Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

virus.win32.sirefef.r(v) + Google redirect


  • This topic is locked This topic is locked
18 replies to this topic

#1 Arlo1234

Arlo1234

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 30 July 2012 - 08:22 PM

Hi,

I'm running Windows 7 (64 Bit) and according to my Ad-Aware scans, I'm infected with "virus.win32.sirefe.r (v)"

I've only tried removing the virus with Ad-Aware but I've been unsuccessful. Ad-Aware picks up lot of other viruses every time I do a full scan and can remove those, but it can't remove or even quarantine the virus.win32.sirefe.r(v)

I've also been having random Google redirects for over 2 weeks now.

Any help would be greatly appreciated.

Edited by Arlo1234, 31 July 2012 - 06:37 AM.


BC AdBot (Login to Remove)

 


#2 Arlo1234

Arlo1234
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 31 July 2012 - 05:54 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Noronha at 6:49:53 on 2012-07-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5880.4216 [GMT -4:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Noronha\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bigseekpro.com/solidyoutube/{05AA8108-66A6-42E4-8066-92C018C49950}
uSearch Page =
uSearch Bar =
mStart Page = hxxp://www.bigseekpro.com/solidyoutube/{05AA8108-66A6-42E4-8066-92C018C49950}
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C3ED939E-67C6-4C3A-98B9-87FBA63EA90C} : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Noronha\AppData\Roaming\Mozilla\Firefox\Profiles\3vdbn8io.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bleepingcomputer.com/forums/topic463169.html
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-5-3 1226096]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-9-19 122880]
R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-10-26 101112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-2 136176]
S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-6-24 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-2 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 sbwtis;sbwtis;C:\Windows\system32\DRIVERS\sbwtis.sys --> C:\Windows\system32\DRIVERS\sbwtis.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-31 10:39:05 -------- d-----w- C:\Users\Noronha\AppData\Local\{6A80EAD1-7136-434B-9FC8-D6FD62F0D0E9}
2012-07-31 10:38:52 -------- d-----w- C:\Users\Noronha\AppData\Local\{27F197E5-4A0B-48CD-9BC1-4615C6882533}
2012-07-30 22:00:58 -------- d-----w- C:\Users\Noronha\AppData\Local\{72693F88-137B-4258-8D40-99EABFDA322E}
2012-07-30 10:00:26 -------- d-----w- C:\Users\Noronha\AppData\Local\{4A2A1132-1BB2-4569-8B96-D7F5F4273390}
2012-07-30 10:00:17 -------- d-----w- C:\Users\Noronha\AppData\Local\{D7EF036E-C035-4C72-A7FC-80E606A88CC4}
2012-07-29 11:38:31 -------- d-----w- C:\Users\Noronha\AppData\Local\{05870FE9-85E4-4827-B535-C49D87651B73}
2012-07-28 23:37:57 -------- d-----w- C:\Users\Noronha\AppData\Local\{1E65DB88-C0E5-4592-8C37-B82C220016AF}
2012-07-28 11:37:23 -------- d-----w- C:\Users\Noronha\AppData\Local\{898B701A-5D11-4CA1-A9BD-6D758609C1DA}
2012-07-28 11:37:02 -------- d-----w- C:\Users\Noronha\AppData\Local\{7E9D53C7-8390-4B2F-974B-8CA79DF9B1CA}
2012-07-27 23:36:37 -------- d-----w- C:\Users\Noronha\AppData\Local\{33331DE8-8739-4551-BAEB-4D295FE7F068}
2012-07-27 11:36:02 -------- d-----w- C:\Users\Noronha\AppData\Local\{1D1A9D06-A786-4757-A2BE-18A56F80B601}
2012-07-27 11:35:41 -------- d-----w- C:\Users\Noronha\AppData\Local\{604E6AEA-0554-4CBE-9FBA-E4ABD6325302}
2012-07-27 10:39:16 -------- d-----w- C:\Program Files\CCleaner
2012-07-26 23:35:06 -------- d-----w- C:\Users\Noronha\AppData\Local\{8B3FBC88-23F3-454B-AD40-B914488316B6}
2012-07-26 23:34:56 -------- d-----w- C:\Users\Noronha\AppData\Local\{0B224102-D09E-4EF9-8A24-F549D5214712}
2012-07-26 11:34:32 -------- d-----w- C:\Users\Noronha\AppData\Local\{8ADAA1B2-3A5C-4483-ABD4-FB2099664105}
2012-07-26 11:34:11 -------- d-----w- C:\Users\Noronha\AppData\Local\{3A611147-B459-4D0E-879F-7347473088C2}
2012-07-25 23:33:46 -------- d-----w- C:\Users\Noronha\AppData\Local\{887A9BD2-4DDF-4E54-97FA-273BC5EA4C11}
2012-07-25 23:33:37 -------- d-----w- C:\Users\Noronha\AppData\Local\{F1FA8034-1D22-488F-8EDE-404CF2959DBA}
2012-07-25 11:33:13 -------- d-----w- C:\Users\Noronha\AppData\Local\{AA97B715-F6AE-4705-8EA0-C100486E1FFC}
2012-07-25 11:32:52 -------- d-----w- C:\Users\Noronha\AppData\Local\{A1BDD463-0E12-4086-B28D-6CFD03D41761}
2012-07-24 23:32:24 -------- d-----w- C:\Users\Noronha\AppData\Local\{CFC6782E-4DB4-466F-BC9F-D739DABF4052}
2012-07-24 23:32:07 -------- d-----w- C:\Users\Noronha\AppData\Local\{19E1D375-9450-4A50-85DE-260414CAD8CC}
2012-07-24 11:08:35 -------- d-----w- C:\Users\Noronha\AppData\Local\{32559CD4-DB96-468A-89C2-3919E3F2A4B1}
2012-07-24 11:08:14 -------- d-----w- C:\Users\Noronha\AppData\Local\{659EAD53-3F12-46A1-BFBE-D6622A9839E9}
2012-07-23 23:07:41 -------- d-----w- C:\Users\Noronha\AppData\Local\{40086883-871E-4D99-902B-ADFC0FE2D760}
2012-07-23 11:07:07 -------- d-----w- C:\Users\Noronha\AppData\Local\{B4697CAD-69DB-4EE5-AC6A-B9AE73011225}
2012-07-22 23:06:33 -------- d-----w- C:\Users\Noronha\AppData\Local\{FFA11455-F4C5-4168-9897-0DD49931FC1A}
2012-07-22 11:05:59 -------- d-----w- C:\Users\Noronha\AppData\Local\{4FF98E5C-3E11-4CED-BCA3-D94B7FAF010D}
2012-07-22 11:05:39 -------- d-----w- C:\Users\Noronha\AppData\Local\{36431BF4-6603-414E-8EF8-02E081CCC9A2}
2012-07-21 23:05:13 -------- d-----w- C:\Users\Noronha\AppData\Local\{1C8DB6BA-4435-4C64-8D0E-A25F02E510D2}
2012-07-21 11:04:39 -------- d-----w- C:\Users\Noronha\AppData\Local\{E8A38D84-6EA6-45A9-9E01-39E26A43E4C9}
2012-07-20 23:04:06 -------- d-----w- C:\Users\Noronha\AppData\Local\{2EDCD0DF-CAAB-4D9D-A3F8-9238722E52C5}
2012-07-20 23:03:44 -------- d-----w- C:\Users\Noronha\AppData\Local\{AD5D2354-0FED-4F18-928A-AB82D8D473D5}
2012-07-20 12:08:34 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-20 12:07:55 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-20 11:03:17 -------- d-----w- C:\Users\Noronha\AppData\Local\{BB256098-4888-4301-B93B-C91E71398C0E}
2012-07-20 11:02:56 -------- d-----w- C:\Users\Noronha\AppData\Local\{C564693C-D3D4-4DAC-8E65-4B9C1E5504EA}
