Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit reported and removed?


  • This topic is locked This topic is locked
18 replies to this topic

#1 sh4rkbyt3

sh4rkbyt3

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 02 August 2012 - 10:19 PM

Got a laptop that had various infections including an alleged rootkit. Using ASWmbr I was able to capture and remove but am still having an issue with slow startup and a single block in defraggler that reports a different number everytime even after defragging the HDD. Used several standard tools but still not quite sure it's fully cleaned yet.

DDS.txt report:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Adm at 22:52:46 on 2012-08-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.707 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdfserv.exe
C:\Windows\system32\lxdfcoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Lexmark 6500 Series\lxdfmon.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [lxdfmon.exe] "c:\program files\lexmark 6500 series\lxdfmon.exe"
mRun: [lxdfamon] "c:\program files\lexmark 6500 series\lxdfamon.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [VMM Mode Selection] c:\program files\htc\modeselection\VMMModeSelection.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.18\amvconverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: salisbury.edu\myclasses
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7150C31E-BC3E-41EE-8482-BFD741260134} : DhcpNameServer = 192.168.2.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-7-26 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-7-26 353688]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-7-26 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-7-26 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-7-26 44808]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-10-19 21504]
R2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe -service --> c:\windows\system32\lxdfcoms.exe -service [?]
R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdfserv.exe [2007-5-29 99248]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-7-31 1153368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 250056]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-31 40776]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-31 21:36:25 -------- d-----w- c:\users\adm\appdata\local\temp
2012-07-31 21:35:10 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-31 18:13:23 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-31 16:29:43 -------- d-----w- c:\programdata\Norton
2012-07-31 15:30:55 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b9f5bd94-6f06-4b74-bd06-6c03cc7759df}\mpengine.dll
2012-07-31 15:14:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-31 15:14:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-29 00:13:03 -------- d-----w- C:\pyp89b8p
2012-07-28 21:33:31 -------- d-----w- c:\program files\Trend Micro
2012-07-27 15:01:23 -------- d-----w- c:\program files\Unlocker
2012-07-27 13:54:57 -------- d-----w- c:\program files\Oracle
2012-07-26 18:28:17 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-26 18:28:16 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-26 18:27:38 41224 ----a-w- c:\windows\avastSS.scr
2012-07-26 18:27:22 -------- d-----w- c:\programdata\AVAST Software
2012-07-26 18:27:22 -------- d-----w- c:\program files\AVAST Software
2012-07-26 13:41:43 -------- d-----w- c:\users\adm\appdata\roaming\SUPERAntiSpyware.com
2012-07-26 13:41:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-26 13:41:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-26 13:22:51 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-07-26 13:22:50 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-07-26 06:47:27 -------- d-----w- c:\program files\Windows Portable Devices
2012-07-26 06:16:38 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-07-26 06:16:37 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-07-26 06:16:37 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-07-26 06:00:33 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-07-26 05:58:42 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-07-26 05:57:47 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-07-26 05:56:19 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2012-07-26 05:56:18 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-07-26 04:50:20 -------- d-----w- c:\program files\Defraggler
2012-07-26 04:29:15 98816 ----a-w- c:\windows\sed.exe
2012-07-26 04:29:15 518144 ----a-w- c:\windows\SWREG.exe
2012-07-26 04:29:15 256000 ----a-w- c:\windows\PEV.exe
2012-07-26 04:29:15 208896 ----a-w- c:\windows\MBR.exe
2012-07-26 03:46:03 -------- d-----w- c:\program files\VS Revo Group
2012-07-26 03:31:04 -------- d-----w- c:\windows\pss
2012-07-26 01:41:07 -------- d-----w- c:\users\adm\appdata\roaming\Malwarebytes
2012-07-26 01:40:52 -------- d-----w- c:\programdata\Malwarebytes
2012-07-26 01:40:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-26 01:40:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-26 01:13:06 -------- d-----w- c:\program files\CCleaner
2012-07-12 12:10:04 -------- d-----w- C:\Firefox
2012-07-12 11:57:49 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-12 11:49:32 -------- d-----w- c:\users\adm\appdata\local\Unity
2012-07-12 04:02:11 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 14:49:24 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-07-11 14:49:24 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-07-11 14:49:24 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-07-11 14:49:03 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 14:48:55 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 14:48:55 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 14:48:43 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 14:48:42 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 14:48:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 13:54:52 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-07-11 13:52:28 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-11 13:50:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-07-11 13:50:17 171904 ----a-w- c:\windows\system32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-27 14:23:10 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 14:23:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-12 11:57:16 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 22:53:27.47 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 08 August 2012 - 08:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/463643 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 PM

Posted 09 August 2012 - 07:42 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 10 August 2012 - 02:45 PM

Here is the Security Check log:

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
JavaFX 2.1.1
Java™ 7 Update 5
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````


And here is the Combofix log:
ComboFix 12-08-09.01 - Adm 08/10/2012 15:15:15.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.787 [GMT -4:00]
Running from: c:\users\Adm\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 19:26 . 2012-08-10 19:27 -------- d-----w- c:\users\Adm\AppData\Local\temp
2012-08-10 19:26 . 2012-08-10 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 19:23 . 2012-08-10 19:23 9231560 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-08-10 17:56 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59993967-FB91-4C37-BBB4-3DDE2B5387E1}\mpengine.dll
2012-07-31 18:13 . 2012-07-31 18:13 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-31 16:29 . 2012-07-31 16:29 -------- d-----w- c:\programdata\Norton
2012-07-31 15:14 . 2012-07-31 20:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-31 15:14 . 2012-07-31 15:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-29 00:13 . 2012-07-29 00:25 -------- d-----w- C:\pyp89b8p
2012-07-28 21:33 . 2012-07-28 21:33 -------- d-----w- c:\program files\Trend Micro
2012-07-27 15:01 . 2012-08-10 17:43 -------- d-----w- c:\program files\Unlocker
2012-07-27 13:54 . 2012-07-27 13:54 -------- d-----w- c:\program files\Oracle
2012-07-26 18:28 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-26 18:28 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-26 18:28 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-26 18:28 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-26 18:28 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-26 18:28 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-26 18:27 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-26 18:27 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-26 18:27 . 2012-07-26 18:27 -------- d-----w- c:\programdata\AVAST Software
2012-07-26 18:27 . 2012-07-26 18:27 -------- d-----w- c:\program files\AVAST Software
2012-07-26 13:41 . 2012-07-26 13:41 -------- d-----w- c:\users\Adm\AppData\Roaming\SUPERAntiSpyware.com
2012-07-26 13:41 . 2012-07-26 13:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-26 13:41 . 2012-07-26 13:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-26 13:22 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-07-26 13:22 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-07-26 06:47 . 2012-07-26 06:47 -------- d-----w- c:\program files\Windows Portable Devices
2012-07-26 06:16 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-07-26 06:16 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-07-26 06:16 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-07-26 06:00 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-07-26 05:58 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-07-26 05:57 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-07-26 05:56 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2012-07-26 05:56 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-07-26 04:50 . 2012-07-26 04:50 -------- d-----w- c:\program files\Defraggler
2012-07-26 03:46 . 2012-07-26 03:46 -------- d-----w- c:\program files\VS Revo Group
2012-07-26 01:41 . 2012-07-26 01:41 -------- d-----w- c:\users\Adm\AppData\Roaming\Malwarebytes
2012-07-26 01:40 . 2012-07-26 01:40 -------- d-----w- c:\programdata\Malwarebytes
2012-07-26 01:40 . 2012-07-26 01:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-26 01:40 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-26 01:13 . 2012-07-29 03:17 -------- d-----w- c:\program files\CCleaner
2012-07-12 12:10 . 2012-07-26 01:33 -------- d-----w- C:\Firefox
2012-07-12 11:57 . 2012-07-06 02:06 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-12 11:49 . 2012-07-12 11:49 -------- d-----w- c:\users\Adm\AppData\Local\Unity
2012-07-12 04:02 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-10 19:23 . 2012-04-05 20:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-10 19:23 . 2011-10-05 14:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 11:57 . 2010-07-01 17:27 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-05 16:47 . 2012-07-11 14:48 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 14:48 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 14:48 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-07-11 13:54 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-07-11 13:54 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-07-11 13:52 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-07-11 13:52 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-07-11 13:54 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-07-11 13:54 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-07-11 13:52 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-07-11 13:50 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-07-11 13:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-11 14:48 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 14:48 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 16:25 . 2010-02-20 18:11 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-31_21.27.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-04 01:46 . 2012-08-10 19:11 72926 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2012-08-10 19:11 85430 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-07 20:40 . 2012-08-10 19:11 22082 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2015934594-4100455314-4136565935-1000_UserData.bin
- 2008-10-04 17:34 . 2012-07-31 21:12 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-04 17:34 . 2012-08-10 19:23 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-28 19:06 . 2012-08-10 19:23 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-07-28 19:06 . 2012-07-31 21:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-04 17:34 . 2012-08-10 19:23 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-04 17:34 . 2012-07-31 21:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-10 19:09 . 2012-08-10 19:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-31 21:09 . 2012-07-31 21:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-10 19:09 . 2012-08-10 19:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-31 21:09 . 2012-07-31 21:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-04 17:33 . 2012-08-10 17:44 343264 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-08-10 19:23 . 2012-08-10 19:23 686792 c:\windows\System32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
+ 2012-08-10 19:23 . 2012-08-10 19:23 466632 c:\windows\System32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.dll
- 2012-04-05 20:19 . 2012-07-27 14:23 250056 c:\windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-05 20:19 . 2012-08-10 19:23 250056 c:\windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2006-11-02 12:47 . 2012-08-03 02:28 312920 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:47 . 2012-07-26 13:19 312920 c:\windows\System32\FNTCACHE.DAT
+ 2009-07-14 17:56 . 2012-08-10 19:23 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 17:56 . 2012-07-31 21:10 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-08-15 13:35 . 2012-07-31 21:08 297820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-15 13:35 . 2012-08-10 19:08 297820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-08-15 13:35 . 2012-07-31 21:08 1935324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015934594-4100455314-4136565935-1000-8192.dat
+ 2011-08-15 13:35 . 2012-08-10 19:08 1935324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015934594-4100455314-4136565935-1000-8192.dat
+ 2011-08-15 13:35 . 2012-08-10 19:08 14952928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015934594-4100455314-4136565935-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"lxdfmon.exe"="c:\program files\Lexmark 6500 Series\lxdfmon.exe" [2007-06-12 455600]
"lxdfamon"="c:\program files\Lexmark 6500 Series\lxdfamon.exe" [2007-06-01 20480]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=c:\windows\pss\Vongo Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Adm^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Disney Vacation Connection.lnk]
path=c:\users\Adm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk
backup=c:\windows\pss\Disney Vacation Connection.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FPCCSMiddleware]
2008-10-11 00:38 538432 ------w- c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 13:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-01 23:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 6500 Series Fax Server]
2007-06-12 01:56 308144 ----a-w- c:\program files\Lexmark 6500 Series\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-24 00:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2010-07-28 19:14 554328 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-12-09 02:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 20:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 21:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-17 06:13 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 00:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:23]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: salisbury.edu\myclasses
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7150C31E-BC3E-41EE-8482-BFD741260134}: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-10 15:26
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1b,14,76,08,1f,0c,28,48,85,00,a8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1b,14,76,08,1f,0c,28,48,85,00,a8,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-10 15:35:08
ComboFix-quarantined-files.txt 2012-08-10 19:35
ComboFix2.txt 2012-08-10 18:53
ComboFix3.txt 2012-08-10 18:28
ComboFix4.txt 2012-07-31 21:36
ComboFix5.txt 2012-08-10 19:14
.
Pre-Run: 107,325,345,792 bytes free
Post-Run: 107,261,288,448 bytes free
.
- - End Of File - - CB17C6BB2C1ABF095C9C8B4A74F1B503


The only noticable oddball thing happening is when Avast Anti-Virus updates I am constantly getting double notifications?

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 PM

Posted 10 August 2012 - 03:11 PM

Greetings sh4rkbyt3

that weird what do you mean by double notifications.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 13 August 2012 - 10:58 AM

Ok TDSS Killer reported nothing and attached is the aswmbr logfile.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-13 11:12:15
-----------------------------
11:12:15.465 OS Version: Windows 6.0.6002 Service Pack 2
11:12:15.465 Number of processors: 2 586 0x6802
11:12:15.465 ComputerName: ADM-PC UserName: Adm
11:12:54.914 Initialize success
11:12:56.849 AVAST engine defs: 12081300
11:13:06.474 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
11:13:06.474 Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 8909 Size: 152627MB BusType: 3
11:13:06.505 Disk 0 MBR read successfully
11:13:06.505 Disk 0 MBR scan
11:13:06.505 Disk 0 Windows VISTA default MBR code
11:13:06.521 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 140419 MB offset 63
11:13:06.583 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12205 MB offset 287579565
11:13:06.614 Disk 0 scanning sectors +312576705
11:13:06.724 Disk 0 scanning C:\Windows\system32\drivers
11:13:20.264 Service scanning
11:13:44.522 Modules scanning
11:13:55.146 Disk 0 trace - called modules:
11:13:55.162 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
11:13:55.177 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85304968]
11:13:55.177 3 CLASSPNP.SYS[87da08b3] -> nt!IofCallDriver -> [0x84b8f898]
11:13:55.177 5 acpi.sys[8060d6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x84b91b98]
11:13:56.051 AVAST engine scan C:\Windows
11:13:59.342 AVAST engine scan C:\Windows\system32
11:16:27.121 AVAST engine scan C:\Windows\system32\drivers
11:16:48.212 AVAST engine scan C:\Users\Adm
11:18:10.268 AVAST engine scan C:\ProgramData
11:19:13.012 Scan finished successfully
11:20:13.222 Disk 0 MBR has been saved successfully to "C:\Users\Adm\Desktop\MBR.dat"
11:20:13.222 The log file has been saved successfully to "C:\Users\Adm\Desktop\aswMBR.txt"

Upon startup Avast automatically updates itself and gives you verbal and visual notification. Right now I am getting double of both upon startup.
Also after running Defraggler it gets down to 0 Fragments and 0 Fragmented files but I have one red block that will not go away?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 PM

Posted 13 August 2012 - 12:54 PM

Greetings

Uninstall avast and reinstall it


At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 14 August 2012 - 02:03 AM

Ok Gringo had to remove and install Avast several times until I found a registry entry that was remaining in the system. Removed it and finally got it running correctly now.

