - 2012-07-06 20:23 - 00024576 ____A C:\Windows\System32\config\security.iobit
2012-07-03 19:21 - 2012-07-03 19:21 - 00038912 ____A C:\Users\Daniel Luper\Downloads\cucarachacalculator.xls
2012-07-03 09:46 - 2012-07-26 22:30 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 07:17 - 2012-07-03 07:17 - 00031232 ____A C:\Users\Daniel Luper\Downloads\Accounting (Change Info).xls
2012-07-03 07:17 - 2012-07-03 07:17 - 00008704 ____A C:\Users\Daniel Luper\Downloads\Resources.xls
2012-06-30 20:18 - 2012-06-29 18:37 - 1566425088 ____A C:\Users\Daniel Luper\Documents\Amadeus-DVDRip.DC.AC3.5,1[Eng]1984.avi
2012-06-22 21:53 - 2012-06-22 21:53 - 00010519 ____A C:\Users\Daniel Luper\Desktop\Business Plan.odt
2012-06-22 09:53 - 2012-06-22 09:28 - 735270912 ____A C:\Users\Daniel Luper\Documents\Mulan-Disney.1998.DVD-Rip.XviD.avi
2012-06-17 12:18 - 2011-08-08 15:10 - 00002480 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-06-11 19:08 - 2012-07-11 10:30 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 18:53 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 18:53 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 23:22 - 2012-06-06 23:22 - 01138397 ____A C:\Users\Daniel Luper\Downloads\7z922.exe
2012-06-06 23:11 - 2012-06-06 23:11 - 00000947 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-06-06 23:10 - 2012-06-06 23:10 - 00880528 ____A (BitTorrent, Inc.) C:\Users\Daniel Luper\Downloads\uTorrent.exe
2012-06-05 22:06 - 2012-07-10 18:53 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 18:53 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 18:53 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 18:53 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 18:53 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 18:53 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-05 15:59 - 2012-06-05 15:59 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_xusb21_01007.Wdf
2012-06-02 14:19 - 2012-06-21 07:31 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 07:31 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 07:31 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 07:31 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 07:31 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 07:31 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 07:31 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 07:31 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 07:31 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-10 23:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-10 23:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-10 23:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-10 23:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-10 23:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-10 23:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:04 - 2012-07-10 23:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:03 - 2012-07-10 23:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-10 23:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-10 23:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-10 23:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-10 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-10 23:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-10 23:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-10 23:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-10 23:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-10 23:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-10 23:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-10 23:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 23:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-10 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-10 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 23:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 23:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-10 23:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-10 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 23:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 18:53 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 18:53 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 18:53 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 18:53 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 18:53 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 18:53 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 18:53 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 18:53 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 18:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-30 17:46 - 2012-05-30 17:46 - 00001276 ____A C:\Users\Public\Desktop\Uninstaller.lnk
2012-05-30 17:46 - 2011-12-21 12:03 - 00001225 ____A C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
2012-05-30 17:45 - 2012-05-30 17:43 - 27070320 ____A (IObit ) C:\Users\Daniel Luper\Downloads\asc-setup (3).exe
2012-05-29 10:15 - 2011-12-21 12:20 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-05-24 06:47 - 2011-12-21 12:11 - 00024448 ____A (IObit) C:\Windows\System32\RegistryDefragBootTime.exe
2012-05-23 21:42 - 2012-05-23 21:42 - 00001134 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-05-23 21:42 - 2012-05-23 21:41 - 16339280 ____A (Mozilla) C:\Users\Daniel Luper\Downloads\Firefox Setup 12.0.exe
2012-05-23 21:34 - 2012-04-06 07:58 - 00000032 ____A C:\Users\Daniel Luper\jagex_cl_runescape_LIVE.dat
2012-05-23 21:29 - 2011-08-08 16:17 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-23 21:29 - 2011-08-08 16:17 - 00174024 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-23 21:27 - 2012-05-23 21:27 - 00892360 ____A (Oracle Corporation) C:\Users\Daniel Luper\Downloads\chromeinstall-7u4.exe
2012-05-22 17:37 - 2012-05-22 17:37 - 00000983 ____A C:\Users\Public\Desktop\Origin.lnk
2012-05-19 18:54 - 2012-05-19 18:54 - 00002090 ____A C:\Users\Public\Desktop\The Sims™ 3.lnk
2012-05-19 18:33 - 2012-05-19 18:33 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_HP8207_8307_01009.Wdf
2012-05-08 09:11 - 2012-05-08 09:11 - 01425760 ____A (Impulse Point, LLC) C:\Users\Daniel Luper\Downloads\ServiceInstaller (4).exe
2012-05-05 05:59 - 2012-05-05 05:59 - 00102113 ____A C:\Users\Daniel Luper\Downloads\Relationship Module (1)
2012-05-04 03:06 - 2012-06-17 12:25 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-17 12:25 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-17 12:25 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe


ZeroAccess:
C:\Windows\Installer\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}
C:\Windows\Installer\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}\@
C:\Windows\Installer\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}\L
C:\Windows\Installer\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}\U
C:\Windows\Installer\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}\L\00000004.@
C:\Windows\Installer\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}\L\1afb2d56
C:\Windows\Installer\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}\L\201d3dde

ZeroAccess:
C:\Users\Daniel Luper\AppData\Local\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}
C:\Users\Daniel Luper\AppData\Local\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}\@
C:\Users\Daniel Luper\AppData\Local\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}\L
C:\Users\Daniel Luper\AppData\Local\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 5610.9 MB
Available physical RAM: 4811.54 MB
Total Pagefile: 5609.05 MB
Available Pagefile: 4795.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:581.21 GB) (Free:505.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:14.66 GB) (Free:1.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
4 Drive g: (Sims3) (CDROM) (Total:5.54 GB) (Free:0 GB) UDF
5 Drive h: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.69 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 581 GB 200 MB
Partition 3 Primary 14 GB 581 GB
Partition 4 Primary 103 MB 596 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 581 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3820 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H USB DISK FAT32 Removable 3820 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-20 16:56

======================= End Of Log ==========================

and Search:
Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-29 13:58:20
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Thanks.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 29 July 2012 - 01:15 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC\Desktop.ini 
C:\Windows\Installer\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}
C:\Users\Daniel Luper\AppData\Local\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Jaggedsblade

Jaggedsblade
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 29 July 2012 - 01:40 PM

after saving the list as fixlist.txt on the flash drive, I ran the FRST64 and "fixed," this is the log

Fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-29 14:37:38 Run:1
Running from H:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\assembly\GAC\Desktop.ini not found.
C:\Windows\Installer\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc} moved successfully.
C:\Users\Daniel Luper\AppData\Local\{bbee3ba2-89af-930c-bb78-1fb4e17db3cc} moved successfully.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 29 July 2012 - 02:05 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 01 August 2012 - 05:50 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Jaggedsblade

Jaggedsblade
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 02 August 2012 - 12:40 AM

Thank you for replying a second time, the two emails for your previous replies were grouped into one email so I didn't notice that you had replied. I turned off all programs including antivirus programs, but before combofix began running it told me that AVG 2012 antivirus/antispyware was running. I double-checked and made sure it was disabled, but combofix insisted that it was still there. I went ahead with combofix regardless.
Here is the log:

ComboFix 12-07-31.03 - Daniel Luper 08/01/2012 19:24:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.4028 [GMT -4:00]
Running from: c:\users\Daniel Luper\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\ReactivateIE.exe
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarBroker.exe
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\users\Daniel Luper\AppData\Local\TempDIR
c:\users\Daniel Luper\BITFFA.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-08-01 23:49 . 2012-08-01 23:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 21:56 . 2012-07-29 21:56 -------- d-----w- C:\FRST
2012-07-27 18:03 . 2012-07-27 18:03 -------- d-----w- c:\program files (x86)\Common Files\PLAV
2012-07-27 18:03 . 2012-07-27 18:03 -------- d-----w- c:\programdata\ParetoLogic
2012-07-27 18:03 . 2012-07-27 18:03 -------- d-----w- c:\program files (x86)\ParetoLogic
2012-07-27 18:03 . 2012-07-27 18:03 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2012-07-27 18:00 . 2012-07-27 18:00 -------- d-----w- c:\users\Daniel Luper\AppData\Local\ElevatedDiagnostics
2012-07-27 15:02 . 2012-07-27 15:02 -------- d-----w- C:\sh4ldr
2012-07-27 15:02 . 2012-07-27 15:02 110080 ----a-r- c:\users\Daniel Luper\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe
2012-07-27 15:02 . 2012-07-27 15:02 110080 ----a-r- c:\users\Daniel Luper\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconD7F16134.exe
2012-07-27 15:02 . 2012-07-27 15:02 110080 ----a-r- c:\users\Daniel Luper\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\Icon1226A4C5.exe
2012-07-27 15:02 . 2012-07-27 15:02 -------- d-----w- c:\program files\Enigma Software Group
2012-07-27 15:02 . 2012-07-27 15:02 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-27 15:02 . 2012-07-27 15:02 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-27 06:30 . 2012-07-27 06:30 -------- d-----w- c:\users\Daniel Luper\AppData\Roaming\Malwarebytes
2012-07-27 06:30 . 2012-07-27 06:30 -------- d-----w- c:\programdata\Malwarebytes
2012-07-27 06:30 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-27 06:30 . 2012-07-27 06:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-26 21:40 . 2012-07-26 23:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-26 21:40 . 2012-07-26 22:10 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-24 16:46 . 2012-07-24 16:46 -------- d-----w- c:\program files (x86)\IObit Toolbar
2012-07-16 08:13 . 2012-07-16 08:13 -------- d-----w- c:\users\Daniel Luper\AppData\Roaming\Tific
2012-07-16 08:13 . 2012-07-16 08:13 -------- d-----w- c:\users\Daniel Luper\AppData\Local\Symantec
2012-07-14 18:52 . 2012-07-14 18:52 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-11 18:30 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 07:00 . 2012-06-02 12:12 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-07-11 02:53 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-07 04:42 . 2012-07-07 04:42 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-07-07 04:42 . 2012-07-07 04:42 366592 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 07:01 . 2011-08-16 05:37 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 15:31 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 15:31 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 15:31 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 15:31 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 15:31 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 15:31 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 15:31 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 15:31 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 15:31 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-24 14:47 . 2011-12-21 20:11 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-04 11:06 . 2012-06-17 20:25 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-17 20:25 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-17 20:25 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-12 02:53 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FA3FEDF6-1A34-4076-9F25-A26A2DE6A401}]
2011-12-09 05:41 88576 ----a-w- c:\program files\RebateRobot\RebateRobot.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-12 2074208]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Daniel Luper\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Daniel Luper\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Daniel Luper\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-03-10 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-07-02 1022352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-12-01 75048]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-12 1107552]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Daniel Luper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Daniel Luper\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2011-7-20 296088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/12/01 09:45;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 ALSysIO;ALSysIO;c:\users\DANIEL~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-04-27 20336]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [2010-02-05 15360]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-02 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PLAVService;PLAVService;c:\program files (x86)\Common Files\PLAV\PLAVservice.exe [2012-02-07 601008]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-03-23 33184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-03-23 21328]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-03-04 78976]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-03-04 38528]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110929.001\BHDrvx64.sys [2011-09-29 1152632]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111007.030\IDSvia64.sys [2011-08-23 488568]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-08-09 27736]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-12-01 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-02 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-07-20 260424]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-06-01 821080]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 PfFilter;PfFilter;c:\program files (x86)\IObit\Protected Folder\pffilter.sys [2011-03-16 36792]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-12 935008]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-18 87168]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-02 9256960]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-02 300544]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-18 188544]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-25 337512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2599439575-1251536791-2059299188-1002Core.job
- c:\users\Daniel Luper\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-08 23:18]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2599439575-1251536791-2059299188-1002UA.job
- c:\users\Daniel Luper\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-08 23:18]
.
2012-07-26 c:\windows\Tasks\HPCeeScheduleForDaniel Luper.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-08-01 c:\windows\Tasks\HPCeeScheduleForDANIELS-LAPTOP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-07-27 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2012-07-27 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2012-06-27 21:07]
.
2012-08-02 c:\windows\Tasks\RGames Updater.job
- c:\users\Daniel Luper\AppData\Local\RivalGaming\Updater.exe [2012-05-29 03:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA3FEDF6-1A34-4076-9F25-A26A2DE6A401}]
2011-12-09 05:43 105472 ----a-w- c:\program files\RebateRobot\RebateRobot-x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Daniel Luper\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Daniel Luper\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Daniel Luper\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Daniel Luper\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-01 1128448]
"combofix"="c:\combofix\CF4622.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mhc.edu/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Daniel Luper\AppData\Roaming\Mozilla\Firefox\Profiles\qbszgshp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Facebook Update - c:\users\Daniel Luper\AppData\Local\Facebook\Update\FacebookUpdate.exe
Wow6432Node-HKLM-Run-SearchSettings - c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{0BDA0769-FD72-49F4-9266-E1FB004F4D8F}"=hex:51,66,7a,6c,4c,1d,38,12,07,04,c9,
0f,40,b3,9a,0c,ed,70,a2,bb,05,11,09,9b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,
81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FA3FEDF6-1A34-4076-9F25-A26A2DE6A401}"=hex:51,66,7a,6c,4c,1d,38,12,98,ee,2c,
fe,06,54,18,05,e0,33,e1,2a,28,b8,e0,15
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\Š(o*°(o*]
@="?o?o"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ĄZ=*h7*]
@="?=?7"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ˆvj*hvj*]
@="?j?j"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\SafeConnect\scManager.sys
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
.
**************************************************************************
.
Completion time: 2012-08-01 20:39:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-02 00:38
.
Pre-Run: 543,044,333,568 bytes free
Post-Run: 542,502,367,232 bytes free
.
- - End Of File - - 37F8D71D4D9B31EDCF54FE71604BDB88

Although at first it appeared that I was unable to access the internet, after I restarted everything appeared normal again. I am no longer receiving any warnings when I attempt to go to my gmail or facebook accounts, I'm no longer being forced to update tools such as Norton or Adobe, and I am no longer receiving any messages from AVG telling me that I have some kind of trojan. I believe that my computer has been sufficiently fixed. Is there anything else you think I should do?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 02 August 2012 - 09:38 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Jaggedsblade

Jaggedsblade
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 04 August 2012 - 11:02 AM

TDSSKiller log:

11:29:41.0043 1704 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:29:41.0418 1704 ============================================================
11:29:41.0418 1704 Current date / time: 2012/08/04 11:29:41.0418
11:29:41.0418 1704 SystemInfo:
11:29:41.0418 1704
11:29:41.0418 1704 OS Version: 6.1.7601 ServicePack: 1.0
11:29:41.0418 1704 Product type: Workstation
11:29:41.0418 1704 ComputerName: DANIELS-LAPTOP
11:29:41.0418 1704 UserName: Daniel Luper
11:29:41.0418 1704 Windows directory: C:\Windows
11:29:41.0418 1704 System windows directory: C:\Windows
11:29:41.0418 1704 Running under WOW64
11:29:41.0418 1704 Processor architecture: Intel x64
11:29:41.0418 1704 Number of processors: 4
11:29:41.0418 1704 Page size: 0x1000
11:29:41.0418 1704 Boot type: Normal boot
11:29:41.0418 1704 ============================================================
11:29:42.0359 1704 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:29:42.0374 1704 ============================================================
11:29:42.0374 1704 \Device\Harddisk0\DR0:
11:29:42.0374 1704 MBR partitions:
11:29:42.0374 1704 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:29:42.0374 1704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48A6C800
11:29:42.0374 1704 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48AD0800, BlocksNum 0x1D53800
11:29:42.0374 1704 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
11:29:42.0374 1704 ============================================================
11:29:42.0390 1704 C: <-> \Device\Harddisk0\DR0\Partition1
11:29:42.0452 1704 D: <-> \Device\Harddisk0\DR0\Partition2
11:29:42.0452 1704 F: <-> \Device\Harddisk0\DR0\Partition3
11:29:42.0452 1704 ============================================================
11:29:42.0452 1704 Initialize success
11:29:42.0452 1704 ============================================================
11:29:48.0444 5864 ============================================================
11:29:48.0444 5864 Scan started
11:29:48.0444 5864 Mode: Manual;
11:29:48.0444 5864 ============================================================
11:29:50.0503 5864 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:29:50.0519 5864 1394ohci - ok
11:29:50.0550 5864 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
11:29:50.0550 5864 Accelerometer - ok
11:29:50.0612 5864 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:29:50.0612 5864 ACPI - ok
11:29:50.0644 5864 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:29:50.0644 5864 AcpiPmi - ok
11:29:50.0706 5864 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
11:29:50.0722 5864 adp94xx - ok
11:29:50.0768 5864 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
11:29:50.0784 5864 adpahci - ok
11:29:50.0815 5864 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
11:29:50.0831 5864 adpu320 - ok
11:29:51.0002 5864 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
11:29:51.0018 5864 AdvancedSystemCareService5 - ok
11:29:51.0049 5864 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:29:51.0065 5864 AeLookupSvc - ok
11:29:51.0143 5864 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
11:29:51.0158 5864 AESTFilters - ok
11:29:51.0252 5864 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:29:51.0268 5864 AFD - ok
11:29:51.0299 5864 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:29:51.0299 5864 agp440 - ok
11:29:51.0330 5864 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:29:51.0330 5864 ALG - ok
11:29:51.0361 5864 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:29:51.0361 5864 aliide - ok
11:29:51.0439 5864 ALSysIO - ok
11:29:51.0486 5864 AMD External Events Utility (5580856001f78fecef19202a60334e7e) C:\Windows\system32\atiesrxx.exe
11:29:51.0486 5864 AMD External Events Utility - ok
11:29:51.0502 5864 AMD FUEL Service - ok
11:29:51.0517 5864 amdhub30 (30bfeee0dffd5bd79d29157cf080deed) C:\Windows\system32\DRIVERS\amdhub30.sys
11:29:51.0533 5864 amdhub30 - ok
11:29:51.0548 5864 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:29:51.0548 5864 amdide - ok
11:29:51.0564 5864 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
11:29:51.0564 5864 amdiox64 - ok
11:29:51.0595 5864 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
11:29:51.0595 5864 AmdK8 - ok
11:29:52.0391 5864 amdkmdag (69bc235b7983d67b8967ce634023ced1) C:\Windows\system32\DRIVERS\atikmdag.sys
11:29:52.0500 5864 amdkmdag - ok
11:29:52.0687 5864 amdkmdap (2a8496af669f282777f9e17d04d0aa22) C:\Windows\system32\DRIVERS\atikmpag.sys
11:29:52.0703 5864 amdkmdap - ok
11:29:52.0734 5864 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:29:52.0734 5864 AmdPPM - ok
11:29:52.0781 5864 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:29:52.0781 5864 amdsata - ok
11:29:52.0828 5864 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
11:29:52.0843 5864 amdsbs - ok
11:29:52.0859 5864 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:29:52.0859 5864 amdxata - ok
11:29:52.0906 5864 amdxhc (321533578132c811ec834a1b741c994c) C:\Windows\system32\DRIVERS\amdxhc.sys
11:29:52.0906 5864 amdxhc - ok
11:29:52.0921 5864 amd_sata (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\DRIVERS\amd_sata.sys
11:29:52.0921 5864 amd_sata - ok
11:29:52.0937 5864 amd_xata (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\DRIVERS\amd_xata.sys
11:29:52.0937 5864 amd_xata - ok
11:29:52.0968 5864 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:29:52.0968 5864 AppID - ok
11:29:53.0015 5864 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:29:53.0015 5864 AppIDSvc - ok
11:29:53.0030 5864 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:29:53.0030 5864 Appinfo - ok
11:29:53.0093 5864 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
11:29:53.0093 5864 arc - ok
11:29:53.0124 5864 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
11:29:53.0124 5864 arcsas - ok
11:29:53.0218 5864 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:29:53.0264 5864 aspnet_state - ok
11:29:53.0280 5864 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:29:53.0296 5864 AsyncMac - ok
11:29:53.0311 5864 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:29:53.0311 5864 atapi - ok
11:29:53.0358 5864 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
11:29:53.0358 5864 AtiHDAudioService - ok
11:29:53.0436 5864 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:29:53.0452 5864 AudioEndpointBuilder - ok
11:29:53.0467 5864 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:29:53.0467 5864 AudioSrv - ok
11:29:54.0013 5864 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
11:29:54.0060 5864 AVGIDSAgent - ok
11:29:54.0216 5864 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
11:29:54.0216 5864 AVGIDSDriver - ok
11:29:54.0247 5864 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
11:29:54.0247 5864 AVGIDSFilter - ok
11:29:54.0263 5864 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
11:29:54.0263 5864 AVGIDSHA - ok
11:29:54.0310 5864 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
11:29:54.0310 5864 Avgldx64 - ok
11:29:54.0341 5864 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
11:29:54.0341 5864 Avgmfx64 - ok
11:29:54.0356 5864 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
11:29:54.0356 5864 Avgrkx64 - ok
11:29:54.0419 5864 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
11:29:54.0419 5864 Avgtdia - ok
11:29:54.0528 5864 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
11:29:54.0528 5864 avgwd - ok
11:29:54.0559 5864 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:29:54.0559 5864 AxInstSV - ok
11:29:54.0637 5864 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
11:29:54.0653 5864 b06bdrv - ok
11:29:54.0700 5864 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:29:54.0700 5864 b57nd60a - ok
11:29:54.0746 5864 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
11:29:54.0762 5864 BBSvc - ok
11:29:55.0043 5864 BCM43XX (0e7a9264576b40638a3fbc804de1ff76) C:\Windows\system32\DRIVERS\bcmwl664.sys
11:29:55.0074 5864 BCM43XX - ok
11:29:55.0230 5864 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:29:55.0230 5864 BDESVC - ok
11:29:55.0277 5864 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:29:55.0277 5864 Beep - ok
11:29:55.0402 5864 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:29:55.0417 5864 BFE - ok
11:29:55.0630 5864 BHDrvx64 (9e064b36ac74fb81ad04e0074c17b6be) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20110929.001\BHDrvx64.sys
11:29:55.0643 5864 BHDrvx64 - ok
11:29:55.0769 5864 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
11:29:55.0773 5864 blbdrive - ok
11:29:55.0809 5864 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:29:55.0813 5864 bowser - ok
11:29:55.0846 5864 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
11:29:55.0850 5864 BrFiltLo - ok
11:29:55.0904 5864 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
11:29:55.0908 5864 BrFiltUp - ok
11:29:55.0961 5864 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:29:55.0967 5864 BridgeMP - ok
11:29:56.0037 5864 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:29:56.0043 5864 Browser - ok
11:29:56.0100 5864 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:29:56.0109 5864 Brserid - ok
11:29:56.0134 5864 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:29:56.0137 5864 BrSerWdm - ok
11:29:56.0169 5864 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:29:56.0172 5864 BrUsbMdm - ok
11:29:56.0193 5864 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:29:56.0196 5864 BrUsbSer - ok
11:29:56.0220 5864 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:29:56.0223 5864 BthEnum - ok
11:29:56.0245 5864 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
11:29:56.0249 5864 BTHMODEM - ok
11:29:56.0280 5864 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:29:56.0283 5864 BthPan - ok
11:29:56.0345 5864 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
11:29:56.0357 5864 BTHPORT - ok
11:29:56.0390 5864 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:29:56.0393 5864 bthserv - ok
11:29:56.0409 5864 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
11:29:56.0411 5864 BTHUSB - ok
11:29:56.0459 5864 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys
11:29:56.0465 5864 btwampfl - ok
11:29:56.0496 5864 btwaudio (a75bf6802a967f5aacecc3c67febdf55) C:\Windows\system32\drivers\btwaudio.sys
11:29:56.0499 5864 btwaudio - ok
11:29:56.0523 5864 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\drivers\btwavdt.sys
11:29:56.0527 5864 btwavdt - ok
11:29:56.0641 5864 btwdins (692f8648d7686d91e34a65ac698019d8) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:29:56.0657 5864 btwdins - ok
11:29:56.0678 5864 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
11:29:56.0681 5864 btwl2cap - ok
11:29:56.0694 5864 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\DRIVERS\btwrchid.sys
11:29:56.0709 5864 btwrchid - ok