2012-07-19 23:02:27 -------- d-----w- C:\Users\Noronha\AppData\Local\{8AC97527-E3FA-4026-82BF-6421988C16C1}
2012-07-19 23:02:03 -------- d-----w- C:\Users\Noronha\AppData\Local\{6D67397D-7701-4B58-AE0C-33AE0696C80E}
2012-07-19 21:26:54 -------- d-----w- C:\Users\Noronha\AppData\Local\{4A161042-4302-4FD4-ACC6-7A52403CD413}
2012-07-19 17:48:43 -------- d-----w- C:\Users\Noronha\AppData\Local\{06CF26CD-1286-4965-B73A-6B495D5C419F}
2012-07-19 12:41:03 -------- d-----w- C:\Users\Noronha\AppData\Local\{6D7ECFA2-08B9-482B-8751-42FE389D9DC5}
2012-07-18 23:37:44 -------- d-----w- C:\Users\Noronha\AppData\Local\{5AC8F278-01CA-4FAA-8AB4-4557D70C5BF6}
2012-07-18 13:54:06 -------- d-----w- C:\Users\Noronha\AppData\Local\{CB6DE347-0656-482C-AA56-54FB42FE21D5}
2012-07-18 10:22:57 -------- d-----w- C:\Users\Noronha\AppData\Local\{816CEC3F-5977-411A-B1B2-1744B02CB28E}
2012-07-17 13:17:46 -------- d-----w- C:\Users\Noronha\AppData\Local\{4CACB131-E512-4282-BB80-26938C143733}
2012-07-17 13:17:36 -------- d-----w- C:\Users\Noronha\AppData\Local\{EAA09A1D-E13B-41A1-88DF-110A85E680B0}
2012-07-16 23:14:53 -------- d-----w- C:\Users\Noronha\AppData\Local\{275AB77D-000A-4467-B8AD-42EA4C21989D}
2012-07-16 23:14:32 -------- d-----w- C:\Users\Noronha\AppData\Local\{B825E046-29DF-4629-BE10-E48E2999C672}
2012-07-16 11:14:07 -------- d-----w- C:\Users\Noronha\AppData\Local\{4991CD8F-4340-436D-8DF5-0CCDA68E8D11}
2012-07-15 23:13:33 -------- d-----w- C:\Users\Noronha\AppData\Local\{881DDA71-6866-422E-8818-AC6AF129B9BA}
2012-07-15 23:13:12 -------- d-----w- C:\Users\Noronha\AppData\Local\{8A5A3BF3-BB55-43A8-BA55-A0EE1E9DC27D}
2012-07-15 14:15:32 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-15 11:12:47 -------- d-----w- C:\Users\Noronha\AppData\Local\{104B8444-6B10-4FAE-8440-C0A6C9EB779E}
2012-07-15 11:12:26 -------- d-----w- C:\Users\Noronha\AppData\Local\{46C992A5-1861-4E59-9B7B-B2984B8BB60B}
2012-07-14 23:12:01 -------- d-----w- C:\Users\Noronha\AppData\Local\{385EA7B7-B4C7-41D1-AFF6-2A04A3207095}
2012-07-14 11:11:26 -------- d-----w- C:\Users\Noronha\AppData\Local\{C1F86185-0796-48CC-A4B6-84442C17BB0F}
2012-07-14 11:11:06 -------- d-----w- C:\Users\Noronha\AppData\Local\{F40879AB-79A3-487A-AC01-91DA91BE9AD2}
2012-07-13 23:10:41 -------- d-----w- C:\Users\Noronha\AppData\Local\{291AD7BA-54C6-49E6-B6E1-4134BA6CE88B}
2012-07-13 11:08:19 -------- d-----w- C:\Users\Noronha\AppData\Local\{47556110-3161-4F3A-ADAA-CF34DCBE568B}
2012-07-13 11:07:56 -------- d-----w- C:\Users\Noronha\AppData\Local\{6EDABF2D-4C19-4BF7-9301-98DA65ED5364}
2012-07-12 22:44:30 -------- d-----w- C:\Users\Noronha\AppData\Local\{5D797DC5-C97E-48A2-9D75-9417A1BBD514}
2012-07-12 22:44:09 -------- d-----w- C:\Users\Noronha\AppData\Local\{8B23C9B0-F0DF-441F-A659-64B154915720}
2012-07-12 14:01:55 -------- d-----w- C:\Users\Noronha\AppData\Local\CarMD.com_Corp
2012-07-12 10:43:23 -------- d-----w- C:\Users\Noronha\AppData\Local\{12F4562E-FD43-4114-AF0F-A53FEFD38EB5}
2012-07-12 10:43:12 -------- d-----w- C:\Users\Noronha\AppData\Local\{2F2F4BB6-95A2-4BAA-8787-43EDEB22D06D}
2012-07-11 17:31:40 -------- d-----w- C:\Users\Noronha\AppData\Local\{47EF24F3-4BCB-4A3A-80AE-729CE1F4C5E2}
2012-07-11 17:31:30 -------- d-----w- C:\Users\Noronha\AppData\Local\{B8BCFE53-4C45-4D0D-AD8D-F06DF84511F8}
2012-07-11 07:04:40 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 04:20:12 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 04:20:11 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 04:20:11 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 04:20:10 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 04:20:10 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-11 04:20:09 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-07 23:48:32 -------- d-----w- C:\Users\Noronha\AppData\Local\{231152D0-4701-42EA-8A11-BE9638DFE759}
2012-07-07 11:48:00 -------- d-----w- C:\Users\Noronha\AppData\Local\{D8500EA1-8CB9-46C1-906C-C0892E5302A5}
2012-07-06 23:45:54 -------- d-----w- C:\Users\Noronha\AppData\Local\{7370DC00-7B8D-4079-8A05-A3DDDB585ED5}
2012-07-06 23:45:41 -------- d-----w- C:\Users\Noronha\AppData\Local\{E6EE70AF-3F16-45B4-BF95-2D0279C9F517}
2012-07-06 11:15:20 -------- d-----w- C:\Users\Noronha\AppData\Local\{693043E0-3304-4FCE-ACD4-1050797B60FD}
2012-07-06 11:14:59 -------- d-----w- C:\Users\Noronha\AppData\Local\{16778EA7-3316-42F1-A9E9-C60973DEA65A}
2012-07-05 23:14:34 -------- d-----w- C:\Users\Noronha\AppData\Local\{775D0248-9C7B-47AF-AFFF-2434FA024D7E}
2012-07-05 11:14:00 -------- d-----w- C:\Users\Noronha\AppData\Local\{153392A3-F0E6-48A1-9A6D-E6F0E9A043A0}
2012-07-04 23:13:28 -------- d-----w- C:\Users\Noronha\AppData\Local\{8043912A-AB7D-4E92-8513-8A2E60094985}
2012-07-04 11:12:54 -------- d-----w- C:\Users\Noronha\AppData\Local\{ED5B3AC5-7C85-4540-BEC0-DB9EAC44131F}
2012-07-04 11:12:33 -------- d-----w- C:\Users\Noronha\AppData\Local\{A7ABE948-C961-43A6-A801-E695A8523186}
2012-07-03 23:12:10 -------- d-----w- C:\Users\Noronha\AppData\Local\{EBB37234-BF30-482D-8FD7-AB616D9EF459}
2012-07-03 11:11:37 -------- d-----w- C:\Users\Noronha\AppData\Local\{A792EBDD-EC34-4265-90CF-D4163DE75922}
2012-07-03 11:11:15 -------- d-----w- C:\Users\Noronha\AppData\Local\{FD19E877-15C7-41F4-A3D8-1BC61FCAB10E}
2012-07-02 23:10:50 -------- d-----w- C:\Users\Noronha\AppData\Local\{75A18836-F513-4B27-8F6E-254D28C8DC96}
2012-07-02 23:10:29 -------- d-----w- C:\Users\Noronha\AppData\Local\{8140801A-F7A1-409E-BA7A-0A5E06751DB3}
2012-07-02 11:10:02 -------- d-----w- C:\Users\Noronha\AppData\Local\{1832FDE4-8337-4977-BDE6-32C9BF8DCAA9}
2012-07-02 11:09:41 -------- d-----w- C:\Users\Noronha\AppData\Local\{6A2A1D80-106F-4553-BEEF-EC758E07F011}
2012-07-01 23:09:16 -------- d-----w- C:\Users\Noronha\AppData\Local\{DC409170-991D-4A80-8F24-63722F1B7580}
2012-07-01 11:08:43 -------- d-----w- C:\Users\Noronha\AppData\Local\{75757E52-2206-4253-9667-0FA7DAD5F81B}
2012-07-01 11:08:22 -------- d-----w- C:\Users\Noronha\AppData\Local\{FFC908A1-4C70-4580-99DE-137881E64951}
.
==================== Find3M ====================
.
2012-07-27 10:25:13 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 10:25:13 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-10 10:43:12 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 6:50:24.84 ===============