Ran Combofix with the script and posting the results below:

ComboFix 12-08-13.01 - Adm 08/14/2012 1:11.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.826 [GMT -4:00]
Running from: c:\users\Adm\Desktop\ComboFix.exe
Command switches used :: c:\users\Adm\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))
.
.
2012-08-14 05:22 . 2012-08-14 05:22 -------- d-----w- c:\users\Adm\AppData\Local\temp
2012-08-14 05:22 . 2012-08-14 05:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 03:06 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-14 03:06 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-14 03:06 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-14 03:06 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-14 03:06 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-14 03:06 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-14 03:05 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-14 03:05 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-10 19:23 . 2012-08-10 19:23 9231560 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-08-10 17:56 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59993967-FB91-4C37-BBB4-3DDE2B5387E1}\mpengine.dll
2012-07-31 18:13 . 2012-07-31 18:13 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-31 16:29 . 2012-07-31 16:29 -------- d-----w- c:\programdata\Norton
2012-07-31 15:14 . 2012-07-31 20:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-31 15:14 . 2012-07-31 15:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-29 00:13 . 2012-07-29 00:25 -------- d-----w- C:\pyp89b8p
2012-07-28 21:33 . 2012-07-28 21:33 -------- d-----w- c:\program files\Trend Micro
2012-07-27 15:01 . 2012-08-10 17:43 -------- d-----w- c:\program files\Unlocker
2012-07-27 13:54 . 2012-07-27 13:54 -------- d-----w- c:\program files\Oracle
2012-07-26 18:27 . 2012-08-14 03:05 -------- d-----w- c:\programdata\AVAST Software
2012-07-26 18:27 . 2012-08-14 03:05 -------- d-----w- c:\program files\AVAST Software
2012-07-26 13:41 . 2012-07-26 13:41 -------- d-----w- c:\users\Adm\AppData\Roaming\SUPERAntiSpyware.com
2012-07-26 13:41 . 2012-07-26 13:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-26 13:41 . 2012-07-26 13:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-26 13:22 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-07-26 13:22 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-07-26 06:47 . 2012-07-26 06:47 -------- d-----w- c:\program files\Windows Portable Devices
2012-07-26 06:16 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-07-26 06:16 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-07-26 06:16 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-07-26 06:00 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-07-26 05:58 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-07-26 05:57 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-07-26 05:56 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2012-07-26 05:56 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-07-26 04:50 . 2012-07-26 04:50 -------- d-----w- c:\program files\Defraggler
2012-07-26 03:46 . 2012-07-26 03:46 -------- d-----w- c:\program files\VS Revo Group
2012-07-26 01:41 . 2012-07-26 01:41 -------- d-----w- c:\users\Adm\AppData\Roaming\Malwarebytes
2012-07-26 01:40 . 2012-07-26 01:40 -------- d-----w- c:\programdata\Malwarebytes
2012-07-26 01:40 . 2012-07-26 01:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-26 01:40 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-26 01:13 . 2012-07-29 03:17 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-10 19:23 . 2012-04-05 20:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-10 19:23 . 2011-10-05 14:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 11:57 . 2010-07-01 17:27 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-06 02:06 . 2012-07-12 11:57 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-13 13:40 . 2012-07-12 04:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-11 14:48 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 14:48 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 14:48 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-07-11 13:54 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-07-11 13:54 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-07-11 13:52 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-07-11 13:52 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-07-11 13:54 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-07-11 13:54 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-07-11 13:52 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-07-11 13:50 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-07-11 13:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-12 03:52 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 03:52 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 03:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 03:52 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 03:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04 . 2012-07-11 14:48 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 14:48 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 16:25 . 2010-02-20 18:11 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-31_21.27.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-04 01:46 . 2012-08-14 03:03 73086 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2012-08-14 03:03 85502 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-07 20:40 . 2012-08-14 03:03 22154 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2015934594-4100455314-4136565935-1000_UserData.bin
+ 2008-10-04 17:34 . 2012-08-14 03:10 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-04 17:34 . 2012-07-31 21:12 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-28 19:06 . 2012-07-31 21:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-28 19:06 . 2012-08-14 03:10 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-04 17:34 . 2012-07-31 21:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-04 17:34 . 2012-08-14 03:10 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-31 21:09 . 2012-07-31 21:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-14 03:01 . 2012-08-14 03:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-14 03:01 . 2012-08-14 03:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-31 21:09 . 2012-07-31 21:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-04 17:33 . 2012-08-10 17:44 343264 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-08-10 19:23 . 2012-08-10 19:23 686792 c:\windows\System32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
+ 2012-08-10 19:23 . 2012-08-10 19:23 466632 c:\windows\System32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.dll
- 2012-04-05 20:19 . 2012-07-27 14:23 250056 c:\windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-05 20:19 . 2012-08-10 19:23 250056 c:\windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2006-11-02 12:47 . 2012-08-03 02:28 312920 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:47 . 2012-07-26 13:19 312920 c:\windows\System32\FNTCACHE.DAT
- 2009-07-14 17:56 . 2012-07-31 21:10 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 17:56 . 2012-08-14 03:07 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-08-15 13:35 . 2012-08-14 03:00 297820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-08-15 13:35 . 2012-07-31 21:08 297820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-15 13:35 . 2012-08-14 02:49 1935324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015934594-4100455314-4136565935-1000-8192.dat
- 2011-08-15 13:35 . 2012-07-31 21:08 1935324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015934594-4100455314-4136565935-1000-8192.dat
+ 2011-09-01 15:41 . 2012-08-14 02:49 1407544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015934594-4100455314-4136565935-1000-12288.dat
- 2011-09-01 15:41 . 2012-07-29 04:40 1407544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015934594-4100455314-4136565935-1000-12288.dat
+ 2011-08-15 13:35 . 2012-08-14 02:49 15142188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015934594-4100455314-4136565935-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"lxdfmon.exe"="c:\program files\Lexmark 6500 Series\lxdfmon.exe" [2007-06-12 455600]
"lxdfamon"="c:\program files\Lexmark 6500 Series\lxdfamon.exe" [2007-06-01 20480]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=c:\windows\pss\Vongo Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Adm^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Disney Vacation Connection.lnk]
path=c:\users\Adm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk
backup=c:\windows\pss\Disney Vacation Connection.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FPCCSMiddleware]
2008-10-11 00:38 538432 ------w- c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 13:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-01 23:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 6500 Series Fax Server]
2007-06-12 01:56 308144 ----a-w- c:\program files\Lexmark 6500 Series\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-24 00:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2010-07-28 19:14 554328 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-12-09 02:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 20:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 21:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-17 06:13 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 00:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:23]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: salisbury.edu\myclasses
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7150C31E-BC3E-41EE-8482-BFD741260134}: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-14 01:22
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1b,14,76,08,1f,0c,28,48,85,00,a8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1b,14,76,08,1f,0c,28,48,85,00,a8,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-14 01:30:39
ComboFix-quarantined-files.txt 2012-08-14 05:30
ComboFix2.txt 2012-08-10 19:35
ComboFix3.txt 2012-08-10 18:53
ComboFix4.txt 2012-08-10 18:28
ComboFix5.txt 2012-08-14 05:10
.
Pre-Run: 107,193,155,584 bytes free
Post-Run: 107,144,781,824 bytes free
.
- - End Of File - - 7F20C2FC9E6ABA35390DE245014D3340

Still having issues with defraggler. Anywhere from 211 fragmented files to 333 fragmented files. Just after using defraggler the only thing showing up is WMITracing.log but immediately upon restart I get a fragmented drive back to the 211-333 range?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 PM

Posted 14 August 2012 - 12:46 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 14 August 2012 - 10:08 PM

Ok several issues now. First off, as soon as the computer started up I got the double notification again for Avast, despite the fact it seemed to be ok last night? Now I'm looking at the hundreds of entries (yes hundreds) for TDSS Log files. It shows it having been run 100 times and hundreds of more results files and after 15 minutes it's still continuing to show more repeated files?????? I'll send one of the intermediate files that are showing up for todays date which is now over 100 entries?

#11 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 14 August 2012 - 10:55 PM

Here is the TDSS log file:

21:50:00.0414 0512 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
21:50:00.0851 0512 ============================================================
21:50:00.0851 0512 Current date / time: 2012/08/14 21:50:00.0851
21:50:00.0851 0512 SystemInfo:
21:50:00.0851 0512
21:50:00.0851 0512 OS Version: 6.0.6002 ServicePack: 2.0
21:50:00.0851 0512 Product type: Workstation
21:50:00.0851 0512 ComputerName: ADM-PC
21:50:00.0851 0512 UserName: Adm
21:50:00.0851 0512 Windows directory: C:\Windows
21:50:00.0851 0512 System windows directory: C:\Windows
21:50:00.0851 0512 Processor architecture: Intel x86
21:50:00.0851 0512 Number of processors: 2
21:50:00.0851 0512 Page size: 0x1000
21:50:00.0851 0512 Boot type: Normal boot
21:50:00.0851 0512 ============================================================
21:50:02.0645 0512 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:50:02.0645 0512 ============================================================
21:50:02.0645 0512 \Device\Harddisk0\DR0:
21:50:02.0660 0512 MBR partitions:
21:50:02.0660 0512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11241D6E
21:50:02.0660 0512 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11241DAD, BlocksNum 0x17D6D14
21:50:02.0660 0512 ============================================================
21:50:02.0754 0512 C: <-> \Device\Harddisk0\DR0\Partition1
21:50:02.0910 0512 D: <-> \Device\Harddisk0\DR0\Partition2
21:50:02.0910 0512 ============================================================
21:50:02.0910 0512 Initialize success
21:50:02.0910 0512 ============================================================
21:50:07.0621 5008 ============================================================
21:50:07.0621 5008 Scan started
21:50:07.0621 5008 Mode: Manual;
21:50:07.0621 5008 ============================================================
21:50:11.0724 5008 ================ Scan services =============================
21:50:11.0927 5008 [ c0393eb99a6c72c6bef9bfc4a72b33a6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
21:50:11.0927 5008 !SASCORE - ok
21:50:12.0972 5008 [ 82b296ae1892fe3dbee00c9cf92f8ac7 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:50:12.0988 5008 ACPI - ok
21:50:13.0066 5008 [ f19c98ad81d2c0e1bbfd8153d2c80ee8 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:50:13.0097 5008 AdobeFlashPlayerUpdateSvc - ok
21:50:13.0206 5008 [ 2edc5bbac6c651ece337bde8ed97c9fb ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:50:13.0253 5008 adp94xx - ok
21:50:13.0284 5008 [ b84088ca3cdca97da44a984c6ce1ccad ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:50:13.0315 5008 adpahci - ok
21:50:13.0331 5008 [ 7880c67bccc27c86fd05aa2afb5ea469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:50:13.0346 5008 adpu160m - ok
21:50:13.0378 5008 [ 9ae713f8e30efc2abccd84904333df4d ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:50:13.0409 5008 adpu320 - ok
21:50:13.0456 5008 [ 9d1fda9e086ba64e3c93c9de32461bcf ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:50:13.0471 5008 AeLookupSvc - ok
21:50:13.0612 5008 [ 3911b972b55fea0478476b2e777b29fa ] AFD C:\Windows\system32\drivers\afd.sys
21:50:13.0612 5008 AFD - ok
21:50:13.0690 5008 [ ef23439cdd587f64c2c1b8825cead7d8 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:50:13.0690 5008 agp440 - ok
21:50:13.0721 5008 [ ae1fdf7bf7bb6c6a70f67699d880592a ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:50:13.0721 5008 aic78xx - ok
21:50:13.0752 5008 [ a1545b731579895d8cc44fc0481c1192 ] ALG C:\Windows\System32\alg.exe
21:50:13.0783 5008 ALG - ok
21:50:13.0799 5008 [ 90395b64600ebb4552e26e178c94b2e4 ] aliide C:\Windows\system32\drivers\aliide.sys
21:50:13.0799 5008 aliide - ok
21:50:13.0830 5008 [ 2b13e304c9dfdfa5eb582f6a149fa2c7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:50:13.0830 5008 amdagp - ok
21:50:13.0846 5008 [ 0577df1d323fe75a739c787893d300ea ] amdide C:\Windows\system32\drivers\amdide.sys
21:50:13.0846 5008 amdide - ok
21:50:13.0892 5008 [ dc487885bcef9f28eece6fac0e5ddfc5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:50:13.0908 5008 AmdK7 - ok
21:50:13.0939 5008 [ 93ae7f7dd54ab986a6f1a1b37be7442d ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:50:13.0955 5008 AmdK8 - ok
21:50:14.0017 5008 [ c6d704c7f0434dc791aac37cac4b6e14 ] Appinfo C:\Windows\System32\appinfo.dll
21:50:14.0033 5008 Appinfo - ok
21:50:14.0220 5008 [ 20f6f19fe9e753f2780dc2fa083ad597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:50:14.0236 5008 Apple Mobile Device - ok
21:50:14.0314 5008 [ 5f673180268bb1fdb69c99b6619fe379 ] arc C:\Windows\system32\drivers\arc.sys
21:50:14.0329 5008 arc - ok
21:50:14.0360 5008 [ 957f7540b5e7f602e44648c7de5a1c05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:50:14.0376 5008 arcsas - ok
21:50:14.0423 5008 [ 1c1f3d6dddc046c920c493a779649f66 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
21:50:14.0423 5008 aswFsBlk - ok
21:50:14.0470 5008 [ a48d8015af2a0d8b4937613ffbfd28de ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
21:50:14.0485 5008 aswMonFlt - ok
21:50:14.0501 5008 [ 982e275d1c5801042fe94209fb0160fb ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
21:50:14.0516 5008 AswRdr - ok
21:50:14.0626 5008 [ 73dbcf808e00580f2a47f93dd9b03876 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
21:50:14.0672 5008 aswSnx - ok
21:50:14.0719 5008 [ 6cbd7d3a33f498d09c831cdd732da2e0 ] aswSP C:\Windows\system32\drivers\aswSP.sys
21:50:14.0750 5008 aswSP - ok
21:50:14.0766 5008 [ 7109a9aa551f37cd168c02368465957e ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
21:50:14.0782 5008 aswTdi - ok
21:50:14.0828 5008 [ 53b202abee6455406254444303e87be1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:50:14.0828 5008 AsyncMac - ok
21:50:14.0844 5008 [ 1f05b78ab91c9075565a9d8a4b880bc4 ] atapi C:\Windows\system32\drivers\atapi.sys
21:50:14.0844 5008 atapi - ok
21:50:14.0938 5008 [ 0437199c88f6e88a387cfec8a8886a6e ] athr C:\Windows\system32\DRIVERS\athr.sys
21:50:15.0000 5008 athr - ok
21:50:15.0078 5008 [ 68e2a1a0407a66cf50da0300852424ab ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:50:15.0140 5008 AudioEndpointBuilder - ok
21:50:15.0156 5008 [ 68e2a1a0407a66cf50da0300852424ab ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:50:15.0172 5008 Audiosrv - ok
21:50:15.0265 5008 [ 2f7c0f3e39c45e0127fb78b2f18a41f3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:50:15.0281 5008 avast! Antivirus - ok
21:50:15.0421 5008 [ cf6a67c90951e3e763d2135dede44b85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
21:50:15.0437 5008 BCM43XV - ok
21:50:15.0468 5008 [ 67e506b75bd5326a3ec7b70bd014dfb6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:50:15.0468 5008 Beep - ok
21:50:15.0530 5008 [ c789af0f724fda5852fb9a7d3a432381 ] BFE C:\Windows\System32\bfe.dll
21:50:15.0562 5008 BFE - ok
21:50:15.0640 5008 [ 93952506c6d67330367f7e7934b6a02f ] BITS C:\Windows\system32\qmgr.dll
21:50:15.0733 5008 BITS - ok
21:50:15.0749 5008 blbdrive - ok
21:50:15.0889 5008 [ f832f1505ad8b83474bd9a5b1b985e01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:50:15.0952 5008 Bonjour Service - ok
21:50:15.0998 5008 [ 35f376253f687bde63976ccb3f2108ca ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:50:16.0030 5008 bowser - ok
21:50:16.0061 5008 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:50:16.0061 5008 BrFiltLo - ok
21:50:16.0076 5008 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:50:16.0076 5008 BrFiltUp - ok
21:50:16.0108 5008 [ a3629a0c4226f9e9c72faaeebc3ad33c ] Browser C:\Windows\System32\browser.dll
21:50:16.0139 5008 Browser - ok
21:50:16.0170 5008 [ b304e75cff293029eddf094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:50:16.0186 5008 Brserid - ok
21:50:16.0201 5008 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:50:16.0201 5008 BrSerWdm - ok
21:50:16.0232 5008 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:50:16.0232 5008 BrUsbMdm - ok
21:50:16.0279 5008 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:50:16.0279 5008 BrUsbSer - ok
21:50:16.0310 5008 [ ad07c1ec6665b8b35741ab91200c6b68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:50:16.0326 5008 BTHMODEM - ok
21:50:16.0482 5008 catchme - ok
21:50:16.0529 5008 [ 7add03e75beb9e6dd102c3081d29840a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:50:16.0544 5008 cdfs - ok
21:50:16.0591 5008 [ 6b4bffb9becd728097024276430db314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:50:16.0622 5008 cdrom - ok
21:50:16.0685 5008 [ 312ec3e37a0a1f2006534913e37b4423 ] CertPropSvc C:\Windows\System32\certprop.dll
21:50:16.0700 5008 CertPropSvc - ok
21:50:16.0732 5008 [ da8e0afc7baa226c538ef53ac2f90897 ] circlass C:\Windows\system32\drivers\circlass.sys
21:50:16.0747 5008 circlass - ok
21:50:16.0778 5008 [ d7659d3b5b92c31e84e53c1431f35132 ] CLFS C:\Windows\system32\CLFS.sys
21:50:16.0810 5008 CLFS - ok
21:50:16.0997 5008 [ 8ee772032e2fe80a924f3b8dd5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:50:17.0044 5008 clr_optimization_v2.0.50727_32 - ok
21:50:17.0246 5008 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:50:17.0262 5008 clr_optimization_v4.0.30319_32 - ok
21:50:17.0309 5008 [ 99afc3795b58cc478fbbbcdc658fcb56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:50:17.0309 5008 CmBatt - ok
21:50:17.0356 5008 [ 45201046c776ffdaf3fc8a0029c581c8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:50:17.0356 5008 cmdide - ok
21:50:17.0434 5008 [ b6e7991e3d6146c04c85cd31af22a381 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
21:50:17.0449 5008 CnxtHdAudService - ok
21:50:17.0621 5008 [ d8774ace03b46c9b01a49818055f9ad4 ] Com4Qlb C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
21:50:17.0636 5008 Com4Qlb - ok
21:50:17.0683 5008 [ 6afef0b60fa25de07c0968983ee4f60a ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:50:17.0683 5008 Compbatt - ok
21:50:17.0699 5008 COMSysApp - ok
21:50:17.0730 5008 [ 2a213ae086bbec5e937553c7d9a2b22c ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:50:17.0730 5008 crcdisk - ok
21:50:17.0761 5008 [ 22a7f883508176489f559ee745b5bf5d ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:50:17.0761 5008 Crusoe - ok
21:50:17.0839 5008 [ 75c6a297e364014840b48eccd7525e30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:50:17.0870 5008 CryptSvc - ok
21:50:17.0980 5008 [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:50:18.0026 5008 DcomLaunch - ok
21:50:18.0058 5008 [ 622c41a07ca7e6dd91770f50d532cb6c ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:50:18.0073 5008 DfsC - ok
21:50:18.0260 5008 [ 2cc3dcfb533a1035b13dcab6160ab38b ] DFSR C:\Windows\system32\DFSR.exe
21:50:18.0448 5008 DFSR - ok
21:50:18.0557 5008 [ 9028559c132146fb75eb7acf384b086a ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:50:18.0604 5008 Dhcp - ok
21:50:18.0650 5008 [ 5d4aefc3386920236a548271f8f1af6a ] disk C:\Windows\system32\drivers\disk.sys
21:50:18.0666 5008 disk - ok
21:50:18.0713 5008 [ 57d762f6f5974af0da2be88a3349baaa ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:50:18.0728 5008 Dnscache - ok
21:50:18.0775 5008 [ 324fd74686b1ef5e7c19a8af49e748f6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:50:18.0791 5008 dot3svc - ok
21:50:18.0853 5008 [ 4f59c172c094e1a1d46463a8dc061cbd ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
21:50:18.0853 5008 Dot4 - ok
21:50:18.0869 5008 [ 80bf3ba09f6f2523c8f6b7cc6dbf7bd5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:50:18.0869 5008 Dot4Print - ok
21:50:18.0900 5008 [ c55004ca6b419b6695970dfe849b122f ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
21:50:18.0916 5008 dot4usb - ok
21:50:18.0978 5008 [ a622e888f8aa2f6b49e9bc466f0e5def ] DPS C:\Windows\system32\dps.dll
21:50:19.0009 5008 DPS - ok
21:50:19.0056 5008 [ 97fef831ab90bee128c9af390e243f80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:50:19.0056 5008 drmkaud - ok
21:50:19.0103 5008 [ c68ac676b0ef30cfbb1080adce49eb1f ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:50:19.0165 5008 DXGKrnl - ok
21:50:19.0243 5008 [ c0b00e55cf82d122d25983c7a6a53dea ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
21:50:19.0274 5008 E100B - ok
21:50:19.0306 5008 [ f88fb26547fd2ce6d0a5af2985892c48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:50:19.0337 5008 E1G60 - ok
21:50:19.0384 5008 [ c0b95e40d85cd807d614e264248a45b9 ] EapHost C:\Windows\System32\eapsvc.dll
21:50:19.0399 5008 EapHost - ok
21:50:19.0477 5008 [ 7f64ea048dcfac7acf8b4d7b4e6fe371 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:50:19.0493 5008 Ecache - ok
21:50:19.0618 5008 [ 9be3744d295a7701eb425332014f0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:50:19.0649 5008 ehRecvr - ok
21:50:19.0680 5008 [ ad1870c8e5d6dd340c829e6074bf3c3f ] ehSched C:\Windows\ehome\ehsched.exe
21:50:19.0696 5008 ehSched - ok
21:50:19.0727 5008 [ c27c4ee8926e74aa72efcab24c5242c3 ] ehstart C:\Windows\ehome\ehstart.dll
21:50:19.0727 5008 ehstart - ok
21:50:19.0805 5008 [ e8f3f21a71720c84bcf423b80028359f ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:50:19.0883 5008 elxstor - ok
21:50:19.0930 5008 [ 4e6b23dfc917ea39306b529b773950f4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:50:19.0992 5008 EMDMgmt - ok
21:50:20.0054 5008 [ 67058c46504bc12d821f38cf99b7b28f ] EventSystem C:\Windows\system32\es.dll
21:50:20.0086 5008 EventSystem - ok
21:50:20.0179 5008 [ 22b408651f9123527bcee54b4f6c5cae ] exfat C:\Windows\system32\drivers\exfat.sys
21:50:20.0195 5008 exfat - ok
21:50:20.0210 5008 [ 1e9b9a70d332103c52995e957dc09ef8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:50:20.0242 5008 fastfat - ok
21:50:20.0288 5008 [ 63bdada84951b9c03e641800e176898a ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:50:20.0288 5008 fdc - ok
21:50:20.0335 5008 [ 6629b5f0e98151f4afdd87567ea32ba3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:50:20.0351 5008 fdPHost - ok
21:50:20.0382 5008 [ 89ed56dce8e47af40892778a5bd31fd2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:50:20.0398 5008 FDResPub - ok
21:50:20.0429 5008 [ a8c0139a884861e3aae9cfe73b208a9f ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:50:20.0444 5008 FileInfo - ok
21:50:20.0491 5008 [ 0ae429a696aecbc5970e3cf2c62635ae ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:50:20.0491 5008 Filetrace - ok
