Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect and Rootkit Infection


  • This topic is locked This topic is locked
34 replies to this topic

#1 scarletxsmiles

scarletxsmiles

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 07 August 2012 - 01:48 AM

I'm running widows 7, 64 bit and I've been having this issue for a few months now, and it has progressively gotten worse.

It's not just google, either. It happens on Yahoo search as well. It doesn't stick to just one Internet browser, either, I've tried Firefox, and Internet Explorer.

It will open new windows, new tabs, and all of them have ads. Also, when I search something, and I click on one of the search results, it will either a) redirect the link to some spam site, or B ) redirect me back to google.com, but instead of google.com it's google.com/webhp.

I've tried deleting everything, and re-downloading the programs. I've run panda antivirus, kaperky or whatever website, I've tried Malwarebytes....

Tonight, I was able to get it into safe mode and ran malware bytes, and instead of the usual 0 INFECTED results, it came up with trojan dropper, and two rootkit's, and a few others. I've got the log on my desktop (the infected computer). I'm currently restarting, and instead of the quick scan, I'm going to be doing the full scan. (Edit- So far, it's found one file, and couting, so I'll keep this updated the best I can until I go to bed)

I've tried so many google methods, including deleting a few http.1 registries, and proxies, and my computer is still super slow, and the internet is slow as well.

I've also tried to make sure that the DNS wasn't entered manually, and that wasn't the issue either. I'm at wits end with this stupid thing, and everyone says you guys help, so here I am!

EDIT: The following were deleted by Malware bytes
1- Trojan.dropper.BCMiner was quarantined and deleted.
2 and 3- Rootkit.0access x2 (c:\windows\installer\{bc0d35fc-b473-0533-b50d-569c6b2a6e92}\u\000000cb.@) and (c:\windows\installer\{bc0d35fc-b473-0533-b50d-569c6b2a6e92}\u\80000032.@)
4- c:\users\owner\appdata\roaming\microsoft\a1.7z (Trojan.downloader)
5-c:\users\owner\appdata\roaming\microsoft\n (Malware.traces)



And as a final thing- I haven't been able to install Defogger, and turn off the ISO programs yet, nor have I had a chance to download DDS. I will do it the moment Malwarebytes gets done with it's scan.
Can't wait to hear back from you!

Edited by scarletxsmiles, 07 August 2012 - 02:35 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 AM

Posted 08 August 2012 - 11:29 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 scarletxsmiles

scarletxsmiles
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 09 August 2012 - 04:51 PM

1) I downloaded and ran DeFogger, and clicked disable.

2)I downloaded, and ran Security Check. (It sat on "Performing System Health Check" for a long time. Is that normal?) Here are the results:
" yo Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Toolbar Cleaner 1.0
Java™ 6 Update 33
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Panda Security Panda Cloud Antivirus PSANHost.exe
Panda Security Panda Cloud Antivirus PSUAService.exe
Panda Security Panda Cloud Antivirus PSUAMain.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
"