#3 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:14 PM

Posted 01 August 2012 - 02:25 PM

Hello and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. :)


Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: Do not choose Cure or Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


----------Step 3----------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 4----------------
In your next reply, please include the following:
  • TDSSKiller's logfile
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt
After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#4 Arlo1234

Arlo1234
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 01 August 2012 - 06:10 PM

TDSSKiller's logfile

18:18:46.0839 8164 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:18:47.0104 8164 ============================================================
18:18:47.0104 8164 Current date / time: 2012/08/01 18:18:47.0104
18:18:47.0104 8164 SystemInfo:
18:18:47.0104 8164
18:18:47.0104 8164 OS Version: 6.1.7601 ServicePack: 1.0
18:18:47.0104 8164 Product type: Workstation
18:18:47.0104 8164 ComputerName: NORONHA-PC
18:18:47.0104 8164 UserName: Noronha
18:18:47.0104 8164 Windows directory: C:\Windows
18:18:47.0104 8164 System windows directory: C:\Windows
18:18:47.0104 8164 Running under WOW64
18:18:47.0104 8164 Processor architecture: Intel x64
18:18:47.0104 8164 Number of processors: 4
18:18:47.0104 8164 Page size: 0x1000
18:18:47.0104 8164 Boot type: Normal boot
18:18:47.0104 8164 ============================================================
18:18:47.0416 8164 Drive \Device\Harddisk0\DR0 - Size: 0x746A520000 (465.66 Gb), SectorSize: 0x200, Cylinders: 0xED74, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:18:47.0416 8164 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:18:54.0467 8164 ============================================================
18:18:54.0467 8164 \Device\Harddisk0\DR0:
18:18:54.0467 8164 MBR partitions:
18:18:54.0467 8164 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:18:54.0467 8164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38C28800
18:18:54.0467 8164 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38C5B000, BlocksNum 0x16F7000
18:18:54.0467 8164 \Device\Harddisk1\DR1:
18:18:54.0467 8164 MBR partitions:
18:18:54.0467 8164 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
18:18:54.0467 8164 ============================================================
18:18:54.0499 8164 C: <-> \Device\Harddisk0\DR0\Partition1
18:18:54.0545 8164 D: <-> \Device\Harddisk0\DR0\Partition2
18:18:54.0577 8164 J: <-> \Device\Harddisk1\DR1\Partition0
18:18:54.0577 8164 ============================================================
18:18:54.0577 8164 Initialize success
18:18:54.0577 8164 ============================================================
18:19:06.0542 6796 ============================================================
18:19:06.0542 6796 Scan started
18:19:06.0542 6796 Mode: Manual;
18:19:06.0542 6796 ============================================================
18:19:07.0587 6796 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:19:07.0587 6796 1394ohci - ok
18:19:07.0634 6796 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:19:07.0650 6796 ACPI - ok
18:19:07.0681 6796 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:19:07.0681 6796 AcpiPmi - ok
18:19:07.0774 6796 Ad-Aware Service (09e61047b0cef21559cfcedf4f14d216) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
18:19:07.0790 6796 Ad-Aware Service - ok
18:19:07.0837 6796 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
18:19:07.0837 6796 adfs - ok
18:19:07.0946 6796 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:19:07.0946 6796 AdobeARMservice - ok
18:19:07.0977 6796 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:19:07.0993 6796 adp94xx - ok
18:19:08.0024 6796 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:19:08.0024 6796 adpahci - ok
18:19:08.0055 6796 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:19:08.0055 6796 adpu320 - ok
18:19:08.0086 6796 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:19:08.0086 6796 AeLookupSvc - ok
18:19:08.0149 6796 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:19:08.0149 6796 AFD - ok
18:19:08.0180 6796 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:19:08.0180 6796 agp440 - ok
18:19:08.0227 6796 ahcix64s (aa3f73ccbf498bd56800f840d75e40e4) C:\Windows\system32\DRIVERS\ahcix64s.sys
18:19:08.0227 6796 ahcix64s - ok
18:19:08.0242 6796 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:19:08.0242 6796 ALG - ok
18:19:08.0258 6796 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:19:08.0258 6796 aliide - ok
18:19:08.0305 6796 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
18:19:08.0305 6796 AMD External Events Utility - ok
18:19:08.0320 6796 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:19:08.0320 6796 amdide - ok
18:19:08.0336 6796 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:19:08.0336 6796 AmdK8 - ok
18:19:08.0617 6796 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
18:19:08.0695 6796 amdkmdag - ok
18:19:08.0773 6796 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
18:19:08.0773 6796 amdkmdap - ok
18:19:08.0820 6796 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:19:08.0820 6796 AmdPPM - ok
18:19:08.0866 6796 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:19:08.0866 6796 amdsata - ok
18:19:08.0882 6796 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:19:08.0898 6796 amdsbs - ok
18:19:08.0913 6796 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:19:08.0913 6796 amdxata - ok
18:19:08.0960 6796 AMD_RAIDXpert (2b8d1c23d204c0e70eff48a3ffa1c67b) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
18:19:08.0960 6796 AMD_RAIDXpert - ok
18:19:09.0007 6796 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:19:09.0007 6796 AppID - ok
18:19:09.0038 6796 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:19:09.0038 6796 AppIDSvc - ok
18:19:09.0069 6796 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:19:09.0069 6796 Appinfo - ok
18:19:09.0132 6796 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:19:09.0132 6796 Apple Mobile Device - ok
18:19:09.0163 6796 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:19:09.0163 6796 arc - ok
18:19:09.0178 6796 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:19:09.0178 6796 arcsas - ok
18:19:09.0194 6796 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:19:09.0194 6796 AsyncMac - ok
18:19:09.0241 6796 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:19:09.0241 6796 atapi - ok
18:19:09.0522 6796 atikmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
18:19:09.0553 6796 atikmdag - ok
18:19:09.0662 6796 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:19:09.0662 6796 AtiPcie - ok
18:19:09.0724 6796 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:19:09.0740 6796 AudioEndpointBuilder - ok
18:19:09.0740 6796 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:19:09.0756 6796 AudioSrv - ok
18:19:09.0787 6796 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:19:09.0787 6796 AxInstSV - ok
18:19:09.0834 6796 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:19:09.0849 6796 b06bdrv - ok
18:19:09.0880 6796 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:19:09.0880 6796 b57nd60a - ok
18:19:09.0912 6796 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:19:09.0912 6796 BDESVC - ok
18:19:09.0943 6796 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:19:09.0943 6796 Beep - ok
18:19:09.0974 6796 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:19:09.0974 6796 blbdrive - ok
18:19:10.0021 6796 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:19:10.0021 6796 bowser - ok
18:19:10.0036 6796 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:19:10.0036 6796 BrFiltLo - ok
18:19:10.0036 6796 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:19:10.0052 6796 BrFiltUp - ok
18:19:10.0052 6796 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:19:10.0052 6796 BridgeMP - ok
18:19:10.0099 6796 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:19:10.0099 6796 Browser - ok
18:19:10.0114 6796 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:19:10.0114 6796 Brserid - ok
18:19:10.0130 6796 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:19:10.0130 6796 BrSerWdm - ok
18:19:10.0130 6796 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:19:10.0130 6796 BrUsbMdm - ok
18:19:10.0146 6796 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:19:10.0146 6796 BrUsbSer - ok
18:19:10.0146 6796 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:19:10.0146 6796 BTHMODEM - ok
18:19:10.0177 6796 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:19:10.0177 6796 bthserv - ok
18:19:10.0192 6796 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:19:10.0192 6796 cdfs - ok
18:19:10.0239 6796 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:19:10.0239 6796 cdrom - ok
18:19:10.0286 6796 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:19:10.0286 6796 CertPropSvc - ok
18:19:10.0286 6796 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:19:10.0286 6796 circlass - ok
18:19:10.0333 6796 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:19:10.0348 6796 CLFS - ok
18:19:10.0411 6796 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:19:10.0411 6796 clr_optimization_v2.0.50727_32 - ok
18:19:10.0458 6796 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:19:10.0458 6796 clr_optimization_v2.0.50727_64 - ok
18:19:10.0520 6796 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:19:10.0520 6796 clr_optimization_v4.0.30319_32 - ok
18:19:10.0551 6796 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:19:10.0567 6796 clr_optimization_v4.0.30319_64 - ok
18:19:10.0567 6796 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:19:10.0567 6796 CmBatt - ok
18:19:10.0598 6796 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:19:10.0598 6796 cmdide - ok
18:19:10.0645 6796 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
18:19:10.0660 6796 CNG - ok
18:19:10.0660 6796 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:19:10.0660 6796 Compbatt - ok
18:19:10.0707 6796 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:19:10.0707 6796 CompositeBus - ok
18:19:10.0723 6796 COMSysApp - ok
18:19:10.0723 6796 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:19:10.0723 6796 crcdisk - ok
18:19:10.0770 6796 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:19:10.0785 6796 CryptSvc - ok
18:19:10.0832 6796 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:19:10.0832 6796 DcomLaunch - ok
18:19:10.0879 6796 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:19:10.0879 6796 defragsvc - ok
18:19:10.0926 6796 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:19:10.0926 6796 DfsC - ok
18:19:10.0972 6796 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:19:10.0972 6796 Dhcp - ok
18:19:10.0988 6796 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:19:10.0988 6796 discache - ok
18:19:11.0004 6796 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:19:11.0004 6796 Disk - ok
18:19:11.0050 6796 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:19:11.0050 6796 Dnscache - ok
18:19:11.0082 6796 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:19:11.0082 6796 dot3svc - ok
18:19:11.0144 6796 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
18:19:11.0144 6796 Dot4 - ok
18:19:11.0191 6796 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:19:11.0191 6796 Dot4Print - ok
18:19:11.0206 6796 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
18:19:11.0206 6796 dot4usb - ok
18:19:11.0253 6796 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:19:11.0253 6796 DPS - ok
18:19:11.0269 6796 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:19:11.0269 6796 drmkaud - ok
18:19:11.0331 6796 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:19:11.0362 6796 DXGKrnl - ok