21:50:20.0522 5008 [ 6603957eff5ec62d25075ea8ac27de68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:50:20.0522 5008 flpydisk - ok
21:50:20.0585 5008 [ 01334f9ea68e6877c4ef05d3ea8abb05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:50:20.0616 5008 FltMgr - ok
21:50:20.0725 5008 [ 8ce364388c8eca59b14b539179276d44 ] FontCache C:\Windows\system32\FntCache.dll
21:50:20.0866 5008 FontCache - ok
21:50:20.0975 5008 [ c7fbdd1ed42f82bfa35167a5c9803ea3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:50:21.0022 5008 FontCache3.0.0.0 - ok
21:50:21.0068 5008 [ b972a66758577e0bfd1de0f91aaa27b5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:50:21.0068 5008 Fs_Rec - ok
21:50:21.0146 5008 [ 4e1cd0a45c50a8882616cae5bf82f3c5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:50:21.0162 5008 gagp30kx - ok
21:50:21.0240 5008 [ 5ae3a887ece5bbb72cfab273c2fd1cfa ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:50:21.0240 5008 GEARAspiWDM - ok
21:50:21.0318 5008 [ cd5d0aeee35dfd4e986a5aa1500a6e66 ] gpsvc C:\Windows\System32\gpsvc.dll
21:50:21.0380 5008 gpsvc - ok
21:50:21.0427 5008 [ 7be40bb4cd16d8760e18ea981ff452ec ] HdAudAddService C:\Windows\system32\drivers\CHDART.sys
21:50:21.0458 5008 HdAudAddService - ok
21:50:21.0521 5008 [ 062452b7ffd68c8c042a6261fe8dff4a ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:50:21.0583 5008 HDAudBus - ok
21:50:21.0614 5008 [ 1338520e78d90154ed6be8f84de5fceb ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:50:21.0614 5008 HidBth - ok
21:50:21.0630 5008 [ ff3160c3a2445128c5a6d9b076da519e ] HidIr C:\Windows\system32\drivers\hidir.sys
21:50:21.0630 5008 HidIr - ok
21:50:21.0661 5008 [ 84067081f3318162797385e11a8f0582 ] hidserv C:\Windows\System32\hidserv.dll
21:50:21.0677 5008 hidserv - ok
21:50:21.0708 5008 [ cca4b519b17e23a00b826c55716809cc ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:50:21.0708 5008 HidUsb - ok
21:50:21.0770 5008 [ d8ad255b37da92434c26e4876db7d418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:50:21.0802 5008 hkmsvc - ok
21:50:21.0895 5008 [ 89f9e1984c1cd9e5f4fe39642d886e11 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
21:50:21.0895 5008 HP Health Check Service - ok
21:50:21.0926 5008 [ df353b401001246853763c4b7aaa6f50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:50:21.0942 5008 HpCISSs - ok
21:50:22.0160 5008 [ 0a3c6aa4a9fc38c20ba4eac2c3351c05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:50:22.0176 5008 hpqcxs08 - ok
21:50:22.0238 5008 [ f3f72a2a86c22610bca5439fa789dd52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:50:22.0270 5008 hpqddsvc - ok
21:50:22.0301 5008 [ 35956140e686d53bf676cf0c778880fc ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:50:22.0301 5008 HpqKbFiltr - ok
21:50:22.0332 5008 [ 115c0933b3ed51dfbec4449348c8065b ] HpqRemHid C:\Windows\system32\DRIVERS\HpqRemHid.sys
21:50:22.0332 5008 HpqRemHid - ok
21:50:22.0394 5008 [ 04c1dcbb226c6ae647b794833ce3ceb6 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:50:22.0426 5008 hpqwmiex - ok
21:50:22.0504 5008 [ 46d67209550973257601a533e2ac5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:50:22.0535 5008 HSFHWAZL - ok
21:50:22.0613 5008 [ cc267848cb3508e72762be65734e764d ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:50:22.0753 5008 HSF_DPV - ok
21:50:22.0816 5008 [ a2882945cc4b6e3e4e9e825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:50:22.0831 5008 HSXHWAZL - ok
21:50:22.0909 5008 [ f870aa3e254628ebeafe754108d664de ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:50:22.0940 5008 HTTP - ok
21:50:22.0972 5008 [ 324c2152ff2c61abae92d09f3cca4d63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:50:22.0972 5008 i2omp - ok
21:50:23.0050 5008 [ 22d56c8184586b7a1f6fa60be5f5a2bd ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:50:23.0065 5008 i8042prt - ok
21:50:23.0252 5008 [ 496db78e6a0c4c44023d9a92b4a7ac31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
21:50:23.0346 5008 ialm - ok
21:50:23.0377 5008 [ c957bf4b5d80b46c5017bf0101e6c906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:50:23.0377 5008 iaStorV - ok
21:50:23.0486 5008 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:50:23.0518 5008 IDriverT - ok
21:50:23.0611 5008 [ 98477b08e61945f974ed9fdc4cb6bdab ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:50:23.0736 5008 idsvc - ok
21:50:23.0767 5008 [ 2d077bf86e843f901d8db709c95b49a5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:50:23.0783 5008 iirsp - ok
21:50:23.0845 5008 [ 9908d8a397b76cd8d31d0d383c5773c9 ] IKEEXT C:\Windows\System32\ikeext.dll
21:50:23.0876 5008 IKEEXT - ok
21:50:23.0908 5008 [ 97469037714070e45194ed318d636401 ] intelide C:\Windows\system32\drivers\intelide.sys
21:50:23.0908 5008 intelide - ok
21:50:23.0970 5008 [ ce44cc04262f28216dd4341e9e36a16f ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:50:23.0986 5008 intelppm - ok
21:50:24.0032 5008 [ 9ac218c6e6105477484c6fdbe7d409a4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:50:24.0064 5008 IPBusEnum - ok
21:50:24.0220 5008 [ 62c265c38769b864cb25b4bcf62df6c3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:50:24.0235 5008 IpFilterDriver - ok
21:50:24.0313 5008 [ 1998bd97f950680bb55f55a7244679c2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:50:24.0344 5008 iphlpsvc - ok
21:50:24.0360 5008 IpInIp - ok
21:50:24.0391 5008 [ 40f34f8aba2a015d780e4b09138b6c17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:50:24.0407 5008 IPMIDRV - ok
21:50:24.0438 5008 [ 8793643a67b42cec66490b2a0cf92d68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:50:24.0438 5008 IPNAT - ok
21:50:24.0547 5008 [ 9033d67b7112d23eded6789bacded128 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:50:24.0625 5008 iPod Service - ok
21:50:24.0641 5008 [ 109c0dfb82c3632fbd11949b73aeeac9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:50:24.0641 5008 IRENUM - ok
21:50:24.0672 5008 [ 350fca7e73cf65bcef43fae1e4e91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:50:24.0672 5008 isapnp - ok
21:50:24.0734 5008 [ 232fa340531d940aac623b121a595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:50:24.0750 5008 iScsiPrt - ok
21:50:24.0781 5008 [ bced60d16156e428f8df8cf27b0df150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:50:24.0781 5008 iteatapi - ok
21:50:24.0797 5008 [ 06fa654504a498c30adca8bec4e87e7e ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:50:24.0812 5008 iteraid - ok
21:50:24.0828 5008 [ 37605e0a8cf00cbba538e753e4344c6e ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:50:24.0844 5008 kbdclass - ok
21:50:24.0875 5008 [ ede59ec70e25c24581add1fbec7325f7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:50:24.0875 5008 kbdhid - ok
21:50:24.0906 5008 [ a3e186b4b935905b829219502557314e ] KeyIso C:\Windows\system32\lsass.exe
21:50:24.0922 5008 KeyIso - ok
21:50:25.0000 5008 [ 4a1445efa932a3baf5bdb02d7131ee20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:50:25.0046 5008 KSecDD - ok
21:50:25.0093 5008 [ 8078f8f8f7a79e2e6b494523a828c585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:50:25.0109 5008 KtmRm - ok
21:50:25.0140 5008 [ 1bf5eebfd518dd7298434d8c862f825d ] LanmanServer C:\Windows\System32\srvsvc.dll
21:50:25.0171 5008 LanmanServer - ok
21:50:25.0187 5008 [ 1db69705b695b987082c8baec0c6b34f ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:50:25.0202 5008 LanmanWorkstation - ok
21:50:25.0374 5008 [ bf47086d3c3ac4fe25187a2188609027 ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
21:50:25.0405 5008 LeapFrog Connect Device Service - ok
21:50:25.0546 5008 [ 53710476495886d9961be46983a6a33f ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:50:25.0577 5008 LightScribeService - ok
21:50:25.0608 5008 [ d1c5883087a0c3f1344d9d55a44901f6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:50:25.0624 5008 lltdio - ok
21:50:25.0670 5008 [ 2d5a428872f1442631d0959a34abff63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:50:25.0686 5008 lltdsvc - ok
21:50:25.0717 5008 [ 35d40113e4a5b961b6ce5c5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:50:25.0733 5008 lmhosts - ok
21:50:25.0764 5008 [ a2262fb9f28935e862b4db46438c80d2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:50:25.0780 5008 LSI_FC - ok
21:50:25.0811 5008 [ 30d73327d390f72a62f32c103daf1d6d ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:50:25.0811 5008 LSI_SAS - ok
21:50:25.0889 5008 [ e1e36fefd45849a95f1ab81de0159fe3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:50:25.0904 5008 LSI_SCSI - ok
21:50:25.0951 5008 [ 8f5c7426567798e62a3b3614965d62cc ] luafv C:\Windows\system32\drivers\luafv.sys
21:50:25.0967 5008 luafv - ok
21:50:26.0107 5008 [ 2144ae8412927e15119ee7303f8a5df1 ] lxdfCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
21:50:26.0138 5008 lxdfCATSCustConnectService - ok
21:50:26.0154 5008 lxdf_device - ok
21:50:26.0232 5008 [ 0db7527db188c7d967a37bb51bbf3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
21:50:26.0248 5008 MBAMSwissArmy - ok
21:50:26.0294 5008 [ aef9babb8a506bc4ce0451a64aaded46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:50:26.0326 5008 Mcx2Svc - ok
21:50:26.0372 5008 [ 0cea2d0d3fa284b85ed5b68365114f76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:50:26.0372 5008 mdmxsdk - ok
21:50:26.0404 5008 [ d153b14fc6598eae8422a2037553adce ] megasas C:\Windows\system32\drivers\megasas.sys
21:50:26.0404 5008 megasas - ok
21:50:26.0435 5008 [ 1076ffcffaae8385fd62dfcb25ac4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:50:26.0450 5008 MMCSS - ok
21:50:26.0482 5008 [ e13b5ea0f51ba5b1512ec671393d09ba ] Modem C:\Windows\system32\drivers\modem.sys
21:50:26.0482 5008 Modem - ok
21:50:26.0513 5008 [ 0a9bb33b56e294f686abb7c1e4e2d8a8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:50:26.0513 5008 monitor - ok
21:50:26.0544 5008 [ 5bf6a1326a335c5298477754a506d263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:50:26.0560 5008 mouclass - ok
21:50:26.0575 5008 [ 93b8d4869e12cfbe663915502900876f ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:50:26.0575 5008 mouhid - ok
21:50:26.0622 5008 [ bdafc88aa6b92f7842416ea6a48e1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:50:26.0622 5008 MountMgr - ok
21:50:26.0684 5008 [ 583a41f26278d9e0ea548163d6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
21:50:26.0700 5008 mpio - ok
21:50:26.0731 5008 [ 22241feba9b2defa669c8cb0a8dd7d2e ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:50:26.0747 5008 mpsdrv - ok
21:50:26.0794 5008 [ 5de62c6e9108f14f6794060a9bdecaec ] MpsSvc C:\Windows\system32\mpssvc.dll
21:50:26.0825 5008 MpsSvc - ok
21:50:26.0872 5008 [ 4fbbb70d30fd20ec51f80061703b001e ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:50:26.0887 5008 Mraid35x - ok
21:50:26.0918 5008 [ 82cea0395524aacfeb58ba1448e8325c ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:50:26.0950 5008 MRxDAV - ok
21:50:26.0996 5008 [ 1e94971c4b446ab2290deb71d01cf0c2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:50:27.0028 5008 mrxsmb - ok
21:50:27.0059 5008 [ 4fccb34d793b116423209c0f8b7a3b03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:50:27.0090 5008 mrxsmb10 - ok
21:50:27.0121 5008 [ c3cb1b40ad4a0124d617a1199b0b9d7c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:50:27.0137 5008 mrxsmb20 - ok
21:50:27.0168 5008 [ 742aed7939e734c36b7e8d6228ce26b7 ] msahci C:\Windows\system32\drivers\msahci.sys
21:50:27.0168 5008 msahci - ok
21:50:27.0199 5008 [ 3fc82a2ae4cc149165a94699183d3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:50:27.0215 5008 msdsm - ok
21:50:27.0262 5008 [ fd7520cc3a80c5fc8c48852bb24c6ded ] MSDTC C:\Windows\System32\msdtc.exe
21:50:27.0293 5008 MSDTC - ok
21:50:27.0355 5008 [ a9927f4a46b816c92f461acb90cf8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:50:27.0355 5008 Msfs - ok
21:50:27.0402 5008 [ 0f400e306f385c56317357d6dea56f62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:50:27.0402 5008 msisadrv - ok
21:50:27.0433 5008 [ 85466c0757a23d9a9aecdc0755203cb2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:50:27.0449 5008 MSiSCSI - ok
21:50:27.0464 5008 msiserver - ok
21:50:27.0527 5008 [ d8c63d34d9c9e56c059e24ec7185cc07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:50:27.0527 5008 MSKSSRV - ok
21:50:27.0558 5008 [ 1d373c90d62ddb641d50e55b9e78d65e ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:50:27.0558 5008 MSPCLOCK - ok
21:50:27.0589 5008 [ b572da05bf4e098d4bba3a4734fb505b ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:50:27.0589 5008 MSPQM - ok
21:50:27.0652 5008 [ b49456d70555de905c311bcda6ec6adb ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:50:27.0652 5008 MsRPC - ok
21:50:27.0698 5008 [ e384487cb84be41d09711c30ca79646c ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:50:27.0698 5008 mssmbios - ok
21:50:27.0730 5008 [ 7199c1eec1e4993caf96b8c0a26bd58a ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:50:27.0730 5008 MSTEE - ok
21:50:27.0745 5008 [ 6a57b5733d4cb702c8ea4542e836b96c ] Mup C:\Windows\system32\Drivers\mup.sys
21:50:27.0761 5008 Mup - ok
21:50:27.0792 5008 [ e4eaf0c5c1b41b5c83386cf212ca9584 ] napagent C:\Windows\system32\qagentRT.dll
21:50:27.0823 5008 napagent - ok
21:50:27.0917 5008 [ 85c44fdff9cf7e72a40dcb7ec06a4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:50:27.0948 5008 NativeWifiP - ok
21:50:28.0026 5008 [ 1357274d1883f68300aeadd15d7bbb42 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:50:28.0104 5008 NDIS - ok
21:50:28.0166 5008 [ 0e186e90404980569fb449ba7519ae61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:50:28.0166 5008 NdisTapi - ok
21:50:28.0213 5008 [ d6973aa34c4d5d76c0430b181c3cd389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:50:28.0213 5008 Ndisuio - ok
21:50:28.0244 5008 [ 818f648618ae34f729fdb47ec68345c3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:50:28.0260 5008 NdisWan - ok
21:50:28.0291 5008 [ 71dab552b41936358f3b541ae5997fb3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:50:28.0291 5008 NDProxy - ok
21:50:28.0338 5008 [ a081cb6fb9a12668f233eb5414be3a0e ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:50:28.0338 5008 Net Driver HPZ12 - ok
21:50:28.0354 5008 [ bcd093a5a6777cf626434568dc7dba78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:50:28.0369 5008 NetBIOS - ok