3) Downloaded and ran DDS.scr. Here are the results:
DDS.TXT -

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by Owner at 16:49:28 on 2012-08-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5992.2607 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k defragsvc
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit2.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit2.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit2.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HDD Regenerator] C:\Program Files (x86)\HDD Regenerator\HDD Regenerator.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{F213ADCA-AEDF-4EC3-90F3-3010768ED6EB} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{F213ADCA-AEDF-4EC3-90F3-3010768ED6EB}\24563747245797 : DhcpNameServer = 168.94.0.14 168.94.0.15
TCP: Interfaces\{F213ADCA-AEDF-4EC3-90F3-3010768ED6EB}\C696E6B6379737 : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit2.dll
BHO-X64: BitTorrentBar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
BHO-X64: Panda Security Toolbar - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit2.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun-x64: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun-x64: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HDD Regenerator] C:\Program Files (x86)\HDD Regenerator\HDD Regenerator.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 NNSALPC;NNSALPC;C:\Windows\system32\DRIVERS\NNSAlpc.sys --> C:\Windows\system32\DRIVERS\NNSAlpc.sys [?]
R1 NNSHTTP;NNSHTTP;C:\Windows\system32\DRIVERS\NNSHttp.sys --> C:\Windows\system32\DRIVERS\NNSHttp.sys [?]
R1 NNSIDS;NNSIDS;C:\Windows\system32\DRIVERS\NNSIds.sys --> C:\Windows\system32\DRIVERS\NNSIds.sys [?]
R1 NNSPICC;NNSPICC;C:\Windows\system32\DRIVERS\NNSPicc.sys --> C:\Windows\system32\DRIVERS\NNSPicc.sys [?]
R1 NNSPOP3;NNSPOP3;C:\Windows\system32\DRIVERS\NNSPop3.sys --> C:\Windows\system32\DRIVERS\NNSPop3.sys [?]
R1 NNSPROT;NNSPROT;C:\Windows\system32\DRIVERS\NNSProt.sys --> C:\Windows\system32\DRIVERS\NNSProt.sys [?]
R1 NNSPRV;NNSPRV;C:\Windows\system32\DRIVERS\NNSPrv.sys --> C:\Windows\system32\DRIVERS\NNSPrv.sys [?]
R1 NNSSMTP;NNSSMTP;C:\Windows\system32\DRIVERS\NNSSmtp.sys --> C:\Windows\system32\DRIVERS\NNSSmtp.sys [?]
R1 NNSSTRM;NNSSTRM;C:\Windows\system32\DRIVERS\NNSStrm.sys --> C:\Windows\system32\DRIVERS\NNSStrm.sys [?]
R1 NNSTLSC;NNSTLSC;C:\Windows\system32\DRIVERS\NNSTlsc.sys --> C:\Windows\system32\DRIVERS\NNSTlsc.sys [?]
R1 PSINKNC;PSINKNC;C:\Windows\system32\DRIVERS\psinknc.sys --> C:\Windows\system32\DRIVERS\psinknc.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-23 13336]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-7-13 140064]
R2 PSINAflt;PSINAflt;C:\Windows\system32\DRIVERS\PSINAflt.sys --> C:\Windows\system32\DRIVERS\PSINAflt.sys [?]
R2 PSINFile;PSINFile;C:\Windows\system32\DRIVERS\PSINFile.sys --> C:\Windows\system32\DRIVERS\PSINFile.sys [?]
R2 PSINProc;PSINProc;C:\Windows\system32\DRIVERS\PSINProc.sys --> C:\Windows\system32\DRIVERS\PSINProc.sys [?]
R2 PSINProt;PSINProt;C:\Windows\system32\DRIVERS\PSINProt.sys --> C:\Windows\system32\DRIVERS\PSINProt.sys [?]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-7-13 36640]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 PSKMAD;PSKMAD;C:\Windows\system32\DRIVERS\PSKMAD.sys --> C:\Windows\system32\DRIVERS\PSKMAD.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\system32\DRIVERS\NNSNAHSL.sys --> C:\Windows\system32\DRIVERS\NNSNAHSL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-18 136176]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-15 250056]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-7-20

1038088]
S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-18 136176]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 NNSPIHSW;NNSPIHSW;C:\Windows\system32\DRIVERS\NNSPihsw.sys --> C:\Windows\system32\DRIVERS\NNSPihsw.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-07 12:31:05 57928 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
2012-08-02 00:09:53 -------- d-----w- C:\Program Files (x86)\Ventrilo
2012-08-02 00:09:01 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-07-31 03:10:10 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2012-07-31 03:10:10 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-07-31 03:09:52 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-07-29 21:38:49 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2012-07-25 05:16:41 -------- d-----w- C:\Program Files (x86)\smartdl
2012-07-16 01:03:42 184891 ----a-w- C:\torrent.exe
2012-07-14 00:46:48 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-14 00:35:55 328704 ----a-w- C:\Windows\System32\services.exe.D04844BF92E57AC3
2012-07-14 00:14:00 50392 ----a-w- C:\Windows\System32\drivers\qylcgzrk.sys
2012-07-14 00:11:25 328704 ----a-w- C:\Windows\System32\services.exe.B948611C1C24FDCB
2012-07-14 00:04:20 328704 ----a-w- C:\Windows\System32\services.exe.8509E2E55F144360
2012-07-13 23:58:53 328704 ----a-w- C:\Windows\System32\services.exe.65A7D41244070F1B
2012-07-13 23:54:50 328704 ----a-w- C:\Windows\System32\services.exe.9D4D2E42797B7072
2012-07-13 23:50:40 328704 ----a-w- C:\Windows\System32\services.exe.5C528DDD12B6608C
2012-07-13 23:45:40 328704 ----a-w- C:\Windows\System32\services.exe.5ED42801372FC5C6
2012-07-13 23:10:24 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-13 23:00:19 -------- d-sh--w- C:\found.000
2012-07-13 12:02:53 130088 ----a-w- C:\Windows\System32\drivers\PSINProt.sys
2012-07-13 12:02:10 205352 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys
2012-07-13 12:02:10 123944 ----a-w- C:\Windows\System32\drivers\PSINProc.sys
2012-07-13 12:02:09 167464 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
2012-07-13 12:02:09 119336 ----a-w- C:\Windows\System32\drivers\PSINFile.sys
2012-07-12 16:18:56 219688 ----a-w- C:\Windows\System32\drivers\NNSStrm.sys
2012-07-11 08:03:28 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-10 22:59:21 2003968 ----a-w- C:\Windows\System32\msxml6.dll
.
==================== Find3M ====================
.
2012-08-03 09:14:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 09:14:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-14 00:46:38 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-27 20:51:24 105000 ----a-w- C:\Windows\System32\drivers\NNStlsc.sys
2012-06-27 20:51:23 112680 ----a-w- C:\Windows\System32\drivers\NNSSmtp.sys
2012-06-27 20:51:23 109096 ----a-w- C:\Windows\System32\drivers\NNSPrv.sys
2012-06-27 20:51:22 68648 ----a-w- C:\Windows\System32\drivers\NNSPihsw.sys
2012-06-27 20:51:22 304680 ----a-w- C:\Windows\System32\drivers\NNSProt.sys
2012-06-27 20:51:22 116776 ----a-w- C:\Windows\System32\drivers\NNSPop3.sys
2012-06-27 20:51:21 93224 ----a-w- C:\Windows\System32\drivers\NNSpicc.sys
2012-06-27 20:51:21 33320 ----a-w- C:\Windows\System32\drivers\NNSNAHSL.sys
2012-06-27 20:51:20 113192 ----a-w- C:\Windows\System32\drivers\NNSIds.sys
2012-06-27 20:51:19 89128 ----a-w- C:\Windows\System32\drivers\NNSAlpc.sys
2012-06-27 20:51:19 116776 ----a-w- C:\Windows\System32\drivers\NNSHttp.sys
2012-06-11 03:25:38 151601 ----a-w- C:\Windows\SysWow64\temp.001
2012-06-11 03:25:34 286773 ----a-w- C:\Windows\SysWow64\temp.000
2012-06-11 03:25:29 253952 ------w- C:\Windows\Setup1.exe
2012-06-11 03:25:28 73216 ----a-w- C:\Windows\ST6UNST.EXE
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 16:50:02.38 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 AM