11:29:56.0712 5864 catchme - ok
11:29:56.0737 5864 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:29:56.0740 5864 cdfs - ok
11:29:56.0775 5864 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:29:56.0779 5864 cdrom - ok
11:29:56.0812 5864 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:29:56.0815 5864 CertPropSvc - ok
11:29:56.0846 5864 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:29:56.0849 5864 circlass - ok
11:29:56.0889 5864 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:29:56.0894 5864 CLFS - ok
11:29:56.0998 5864 CLKMSVC10_38F51D56 (524dc3807cb1746225f9d26add19c319) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
11:29:57.0005 5864 CLKMSVC10_38F51D56 - ok
11:29:57.0062 5864 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:29:57.0067 5864 clr_optimization_v2.0.50727_32 - ok
11:29:57.0110 5864 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:29:57.0116 5864 clr_optimization_v2.0.50727_64 - ok
11:29:57.0191 5864 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:29:57.0290 5864 clr_optimization_v4.0.30319_32 - ok
11:29:57.0349 5864 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:29:57.0378 5864 clr_optimization_v4.0.30319_64 - ok
11:29:57.0491 5864 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
11:29:57.0496 5864 clwvd - ok
11:29:57.0529 5864 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
11:29:57.0533 5864 CmBatt - ok
11:29:57.0567 5864 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:29:57.0571 5864 cmdide - ok
11:29:57.0644 5864 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
11:29:57.0655 5864 CNG - ok
11:29:57.0681 5864 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
11:29:57.0684 5864 Compbatt - ok
11:29:57.0699 5864 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:29:57.0701 5864 CompositeBus - ok
11:29:57.0708 5864 COMSysApp - ok
11:29:57.0763 5864 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
11:29:57.0773 5864 crcdisk - ok
11:29:57.0911 5864 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
11:29:57.0918 5864 CryptSvc - ok
11:29:58.0082 5864 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:29:58.0093 5864 cvhsvc - ok
11:29:58.0112 5864 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
11:29:58.0114 5864 dc3d - ok
11:29:58.0188 5864 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:29:58.0196 5864 DcomLaunch - ok
11:29:58.0241 5864 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:29:58.0246 5864 defragsvc - ok
11:29:58.0270 5864 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:29:58.0273 5864 DfsC - ok
11:29:58.0316 5864 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:29:58.0321 5864 Dhcp - ok
11:29:58.0345 5864 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:29:58.0347 5864 discache - ok
11:29:58.0387 5864 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
11:29:58.0390 5864 Disk - ok
11:29:58.0427 5864 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:29:58.0431 5864 Dnscache - ok
11:29:58.0468 5864 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:29:58.0473 5864 dot3svc - ok
11:29:58.0505 5864 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:29:58.0509 5864 DPS - ok
11:29:58.0535 5864 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:29:58.0537 5864 drmkaud - ok
11:29:58.0628 5864 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:29:58.0644 5864 DXGKrnl - ok
11:29:58.0668 5864 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:29:58.0671 5864 EapHost - ok
11:29:58.0948 5864 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
11:29:58.0983 5864 ebdrv - ok
11:29:59.0086 5864 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:29:59.0096 5864 eeCtrl - ok
11:29:59.0216 5864 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:29:59.0223 5864 EFS - ok
11:29:59.0332 5864 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:29:59.0343 5864 ehRecvr - ok
11:29:59.0366 5864 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:29:59.0370 5864 ehSched - ok
11:29:59.0459 5864 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
11:29:59.0471 5864 elxstor - ok
11:29:59.0502 5864 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:29:59.0504 5864 ErrDev - ok
11:29:59.0601 5864 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:29:59.0610 5864 EventSystem - ok
11:29:59.0646 5864 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:29:59.0651 5864 exfat - ok
11:29:59.0659 5864 ezSharedSvc - ok
11:29:59.0692 5864 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:29:59.0697 5864 fastfat - ok
11:29:59.0762 5864 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:29:59.0775 5864 Fax - ok
11:29:59.0805 5864 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
11:29:59.0807 5864 fdc - ok
11:29:59.0827 5864 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:29:59.0830 5864 fdPHost - ok
11:29:59.0838 5864 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:29:59.0841 5864 FDResPub - ok
11:29:59.0862 5864 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:29:59.0865 5864 FileInfo - ok
11:29:59.0973 5864 FileMonitor (2b609f74fa2884c36471743322652a16) C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
11:29:59.0976 5864 FileMonitor - ok
11:30:00.0004 5864 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:30:00.0006 5864 Filetrace - ok
11:30:00.0033 5864 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
11:30:00.0036 5864 flpydisk - ok
11:30:00.0076 5864 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:30:00.0082 5864 FltMgr - ok
11:30:00.0202 5864 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:30:00.0216 5864 FontCache - ok
11:30:00.0261 5864 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:30:00.0263 5864 FontCache3.0.0.0 - ok
11:30:00.0363 5864 FPLService (0798b9b20cb43057aa8d122090fc9d8c) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
11:30:00.0371 5864 FPLService - ok
11:30:00.0479 5864 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:30:00.0482 5864 FsDepends - ok
11:30:00.0509 5864 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:30:00.0513 5864 Fs_Rec - ok
11:30:00.0550 5864 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:30:00.0555 5864 fvevol - ok
11:30:00.0596 5864 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
11:30:00.0601 5864 gagp30kx - ok
11:30:00.0663 5864 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
11:30:00.0670 5864 GamesAppService - ok
11:30:00.0755 5864 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:30:00.0770 5864 gpsvc - ok
11:30:00.0805 5864 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:30:00.0809 5864 hcw85cir - ok
11:30:00.0864 5864 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:30:00.0870 5864 HdAudAddService - ok
11:30:00.0895 5864 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:30:00.0898 5864 HDAudBus - ok
11:30:00.0921 5864 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
11:30:00.0924 5864 HidBatt - ok
11:30:00.0950 5864 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
11:30:00.0954 5864 HidBth - ok
11:30:00.0988 5864 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
11:30:00.0992 5864 HidIr - ok
11:30:01.0022 5864 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:30:01.0027 5864 hidserv - ok
11:30:01.0057 5864 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:30:01.0059 5864 HidUsb - ok
11:30:01.0101 5864 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:30:01.0106 5864 hkmsvc - ok
11:30:01.0140 5864 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:30:01.0146 5864 HomeGroupListener - ok
11:30:01.0174 5864 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:30:01.0180 5864 HomeGroupProvider - ok
11:30:01.0281 5864 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:30:01.0285 5864 HP Support Assistant Service - ok
11:30:01.0319 5864 HP8207_8307 (3015b37029ad15c67ebca5053c422f90) C:\Windows\system32\DRIVERS\HP8207_8307.sys
11:30:01.0321 5864 HP8207_8307 - ok
11:30:01.0439 5864 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
11:30:01.0449 5864 HPAuto - ok
11:30:01.0498 5864 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:30:01.0504 5864 HPClientSvc - ok
11:30:01.0657 5864 hpCMSrv (c5d2f308e1c12a5c328ef549696dbc05) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
11:30:01.0676 5864 hpCMSrv - ok
11:30:01.0729 5864 HPDrvMntSvc.exe (d17f9e527f01770bd04a9223bc40ec22) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:30:01.0732 5864 HPDrvMntSvc.exe - ok
11:30:01.0876 5864 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
11:30:01.0880 5864 hpdskflt - ok
11:30:01.0996 5864 hpqwmiex (0955c23c041451fb4e7099d6b2cf1c06) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:30:02.0008 5864 hpqwmiex - ok
11:30:02.0043 5864 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:30:02.0046 5864 HpSAMD - ok
11:30:02.0065 5864 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
11:30:02.0068 5864 hpsrv - ok
11:30:02.0109 5864 HPWMISVC (491ce9b6321fb74e4b37af2c47f98434) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
11:30:02.0111 5864 HPWMISVC - ok
11:30:02.0185 5864 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:30:02.0197 5864 HTTP - ok
11:30:02.0221 5864 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:30:02.0223 5864 hwpolicy - ok
11:30:02.0261 5864 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:30:02.0264 5864 i8042prt - ok
11:30:02.0324 5864 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:30:02.0333 5864 iaStorV - ok
11:30:02.0575 5864 IconMan_R (3a0ff117b4adc5abe4d968e26a337158) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
11:30:02.0590 5864 IconMan_R - ok
11:30:02.0729 5864 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:30:02.0743 5864 idsvc - ok
11:30:02.0865 5864 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111007.030\IDSvia64.sys
11:30:02.0876 5864 IDSVia64 - ok
11:30:02.0999 5864 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
11:30:03.0002 5864 iirsp - ok
11:30:03.0108 5864 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:30:03.0123 5864 IKEEXT - ok
11:30:03.0259 5864 IMFservice (491fb9e6c0bd1383884d64ea5b886ad8) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
11:30:03.0271 5864 IMFservice - ok
11:30:03.0413 5864 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:30:03.0416 5864 intelide - ok
11:30:03.0440 5864 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
11:30:03.0444 5864 intelppm - ok
11:30:03.0481 5864 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:30:03.0485 5864 IPBusEnum - ok
11:30:03.0512 5864 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:30:03.0515 5864 IpFilterDriver - ok
11:30:03.0615 5864 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:30:03.0626 5864 iphlpsvc - ok
11:30:03.0659 5864 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:30:03.0661 5864 IPMIDRV - ok