21:50:28.0416 5008 [ ecd64230a59cbd93c85f1cd1cab9f3f6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:50:28.0432 5008 netbt - ok
21:50:28.0447 5008 [ a3e186b4b935905b829219502557314e ] Netlogon C:\Windows\system32\lsass.exe
21:50:28.0463 5008 Netlogon - ok
21:50:28.0510 5008 [ c8052711daecc48b982434c5116ca401 ] Netman C:\Windows\System32\netman.dll
21:50:28.0525 5008 Netman - ok
21:50:28.0588 5008 [ 2ef3bbe22e5a5acd1428ee387a0d0172 ] netprofm C:\Windows\System32\netprofm.dll
21:50:28.0603 5008 netprofm - ok
21:50:28.0634 5008 [ d6c4e4a39a36029ac0813d476fbd0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:50:28.0666 5008 NetTcpPortSharing - ok
21:50:28.0697 5008 [ 2e7fb731d4790a1bc6270accefacb36e ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:50:28.0697 5008 nfrd960 - ok
21:50:28.0728 5008 [ 2997b15415f9bbe05b5a4c1c85e0c6a2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:50:28.0775 5008 NlaSvc - ok
21:50:28.0806 5008 [ d36f239d7cce1931598e8fb90a0dbc26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:50:28.0822 5008 Npfs - ok
21:50:28.0853 5008 [ 8bb86f0c7eea2bded6fe095d0b4ca9bd ] nsi C:\Windows\system32\nsisvc.dll
21:50:28.0853 5008 nsi - ok
21:50:28.0884 5008 [ 609773e344a97410ce4ebf74a8914fcf ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:50:28.0884 5008 nsiproxy - ok
21:50:29.0056 5008 [ 6a4a98cee84cf9e99564510dda4baa47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:50:29.0180 5008 Ntfs - ok
21:50:29.0212 5008 [ e875c093aec0c978a90f30c9e0dfbb72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:50:29.0212 5008 ntrigdigi - ok
21:50:29.0243 5008 [ cf7e041663119e09d2e118521ada9300 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
21:50:29.0243 5008 NuidFltr - ok
21:50:29.0290 5008 [ c5dbbcda07d780bda9b685df333bb41e ] Null C:\Windows\system32\drivers\Null.sys
21:50:29.0290 5008 Null - ok
21:50:29.0352 5008 [ d958a2b5f6ad5c3b8ccdc4d7da62466c ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
21:50:29.0461 5008 NVENETFD - ok
21:50:30.0662 5008 [ d65bc32c1795191b7f2b028351ab4fe2 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:50:31.0801 5008 nvlddmkm - ok
21:50:31.0848 5008 [ e69e946f80c1c31c53003bfbf50cbb7c ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:50:31.0864 5008 nvraid - ok
21:50:31.0910 5008 [ 9aebc32f9d6e02ebee0369ab296fe7c8 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
21:50:31.0910 5008 nvsmu - ok
21:50:31.0942 5008 [ 9e0ba19a28c498a6d323d065db76dffc ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:50:31.0942 5008 nvstor - ok
21:50:32.0020 5008 [ a8c043670699c956d56b9f1f3daefc98 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:50:32.0035 5008 nvsvc - ok
21:50:32.0082 5008 [ 07c186427eb8fcc3d8d7927187f260f7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:50:32.0082 5008 nv_agp - ok
21:50:32.0098 5008 NwlnkFlt - ok
21:50:32.0098 5008 NwlnkFwd - ok
21:50:32.0254 5008 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:50:32.0285 5008 odserv - ok
21:50:32.0347 5008 [ 6f310e890d46e246e0e261a63d9b36b4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:50:32.0347 5008 ohci1394 - ok
21:50:32.0410 5008 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:50:32.0441 5008 ose - ok
21:50:32.0566 5008 [ 0c8e8e61ad1eb0b250b846712c917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:50:32.0628 5008 p2pimsvc - ok
21:50:32.0675 5008 [ 0c8e8e61ad1eb0b250b846712c917506 ] p2psvc C:\Windows\system32\p2psvc.dll
21:50:32.0690 5008 p2psvc - ok
21:50:32.0722 5008 [ 0fa9b5055484649d63c303fe404e5f4d ] Parport C:\Windows\system32\drivers\parport.sys
21:50:32.0737 5008 Parport - ok
21:50:32.0784 5008 [ b9c2b89f08670e159f7181891e449cd9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:50:32.0784 5008 partmgr - ok
21:50:32.0815 5008 [ 4f9a6a8a31413180d0fcb279ad5d8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:50:32.0815 5008 Parvdm - ok
21:50:32.0862 5008 [ c6276ad11f4bb49b58aa1ed88537f14a ] PcaSvc C:\Windows\System32\pcasvc.dll
21:50:32.0878 5008 PcaSvc - ok
21:50:32.0940 5008 [ 941dc1d19e7e8620f40bbc206981efdb ] pci C:\Windows\system32\drivers\pci.sys
21:50:32.0956 5008 pci - ok
21:50:32.0987 5008 [ 1636d43f10416aeb483bc6001097b26c ] pciide C:\Windows\system32\drivers\pciide.sys
21:50:32.0987 5008 pciide - ok
21:50:33.0049 5008 [ e6f3fb1b86aa519e7698ad05e58b04e5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:50:33.0049 5008 pcmcia - ok
21:50:33.0174 5008 [ 6349f6ed9c623b44b52ea3c63c831a92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:50:33.0268 5008 PEAUTH - ok
21:50:33.0502 5008 [ b1689df169143f57053f795390c99db3 ] pla C:\Windows\system32\pla.dll
21:50:33.0642 5008 pla - ok
21:50:33.0704 5008 [ c5e7f8a996ec0a82d508fd9064a5569e ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:50:33.0720 5008 PlugPlay - ok
21:50:33.0751 5008 [ 65bc271f337637731d3c71455ae1f476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:50:33.0767 5008 Pml Driver HPZ12 - ok
21:50:33.0845 5008 [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:50:33.0860 5008 PNRPAutoReg - ok
21:50:33.0892 5008 [ 0c8e8e61ad1eb0b250b846712c917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:50:33.0892 5008 PNRPsvc - ok
21:50:33.0970 5008 [ d0494460421a03cd5225cca0059aa146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:50:34.0016 5008 PolicyAgent - ok
21:50:34.0048 5008 [ ecfffaec0c1ecd8dbc77f39070ea1db1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:50:34.0063 5008 PptpMiniport - ok
21:50:34.0094 5008 [ 0e3cef5d28b40cf273281d620c50700a ] Processor C:\Windows\system32\drivers\processr.sys
21:50:34.0110 5008 Processor - ok
21:50:34.0141 5008 [ 0508faa222d28835310b7bfca7a77346 ] ProfSvc C:\Windows\system32\profsvc.dll
21:50:34.0172 5008 ProfSvc - ok
21:50:34.0188 5008 [ a3e186b4b935905b829219502557314e ] ProtectedStorage C:\Windows\system32\lsass.exe
21:50:34.0188 5008 ProtectedStorage - ok
21:50:34.0235 5008 [ 99514faa8df93d34b5589187db3aa0ba ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:50:34.0250 5008 PSched - ok
21:50:34.0391 5008 [ ccdac889326317792480c0a67156a1ec ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:50:34.0438 5008 ql2300 - ok
21:50:34.0484 5008 [ 81a7e5c076e59995d54bc1ed3a16e60b ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:50:34.0484 5008 ql40xx - ok
21:50:34.0531 5008 [ e9ecae663f47e6cb43962d18ab18890f ] QWAVE C:\Windows\system32\qwave.dll
21:50:34.0562 5008 QWAVE - ok
21:50:34.0578 5008 [ 9f5e0e1926014d17486901c88eca2db7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:50:34.0594 5008 QWAVEdrv - ok
21:50:34.0703 5008 [ 70dbdab246c18b78e2200d6401d038be ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
21:50:34.0718 5008 RapiMgr - ok
21:50:34.0765 5008 [ 147d7f9c556d259924351feb0de606c3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:50:34.0765 5008 RasAcd - ok
21:50:34.0812 5008 [ f6a452eb4ceadbb51c9e0ee6b3ecef0f ] RasAuto C:\Windows\System32\rasauto.dll
21:50:34.0828 5008 RasAuto - ok
21:50:34.0874 5008 [ a214adbaf4cb47dd2728859ef31f26b0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:50:34.0874 5008 Rasl2tp - ok
21:50:34.0921 5008 [ 75d47445d70ca6f9f894b032fbc64fcf ] RasMan C:\Windows\System32\rasmans.dll
21:50:34.0952 5008 RasMan - ok
21:50:34.0984 5008 [ 509a98dd18af4375e1fc40bc175f1def ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:50:35.0015 5008 RasPppoe - ok
21:50:35.0062 5008 [ 2005f4a1e05fa09389ac85840f0a9e4d ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:50:35.0077 5008 RasSstp - ok
21:50:35.0108 5008 [ b14c9d5b9add2f84f70570bbbfaa7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:50:35.0124 5008 rdbss - ok
21:50:35.0155 5008 [ 89e59be9a564262a3fb6c4f4f1cd9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:50:35.0155 5008 RDPCDD - ok
21:50:35.0202 5008 [ e8bd98d46f2ed77132ba927fccb47d8b ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:50:35.0218 5008 rdpdr - ok
21:50:35.0249 5008 [ 9d91fe5286f748862ecffa05f8a0710c ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:50:35.0249 5008 RDPENCDD - ok
21:50:35.0296 5008 [ c127ebd5afab31524662c48dfceb773a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:50:35.0327 5008 RDPWD - ok
21:50:35.0389 5008 [ bcdd6b4804d06b1f7ebf29e53a57ece9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:50:35.0420 5008 RemoteAccess - ok
21:50:35.0467 5008 [ 9e6894ea18daff37b63e1005f83ae4ab ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:50:35.0498 5008 RemoteRegistry - ok
21:50:35.0670 5008 [ 17e0bef5ca5c9ce52cc8082ac6ebc449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
21:50:35.0686 5008 RichVideo - ok
21:50:35.0779 5008 [ 355aac141b214bef1dbc1483afd9bd50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
21:50:35.0795 5008 rimmptsk - ok
21:50:35.0857 5008 [ a4216c71dd4f60b26418ccfd99cd0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
21:50:35.0857 5008 rimsptsk - ok
21:50:35.0935 5008 [ d231b577024aa324af13a42f3a807d10 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
21:50:35.0935 5008 rismxdp - ok
21:50:35.0982 5008 [ 5123f83cbc4349d065534eeb6bbdc42b ] RpcLocator C:\Windows\system32\locator.exe
21:50:35.0998 5008 RpcLocator - ok
21:50:36.0060 5008 [ 3b5b4d53fec14f7476ca29a20cc31ac9 ] RpcSs C:\Windows\system32\rpcss.dll
21:50:36.0060 5008 RpcSs - ok
21:50:36.0107 5008 [ 9c508f4074a39e8b4b31d27198146fad ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:50:36.0122 5008 rspndr - ok
21:50:36.0138 5008 [ a3e186b4b935905b829219502557314e ] SamSs C:\Windows\system32\lsass.exe
21:50:36.0154 5008 SamSs - ok
21:50:36.0200 5008 [ 39763504067962108505bff25f024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:50:36.0200 5008 SASDIFSV - ok
21:50:36.0232 5008 [ 77b9fc20084b48408ad3e87570eb4a85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
21:50:36.0232 5008 SASKUTIL - ok
21:50:36.0263 5008 [ 3ce8f073a557e172b330109436984e30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:50:36.0278 5008 sbp2port - ok
21:50:36.0481 5008 [ 794d4b48dfb6e999537c7c3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
21:50:36.0512 5008 SBSDWSCService - ok
21:50:36.0575 5008 [ 77b7a11a0c3d78d3386398fbbea1b632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:50:36.0575 5008 SCardSvr - ok
21:50:36.0637 5008 [ 1a58069db21d05eb2ab58ee5753ebe8d ] Schedule C:\Windows\system32\schedsvc.dll
21:50:36.0731 5008 Schedule - ok
21:50:36.0762 5008 [ 312ec3e37a0a1f2006534913e37b4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:50:36.0762 5008 SCPolicySvc - ok
21:50:36.0793 5008 [ 8f36b54688c31eed4580129040c6a3d3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:50:36.0809 5008 sdbus - ok
21:50:36.0856 5008 [ 716313d9f6b0529d03f726d5aaf6f191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:50:36.0902 5008 SDRSVC - ok
21:50:36.0918 5008 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:50:36.0918 5008 secdrv - ok
21:50:36.0949 5008 [ fd5199d4d8a521005e4b5ee7fe00fa9b ] seclogon C:\Windows\system32\seclogon.dll
21:50:36.0965 5008 seclogon - ok
21:50:36.0980 5008 [ a9bbab5759771e523f55563d6cbe140f ] SENS C:\Windows\system32\sens.dll
21:50:36.0996 5008 SENS - ok
21:50:37.0027 5008 [ 68e44e331d46f0fb38f0863a84cd1a31 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:50:37.0027 5008 Serenum - ok
21:50:37.0058 5008 [ c70d69a918b178d3c3b06339b40c2e1b ] Serial C:\Windows\system32\drivers\serial.sys
21:50:37.0074 5008 Serial - ok
21:50:37.0121 5008 [ 8af3d28a879bf75db53a0ee7a4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:50:37.0121 5008 sermouse - ok
21:50:37.0168 5008 [ d2193326f729b163125610dbf3e17d57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:50:37.0183 5008 SessionEnv - ok
21:50:37.0214 5008 [ 103b79418da647736ee95645f305f68a ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:50:37.0214 5008 sffdisk - ok
21:50:37.0230 5008 [ 8fd08a310645fe872eeec6e08c6bf3ee ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:50:37.0230 5008 sffp_mmc - ok
21:50:37.0261 5008 [ 9cfa05fcfcb7124e69cfc812b72f9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:50:37.0261 5008 sffp_sd - ok
21:50:37.0277 5008 [ 46ed8e91793b2e6f848015445a0ac188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:50:37.0277 5008 sfloppy - ok
21:50:37.0308 5008 [ e1499bd0ff76b1b2fbbf1af339d91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:50:37.0324 5008 SharedAccess - ok
21:50:37.0386 5008 [ c7230fbee14437716701c15be02c27b8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:50:37.0402 5008 ShellHWDetection - ok
21:50:37.0448 5008 [ d2a595d6eebeeaf4334f8e50efbc9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:50:37.0464 5008 sisagp - ok
21:50:37.0480 5008 [ cedd6f4e7d84e9f98b34b3fe988373aa ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:50:37.0495 5008 SiSRaid2 - ok
21:50:37.0526 5008 [ df843c528c4f69d12ce41ce462e973a7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:50:37.0542 5008 SiSRaid4 - ok
21:50:37.0932 5008 [ 862bb4cbc05d80c5b45be430e5ef872f ] slsvc C:\Windows\system32\SLsvc.exe
21:50:38.0322 5008 slsvc - ok
21:50:38.0353 5008 [ 6edc422215cd78aa8a9cde6b30abbd35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:50:38.0369 5008 SLUINotify - ok
21:50:38.0400 5008 [ 7b75299a4d201d6a6533603d6914ab04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:50:38.0416 5008 Smb - ok
21:50:38.0462 5008 [ 2a146a055b4401c16ee62d18b8e2a032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:50:38.0478 5008 SNMPTRAP - ok
21:50:38.0540 5008 [ 7aebdeef071fe28b0eef2cdd69102bff ] spldr C:\Windows\system32\drivers\spldr.sys
21:50:38.0540 5008 spldr - ok
21:50:38.0587 5008 [ 8554097e5136c3bf9f69fe578a1b35f4 ] Spooler C:\Windows\System32\spoolsv.exe
21:50:38.0603 5008 Spooler - ok
21:50:38.0681 5008 [ 41987f9fc0e61adf54f581e15029ad91 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:50:38.0712 5008 srv - ok
21:50:38.0743 5008 [ ff33aff99564b1aa534f58868cbe41ef ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:50:38.0774 5008 srv2 - ok
21:50:38.0806 5008 [ 7605c0e1d01a08f3ecd743f38b834a44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:50:38.0821 5008 srvnet - ok
21:50:38.0868 5008 [ 03d50b37234967433a5ea5ba72bc0b62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:50:38.0884 5008 SSDPSRV - ok