18:19:11.0378 6796 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:19:11.0378 6796 EapHost - ok
18:19:11.0534 6796 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:19:11.0565 6796 ebdrv - ok
18:19:11.0674 6796 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:19:11.0674 6796 EFS - ok
18:19:11.0737 6796 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:19:11.0737 6796 ehRecvr - ok
18:19:11.0768 6796 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:19:11.0768 6796 ehSched - ok
18:19:11.0815 6796 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:19:11.0830 6796 elxstor - ok
18:19:11.0862 6796 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:19:11.0862 6796 ErrDev - ok
18:19:11.0893 6796 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:19:11.0908 6796 EventSystem - ok
18:19:11.0924 6796 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:19:11.0940 6796 exfat - ok
18:19:11.0955 6796 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:19:11.0955 6796 fastfat - ok
18:19:12.0002 6796 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:19:12.0018 6796 Fax - ok
18:19:12.0033 6796 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:19:12.0033 6796 fdc - ok
18:19:12.0064 6796 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:19:12.0064 6796 fdPHost - ok
18:19:12.0064 6796 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:19:12.0080 6796 FDResPub - ok
18:19:12.0096 6796 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:19:12.0096 6796 FileInfo - ok
18:19:12.0111 6796 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:19:12.0111 6796 Filetrace - ok
18:19:12.0205 6796 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:19:12.0220 6796 FLEXnet Licensing Service - ok
18:19:12.0298 6796 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
18:19:12.0298 6796 FLEXnet Licensing Service 64 - ok
18:19:12.0376 6796 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:19:12.0376 6796 flpydisk - ok
18:19:12.0408 6796 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:19:12.0408 6796 FltMgr - ok
18:19:12.0486 6796 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:19:12.0501 6796 FontCache - ok
18:19:12.0564 6796 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:19:12.0564 6796 FontCache3.0.0.0 - ok
18:19:12.0579 6796 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:19:12.0579 6796 FsDepends - ok
18:19:12.0626 6796 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
18:19:12.0626 6796 fssfltr - ok
18:19:12.0766 6796 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:19:12.0766 6796 fsssvc - ok
18:19:12.0844 6796 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:19:12.0844 6796 Fs_Rec - ok
18:19:12.0876 6796 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:19:12.0891 6796 fvevol - ok
18:19:12.0907 6796 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:19:12.0907 6796 gagp30kx - ok
18:19:12.0938 6796 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:19:12.0938 6796 GEARAspiWDM - ok
18:19:13.0016 6796 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:19:13.0032 6796 gpsvc - ok
18:19:13.0063 6796 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:19:13.0063 6796 gupdate - ok
18:19:13.0094 6796 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:19:13.0094 6796 gupdatem - ok
18:19:13.0110 6796 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:19:13.0110 6796 hcw85cir - ok
18:19:13.0172 6796 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:19:13.0172 6796 HdAudAddService - ok
18:19:13.0203 6796 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:19:13.0203 6796 HDAudBus - ok
18:19:13.0203 6796 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:19:13.0203 6796 HidBatt - ok
18:19:13.0219 6796 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:19:13.0219 6796 HidBth - ok
18:19:13.0234 6796 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:19:13.0234 6796 HidIr - ok
18:19:13.0250 6796 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:19:13.0250 6796 hidserv - ok
18:19:13.0297 6796 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
18:19:13.0297 6796 HidUsb - ok
18:19:13.0344 6796 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:19:13.0344 6796 hkmsvc - ok
18:19:13.0375 6796 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:19:13.0375 6796 HomeGroupListener - ok
18:19:13.0422 6796 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:19:13.0422 6796 HomeGroupProvider - ok
18:19:13.0515 6796 HP Health Check Service (be78357fb49759b79ccc01894bcfdddb) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
18:19:13.0515 6796 HP Health Check Service - ok
18:19:13.0593 6796 HPDrvMntSvc.exe (2dfb151fd34df104dac0adf070eda83c) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
18:19:13.0593 6796 HPDrvMntSvc.exe - ok
18:19:13.0656 6796 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:19:13.0656 6796 hpqcxs08 - ok
18:19:13.0671 6796 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:19:13.0671 6796 hpqddsvc - ok
18:19:13.0734 6796 hpqwmiex (184c500cb9f69585f3fe85e1d2667cd8) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
18:19:13.0749 6796 hpqwmiex - ok
18:19:13.0827 6796 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:19:13.0827 6796 HpSAMD - ok
18:19:13.0890 6796 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:19:13.0905 6796 HTTP - ok
18:19:13.0936 6796 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:19:13.0936 6796 hwpolicy - ok
18:19:13.0983 6796 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:19:13.0983 6796 i8042prt - ok
18:19:14.0030 6796 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:19:14.0046 6796 iaStorV - ok
18:19:14.0124 6796 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:19:14.0124 6796 IDriverT - ok
18:19:14.0202 6796 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:19:14.0217 6796 idsvc - ok
18:19:14.0295 6796 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:19:14.0295 6796 iirsp - ok
18:19:14.0358 6796 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:19:14.0373 6796 IKEEXT - ok
18:19:14.0514 6796 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
18:19:14.0545 6796 IntcAzAudAddService - ok
18:19:14.0607 6796 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:19:14.0607 6796 intelide - ok
18:19:14.0638 6796 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:19:14.0638 6796 intelppm - ok
18:19:14.0654 6796 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:19:14.0654 6796 IPBusEnum - ok
18:19:14.0685 6796 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:19:14.0685 6796 IpFilterDriver - ok
18:19:14.0763 6796 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:19:14.0794 6796 iphlpsvc - ok
18:19:14.0826 6796 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:19:14.0826 6796 IPMIDRV - ok
18:19:14.0841 6796 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:19:14.0841 6796 IPNAT - ok
18:19:14.0935 6796 iPod Service (f8e8676d1b6b2cc12df9aa6b1a43d929) C:\Program Files\iPod\bin\iPodService.exe
18:19:14.0935 6796 iPod Service - ok
18:19:14.0966 6796 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:19:14.0966 6796 IRENUM - ok
18:19:14.0982 6796 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:19:14.0982 6796 isapnp - ok
18:19:15.0013 6796 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:19:15.0013 6796 iScsiPrt - ok
18:19:15.0028 6796 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:19:15.0028 6796 kbdclass - ok
18:19:15.0060 6796 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:19:15.0075 6796 kbdhid - ok
18:19:15.0091 6796 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:19:15.0091 6796 KeyIso - ok
18:19:15.0122 6796 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
18:19:15.0138 6796 KSecDD - ok
18:19:15.0169 6796 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
18:19:15.0169 6796 KSecPkg - ok
18:19:15.0184 6796 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:19:15.0184 6796 ksthunk - ok
18:19:15.0216 6796 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:19:15.0231 6796 KtmRm - ok
18:19:15.0262 6796 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:19:15.0262 6796 LanmanServer - ok
18:19:15.0309 6796 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:19:15.0309 6796 LanmanWorkstation - ok
18:19:15.0325 6796 Lbd - ok
18:19:15.0387 6796 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:19:15.0387 6796 LightScribeService - ok
18:19:15.0418 6796 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:19:15.0418 6796 lltdio - ok
18:19:15.0465 6796 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:19:15.0465 6796 lltdsvc - ok
18:19:15.0481 6796 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:19:15.0481 6796 lmhosts - ok
18:19:15.0512 6796 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:19:15.0512 6796 LSI_FC - ok
18:19:15.0528 6796 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:19:15.0528 6796 LSI_SAS - ok
18:19:15.0543 6796 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:19:15.0543 6796 LSI_SAS2 - ok
18:19:15.0559 6796 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:19:15.0559 6796 LSI_SCSI - ok
18:19:15.0590 6796 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:19:15.0590 6796 luafv - ok
18:19:15.0621 6796 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:19:15.0621 6796 Mcx2Svc - ok
18:19:15.0637 6796 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:19:15.0652 6796 megasas - ok
18:19:15.0668 6796 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:19:15.0668 6796 MegaSR - ok
18:19:15.0699 6796 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:19:15.0699 6796 MMCSS - ok
18:19:15.0699 6796 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:19:15.0715 6796 Modem - ok
18:19:15.0746 6796 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:19:15.0746 6796 monitor - ok
18:19:15.0777 6796 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
18:19:15.0777 6796 mouclass - ok
18:19:15.0793 6796 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:19:15.0793 6796 mouhid - ok
18:19:15.0824 6796 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:19:15.0824 6796 mountmgr - ok
18:19:15.0933 6796 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:19:15.0933 6796 MozillaMaintenance - ok
18:19:15.0949 6796 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:19:15.0964 6796 mpio - ok
18:19:15.0980 6796 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:19:15.0980 6796 mpsdrv - ok
18:19:16.0027 6796 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:19:16.0027 6796 MRxDAV - ok
18:19:16.0058 6796 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:19:16.0058 6796 mrxsmb - ok
18:19:16.0089 6796 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:19:16.0105 6796 mrxsmb10 - ok
18:19:16.0105 6796 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:19:16.0120 6796 mrxsmb20 - ok
18:19:16.0136 6796 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:19:16.0136 6796 msahci - ok
18:19:16.0167 6796 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:19:16.0167 6796 msdsm - ok
18:19:16.0183 6796 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:19:16.0198 6796 MSDTC - ok
18:19:16.0214 6796 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:19:16.0214 6796 Msfs - ok
18:19:16.0230 6796 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:19:16.0230 6796 mshidkmdf - ok
18:19:16.0261 6796 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:19:16.0261 6796 msisadrv - ok
18:19:16.0308 6796 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:19:16.0308 6796 MSiSCSI - ok
18:19:16.0308 6796 msiserver - ok
18:19:16.0339 6796 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:19:16.0339 6796 MSKSSRV - ok
18:19:16.0354 6796 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:19:16.0354 6796 MSPCLOCK - ok
18:19:16.0354 6796 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:19:16.0354 6796 MSPQM - ok