11:30:03.0683 5864 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:30:03.0686 5864 IPNAT - ok
11:30:03.0705 5864 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:30:03.0706 5864 IRENUM - ok
11:30:03.0723 5864 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:30:03.0725 5864 isapnp - ok
11:30:03.0779 5864 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:30:03.0805 5864 iScsiPrt - ok
11:30:03.0829 5864 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:30:03.0831 5864 kbdclass - ok
11:30:03.0853 5864 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:30:03.0855 5864 kbdhid - ok
11:30:03.0890 5864 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:30:03.0893 5864 KeyIso - ok
11:30:03.0993 5864 kl1 (524503240d2ba280d97e2297102151ce) C:\Windows\system32\DRIVERS\kl1.sys
11:30:04.0004 5864 kl1 - ok
11:30:04.0078 5864 KLIF (6ab7b4b65c5e201cb968dec20af10dcb) C:\Windows\system32\DRIVERS\klif.sys
11:30:04.0085 5864 KLIF - ok
11:30:04.0142 5864 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
11:30:04.0145 5864 KLIM6 - ok
11:30:04.0179 5864 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
11:30:04.0183 5864 KSecDD - ok
11:30:04.0217 5864 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
11:30:04.0222 5864 KSecPkg - ok
11:30:04.0258 5864 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:30:04.0261 5864 ksthunk - ok
11:30:04.0321 5864 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:30:04.0331 5864 KtmRm - ok
11:30:04.0380 5864 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:30:04.0387 5864 LanmanServer - ok
11:30:04.0418 5864 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:30:04.0423 5864 LanmanWorkstation - ok
11:30:04.0444 5864 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:30:04.0446 5864 lltdio - ok
11:30:04.0517 5864 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:30:04.0523 5864 lltdsvc - ok
11:30:04.0540 5864 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:30:04.0541 5864 lmhosts - ok
11:30:04.0573 5864 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
11:30:04.0573 5864 LSI_FC - ok
11:30:04.0619 5864 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
11:30:04.0619 5864 LSI_SAS - ok
11:30:04.0651 5864 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
11:30:04.0651 5864 LSI_SAS2 - ok
11:30:04.0666 5864 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
11:30:04.0666 5864 LSI_SCSI - ok
11:30:04.0697 5864 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:30:04.0697 5864 luafv - ok
11:30:04.0744 5864 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:30:04.0744 5864 Mcx2Svc - ok
11:30:04.0775 5864 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
11:30:04.0775 5864 megasas - ok
11:30:04.0807 5864 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
11:30:04.0822 5864 MegaSR - ok
11:30:04.0853 5864 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:30:04.0853 5864 MMCSS - ok
11:30:04.0885 5864 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:30:04.0885 5864 Modem - ok
11:30:04.0900 5864 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:30:04.0900 5864 monitor - ok
11:30:04.0931 5864 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:30:04.0947 5864 mouclass - ok
11:30:04.0963 5864 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:30:04.0963 5864 mouhid - ok
11:30:04.0978 5864 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:30:04.0978 5864 mountmgr - ok
11:30:05.0056 5864 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:30:05.0056 5864 MozillaMaintenance - ok
11:30:05.0103 5864 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:30:05.0119 5864 mpio - ok
11:30:05.0150 5864 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:30:05.0150 5864 mpsdrv - ok
11:30:05.0306 5864 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:30:05.0321 5864 MpsSvc - ok
11:30:05.0353 5864 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:30:05.0353 5864 MRxDAV - ok
11:30:05.0399 5864 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:30:05.0399 5864 mrxsmb - ok
11:30:05.0431 5864 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:30:05.0446 5864 mrxsmb10 - ok
11:30:05.0477 5864 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:30:05.0477 5864 mrxsmb20 - ok
11:30:05.0509 5864 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:30:05.0509 5864 msahci - ok
11:30:05.0540 5864 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:30:05.0555 5864 msdsm - ok
11:30:05.0587 5864 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:30:05.0587 5864 MSDTC - ok
11:30:05.0618 5864 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:30:05.0633 5864 Msfs - ok
11:30:05.0633 5864 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:30:05.0649 5864 mshidkmdf - ok
11:30:05.0665 5864 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:30:05.0665 5864 msisadrv - ok
11:30:05.0711 5864 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:30:05.0711 5864 MSiSCSI - ok
11:30:05.0727 5864 msiserver - ok
11:30:05.0743 5864 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:30:05.0743 5864 MSKSSRV - ok
11:30:05.0758 5864 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:30:05.0774 5864 MSPCLOCK - ok
11:30:05.0789 5864 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:30:05.0789 5864 MSPQM - ok
11:30:05.0836 5864 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:30:05.0836 5864 MsRPC - ok
11:30:05.0883 5864 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:30:05.0883 5864 mssmbios - ok
11:30:05.0883 5864 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:30:05.0883 5864 MSTEE - ok
11:30:05.0914 5864 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
11:30:05.0914 5864 MTConfig - ok
11:30:05.0951 5864 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:30:05.0954 5864 Mup - ok
11:30:06.0014 5864 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:30:06.0022 5864 napagent - ok
11:30:06.0067 5864 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:30:06.0072 5864 NativeWifiP - ok
11:30:06.0166 5864 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111006.032\ENG64.SYS
11:30:06.0172 5864 NAVENG - ok
11:30:06.0373 5864 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111006.032\EX64.SYS
11:30:06.0397 5864 NAVEX15 - ok
11:30:06.0610 5864 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:30:06.0626 5864 NDIS - ok
11:30:06.0648 5864 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:30:06.0650 5864 NdisCap - ok
11:30:06.0669 5864 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:30:06.0671 5864 NdisTapi - ok
11:30:06.0689 5864 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:30:06.0692 5864 Ndisuio - ok
11:30:06.0720 5864 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:30:06.0723 5864 NdisWan - ok
11:30:06.0745 5864 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:30:06.0747 5864 NDProxy - ok
11:30:06.0768 5864 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:30:06.0770 5864 NetBIOS - ok
11:30:06.0799 5864 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:30:06.0803 5864 NetBT - ok
11:30:06.0841 5864 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:30:06.0844 5864 Netlogon - ok
11:30:06.0904 5864 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:30:06.0912 5864 Netman - ok
11:30:06.0998 5864 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:30:07.0002 5864 NetMsmqActivator - ok
11:30:07.0017 5864 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:30:07.0017 5864 NetPipeActivator - ok
11:30:07.0080 5864 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:30:07.0080 5864 netprofm - ok
11:30:07.0095 5864 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:30:07.0095 5864 NetTcpActivator - ok
11:30:07.0111 5864 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:30:07.0111 5864 NetTcpPortSharing - ok
11:30:07.0158 5864 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
11:30:07.0158 5864 nfrd960 - ok
11:30:07.0267 5864 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
11:30:07.0267 5864 NIS - ok
11:30:07.0329 5864 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:30:07.0329 5864 NlaSvc - ok
11:30:07.0345 5864 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:30:07.0345 5864 Npfs - ok
11:30:07.0360 5864 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:30:07.0376 5864 nsi - ok
11:30:07.0376 5864 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:30:07.0376 5864 nsiproxy - ok
11:30:07.0548 5864 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:30:07.0563 5864 Ntfs - ok
11:30:07.0704 5864 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
11:30:07.0704 5864 NuidFltr - ok
11:30:07.0735 5864 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:30:07.0735 5864 Null - ok
11:30:07.0782 5864 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
11:30:07.0797 5864 NVENETFD - ok
11:30:07.0828 5864 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:30:07.0828 5864 nvraid - ok
11:30:07.0860 5864 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:30:07.0860 5864 nvstor - ok
11:30:07.0906 5864 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:30:07.0906 5864 nv_agp - ok
11:30:07.0938 5864 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:30:07.0938 5864 ohci1394 - ok
11:30:08.0016 5864 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:30:08.0016 5864 ose - ok
11:30:08.0484 5864 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:30:08.0546 5864 osppsvc - ok
11:30:08.0686 5864 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:30:08.0686 5864 p2pimsvc - ok
11:30:08.0749 5864 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:30:08.0764 5864 p2psvc - ok
11:30:08.0811 5864 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
11:30:08.0827 5864 Parport - ok
11:30:08.0858 5864 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:30:08.0858 5864 partmgr - ok
11:30:08.0889 5864 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:30:08.0889 5864 PcaSvc - ok
11:30:08.0936 5864 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:30:08.0936 5864 pci - ok
11:30:08.0967 5864 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:30:08.0967 5864 pciide - ok
11:30:09.0014 5864 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
11:30:09.0014 5864 pcmcia - ok
11:30:09.0030 5864 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:30:09.0030 5864 pcw - ok
11:30:09.0139 5864 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:30:09.0154 5864 PEAUTH - ok
11:30:09.0248 5864 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:30:09.0264 5864 PerfHost - ok
11:30:09.0388 5864 PfFilter (4ddd6ecd65e4a4b3c3e0a0d9643b5dca) C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys
11:30:09.0388 5864 PfFilter - ok
11:30:09.0544 5864 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:30:09.0560 5864 pla - ok