21:50:38.0946 5008 [ 6f1a32e7b7b30f004d9a20afadb14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:50:38.0962 5008 SstpSvc - ok
21:50:39.0040 5008 [ 5de7d67e49b88f5f07f3e53c4b92a352 ] stisvc C:\Windows\System32\wiaservc.dll
21:50:39.0055 5008 stisvc - ok
21:50:39.0071 5008 [ 7ba58ecf0c0a9a69d44b3dca62becf56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:50:39.0086 5008 swenum - ok
21:50:39.0149 5008 [ f21fd248040681cca1fb6c9a03aaa93d ] swprv C:\Windows\System32\swprv.dll
21:50:39.0211 5008 swprv - ok
21:50:39.0242 5008 [ 192aa3ac01df071b541094f251deed10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:50:39.0258 5008 Symc8xx - ok
21:50:39.0289 5008 [ 8c8eb8c76736ebaf3b13b633b2e64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:50:39.0289 5008 Sym_hi - ok
21:50:39.0336 5008 [ 8072af52b5fd103bbba387a1e49f62cb ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:50:39.0367 5008 Sym_u3 - ok
21:50:39.0445 5008 [ 6dd49e1a5fa0f01824652f1a0a8866fb ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:50:39.0476 5008 SynTP - ok
21:50:39.0523 5008 [ 9a51b04e9886aa4ee90093586b0ba88d ] SysMain C:\Windows\system32\sysmain.dll
21:50:39.0617 5008 SysMain - ok
21:50:39.0648 5008 [ 2dca225eae15f42c0933e998ee0231c3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:50:39.0664 5008 TabletInputService - ok
21:50:39.0710 5008 [ d7673e4b38ce21ee54c59eeeb65e2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:50:39.0742 5008 TapiSrv - ok
21:50:39.0773 5008 [ cb05822cd9cc6c688168e113c603dbe7 ] TBS C:\Windows\System32\tbssvc.dll
21:50:39.0788 5008 TBS - ok
21:50:39.0898 5008 [ 27d470dabc77bc60d0a3b0e4deb6cb91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:50:40.0007 5008 Tcpip - ok
21:50:40.0038 5008 [ 27d470dabc77bc60d0a3b0e4deb6cb91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:50:40.0054 5008 Tcpip6 - ok
21:50:40.0069 5008 [ 608c345a255d82a6289c2d468eb41fd7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:50:40.0069 5008 tcpipreg - ok
21:50:40.0100 5008 [ 5dcf5e267be67a1ae926f2df77fbcc56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:50:40.0100 5008 TDPIPE - ok
21:50:40.0132 5008 [ 389c63e32b3cefed425b61ed92d3f021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:50:40.0132 5008 TDTCP - ok
21:50:40.0178 5008 [ 76b06eb8a01fc8624d699e7045303e54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:50:40.0210 5008 tdx - ok
21:50:40.0241 5008 [ 3cad38910468eab9a6479e2f01db43c7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:50:40.0241 5008 TermDD - ok
21:50:40.0303 5008 [ bb95da09bef6e7a131bff3ba5032090d ] TermService C:\Windows\System32\termsrv.dll
21:50:40.0366 5008 TermService - ok
21:50:40.0397 5008 [ c7230fbee14437716701c15be02c27b8 ] Themes C:\Windows\system32\shsvcs.dll
21:50:40.0412 5008 Themes - ok
21:50:40.0428 5008 [ 1076ffcffaae8385fd62dfcb25ac4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:50:40.0428 5008 THREADORDER - ok
21:50:40.0475 5008 [ ec74e77d0eb004bd3a809b5f8fb8c2ce ] TrkWks C:\Windows\System32\trkwks.dll
21:50:40.0506 5008 TrkWks - ok
21:50:40.0584 5008 [ 97d9d6a04e3ad9b6c626b9931db78dba ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:50:40.0584 5008 TrustedInstaller - ok
21:50:40.0631 5008 [ dcf0f056a2e4f52287264f5ab29cf206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:50:40.0631 5008 tssecsrv - ok
21:50:40.0693 5008 [ caecc0120ac49e3d2f758b9169872d38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:50:40.0693 5008 tunmp - ok
21:50:40.0724 5008 [ 300db877ac094feab0be7688c3454a9c ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:50:40.0724 5008 tunnel - ok
21:50:40.0756 5008 [ c3ade15414120033a36c0f293d4a4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:50:40.0756 5008 uagp35 - ok
21:50:40.0802 5008 [ d9728af68c4c7693cb100b8441cbdec6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:50:40.0802 5008 udfs - ok
21:50:40.0849 5008 [ ecef404f62863755951e09c802c94ad5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:50:40.0865 5008 UI0Detect - ok
21:50:40.0896 5008 [ 75e6890ebfce0841d3291b02e7a8bdb0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:50:40.0912 5008 uliagpkx - ok
21:50:40.0958 5008 [ 3cd4ea35a6221b85dcc25daa46313f8d ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:50:40.0974 5008 uliahci - ok
21:50:41.0083 5008 [ 8514d0e5cd0534467c5fc61be94a569f ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:50:41.0114 5008 UlSata - ok
21:50:41.0130 5008 [ 38c3c6e62b157a6bc46594fada45c62b ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:50:41.0146 5008 ulsata2 - ok
21:50:41.0161 5008 [ 32cff9f809ae9aed85464492bf3e32d2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:50:41.0177 5008 umbus - ok
21:50:41.0239 5008 [ 68308183f4ae0be7bf8ecd07cb297999 ] upnphost C:\Windows\System32\upnphost.dll
21:50:41.0255 5008 upnphost - ok
21:50:41.0333 5008 [ d4fb6ecc60a428564ba8768b0e23c0fc ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
21:50:41.0348 5008 USBAAPL - ok
21:50:41.0395 5008 [ caf811ae4c147ffcd5b51750c7f09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:50:41.0395 5008 usbccgp - ok
21:50:41.0442 5008 [ e9476e6c486e76bc4898074768fb7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:50:41.0458 5008 usbcir - ok
21:50:41.0520 5008 [ 79e96c23a97ce7b8f14d310da2db0c9b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:50:41.0536 5008 usbehci - ok
21:50:41.0582 5008 [ 4673bbcb006af60e7abddbe7a130ba42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:50:41.0598 5008 usbhub - ok
21:50:41.0614 5008 [ ce697fee0d479290d89bec80dfe793b7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:50:41.0614 5008 usbohci - ok
21:50:41.0629 5008 [ e75c4b5269091d15a2e7dc0b6d35f2f5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:50:41.0645 5008 usbprint - ok
21:50:41.0692 5008 [ a508c9bd8724980512136b039bba65e9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:50:41.0707 5008 usbscan - ok
21:50:41.0738 5008 [ be3da31c191bc222d9ad503c5224f2ad ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:50:41.0754 5008 USBSTOR - ok
21:50:41.0801 5008 [ 325dbbacb8a36af9988ccf40eac228cc ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:50:41.0801 5008 usbuhci - ok
21:50:41.0879 5008 [ e67998e8f14cb0627a769f6530bcb352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:50:41.0894 5008 usbvideo - ok
21:50:41.0926 5008 [ 1509e705f3ac1d474c92454a5c2dd81f ] UxSms C:\Windows\System32\uxsms.dll
21:50:41.0941 5008 UxSms - ok
21:50:42.0019 5008 [ cd88d1b7776dc17a119049742ec07eb4 ] vds C:\Windows\System32\vds.exe
21:50:42.0066 5008 vds - ok
21:50:42.0097 5008 [ 7d92be0028ecdedec74617009084b5ef ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:50:42.0113 5008 vga - ok
21:50:42.0160 5008 [ 2e93ac0a1d8c79d019db6c51f036636c ] VgaSave C:\Windows\System32\drivers\vga.sys
21:50:42.0160 5008 VgaSave - ok
21:50:42.0175 5008 [ 045d9961e591cf0674a920b6ba3ba5cb ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:50:42.0191 5008 viaagp - ok
21:50:42.0206 5008 [ 56a4de5f02f2e88182b0981119b4dd98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:50:42.0206 5008 ViaC7 - ok
21:50:42.0238 5008 [ fd2e3175fcada350c7ab4521dca187ec ] viaide C:\Windows\system32\drivers\viaide.sys
21:50:42.0238 5008 viaide - ok
21:50:42.0269 5008 [ 69503668ac66c77c6cd7af86fbdf8c43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:50:42.0284 5008 volmgr - ok
21:50:42.0362 5008 [ 23e41b834759917bfd6b9a0d625d0c28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:50:42.0409 5008 volmgrx - ok
21:50:42.0472 5008 [ 147281c01fcb1df9252de2a10d5e7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:50:42.0472 5008 volsnap - ok
21:50:42.0503 5008 [ d984439746d42b30fc65a4c3546c6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:50:42.0503 5008 vsmraid - ok
21:50:42.0659 5008 [ db3d19f850c6eb32bdcb9bc0836acddb ] VSS C:\Windows\system32\vssvc.exe
21:50:42.0768 5008 VSS - ok
21:50:42.0799 5008 [ 96ea68b9eb310a69c25ebb0282b2b9de ] W32Time C:\Windows\system32\w32time.dll
21:50:42.0846 5008 W32Time - ok
21:50:42.0893 5008 [ 48dfee8f1af7c8235d4e626f0c4fe031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:50:42.0893 5008 WacomPen - ok
21:50:42.0955 5008 [ 55201897378cca7af8b5efd874374a26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:50:42.0971 5008 Wanarp - ok
21:50:42.0971 5008 [ 55201897378cca7af8b5efd874374a26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:50:42.0971 5008 Wanarpv6 - ok
21:50:43.0049 5008 [ 779f9c90d3fe9c70b6ffd8ef035f3e83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
21:50:43.0142 5008 WcesComm - ok
21:50:43.0205 5008 [ a3cd60fd826381b49f03832590e069af ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:50:43.0252 5008 wcncsvc - ok
21:50:43.0283 5008 [ 11bcb7afcdd7aadacb5746f544d3a9c7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:50:43.0298 5008 WcsPlugInService - ok
21:50:43.0314 5008 [ afc5ad65b991c1e205cf25cfdbf7a6f4 ] Wd C:\Windows\system32\drivers\wd.sys
21:50:43.0314 5008 Wd - ok
21:50:43.0392 5008 [ 9950e3d0f08141c7e89e64456ae7dc73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:50:43.0408 5008 Wdf01000 - ok
21:50:43.0423 5008 [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:50:43.0439 5008 WdiServiceHost - ok
21:50:43.0454 5008 [ abfc76b48bb6c96e3338d8943c5d93b5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:50:43.0454 5008 WdiSystemHost - ok
21:50:43.0501 5008 [ 04c37d8107320312fbae09926103d5e2 ] WebClient C:\Windows\System32\webclnt.dll
21:50:43.0548 5008 WebClient - ok
21:50:43.0595 5008 [ ae3736e7e8892241c23e4ebbb7453b60 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:50:43.0657 5008 Wecsvc - ok
21:50:43.0688 5008 [ 670ff720071ed741206d69bd995ea453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:50:43.0720 5008 wercplsupport - ok
21:50:43.0751 5008 [ 32b88481d3b326da6deb07b1d03481e7 ] WerSvc C:\Windows\System32\WerSvc.dll
21:50:43.0766 5008 WerSvc - ok
21:50:43.0922 5008 [ 0acd399f5db3df1b58903cf4949ab5a8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:50:43.0985 5008 winachsf - ok
21:50:44.0047 5008 [ 4575aa12561c5648483403541d0d7f2b ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:50:44.0110 5008 WinDefend - ok
21:50:44.0110 5008 WinHttpAutoProxySvc - ok
21:50:44.0203 5008 [ 6b2a1d0e80110e3d04e6863c6e62fd8a ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:50:44.0219 5008 Winmgmt - ok
21:50:44.0328 5008 [ 7cfe68bdc065e55aa5e8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
21:50:44.0437 5008 WinRM - ok
21:50:44.0468 5008 [ 676f4b665bdd8053eaa53ac1695b8074 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
21:50:44.0468 5008 winusb - ok
21:50:44.0531 5008 [ c008405e4feeb069e30da1d823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:50:44.0562 5008 Wlansvc - ok
21:50:44.0765 5008 [ 5144ae67d60ec653f97ddf3feed29e77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:50:44.0812 5008 wlidsvc - ok
21:50:44.0858 5008 [ 2e7255d172df0b8283cdfb7b433b864e ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:50:44.0858 5008 WmiAcpi - ok
21:50:44.0890 5008 [ 43be3875207dcb62a85c8c49970b66cc ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:50:44.0905 5008 wmiApSrv - ok
21:50:44.0999 5008 [ 3978704576a121a9204f8cc49a301a9b ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:50:45.0061 5008 WMPNetworkSvc - ok
21:50:45.0108 5008 [ cfc5a04558f5070cee3e3a7809f3ff52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:50:45.0108 5008 WPCSvc - ok
21:50:45.0170 5008 [ 801fbdb89d472b3c467eb112a0fc9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:50:45.0186 5008 WPDBusEnum - ok
21:50:45.0248 5008 [ de9d36f91a4df3d911626643debf11ea ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:50:45.0264 5008 WpdUsb - ok
21:50:45.0451 5008 [ dcf3e3edf5109ee8bc02fe6e1f045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:50:45.0514 5008 WPFFontCache_v0400 - ok
21:50:45.0545 5008 [ e3a3cb253c0ec2494d4a61f5e43a389c ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:50:45.0545 5008 ws2ifsl - ok
21:50:45.0592 5008 [ 1ca6c40261ddc0425987980d0cd2aaab ] wscsvc C:\Windows\system32\wscsvc.dll
21:50:45.0607 5008 wscsvc - ok
21:50:45.0623 5008 WSearch - ok
21:50:45.0748 5008 [ fc3ec24fce372c89423e015a2ac1a31e ] wuauserv C:\Windows\system32\wuaueng.dll
21:50:45.0857 5008 wuauserv - ok
21:50:45.0950 5008 [ ac13cb789d93412106b0fb6c7eb2bcb6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:50:45.0950 5008 WUDFRd - ok
21:50:45.0997 5008 [ 575a4190d989f64732119e4114045a4f ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:50:46.0013 5008 wudfsvc - ok
21:50:46.0060 5008 [ dab33cfa9dd24251aaa389ff36b64d4b ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
21:50:46.0060 5008 XAudio - ok
21:50:46.0106 5008 [ cd5f291a1161f15896d1a4d63daff5df ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
21:50:46.0138 5008 XAudioService - ok
21:50:46.0138 5008 ================ Scan global ===============================
21:50:46.0184 5008 (f31eebc1a1c81fd04005489cc3dcdfe7) C:\Windows\system32\basesrv.dll
21:50:46.0231 5008 (d2293b069e4b63dc17b2f08d45e71124) C:\Windows\system32\winsrv.dll
21:50:46.0278 5008 (d2293b069e4b63dc17b2f08d45e71124) C:\Windows\system32\winsrv.dll
21:50:46.0340 5008 (d4e6d91c1349b7bfb3599a6ada56851b) C:\Windows\system32\services.exe
21:50:46.0372 5008 [Global] - ok
21:50:46.0372 5008 ================ Scan MBR ==================================
21:50:46.0403 5008 MBR (0x1B8) (ab2261d98ab453077a8fc300866b802f) \Device\Harddisk0\DR0
21:50:48.0790 5008 \Device\Harddisk0\DR0 - ok
21:50:48.0790 5008 ================ Scan VBR ==================================
21:50:48.0805 5008 Boot (0x1200) (ae311c3ab4d3149a092c98653c2c5e53) \Device\Harddisk0\DR0\Partition1
21:50:48.0821 5008 \Device\Harddisk0\DR0\Partition1 - ok
21:50:48.0852 5008 Boot (0x1200) (12f30199d7690fd5dfcc6f07c6d32f7c) \Device\Harddisk0\DR0\Partition2
21:50:48.0883 5008 \Device\Harddisk0\DR0\Partition2 - ok
21:50:48.0899 5008 ============================================================
21:50:48.0899 5008 Scan finished
21:50:48.0899 5008 ============================================================
21:50:48.0914 5872 Detected object count: 0
21:50:48.0914 5872 Actual detected object count: 0