18:19:16.0401 6796 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:19:16.0417 6796 MsRPC - ok
18:19:16.0448 6796 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:19:16.0448 6796 mssmbios - ok
18:19:16.0448 6796 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:19:16.0448 6796 MSTEE - ok
18:19:16.0464 6796 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:19:16.0464 6796 MTConfig - ok
18:19:16.0495 6796 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:19:16.0495 6796 Mup - ok
18:19:16.0542 6796 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:19:16.0557 6796 napagent - ok
18:19:16.0604 6796 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:19:16.0604 6796 NativeWifiP - ok
18:19:16.0651 6796 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:19:16.0666 6796 NDIS - ok
18:19:16.0713 6796 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:19:16.0713 6796 NdisCap - ok
18:19:16.0713 6796 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:19:16.0729 6796 NdisTapi - ok
18:19:16.0744 6796 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:19:16.0760 6796 Ndisuio - ok
18:19:16.0776 6796 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:19:16.0776 6796 NdisWan - ok
18:19:16.0807 6796 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:19:16.0807 6796 NDProxy - ok
18:19:16.0838 6796 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
18:19:16.0838 6796 Net Driver HPZ12 - ok
18:19:16.0854 6796 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:19:16.0854 6796 NetBIOS - ok
18:19:16.0885 6796 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:19:16.0900 6796 NetBT - ok
18:19:16.0932 6796 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:19:16.0932 6796 Netlogon - ok
18:19:16.0963 6796 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:19:16.0978 6796 Netman - ok
18:19:16.0994 6796 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:19:17.0010 6796 netprofm - ok
18:19:17.0041 6796 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:19:17.0056 6796 NetTcpPortSharing - ok
18:19:17.0072 6796 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:19:17.0072 6796 nfrd960 - ok
18:19:17.0119 6796 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:19:17.0119 6796 NlaSvc - ok
18:19:17.0134 6796 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:19:17.0134 6796 Npfs - ok
18:19:17.0166 6796 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:19:17.0166 6796 nsi - ok
18:19:17.0166 6796 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:19:17.0166 6796 nsiproxy - ok
18:19:17.0259 6796 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:19:17.0290 6796 Ntfs - ok
18:19:17.0337 6796 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:19:17.0337 6796 Null - ok
18:19:17.0384 6796 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:19:17.0384 6796 nvraid - ok
18:19:17.0400 6796 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:19:17.0400 6796 nvstor - ok
18:19:17.0415 6796 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:19:17.0415 6796 nv_agp - ok
18:19:17.0431 6796 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:19:17.0431 6796 ohci1394 - ok
18:19:17.0462 6796 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:19:17.0478 6796 p2pimsvc - ok
18:19:17.0509 6796 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:19:17.0524 6796 p2psvc - ok
18:19:17.0540 6796 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:19:17.0540 6796 Parport - ok
18:19:17.0571 6796 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:19:17.0571 6796 partmgr - ok
18:19:17.0587 6796 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:19:17.0587 6796 PcaSvc - ok
18:19:17.0602 6796 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:19:17.0618 6796 pci - ok
18:19:17.0634 6796 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:19:17.0634 6796 pciide - ok
18:19:17.0649 6796 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:19:17.0649 6796 pcmcia - ok
18:19:17.0665 6796 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:19:17.0665 6796 pcw - ok
18:19:17.0696 6796 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:19:17.0712 6796 PEAUTH - ok
18:19:17.0774 6796 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:19:17.0774 6796 PerfHost - ok
18:19:17.0868 6796 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:19:17.0883 6796 pla - ok
18:19:17.0946 6796 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:19:17.0961 6796 PlugPlay - ok
18:19:18.0008 6796 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
18:19:18.0008 6796 Pml Driver HPZ12 - ok
18:19:18.0039 6796 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:19:18.0039 6796 PNRPAutoReg - ok
18:19:18.0070 6796 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:19:18.0070 6796 PNRPsvc - ok
18:19:18.0102 6796 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:19:18.0117 6796 PolicyAgent - ok
18:19:18.0148 6796 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:19:18.0148 6796 Power - ok
18:19:18.0195 6796 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:19:18.0195 6796 PptpMiniport - ok
18:19:18.0226 6796 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:19:18.0242 6796 Processor - ok
18:19:18.0273 6796 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:19:18.0273 6796 ProfSvc - ok
18:19:18.0304 6796 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:19:18.0304 6796 ProtectedStorage - ok
18:19:18.0351 6796 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:19:18.0351 6796 Psched - ok
18:19:18.0414 6796 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:19:18.0445 6796 ql2300 - ok
18:19:18.0523 6796 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:19:18.0523 6796 ql40xx - ok
18:19:18.0554 6796 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:19:18.0554 6796 QWAVE - ok
18:19:18.0570 6796 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:19:18.0570 6796 QWAVEdrv - ok
18:19:18.0585 6796 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:19:18.0585 6796 RasAcd - ok
18:19:18.0601 6796 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:19:18.0601 6796 RasAgileVpn - ok
18:19:18.0632 6796 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:19:18.0632 6796 RasAuto - ok
18:19:18.0648 6796 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:19:18.0648 6796 Rasl2tp - ok
18:19:18.0679 6796 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:19:18.0694 6796 RasMan - ok
18:19:18.0710 6796 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:19:18.0710 6796 RasPppoe - ok
18:19:18.0741 6796 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:19:18.0741 6796 RasSstp - ok
18:19:18.0788 6796 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:19:18.0788 6796 rdbss - ok
18:19:18.0804 6796 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:19:18.0804 6796 rdpbus - ok
18:19:18.0819 6796 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:19:18.0819 6796 RDPCDD - ok
18:19:18.0850 6796 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:19:18.0850 6796 RDPENCDD - ok
18:19:18.0850 6796 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:19:18.0866 6796 RDPREFMP - ok
18:19:18.0882 6796 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:19:18.0897 6796 RDPWD - ok
18:19:18.0928 6796 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:19:18.0928 6796 rdyboost - ok
18:19:18.0960 6796 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:19:18.0975 6796 RemoteAccess - ok
18:19:18.0991 6796 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:19:18.0991 6796 RemoteRegistry - ok
18:19:18.0991 6796 RimUsb - ok
18:19:19.0038 6796 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
18:19:19.0038 6796 RimVSerPort - ok
18:19:19.0038 6796 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
18:19:19.0038 6796 ROOTMODEM - ok
18:19:19.0053 6796 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:19:19.0069 6796 RpcEptMapper - ok
18:19:19.0084 6796 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:19:19.0084 6796 RpcLocator - ok
18:19:19.0131 6796 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:19:19.0147 6796 RpcSs - ok
18:19:19.0147 6796 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:19:19.0162 6796 rspndr - ok
18:19:19.0209 6796 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:19:19.0209 6796 RTL8167 - ok
18:19:19.0240 6796 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:19:19.0240 6796 SamSs - ok
18:19:19.0412 6796 SBAMSvc (bce943896289a91ad75cc5652620b1c6) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
18:19:19.0428 6796 SBAMSvc - ok
18:19:19.0521 6796 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys
18:19:19.0537 6796 sbapifs - ok
18:19:19.0584 6796 SbFw (19954328dda3d656f8a879b3a46ffed6) C:\Windows\system32\drivers\SbFw.sys
18:19:19.0599 6796 SbFw - ok
18:19:19.0630 6796 SBFWIMCL (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\sbfwim.sys
18:19:19.0630 6796 SBFWIMCL - ok
18:19:19.0630 6796 SBFWIMCLMP (513b3bfcd3c465b9820c2d05fa94e630) C:\Windows\system32\DRIVERS\SBFWIM.sys
18:19:19.0630 6796 SBFWIMCLMP - ok
18:19:19.0646 6796 sbhips (b671eef468d13016b9286f5835a06ae1) C:\Windows\system32\drivers\sbhips.sys
18:19:19.0662 6796 sbhips - ok
18:19:19.0677 6796 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:19:19.0693 6796 sbp2port - ok
18:19:19.0724 6796 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
18:19:19.0724 6796 SBRE - ok
18:19:19.0740 6796 sbwtis (eab54adcceca64b2f38cd859fb494895) C:\Windows\system32\DRIVERS\sbwtis.sys
18:19:19.0740 6796 sbwtis - ok
18:19:19.0771 6796 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:19:19.0771 6796 SCardSvr - ok
18:19:19.0802 6796 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:19:19.0802 6796 scfilter - ok
18:19:19.0864 6796 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:19:19.0880 6796 Schedule - ok
18:19:19.0911 6796 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:19:19.0911 6796 SCPolicySvc - ok
18:19:19.0942 6796 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:19:19.0942 6796 SDRSVC - ok
18:19:20.0052 6796 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:19:20.0052 6796 SeaPort - ok
18:19:20.0114 6796 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:19:20.0114 6796 secdrv - ok
18:19:20.0145 6796 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:19:20.0145 6796 seclogon - ok
18:19:20.0176 6796 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:19:20.0176 6796 SENS - ok
18:19:20.0192 6796 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:19:20.0192 6796 SensrSvc - ok
18:19:20.0208 6796 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:19:20.0208 6796 Serenum - ok
18:19:20.0239 6796 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:19:20.0239 6796 Serial - ok
18:19:20.0254 6796 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:19:20.0270 6796 sermouse - ok
18:19:20.0301 6796 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:19:20.0301 6796 SessionEnv - ok
18:19:20.0332 6796 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:19:20.0332 6796 sffdisk - ok
18:19:20.0348 6796 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:19:20.0348 6796 sffp_mmc - ok
18:19:20.0348 6796 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:19:20.0348 6796 sffp_sd - ok
18:19:20.0348 6796 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:19:20.0364 6796 sfloppy - ok
18:19:20.0426 6796 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:19:20.0426 6796 ShellHWDetection - ok
18:19:20.0457 6796 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:19:20.0457 6796 SiSRaid2 - ok
18:19:20.0473 6796 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:19:20.0473 6796 SiSRaid4 - ok
18:19:20.0488 6796 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:19:20.0488 6796 Smb - ok
18:19:20.0520 6796 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:19:20.0520 6796 SNMPTRAP - ok
18:19:20.0535 6796 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:19:20.0551 6796 spldr - ok