11:30:09.0716 5864 PLAVService (43d214b7e6bc6c84a4e33e353d488caa) C:\Program Files (x86)\Common Files\PLAV\PLAVservice.exe
11:30:09.0732 5864 PLAVService - ok
11:30:09.0888 5864 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:30:09.0903 5864 PlugPlay - ok
11:30:09.0966 5864 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:30:09.0981 5864 PNRPAutoReg - ok
11:30:10.0028 5864 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:30:10.0044 5864 PNRPsvc - ok
11:30:10.0106 5864 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:30:10.0122 5864 PolicyAgent - ok
11:30:10.0168 5864 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:30:10.0168 5864 Power - ok
11:30:10.0215 5864 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:30:10.0215 5864 PptpMiniport - ok
11:30:10.0246 5864 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
11:30:10.0246 5864 Processor - ok
11:30:10.0293 5864 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
11:30:10.0293 5864 ProfSvc - ok
11:30:10.0340 5864 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:30:10.0340 5864 ProtectedStorage - ok
11:30:10.0356 5864 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:30:10.0356 5864 Psched - ok
11:30:10.0496 5864 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
11:30:10.0512 5864 ql2300 - ok
11:30:10.0652 5864 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
11:30:10.0652 5864 ql40xx - ok
11:30:10.0699 5864 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:30:10.0714 5864 QWAVE - ok
11:30:10.0730 5864 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:30:10.0746 5864 QWAVEdrv - ok
11:30:10.0761 5864 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:30:10.0761 5864 RasAcd - ok
11:30:10.0792 5864 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:30:10.0792 5864 RasAgileVpn - ok
11:30:10.0824 5864 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:30:10.0824 5864 RasAuto - ok
11:30:10.0855 5864 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:30:10.0855 5864 Rasl2tp - ok
11:30:10.0886 5864 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:30:10.0902 5864 RasMan - ok
11:30:10.0917 5864 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:30:10.0933 5864 RasPppoe - ok
11:30:10.0948 5864 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:30:10.0948 5864 RasSstp - ok
11:30:10.0995 5864 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:30:10.0995 5864 rdbss - ok
11:30:11.0026 5864 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
11:30:11.0026 5864 rdpbus - ok
11:30:11.0058 5864 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:30:11.0058 5864 RDPCDD - ok
11:30:11.0089 5864 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:30:11.0089 5864 RDPENCDD - ok
11:30:11.0104 5864 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:30:11.0104 5864 RDPREFMP - ok
11:30:11.0151 5864 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:30:11.0151 5864 RDPWD - ok
11:30:11.0198 5864 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:30:11.0198 5864 rdyboost - ok
11:30:11.0323 5864 RegFilter (8ccf1201a14d5ad7568e192b835abb7e) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys
11:30:11.0323 5864 RegFilter - ok
11:30:11.0401 5864 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:30:11.0401 5864 RemoteAccess - ok
11:30:11.0448 5864 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:30:11.0448 5864 RemoteRegistry - ok
11:30:11.0494 5864 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:30:11.0494 5864 RFCOMM - ok
11:30:11.0588 5864 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
11:30:11.0588 5864 RoxioNow Service - ok
11:30:11.0635 5864 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:30:11.0635 5864 RpcEptMapper - ok
11:30:11.0666 5864 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:30:11.0666 5864 RpcLocator - ok
11:30:11.0728 5864 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:30:11.0744 5864 RpcSs - ok
11:30:11.0791 5864 RSPCIESTOR (9d21618e7a3b2c75cf1a2ecbbe723730) C:\Windows\system32\DRIVERS\RtsPStor.sys
11:30:11.0806 5864 RSPCIESTOR - ok
11:30:11.0838 5864 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:30:11.0838 5864 rspndr - ok
11:30:11.0884 5864 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:30:11.0884 5864 RTL8167 - ok
11:30:11.0931 5864 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:30:11.0931 5864 SamSs - ok
11:30:11.0978 5864 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:30:11.0978 5864 sbp2port - ok
11:30:12.0056 5864 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:30:12.0072 5864 SCardSvr - ok
11:30:12.0087 5864 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:30:12.0087 5864 scfilter - ok
11:30:12.0196 5864 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:30:12.0212 5864 Schedule - ok
11:30:12.0259 5864 SCManager - ok
11:30:12.0321 5864 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:30:12.0321 5864 SCPolicySvc - ok
11:30:12.0352 5864 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
11:30:12.0368 5864 sdbus - ok
11:30:12.0399 5864 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:30:12.0399 5864 SDRSVC - ok
11:30:12.0462 5864 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
11:30:12.0462 5864 SeaPort - ok
11:30:12.0493 5864 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:30:12.0493 5864 secdrv - ok
11:30:12.0508 5864 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:30:12.0508 5864 seclogon - ok
11:30:12.0524 5864 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:30:12.0540 5864 SENS - ok
11:30:12.0540 5864 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:30:12.0555 5864 SensrSvc - ok
11:30:12.0571 5864 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
11:30:12.0586 5864 Serenum - ok
11:30:12.0602 5864 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
11:30:12.0618 5864 Serial - ok
11:30:12.0649 5864 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
11:30:12.0649 5864 sermouse - ok
11:30:12.0696 5864 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:30:12.0711 5864 SessionEnv - ok
11:30:12.0742 5864 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:30:12.0742 5864 sffdisk - ok
11:30:12.0758 5864 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:30:12.0758 5864 sffp_mmc - ok
11:30:12.0774 5864 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:30:12.0789 5864 sffp_sd - ok
11:30:12.0805 5864 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
11:30:12.0805 5864 sfloppy - ok
11:30:12.0898 5864 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
11:30:12.0898 5864 Sftfs - ok
11:30:13.0023 5864 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
11:30:13.0039 5864 sftlist - ok
11:30:13.0086 5864 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
11:30:13.0086 5864 Sftplay - ok
11:30:13.0101 5864 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
11:30:13.0101 5864 Sftredir - ok
11:30:13.0132 5864 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
11:30:13.0132 5864 Sftvol - ok
11:30:13.0164 5864 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
11:30:13.0164 5864 sftvsa - ok
11:30:13.0288 5864 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:30:13.0304 5864 SharedAccess - ok
11:30:13.0366 5864 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:30:13.0366 5864 ShellHWDetection - ok
11:30:13.0398 5864 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
11:30:13.0398 5864 SiSRaid2 - ok
11:30:13.0444 5864 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
11:30:13.0444 5864 SiSRaid4 - ok
11:30:13.0522 5864 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
11:30:13.0522 5864 SkypeUpdate - ok
11:30:13.0569 5864 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\Windows\system32\Drivers\SmartDefragDriver.sys
11:30:13.0569 5864 SmartDefragDriver - ok
11:30:13.0600 5864 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:30:13.0616 5864 Smb - ok
11:30:13.0694 5864 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:30:13.0694 5864 SNMPTRAP - ok
11:30:13.0741 5864 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:30:13.0756 5864 spldr - ok
11:30:13.0819 5864 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:30:13.0834 5864 Spooler - ok
11:30:14.0131 5864 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:30:14.0178 5864 sppsvc - ok
11:30:14.0302 5864 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:30:14.0318 5864 sppuinotify - ok
11:30:14.0505 5864 SpyHunter 4 Service (cef26d36cf0c8a2ae6aac27767070308) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
11:30:14.0521 5864 SpyHunter 4 Service - ok
11:30:14.0661 5864 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
11:30:14.0677 5864 SRTSP - ok
11:30:14.0692 5864 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
11:30:14.0708 5864 SRTSPX - ok
11:30:14.0770 5864 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:30:14.0770 5864 srv - ok
11:30:14.0833 5864 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:30:14.0833 5864 srv2 - ok
11:30:14.0926 5864 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:30:14.0942 5864 SrvHsfHDA - ok
11:30:15.0082 5864 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:30:15.0098 5864 SrvHsfV92 - ok
11:30:15.0285 5864 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:30:15.0301 5864 SrvHsfWinac - ok
11:30:15.0348 5864 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:30:15.0348 5864 srvnet - ok
11:30:15.0410 5864 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:30:15.0426 5864 SSDPSRV - ok
11:30:15.0457 5864 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:30:15.0472 5864 SstpSvc - ok
11:30:15.0582 5864 STacSV (20e27aa5bcc01c2149830c05fe22f675) C:\Program Files\IDT\WDM\STacSV64.exe
11:30:15.0597 5864 STacSV - ok
11:30:15.0644 5864 Steam Client Service - ok
11:30:15.0691 5864 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
11:30:15.0691 5864 stexstor - ok
11:30:15.0753 5864 STHDA (beb37ce4e7456f5efa52d783d1e06d8c) C:\Windows\system32\DRIVERS\stwrt64.sys
11:30:15.0769 5864 STHDA - ok
11:30:15.0847 5864 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:30:15.0862 5864 stisvc - ok
11:30:15.0894 5864 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:30:15.0894 5864 swenum - ok
11:30:15.0956 5864 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:30:15.0972 5864 swprv - ok
11:30:16.0081 5864 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
11:30:16.0096 5864 SymDS - ok
11:30:16.0174 5864 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
11:30:16.0190 5864 SymEFA - ok
11:30:16.0237 5864 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:30:16.0237 5864 SymEvent - ok
11:30:16.0284 5864 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
11:30:16.0284 5864 SymIRON - ok
11:30:16.0346 5864 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
11:30:16.0346 5864 SymNetS - ok