Here is the ASWmbr logfile:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-14 23:38:58
-----------------------------
23:38:58.053 OS Version: Windows 6.0.6002 Service Pack 2
23:38:58.053 Number of processors: 2 586 0x6802
23:38:58.053 ComputerName: ADM-PC UserName: Adm
23:39:00.191 Initialize success
23:39:00.409 AVAST engine defs: 12081401
23:39:22.327 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
23:39:22.327 Disk 0 Vendor: FUJITSU_MHZ2160BH_G2 8909 Size: 152627MB BusType: 3
23:39:22.343 Disk 0 MBR read successfully
23:39:22.343 Disk 0 MBR scan
23:39:22.358 Disk 0 Windows VISTA default MBR code
23:39:22.358 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 140419 MB offset 63
23:39:22.389 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12205 MB offset 287579565
23:39:22.389 Disk 0 scanning sectors +312576705
23:39:22.483 Disk 0 scanning C:\Windows\system32\drivers
23:39:41.406 Service scanning
23:40:16.350 Modules scanning
23:40:26.739 Disk 0 trace - called modules:
23:40:26.755 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
23:40:26.755 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8522dac8]
23:40:26.771 3 CLASSPNP.SYS[87da88b3] -> nt!IofCallDriver -> [0x84bab918]
23:40:26.771 5 acpi.sys[806166bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x84ba2030]
23:40:27.691 AVAST engine scan C:\Windows
23:40:30.390 AVAST engine scan C:\Windows\system32
23:43:57.979 AVAST engine scan C:\Windows\system32\drivers
23:44:18.243 AVAST engine scan C:\Users\Adm
23:45:56.976 AVAST engine scan C:\ProgramData
23:47:38.298 Scan finished successfully
23:48:15.358 Disk 0 MBR has been saved successfully to "C:\Users\Adm\Desktop\MBR.dat"
23:48:15.358 The log file has been saved successfully to "C:\Users\Adm\Desktop\aswMBR.txt"
?
Also getting an aswMBR.dat file but will not upload as an attachment?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 PM