18:19:20.0566 6796 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:19:20.0582 6796 Spooler - ok
18:19:20.0754 6796 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:19:20.0800 6796 sppsvc - ok
18:19:20.0878 6796 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:19:20.0878 6796 sppuinotify - ok
18:19:20.0925 6796 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:19:20.0941 6796 srv - ok
18:19:20.0972 6796 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:19:20.0972 6796 srv2 - ok
18:19:20.0988 6796 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:19:20.0988 6796 srvnet - ok
18:19:21.0034 6796 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:19:21.0034 6796 SSDPSRV - ok
18:19:21.0034 6796 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:19:21.0034 6796 SstpSvc - ok
18:19:21.0066 6796 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:19:21.0066 6796 stexstor - ok
18:19:21.0128 6796 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:19:21.0128 6796 stisvc - ok
18:19:21.0159 6796 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:19:21.0159 6796 swenum - ok
18:19:21.0190 6796 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:19:21.0206 6796 swprv - ok
18:19:21.0300 6796 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:19:21.0300 6796 SysMain - ok
18:19:21.0378 6796 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:19:21.0393 6796 TabletInputService - ok
18:19:21.0424 6796 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:19:21.0440 6796 TapiSrv - ok
18:19:21.0440 6796 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:19:21.0440 6796 TBS - ok
18:19:21.0565 6796 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:19:21.0580 6796 Tcpip - ok
18:19:21.0690 6796 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:19:21.0705 6796 TCPIP6 - ok
18:19:21.0752 6796 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:19:21.0752 6796 tcpipreg - ok
18:19:21.0783 6796 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:19:21.0783 6796 TDPIPE - ok
18:19:21.0799 6796 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:19:21.0799 6796 TDTCP - ok
18:19:21.0830 6796 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:19:21.0830 6796 tdx - ok
18:19:21.0846 6796 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:19:21.0846 6796 TermDD - ok
18:19:21.0892 6796 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:19:21.0908 6796 TermService - ok
18:19:21.0924 6796 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:19:21.0924 6796 Themes - ok
18:19:21.0939 6796 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:19:21.0939 6796 THREADORDER - ok
18:19:21.0955 6796 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:19:21.0955 6796 TrkWks - ok
18:19:22.0002 6796 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:19:22.0002 6796 TrustedInstaller - ok
18:19:22.0033 6796 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:19:22.0033 6796 tssecsrv - ok
18:19:22.0064 6796 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:19:22.0064 6796 TsUsbFlt - ok
18:19:22.0111 6796 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:19:22.0111 6796 tunnel - ok
18:19:22.0126 6796 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:19:22.0126 6796 uagp35 - ok
18:19:22.0158 6796 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:19:22.0173 6796 udfs - ok
18:19:22.0189 6796 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:19:22.0189 6796 UI0Detect - ok
18:19:22.0204 6796 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:19:22.0204 6796 uliagpkx - ok
18:19:22.0220 6796 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:19:22.0220 6796 umbus - ok
18:19:22.0251 6796 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:19:22.0251 6796 UmPass - ok
18:19:22.0282 6796 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:19:22.0282 6796 upnphost - ok
18:19:22.0314 6796 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
18:19:22.0314 6796 USBAAPL64 - ok
18:19:22.0360 6796 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:19:22.0360 6796 usbaudio - ok
18:19:22.0392 6796 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:19:22.0392 6796 usbccgp - ok
18:19:22.0423 6796 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:19:22.0423 6796 usbcir - ok
18:19:22.0454 6796 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:19:22.0454 6796 usbehci - ok
18:19:22.0485 6796 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
18:19:22.0485 6796 usbfilter - ok
18:19:22.0532 6796 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:19:22.0532 6796 usbhub - ok
18:19:22.0548 6796 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:19:22.0548 6796 usbohci - ok
18:19:22.0579 6796 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:19:22.0579 6796 usbprint - ok
18:19:22.0594 6796 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:19:22.0594 6796 usbscan - ok
18:19:22.0594 6796 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:19:22.0610 6796 USBSTOR - ok
18:19:22.0610 6796 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:19:22.0610 6796 usbuhci - ok
18:19:22.0626 6796 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:19:22.0626 6796 UxSms - ok
18:19:22.0641 6796 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:19:22.0641 6796 VaultSvc - ok
18:19:22.0688 6796 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:19:22.0688 6796 vdrvroot - ok
18:19:22.0735 6796 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:19:22.0766 6796 vds - ok
18:19:22.0860 6796 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:19:22.0860 6796 vga - ok
18:19:22.0875 6796 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:19:22.0875 6796 VgaSave - ok
18:19:22.0906 6796 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:19:22.0906 6796 vhdmp - ok
18:19:22.0922 6796 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:19:22.0922 6796 viaide - ok
18:19:22.0938 6796 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:19:22.0938 6796 volmgr - ok
18:19:22.0984 6796 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:19:23.0000 6796 volmgrx - ok
18:19:23.0016 6796 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:19:23.0016 6796 volsnap - ok
18:19:23.0047 6796 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:19:23.0047 6796 vsmraid - ok
18:19:23.0140 6796 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:19:23.0156 6796 VSS - ok
18:19:23.0234 6796 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:19:23.0234 6796 vwifibus - ok
18:19:23.0281 6796 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:19:23.0281 6796 W32Time - ok
18:19:23.0296 6796 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:19:23.0296 6796 WacomPen - ok
18:19:23.0312 6796 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:19:23.0312 6796 WANARP - ok
18:19:23.0328 6796 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:19:23.0328 6796 Wanarpv6 - ok
18:19:23.0406 6796 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:19:23.0421 6796 WatAdminSvc - ok
18:19:23.0499 6796 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:19:23.0530 6796 wbengine - ok
18:19:23.0577 6796 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:19:23.0577 6796 WbioSrvc - ok
18:19:23.0624 6796 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:19:23.0640 6796 wcncsvc - ok
18:19:23.0655 6796 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:19:23.0671 6796 WcsPlugInService - ok
18:19:23.0702 6796 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:19:23.0702 6796 Wd - ok
18:19:23.0733 6796 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:19:23.0749 6796 Wdf01000 - ok
18:19:23.0764 6796 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:19:23.0780 6796 WdiServiceHost - ok
18:19:23.0780 6796 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:19:23.0780 6796 WdiSystemHost - ok
18:19:23.0811 6796 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:19:23.0827 6796 WebClient - ok
18:19:23.0842 6796 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:19:23.0842 6796 Wecsvc - ok
18:19:23.0874 6796 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:19:23.0874 6796 wercplsupport - ok
18:19:23.0905 6796 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:19:23.0905 6796 WerSvc - ok
18:19:23.0920 6796 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:19:23.0920 6796 WfpLwf - ok
18:19:23.0936 6796 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:19:23.0936 6796 WIMMount - ok
18:19:23.0998 6796 WinDefend - ok
18:19:23.0998 6796 WinHttpAutoProxySvc - ok
18:19:24.0061 6796 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:19:24.0061 6796 Winmgmt - ok
18:19:24.0154 6796 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:19:24.0186 6796 WinRM - ok
18:19:24.0264 6796 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:19:24.0264 6796 WinUsb - ok
18:19:24.0310 6796 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:19:24.0326 6796 Wlansvc - ok
18:19:24.0513 6796 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:19:24.0513 6796 wlidsvc - ok
18:19:24.0576 6796 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys
18:19:24.0576 6796 WmBEnum - ok
18:19:24.0607 6796 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys
18:19:24.0607 6796 WmFilter - ok
18:19:24.0607 6796 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:19:24.0607 6796 WmiAcpi - ok
18:19:24.0654 6796 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:19:24.0654 6796 wmiApSrv - ok
18:19:24.0685 6796 WMPNetworkSvc - ok
18:19:24.0700 6796 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys
18:19:24.0700 6796 WmVirHid - ok
18:19:24.0716 6796 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys
18:19:24.0716 6796 WmXlCore - ok
18:19:24.0747 6796 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:19:24.0747 6796 WPCSvc - ok
18:19:24.0778 6796 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:19:24.0778 6796 WPDBusEnum - ok
18:19:24.0794 6796 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:19:24.0794 6796 ws2ifsl - ok
18:19:24.0810 6796 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:19:24.0810 6796 wscsvc - ok
18:19:24.0825 6796 WSearch - ok
18:19:24.0934 6796 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:19:24.0966 6796 wuauserv - ok
18:19:25.0075 6796 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:19:25.0075 6796 WudfPf - ok
18:19:25.0090 6796 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:19:25.0090 6796 WUDFRd - ok
18:19:25.0137 6796 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:19:25.0137 6796 wudfsvc - ok
18:19:25.0153 6796 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:19:25.0153 6796 WwanSvc - ok
18:19:25.0184 6796 MBR (0x1B8) (89a453f8399d858a52283f780d93c357) \Device\Harddisk0\DR0
18:19:25.0340 6796 \Device\Harddisk0\DR0 - ok
18:19:25.0356 6796 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:19:25.0356 6796 \Device\Harddisk1\DR1 - ok
18:19:25.0356 6796 Boot (0x1200) (e04ec53a27a0ad126dd954381b4ea60a) \Device\Harddisk0\DR0\Partition0
18:19:25.0356 6796 \Device\Harddisk0\DR0\Partition0 - ok
18:19:25.0371 6796 Boot (0x1200) (c90d80ae8c5a33c00f71da43c673a91b) \Device\Harddisk0\DR0\Partition1
18:19:25.0371 6796 \Device\Harddisk0\DR0\Partition1 - ok
18:19:25.0402 6796 Boot (0x1200) (313ba384c4bc51b7c776ba8f3298c4e3) \Device\Harddisk0\DR0\Partition2
18:19:25.0402 6796 \Device\Harddisk0\DR0\Partition2 - ok
18:19:25.0402 6796 Boot (0x1200) (3d9ba49d8d48f449eddce615ea50870a) \Device\Harddisk1\DR1\Partition0
18:19:25.0402 6796 \Device\Harddisk1\DR1\Partition0 - ok
18:19:25.0402 6796 ============================================================
18:19:25.0402 6796 Scan finished
18:19:25.0402 6796 ============================================================
18:19:25.0418 7544 Detected object count: 0
18:19:25.0418 7544 Actual detected object count: 0
18:20:06.0930 7896 Deinitialize success