11:30:16.0502 5864 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
11:30:16.0518 5864 SynTP - ok
11:30:16.0830 5864 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:30:16.0845 5864 SysMain - ok
11:30:16.0939 5864 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:30:16.0939 5864 TabletInputService - ok
11:30:17.0001 5864 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:30:17.0001 5864 TapiSrv - ok
11:30:17.0032 5864 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:30:17.0032 5864 TBS - ok
11:30:17.0235 5864 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:30:17.0266 5864 Tcpip - ok
11:30:17.0532 5864 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:30:17.0547 5864 TCPIP6 - ok
11:30:17.0656 5864 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:30:17.0656 5864 tcpipreg - ok
11:30:17.0703 5864 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:30:17.0703 5864 TDPIPE - ok
11:30:17.0750 5864 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:30:17.0750 5864 TDTCP - ok
11:30:17.0781 5864 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:30:17.0781 5864 tdx - ok
11:30:17.0812 5864 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:30:17.0812 5864 TermDD - ok
11:30:17.0906 5864 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:30:17.0922 5864 TermService - ok
11:30:17.0953 5864 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:30:17.0953 5864 Themes - ok
11:30:17.0984 5864 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:30:17.0984 5864 THREADORDER - ok
11:30:18.0015 5864 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:30:18.0015 5864 TrkWks - ok
11:30:18.0078 5864 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:30:18.0078 5864 TrustedInstaller - ok
11:30:18.0140 5864 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:30:18.0140 5864 tssecsrv - ok
11:30:18.0171 5864 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:30:18.0171 5864 TsUsbFlt - ok
11:30:18.0202 5864 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
11:30:18.0218 5864 TsUsbGD - ok
11:30:18.0234 5864 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:30:18.0234 5864 tunnel - ok
11:30:18.0265 5864 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
11:30:18.0280 5864 uagp35 - ok
11:30:18.0312 5864 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:30:18.0327 5864 udfs - ok
11:30:18.0390 5864 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:30:18.0390 5864 UI0Detect - ok
11:30:18.0421 5864 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:30:18.0421 5864 uliagpkx - ok
11:30:18.0452 5864 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:30:18.0468 5864 umbus - ok
11:30:18.0483 5864 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
11:30:18.0483 5864 UmPass - ok
11:30:18.0530 5864 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:30:18.0546 5864 upnphost - ok
11:30:18.0624 5864 UrlFilter (1aa6ca6b150f85f07804cba5f814d9b2) C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys
11:30:18.0624 5864 UrlFilter - ok
11:30:18.0686 5864 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:30:18.0686 5864 usbccgp - ok
11:30:18.0733 5864 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:30:18.0733 5864 usbcir - ok
11:30:18.0764 5864 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:30:18.0764 5864 usbehci - ok
11:30:18.0795 5864 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\Windows\system32\DRIVERS\usbfilter.sys
11:30:18.0795 5864 usbfilter - ok
11:30:18.0842 5864 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:30:18.0842 5864 usbhub - ok
11:30:18.0873 5864 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:30:18.0873 5864 usbohci - ok
11:30:18.0904 5864 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
11:30:18.0920 5864 usbprint - ok
11:30:18.0936 5864 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:30:18.0936 5864 USBSTOR - ok
11:30:18.0967 5864 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:30:18.0967 5864 usbuhci - ok
11:30:19.0014 5864 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
11:30:19.0014 5864 usbvideo - ok
11:30:19.0045 5864 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:30:19.0060 5864 UxSms - ok
11:30:19.0092 5864 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:30:19.0092 5864 VaultSvc - ok
11:30:19.0123 5864 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:30:19.0123 5864 vdrvroot - ok
11:30:19.0185 5864 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:30:19.0201 5864 vds - ok
11:30:19.0232 5864 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:30:19.0232 5864 vga - ok
11:30:19.0263 5864 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:30:19.0263 5864 VgaSave - ok
11:30:19.0310 5864 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:30:19.0310 5864 vhdmp - ok
11:30:19.0326 5864 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:30:19.0341 5864 viaide - ok
11:30:19.0372 5864 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:30:19.0372 5864 volmgr - ok
11:30:19.0419 5864 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:30:19.0419 5864 volmgrx - ok
11:30:19.0482 5864 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:30:19.0482 5864 volsnap - ok
11:30:19.0513 5864 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
11:30:19.0528 5864 vsmraid - ok
11:30:19.0716 5864 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:30:19.0731 5864 VSS - ok
11:30:19.0918 5864 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
11:30:19.0934 5864 vToolbarUpdater11.2.0 - ok
11:30:20.0074 5864 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:30:20.0074 5864 vwifibus - ok
11:30:20.0106 5864 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:30:20.0121 5864 vwififlt - ok
11:30:20.0168 5864 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:30:20.0168 5864 vwifimp - ok
11:30:20.0246 5864 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:30:20.0246 5864 W32Time - ok
11:30:20.0293 5864 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
11:30:20.0308 5864 WacomPen - ok
11:30:20.0324 5864 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:30:20.0340 5864 WANARP - ok
11:30:20.0340 5864 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:30:20.0340 5864 Wanarpv6 - ok
11:30:20.0496 5864 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:30:20.0511 5864 WatAdminSvc - ok
11:30:20.0652 5864 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:30:20.0667 5864 wbengine - ok
11:30:20.0808 5864 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:30:20.0823 5864 WbioSrvc - ok
11:30:20.0870 5864 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:30:20.0870 5864 wcncsvc - ok
11:30:20.0886 5864 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:30:20.0901 5864 WcsPlugInService - ok
11:30:20.0948 5864 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
11:30:20.0948 5864 Wd - ok
11:30:21.0057 5864 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:30:21.0073 5864 Wdf01000 - ok
11:30:21.0104 5864 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:30:21.0104 5864 WdiServiceHost - ok
11:30:21.0120 5864 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:30:21.0120 5864 WdiSystemHost - ok
11:30:21.0166 5864 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:30:21.0166 5864 WebClient - ok
11:30:21.0229 5864 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:30:21.0229 5864 Wecsvc - ok
11:30:21.0260 5864 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:30:21.0260 5864 wercplsupport - ok
11:30:21.0291 5864 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:30:21.0291 5864 WerSvc - ok
11:30:21.0338 5864 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:30:21.0338 5864 WfpLwf - ok
11:30:21.0385 5864 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:30:21.0385 5864 WIMMount - ok
11:30:21.0478 5864 WinDefend - ok
11:30:21.0525 5864 WinHttpAutoProxySvc - ok
11:30:21.0603 5864 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:30:21.0603 5864 Winmgmt - ok
11:30:21.0806 5864 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:30:21.0837 5864 WinRM - ok
11:30:22.0009 5864 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
11:30:22.0024 5864 WinUsb - ok
11:30:22.0118 5864 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:30:22.0134 5864 Wlansvc - ok
11:30:22.0196 5864 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:30:22.0212 5864 wlcrasvc - ok
11:30:22.0446 5864 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:30:22.0461 5864 wlidsvc - ok
11:30:22.0586 5864 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:30:22.0586 5864 WmiAcpi - ok
11:30:22.0664 5864 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:30:22.0664 5864 wmiApSrv - ok
11:30:22.0711 5864 WMPNetworkSvc - ok
11:30:22.0758 5864 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:30:22.0758 5864 WPCSvc - ok
11:30:22.0789 5864 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:30:22.0789 5864 WPDBusEnum - ok
11:30:22.0820 5864 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:30:22.0820 5864 ws2ifsl - ok
11:30:22.0867 5864 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:30:22.0882 5864 wscsvc - ok
11:30:22.0898 5864 WSearch - ok
11:30:23.0143 5864 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:30:23.0175 5864 wuauserv - ok
11:30:23.0312 5864 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:30:23.0317 5864 WudfPf - ok
11:30:23.0362 5864 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:30:23.0365 5864 WUDFRd - ok
11:30:23.0402 5864 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:30:23.0407 5864 wudfsvc - ok
11:30:23.0447 5864 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:30:23.0454 5864 WwanSvc - ok
11:30:23.0546 5864 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
11:30:23.0551 5864 xusb21 - ok
11:30:23.0627 5864 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:30:23.0957 5864 \Device\Harddisk0\DR0 - ok
11:30:23.0964 5864 Boot (0x1200) (377a020f84d9a597286e2233fef618e1) \Device\Harddisk0\DR0\Partition0
11:30:23.0967 5864 \Device\Harddisk0\DR0\Partition0 - ok
A11:30:23.0984 5864 Boot (0x1200) (6d90f84890fd52d76e9e88fa2c060647) \Device\Harddisk0\DR0\Partition1
11:30:23.0987 5864 \Device\Harddisk0\DR0\Partition1 - ok
11:30:24.0018 5864 Boot (0x1200) (7b01b4f33d4df6be307e5fb0ec719be5) \Device\Harddisk0\DR0\Partition2
11:30:24.0020 5864 \Device\Harddisk0\DR0\Partition2 - ok
11:30:24.0034 5864 Boot (0x1200) (0a44af9cf1d60beb8c31901a86ca0760) \Device\Harddisk0\DR0\Partition3
11:30:24.0036 5864 \Device\Harddisk0\DR0\Partition3 - ok
11:30:24.0036 5864 ============================================================
11:30:24.0036 5864 Scan finished
11:30:24.0036 5864 ============================================================
11:30:24.0052 6524 Detected object count: 0
11:30:24.0052 6524 Actual detected object count: 0
11:32:49.0980 8184 Deinitialize success