Posted 15 August 2012 - 08:37 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 15 August 2012 - 12:00 PM

Ok after running Combofix with the CFScript.txt file inserted the computer itself seems to be fine. However, the issue with Defraggler is still ongoing. One of the files that remained showing after defrag was reinkrecognition.ko? Not sure what this is?

Here is the Combofix logfile report:

ComboFix 12-08-14.05 - Adm 08/15/2012 11:53:25.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1004 [GMT -4:00]
Running from: c:\users\Adm\Desktop\ComboFix.exe
Command switches used :: c:\users\Adm\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 16:04 . 2012-08-15 16:05 -------- d-----w- c:\users\Adm\AppData\Local\temp
2012-08-15 16:04 . 2012-08-15 16:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-15 03:11 . 2012-06-29 01:00 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-08-15 03:09 . 2012-08-15 03:09 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-15 02:49 . 2012-08-15 02:49 -------- d-----w- c:\programdata\Norton
2012-08-15 01:54 . 2012-07-16 06:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A758EDC0-DF3D-4112-A118-092277C8F9BC}\mpengine.dll
2012-08-15 01:53 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 03:06 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-14 03:06 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-14 03:06 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-14 03:06 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-14 03:06 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-14 03:06 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-26 13:41 . 2012-07-26 13:41 -------- d-----w- c:\users\Adm\AppData\Roaming\SUPERAntiSpyware.com
2012-07-26 13:41 . 2012-07-26 13:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-26 13:41 . 2012-07-26 13:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-26 13:22 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-07-26 13:22 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-07-26 06:47 . 2012-07-26 06:47 -------- d-----w- c:\program files\Windows Portable Devices
2012-07-26 06:16 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-07-26 06:16 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-07-26 06:16 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-07-26 06:00 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2012-07-26 05:58 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-07-26 05:57 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-07-26 05:56 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2012-07-26 05:56 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2012-07-26 04:50 . 2012-07-26 04:50 -------- d-----w- c:\program files\Defraggler
2012-07-26 03:46 . 2012-07-26 03:46 -------- d-----w- c:\program files\VS Revo Group
2012-07-26 01:41 . 2012-07-26 01:41 -------- d-----w- c:\users\Adm\AppData\Roaming\Malwarebytes
2012-07-26 01:40 . 2012-07-26 01:40 -------- d-----w- c:\programdata\Malwarebytes
2012-07-26 01:40 . 2012-07-26 01:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-26 01:40 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-26 01:13 . 2012-07-29 03:17 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 02:23 . 2012-04-05 20:19 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-08-15 02:23 . 2011-10-05 14:27 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 11:57 . 2010-07-01 17:27 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-06 02:06 . 2012-07-12 11:57 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 14:48 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 14:48 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 14:48 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-07-11 13:54 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-07-11 13:54 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-07-11 13:52 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-07-11 13:52 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-07-11 13:54 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-07-11 13:54 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-07-11 13:52 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-07-11 13:50 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-07-11 13:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-11 14:48 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 14:48 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 16:25 . 2010-02-20 18:11 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-31_21.27.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-15 01:53 . 2012-05-11 13:59 61440 c:\windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6002.22857_none_f2448e5593d24c2e\ntprint.exe
+ 2012-08-15 03:11 . 2012-06-28 22:45 73216 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.1.8112.20554_none_0888523c9a7c4aa8\mshtmled.dll
+ 2012-08-15 03:11 . 2012-06-29 00:01 73216 c:\windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_9.1.8112.16448_none_080d86858152f449\mshtmled.dll
+ 2012-08-15 03:11 . 2012-06-28 22:51 66048 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20554_none_c2485c52f8ea979a\WininetPlugin.dll
+ 2012-08-15 03:11 . 2012-06-28 22:50 65024 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20554_none_c2485c52f8ea979a\jsproxy.dll
+ 2012-08-15 03:11 . 2012-06-29 00:06 66048 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16448_none_c1cd909bdfc1413b\WininetPlugin.dll
+ 2012-08-15 03:11 . 2012-06-29 00:06 65024 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16448_none_c1cd909bdfc1413b\jsproxy.dll
+ 2008-10-04 01:46 . 2012-08-15 15:42 73118 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2012-08-15 15:42 85502 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-07 20:40 . 2012-08-15 15:42 22170 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2015934594-4100455314-4136565935-1000_UserData.bin
+ 2012-08-15 03:11 . 2012-06-29 00:01 73216 c:\windows\System32\mshtmled.dll
- 2012-07-12 03:52 . 2012-06-02 08:17 73216 c:\windows\System32\mshtmled.dll
+ 2012-08-15 03:11 . 2012-06-29 00:06 66048 c:\windows\System32\migration\WininetPlugin.dll
- 2012-07-12 03:52 . 2012-06-02 08:22 66048 c:\windows\System32\migration\WininetPlugin.dll
- 2012-07-12 03:52 . 2012-06-02 08:21 65024 c:\windows\System32\jsproxy.dll
+ 2012-08-15 03:11 . 2012-06-29 00:06 65024 c:\windows\System32\jsproxy.dll
+ 2008-10-04 17:34 . 2012-08-15 15:42 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-04 17:34 . 2012-07-31 21:12 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-28 19:06 . 2012-07-31 21:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-28 19:06 . 2012-08-15 15:42 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-04 17:34 . 2012-08-15 15:42 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-04 17:34 . 2012-07-31 21:12 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-15 03:09 . 2012-08-15 03:14 16384 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2012-05-14 07:08 . 2012-05-14 07:08 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2012-08-15 03:14 . 2012-08-15 03:14 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2008-10-04 03:31 . 2012-07-12 04:01 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-10-04 03:31 . 2012-08-15 03:14 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-10-04 03:31 . 2012-07-12 04:01 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-10-04 03:31 . 2012-08-15 03:14 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-10-04 03:31 . 2012-07-12 04:01 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-10-04 03:31 . 2012-08-15 03:14 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2012-05-14 07:23 . 2012-05-14 07:23 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-08-15 03:14 . 2012-08-15 03:14 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-08-14 03:05 . 2012-07-03 16:21 41224 c:\windows\avastSS.scr
- 2012-07-26 18:27 . 2012-07-03 16:21 41224 c:\windows\avastSS.scr
- 2012-07-31 21:09 . 2012-07-31 21:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-15 15:40 . 2012-08-15 15:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-31 21:09 . 2012-07-31 21:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-15 15:40 . 2012-08-15 15:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-15 03:11 . 2012-06-28 22:48 717824 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.1.8112.20554_none_433f516c4e3bdcc1\jscript.dll
+ 2012-08-15 03:11 . 2012-06-29 00:04 717824 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.1.8112.16448_none_42c485b535128662\jscript.dll
+ 2012-08-15 01:53 . 2012-05-11 14:48 873984 c:\windows\winsxs\x86_microsoft-windows-p..randprintui-printui_31bf3856ad364e35_6.0.6002.22857_none_de7664838a609746\printui.dll
+ 2012-08-15 01:53 . 2012-05-11 14:48 216064 c:\windows\winsxs\x86_microsoft-windows-p..randprintui-ntprint_31bf3856ad364e35_6.0.6002.22857_none_f2448e5593d24c2e\ntprint.dll
+ 2012-08-15 01:53 . 2012-05-11 14:47 624128 c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6002.22857_none_325c7214a9142e65\localspl.dll
+ 2012-08-15 01:53 . 2012-05-11 15:57 623616 c:\windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6002.18631_none_31e2717f8febc188\localspl.dll
+ 2012-08-15 01:52 . 2012-06-29 15:02 467968 c:\windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6002.22887_none_8f54bf68180e478f\netapi32.dll
+ 2012-08-15 01:52 . 2012-06-29 16:01 467968 c:\windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6002.18659_none_8eed910efed68979\netapi32.dll
+ 2012-08-15 03:11 . 2012-06-28 22:42 176640 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.1.8112.20554_none_2501d57505368efd\ieui.dll
+ 2012-08-15 03:11 . 2012-06-28 23:57 176640 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.1.8112.16448_none_248709bdec0d389e\ieui.dll
+ 2012-08-15 03:11 . 2012-06-28 22:53 231936 c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_9.1.8112.20554_none_b08a3a1bb4e1e644\url.dll
+ 2012-08-15 03:11 . 2012-06-29 00:07 231936 c:\windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_9.1.8112.16448_none_b00f6e649bb88fe5\url.dll
+ 2012-08-15 03:11 . 2012-06-28 23:35 140896 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.1.8112.20554_none_0803132ee39bb5f7\sqmapi.dll
+ 2012-08-15 03:11 . 2012-06-29 01:00 140920 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.1.8112.16448_none_07884777ca725f98\sqmapi.dll
+ 2012-08-15 03:11 . 2012-06-28 22:56 387584 c:\windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_9.1.8112.20554_none_7acbb7b324bcc283\jsdbgui.dll
+ 2012-08-15 03:11 . 2012-06-29 00:10 387584 c:\windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_9.1.8112.16448_none_7a50ebfc0b936c24\jsdbgui.dll
+ 2012-08-15 03:11 . 2012-06-28 22:49 142848 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.1.8112.20554_none_efc168de7116067d\ieUnatt.exe
+ 2012-08-15 03:11 . 2012-06-29 00:04 142848 c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.1.8112.16448_none_ef469d2757ecb01e\ieUnatt.exe
+ 2012-08-15 03:11 . 2012-06-28 22:50 194048 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.1.8112.20554_none_07ec98caf1508887\IEShims.dll
+ 2012-08-15 03:11 . 2012-06-29 00:06 194048 c:\windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_9.1.8112.16448_none_0771cd13d8273228\IEShims.dll
+ 2012-08-15 03:11 . 2012-06-28 22:51 194560 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_9.1.8112.20554_none_508e4d34a1a82219\ieproxy.dll
+ 2012-08-15 03:11 . 2012-06-29 00:06 194560 c:\windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_9.1.8112.16448_none_5013817d887ecbba\ieproxy.dll
+ 2012-08-15 03:11 . 2012-06-28 22:57 678912 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.1.8112.20554_none_fc0475a596ede3db\iedvtool.dll
+ 2012-08-15 03:11 . 2012-06-29 00:10 678912 c:\windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_9.1.8112.16448_none_fb89a9ee7dc48d7c\iedvtool.dll
+ 2012-08-15 03:11 . 2012-06-28 23:35 748664 c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20554_none_5915c52f04dd4d88\iexplore.exe
+ 2012-08-15 03:11 . 2012-06-29 01:00 748664 c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16448_none_589af977ebb3f729\iexplore.exe
+ 2008-10-04 17:33 . 2012-08-10 17:44 343264 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-08-15 03:11 . 2012-06-29 00:07 231936 c:\windows\System32\url.dll
- 2012-07-12 03:52 . 2012-06-02 08:23 231936 c:\windows\System32\url.dll
+ 2012-08-15 01:52 . 2012-06-29 16:01 467968 c:\windows\System32\netapi32.dll
+ 2012-08-15 02:23 . 2012-08-15 02:23 686792 c:\windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-15 02:23 . 2012-08-15 02:23 466632 c:\windows\System32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
+ 2012-04-05 20:19 . 2012-08-15 02:23 250056 c:\windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-05 20:19 . 2012-07-27 14:23 250056 c:\windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-08-15 03:11 . 2012-06-29 00:04 717824 c:\windows\System32\jscript.dll
+ 2012-08-15 03:11 . 2012-06-29 00:04 142848 c:\windows\System32\ieUnatt.exe
- 2012-07-12 03:52 . 2012-06-02 08:20 142848 c:\windows\System32\ieUnatt.exe
+ 2012-08-15 03:11 . 2012-06-28 23:57 176640 c:\windows\System32\ieui.dll
- 2012-07-12 03:52 . 2012-06-02 08:14 176640 c:\windows\System32\ieui.dll
+ 2006-11-02 12:47 . 2012-08-15 03:21 312920 c:\windows\System32\FNTCACHE.DAT
- 2006-11-02 12:47 . 2012-07-26 13:19 312920 c:\windows\System32\FNTCACHE.DAT
+ 2009-07-14 17:56 . 2012-08-15 15:41 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 17:56 . 2012-07-31 21:10 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-08-14 03:05 . 2012-07-03 16:21 227648 c:\windows\System32\aswBoot.exe
- 2012-07-26 18:27 . 2012-07-03 16:21 227648 c:\windows\System32\aswBoot.exe
- 2011-08-15 13:35 . 2012-07-31 21:08 297820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-15 13:35 . 2012-08-15 03:56 297820 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-18 19:46 . 2012-07-18 19:46 593408 c:\windows\Installer\520984.msp
- 2008-10-04 03:31 . 2012-07-12 04:01 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-10-04 03:31 . 2012-08-15 03:14 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-10-04 03:31 . 2012-07-12 04:01 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-10-04 03:31 . 2012-08-15 03:14 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-10-04 03:31 . 2012-08-15 03:14 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-10-04 03:31 . 2012-07-12 04:01 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-10-04 03:31 . 2012-07-12 04:01 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-10-04 03:31 . 2012-08-15 03:14 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-06-23 13:54 . 2011-06-23 13:54 119160 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\MSCONV97.DLL
+ 2012-08-15 03:11 . 2012-07-04 13:34 2055680 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22889_none_bb161ea3b10365cb\win32k.sys
+ 2012-08-15 03:11 . 2012-07-04 14:02 2047488 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18661_none_ba9a1d7a97dcc640\win32k.sys
+ 2012-08-15 03:11 . 2012-06-28 23:03 1800704 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.1.8112.20554_none_433f516c4e3bdcc1\jscript9.dll
+ 2012-08-15 03:11 . 2012-06-29 00:16 1800704 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_9.1.8112.16448_none_42c485b535128662\jscript9.dll
+ 2012-08-15 03:11 . 2012-06-28 23:04 9737728 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.1.8112.20554_none_2501d57505368efd\ieframe.dll
+ 2012-08-15 03:11 . 2012-06-29 00:27 9737728 c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_9.1.8112.16448_none_248709bdec0d389e\ieframe.dll
+ 2012-08-15 03:11 . 2012-06-28 22:46 1793024 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.1.8112.20554_none_0803132ee39bb5f7\iertutil.dll
+ 2012-08-15 03:11 . 2012-06-29 00:01 1793024 c:\windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_9.1.8112.16448_none_07884777ca725f98\iertutil.dll
+ 2012-08-15 03:11 . 2012-06-28 22:54 1129472 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.20554_none_c2485c52f8ea979a\wininet.dll
+ 2012-08-15 03:11 . 2012-06-29 00:09 1129472 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.1.8112.16448_none_c1cd909bdfc1413b\wininet.dll
+ 2012-08-15 03:11 . 2012-06-28 22:54 1103872 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_9.1.8112.20554_none_754280b12de17107\urlmon.dll
+ 2012-08-15 03:11 . 2012-06-29 00:09 1103872 c:\windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_9.1.8112.16448_none_74c7b4fa14b81aa8\urlmon.dll
+ 2012-08-15 03:11 . 2012-06-29 00:09 1129472 c:\windows\System32\wininet.dll
- 2012-07-12 03:52 . 2012-06-02 08:25 1129472 c:\windows\System32\wininet.dll
+ 2012-08-15 03:11 . 2012-07-04 14:02 2047488 c:\windows\System32\win32k.sys
- 2012-07-12 04:02 . 2012-06-13 13:40 2047488 c:\windows\System32\win32k.sys
- 2012-07-12 03:52 . 2012-06-02 08:26 1103872 c:\windows\System32\urlmon.dll
+ 2012-08-15 03:11 . 2012-06-29 00:09 1103872 c:\windows\System32\urlmon.dll
- 2006-11-02 10:22 . 2012-07-27 15:08 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2012-08-15 03:19 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2012-08-15 03:11 . 2012-06-29 00:16 1800704 c:\windows\System32\jscript9.dll
+ 2012-08-15 03:11 . 2012-06-29 00:01 1793024 c:\windows\System32\iertutil.dll
- 2012-07-12 03:52 . 2012-06-02 08:19 1793024 c:\windows\System32\iertutil.dll
- 2012-07-12 03:52 . 2012-06-02 08:43 9737728 c:\windows\System32\ieframe.dll
+ 2012-08-15 03:11 . 2012-06-29 00:27 9737728 c:\windows\System32\ieframe.dll
- 2011-08-15 13:35 . 2012-07-31 21:08 1935324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015934594-4100455314-4136565935-1000-8192.dat
+ 2011-08-15 13:35 . 2012-08-14 02:49 1935324 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015934594-4100455314-4136565935-1000-8192.dat
+ 2011-09-01 15:41 . 2012-08-14 02:49 1407544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015934594-4100455314-4136565935-1000-12288.dat
- 2011-09-01 15:41 . 2012-07-29 04:40 1407544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015934594-4100455314-4136565935-1000-12288.dat
+ 2012-06-26 22:03 . 2012-06-26 22:03 3875840 c:\windows\Installer\52099f.msp
- 2008-10-04 03:31 . 2012-07-12 04:01 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-10-04 03:31 . 2012-08-15 03:14 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2012-08-15 03:11 . 2012-06-28 23:11 12317184 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.20554_none_d3a27b71794100d0\mshtml.dll
+ 2012-08-15 03:11 . 2012-06-29 00:52 12317184 c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.1.8112.16448_none_d327afba6017aa71\mshtml.dll
+ 2012-08-15 03:11 . 2012-06-29 00:52 12317184 c:\windows\System32\mshtml.dll
+ 2006-11-02 10:24 . 2012-08-15 03:12 59884088 c:\windows\System32\mrt.exe
+ 2011-08-15 13:35 . 2012-08-15 03:56 15151358 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2015934594-4100455314-4136565935-1000-4096.dat
+ 2012-07-25 20:59 . 2012-07-25 20:59 11032064 c:\windows\Installer\520996.msp
+ 2012-07-18 19:53 . 2012-07-18 19:53 10937344 c:\windows\Installer\52095b.msp
+ 2009-05-08 07:01 . 2012-08-15 03:11 236313187 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"lxdfmon.exe"="c:\program files\Lexmark 6500 Series\lxdfmon.exe" [2007-06-12 455600]
"lxdfamon"="c:\program files\Lexmark 6500 Series\lxdfamon.exe" [2007-06-01 20480]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=c:\windows\pss\Vongo Tray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Adm^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Disney Vacation Connection.lnk]
path=c:\users\Adm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Disney Vacation Connection.lnk
backup=c:\windows\pss\Disney Vacation Connection.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FPCCSMiddleware]
2008-10-11 00:38 538432 ------w- c:\program files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 13:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-01 23:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 19:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 6500 Series Fax Server]
2007-06-12 01:56 308144 ----a-w- c:\program files\Lexmark 6500 Series\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-08-24 00:36 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2010-07-28 19:14 554328 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-12-09 02:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 20:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 21:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-17 06:13 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 00:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 02:23]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: salisbury.edu\myclasses
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7150C31E-BC3E-41EE-8482-BFD741260134}: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 12:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1b,14,76,08,1f,0c,28,48,85,00,a8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1b,14,76,08,1f,0c,28,48,85,00,a8,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-15 12:13:32
ComboFix-quarantined-files.txt 2012-08-15 16:13
ComboFix2.txt 2012-08-14 05:54
ComboFix3.txt 2012-08-14 05:30
ComboFix4.txt 2012-08-10 19:35
ComboFix5.txt 2012-08-15 15:52
.
Pre-Run: 107,058,847,744 bytes free
Post-Run: 107,011,321,856 bytes free
.
- - End Of File - - 49381E4C0A66A725C9419913562BEC73

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:41 PM

Posted 15 August 2012 - 12:09 PM

Greetings

the issue with Defraggler is still ongoing. - I don't think this is going to have anything to do with Malware, don't even know if this IS a problem

But when we are done checking things out for malware you might have to go to the windows forum and ask around in there


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 397 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 PM

Posted 16 August 2012 - 02:54 PM

Here is the MBAM log which found nothing :

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.16.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Adm :: ADM-PC [administrator]

8/16/2012 2:23:00 PM
mbam-log-2012-08-16 (14-23-00).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 377924
Time elapsed: 1 hour(s), 22 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


And the Hijackthis logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:51:55 PM, on 8/16/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Users\Adm\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
O23 - Service: lxdf_device - - C:\Windows\system32\lxdfcoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9096 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users