ComboFix's report (C:\ComboFix.txt)

ComboFix 12-07-31.03 - Noronha 08/01/2012 18:30:53.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5880.3215 [GMT -4:00]
Running from: c:\users\Noronha\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{7db6cbda-1f48-467a-fa13-88bb9980c72b}\@
c:\windows\Installer\{7db6cbda-1f48-467a-fa13-88bb9980c72b}\L\00000004.@
c:\windows\Installer\{7db6cbda-1f48-467a-fa13-88bb9980c72b}\L\1afb2d56
c:\windows\Installer\{7db6cbda-1f48-467a-fa13-88bb9980c72b}\L\201d3dde
c:\windows\Installer\{7db6cbda-1f48-467a-fa13-88bb9980c72b}\U\00000004.@
c:\windows\Installer\{7db6cbda-1f48-467a-fa13-88bb9980c72b}\U\00000008.@
c:\windows\Installer\{7db6cbda-1f48-467a-fa13-88bb9980c72b}\U\000000cb.@
c:\windows\Installer\{7db6cbda-1f48-467a-fa13-88bb9980c72b}\U\80000000.@
c:\windows\Installer\{7db6cbda-1f48-467a-fa13-88bb9980c72b}\U\80000032.@
c:\windows\Installer\{7db6cbda-1f48-467a-fa13-88bb9980c72b}\U\80000064.@
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
J:\autorun.inf
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-08-01 22:37 . 2012-08-01 22:37 -------- d-----w- c:\users\Noronha1\AppData\Local\temp
2012-08-01 22:37 . 2012-08-01 22:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 10:39 . 2012-07-27 10:39 -------- d-----w- c:\program files\CCleaner
2012-07-20 12:09 . 2012-07-20 12:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-20 12:08 . 2012-07-20 12:08 -------- d-----w- c:\program files (x86)\Oracle
2012-07-20 12:07 . 2012-07-06 02:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-15 14:15 . 2012-07-15 14:15 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-12 14:01 . 2012-07-12 14:01 -------- d-----w- c:\users\Noronha\AppData\Local\CarMD.com_Corp
2012-07-11 07:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 07:00 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-11 07:00 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-11 04:20 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 04:20 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 04:20 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 04:20 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 04:20 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 04:20 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 04:20 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 10:25 . 2012-04-04 10:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 10:25 . 2011-05-15 16:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 07:02 . 2010-04-23 15:56 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 02:06 . 2010-04-23 17:04 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-19 14:14 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 14:14 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 14:14 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 14:14 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 14:14 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 14:14 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 14:14 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 14:14 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 14:14 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-10 10:43 . 2012-05-10 10:43 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-08 17:02 . 2012-05-18 19:54 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FE1DAED-51E3-4822-9331-04FC960398F0}\mpengine.dll
2012-05-04 11:06 . 2012-06-13 00:02 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 00:02 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 00:02 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-09-23 2969496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-15 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-08-12 611712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 136176]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-06-24 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-23 1255736]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-10-06 230456]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-05-03 1226096]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-12 203264]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-09-19 122880]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-12 6790656]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-12 221184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-05-03 22:37]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 16:45]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 16:45]
.
2012-07-31 c:\windows\Tasks\HPCeeScheduleForNoronha.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2012-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
"SBRegRebootCleaner"="c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe" [2011-12-19 200560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigseekpro.com/solidyoutube/{05AA8108-66A6-42E4-8066-92C018C49950}
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bigseekpro.com/solidyoutube/{05AA8108-66A6-42E4-8066-92C018C49950}
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Noronha\AppData\Roaming\Mozilla\Firefox\Profiles\3vdbn8io.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bleepingcomputer.com/forums/topic463169.html
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3605208523-1822168100-2915299364-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SysWOW64\WinMsgBalloonServer.exe
c:\windows\SysWOW64\WinMsgBalloonClient.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-08-01 18:50:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-01 22:50
.
Pre-Run: 373,467,820,032 bytes free
Post-Run: 375,917,559,808 bytes free
.
- - End Of File - - 61B0E313FD6BE1DF18815022FC09BE38


Security Check checkup.txt

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Lavasoft Ad-Aware
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
JavaFX 2.1.1
Java™ 6 Update 31
Java™ 7 Update 5
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#5 Arlo1234

Arlo1234
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 01 August 2012 - 06:16 PM

My system seems to be running fine however, after running all those programs I received an error message when I tried opening Firefox. The error said something along the lines of being unable to open as firefox.exe registry is scheduled for deletion. I rebooted my computer and was able to open Firefox without any error message.