aswMBR log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-04 11:32:54
-----------------------------
11:32:54.902 OS Version: Windows x64 6.1.7601 Service Pack 1
11:32:54.902 Number of processors: 4 586 0x100
11:32:54.918 ComputerName: DANIELS-LAPTOP UserName: Daniel Luper
11:32:56.556 Initialize success
11:34:58.656 AVAST engine defs: 12080400
11:36:07.785 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007d
11:36:07.785 Disk 0 Vendor: TOSHIBA_ MH00 Size: 610480MB BusType: 11
11:36:07.801 Disk 0 MBR read successfully
11:36:07.801 Disk 0 MBR scan
11:36:07.817 Disk 0 Windows 7 default MBR code
11:36:07.832 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
11:36:07.848 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595161 MB offset 409600
11:36:07.879 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15015 MB offset 1219299328
11:36:07.895 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
11:36:07.941 Disk 0 scanning C:\Windows\system32\drivers
11:36:19.364 Service scanning
11:36:52.579 Modules scanning
11:36:52.595 Disk 0 trace - called modules:
11:36:52.642 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
11:36:52.642 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800623a790]
11:36:52.657 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa8006130b10]
11:36:52.657 5 hpdskflt.sys[fffff88001db3189] -> nt!IofCallDriver -> [0xfffffa8005c8a040]
11:36:52.673 7 amd_xata.sys[fffff880011558f7] -> nt!IofCallDriver -> \Device\0000007d[0xfffffa8005c7e060]
11:36:54.467 AVAST engine scan C:\Windows
11:36:59.461 AVAST engine scan C:\Windows\system32
11:41:03.622 AVAST engine scan C:\Windows\system32\drivers
11:41:33.717 AVAST engine scan C:\Users\Daniel Luper
11:46:04.835 AVAST engine scan C:\ProgramData
11:49:23.626 Scan finished successfully
12:01:10.050 Disk 0 MBR has been saved successfully to "C:\Users\Daniel Luper\Desktop\MBR.dat"
12:01:10.056 The log file has been saved successfully to "C:\Users\Daniel Luper\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 04 August 2012 - 03:10 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\uTorrentControl2
c:\program files (x86)\Common Files\Spigot
c:\program files (x86)\StartNow Toolbar

Firefox::
FF - ProfilePath - c:\users\Daniel Luper\AppData\Roaming\Mozilla\Firefox\Profiles\qbszgshp.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 06 August 2012 - 11:18 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Jaggedsblade

Jaggedsblade
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 09 August 2012 - 02:29 AM

hey, sorry I've been extremely busy with work and other things. I'll try to send you the information as soon as I can. Hopefully I'll be able to send it tomorrow. Thanks for all your help

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 09 August 2012 - 08:59 AM

No problem - just glad I have not lost you yet



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 PM

Posted 12 August 2012 - 12:10 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users