#6 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:14 PM

Posted 01 August 2012 - 08:47 PM

My system seems to be running fine however, after running all those programs I received an error message when I tried opening Firefox. The error said something along the lines of being unable to open as firefox.exe registry is scheduled for deletion. I rebooted my computer and was able to open Firefox without any error message.

That's a common issue caused by ComboFix, and as you figured out, a reboot fixes it. :)

Things are looking pretty good. Let's run an online scan to verify there isn't anything there we missed:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#7 Arlo1234

Arlo1234
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 02 August 2012 - 05:27 PM

Log results for ESET Online Scan:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan
C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.B.Gen trojan
C:\Users\Noronha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\4fb75d7e-4577e929 Java/Exploit.CVE-2012-0507.AM trojan
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AY9K5BVY\EN[1].htm HTML/ScrInject.B.Gen virus
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AY9K5BVY\EN[1].htm HTML/ScrInject.B.Gen virus

Edited by Arlo1234, 02 August 2012 - 05:29 PM.


#8 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:14 PM

Posted 02 August 2012 - 05:56 PM

Looks like it picked up some stuff we had quarantined already. Let's clear those last few out:

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

File::
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AY9K5BVY\EN[1].htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AY9K5BVY\EN[1].htm
C:\Users\Noronha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\4fb75d7e-4577e929


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#9 Arlo1234

Arlo1234
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 02 August 2012 - 07:09 PM

ComboFix 12-07-31.03 - Noronha 08/02/2012 19:27:16.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5880.3329 [GMT -4:00]
Running from: c:\users\Noronha\Desktop\ComboFix.exe
Command switches used :: c:\users\Noronha\Desktop\CFScript.txt
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Noronha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\4fb75d7e-4577e929"
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AY9K5BVY\EN[1].htm"
"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AY9K5BVY\EN[1].htm"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Noronha\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\4fb75d7e-4577e929
c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AY9K5BVY\EN[1].htm
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 23:37 . 2012-08-02 23:37 -------- d-----w- c:\users\Noronha1\AppData\Local\temp
2012-08-02 23:37 . 2012-08-02 23:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 09:56 . 2012-08-02 09:56 -------- d-----w- c:\program files (x86)\ESET
2012-07-27 10:39 . 2012-07-27 10:39 -------- d-----w- c:\program files\CCleaner
2012-07-20 12:09 . 2012-07-20 12:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-20 12:08 . 2012-07-20 12:08 -------- d-----w- c:\program files (x86)\Oracle
2012-07-20 12:07 . 2012-07-06 02:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-15 14:15 . 2012-07-15 14:15 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-12 14:01 . 2012-07-12 14:01 -------- d-----w- c:\users\Noronha\AppData\Local\CarMD.com_Corp
2012-07-11 07:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 07:00 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-07-11 07:00 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-07-11 04:20 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 04:20 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 04:20 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 04:20 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 04:20 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 04:20 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 04:20 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 10:25 . 2012-04-04 10:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 10:25 . 2011-05-15 16:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 07:02 . 2010-04-23 15:56 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 02:06 . 2010-04-23 17:04 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-19 14:14 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 14:14 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 14:14 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 14:14 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 14:14 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 14:14 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 14:14 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 14:14 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 14:14 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-10 10:43 . 2012-05-10 10:43 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-08 17:02 . 2012-05-18 19:54 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FE1DAED-51E3-4822-9331-04FC960398F0}\mpengine.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-01_22.45.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-15 17:16 . 2012-08-02 09:47 49106 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-02 09:47 25458 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-23 16:04 . 2012-08-02 09:47 22262 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3605208523-1822168100-2915299364-1000_UserData.bin
- 2012-08-01 22:39 . 2012-08-01 22:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-02 23:38 . 2012-08-02 23:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-01 22:39 . 2012-08-01 22:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-02 23:38 . 2012-08-02 23:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-08-01 22:39 327680 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-02 23:38 327680 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-01 22:39 1933312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-02 23:38 1933312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-29 16:23 . 2012-08-02 23:37 1257912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-07-29 16:23 . 2012-08-01 22:39 1257912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-30 23:39 . 2012-08-02 23:37 1431244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3605208523-1822168100-2915299364-1003-8192.dat
- 2012-07-30 23:39 . 2012-08-01 22:39 1431244 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3605208523-1822168100-2915299364-1003-8192.dat
+ 2009-07-14 04:54 . 2012-08-02 23:38 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-01 22:39 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-29 16:23 . 2012-08-02 23:37 17033724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3605208523-1822168100-2915299364-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-09-23 2969496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-15 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-08-12 611712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 136176]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-06-24 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 119416]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-23 1255736]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-10-06 230456]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 256632]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-05-03 1226096]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-12 203264]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-09-19 122880]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-12 6790656]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-12 221184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 119416]
S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 84600]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-05-03 22:37]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 16:45]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-02 16:45]
.
2012-07-31 c:\windows\Tasks\HPCeeScheduleForNoronha.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]
.
2012-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-15 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
"SBRegRebootCleaner"="c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe" [2011-12-19 200560]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigseekpro.com/solidyoutube/{05AA8108-66A6-42E4-8066-92C018C49950}
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bigseekpro.com/solidyoutube/{05AA8108-66A6-42E4-8066-92C018C49950}
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Noronha\AppData\Roaming\Mozilla\Firefox\Profiles\3vdbn8io.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bleepingcomputer.com/forums/topic463169.html
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3605208523-1822168100-2915299364-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-08-02 20:00:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-03 00:00
ComboFix2.txt 2012-08-01 22:50
.
Pre-Run: 371,888,566,272 bytes free
Post-Run: 371,825,356,800 bytes free
.
- - End Of File - - 45396EBBFBE3A4A126837E7932777119


Status update: All systems seem normal...as far as I can tell.

#10 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:14 PM

Posted 02 August 2012 - 07:21 PM

Glad to hear things went well. Your logs are looking clean. :)

Before we do anything else, please take the time to install the following updates. Using outdated applications leaves you vulnerable to getting infected again.

-------

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 7.0 first):
Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.

-------

Please let me know how the updates went, as failed updates may indicate additional malware.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#11 Arlo1234

Arlo1234
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 02 August 2012 - 08:16 PM

I went to uninstall Adobe Reader 9 from Control Panel and it showed that I already have Adobe Reader X (10.1.3) installed. I did see an Adobe program called "Spelling Dictionaries Support for Adobe Reader 9" ..........I went ahead and uninstalled these programs but do I need to uninstall Adobe Reader 9 some other way?

Edited by Arlo1234, 02 August 2012 - 08:37 PM.


#12 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:14 PM

Posted 02 August 2012 - 08:36 PM

No, I think you're good. Sounds like it was just a glitch with Security Check detecting it as version 9.


Unless there's any remaining issues, I will now provide you with some suggestions for security software.

First, please remove ComboFix.
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.


It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.
AntiVir
AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.
A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.
If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available A tutorial on understanding and using firewalls may be found here.


If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.
If you are interested, Firefox may be downloaded from here
Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#13 Arlo1234

Arlo1234
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 02 August 2012 - 09:34 PM

Ok. I'll do that. I just have a couple questions:

1) Should I also uninstall TDSSKiller, Security Check, Defogger and ESET Online Scanner?

2) I use Firefox exclusively. I'm Just wondering why I had to use Internet Explorer for the ESET Online Scanner? I'm sure there's a good reason.

#14 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:12:14 PM

Posted 03 August 2012 - 11:37 AM

1) Should I also uninstall TDSSKiller, Security Check, Defogger and ESET Online Scanner?

You can, though you may want to keep them to use from time to time. It's up to you. :)

2) I use Firefox exclusively. I'm Just wondering why I had to use Internet Explorer for the ESET Online Scanner? I'm sure there's a good reason.

I think it was originally designed to run only on IE. Also, most people have 2 browsers- The first is usually Internet Explorer (since it comes by default with every Windows computer), and the second is either Firefox or Chrome. We recommend that people use IE for online scans since most people have it installed, although they don't really use it since it's really a pretty terrible browser :P.

With that said, I think most of the online scans these days (ESET, BitDefender, Kaspersky, Panda, F-Secure) now support Firefox and/or Chrome. Any browser should be fine.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#15 Arlo1234

Arlo1234
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 03 August 2012 - 05:52 PM

Ok. Good to know. So to fully remove those program, I simply stick the .exe in Recycling Bin or is there some secret way?

I also tried to update Windows (optional updates) as you advised but it keeps failing and gives me the "Windows Update error 80246008" but I'm sure this is an easy fix.

Btw thanks for all your help! I just sent you a donation. It's not much...but hey, we're still in a recession! :P

Edited by Arlo1234, 03 August 2012 - 05:59 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users