Posted 09 August 2012 - 05:22 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 scarletxsmiles

scarletxsmiles
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 09 August 2012 - 10:00 PM

I've got a problem. I downloaded it, and ran the program, but when the green bar goes all the way across, it just...closes. No report, no errors, no messages. I've completely disabled Panda antivirus, and Malwarebytes isn't turned on, so I don't think that's it. I'm not sure what I did. I didn't click on the window, like you said, I just sat here...I tried running it twice, with no luck.

Edit: When I looked at processes, there was nothing for Panda. But under SERVICES, there was two. But they wouldn't let me shut them off, so I'm uninstalling the antivirus software, then I will re-attempt to run combofix.

Edit2: Currently running combo-fix seems to be stuck on stage_49 just shows Completed Stage_48 and hasn't moved for about 20 mins.

Edit3: Soooo, after posting the last edit, it says : System File is infected!! Attempting to restore "C:\windows\system32\services.exe"
successfully restored :).

Now it is currently going through and deleting files

Edited by scarletxsmiles, 09 August 2012 - 10:49 PM.


#6 scarletxsmiles

scarletxsmiles
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 09 August 2012 - 11:08 PM

ComboFix 12-08-09.01 - Owner 08/09/2012 22:13:42.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5992.4526 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\dfinstall.log
C:\Install.exe
c:\users\Owner\AppData\Roaming\7za.exe
c:\users\Owner\AppData\Roaming\Microsoft\lsass.exe
c:\users\Owner\AppData\Roaming\Setup.exe
c:\users\Owner\Documents\~WRL1713.tmp
c:\users\Owner\Documents\yvthjwcspi.tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{bc0d35fc-b473-0533-b50d-569c6b2a6e92}\@
c:\windows\Installer\{bc0d35fc-b473-0533-b50d-569c6b2a6e92}\L\00000004.@
c:\windows\Installer\{bc0d35fc-b473-0533-b50d-569c6b2a6e92}\L\1afb2d56
c:\windows\Installer\{bc0d35fc-b473-0533-b50d-569c6b2a6e92}\L\201d3dde
c:\windows\Installer\{bc0d35fc-b473-0533-b50d-569c6b2a6e92}\U\00000004.@
c:\windows\Installer\{bc0d35fc-b473-0533-b50d-569c6b2a6e92}\U\00000008.@
c:\windows\Installer\{bc0d35fc-b473-0533-b50d-569c6b2a6e92}\U\000000cb.@
c:\windows\Installer\{bc0d35fc-b473-0533-b50d-569c6b2a6e92}\U\80000000.@
c:\windows\Installer\{bc0d35fc-b473-0533-b50d-569c6b2a6e92}\U\80000032.@
c:\windows\Installer\{bc0d35fc-b473-0533-b50d-569c6b2a6e92}\U\80000064.@
c:\windows\SysWow64\cc32100mt.dll
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-02 00:10 . 2012-08-02 00:13 -------- d-----w- c:\users\Owner\AppData\Roaming\Ventrilo
2012-08-02 00:09 . 2012-08-02 00:09 -------- d-----w- c:\program files (x86)\Ventrilo
2012-08-02 00:09 . 2012-08-02 00:09 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-31 03:10 . 2012-08-09 21:53 -------- d-----w- c:\program files (x86)\World of Warcraft
2012-07-31 03:10 . 2012-07-31 03:10 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-07-31 03:09 . 2012-07-31 05:56 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-07-29 21:38 . 2009-08-20 04:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-07-25 05:16 . 2012-07-25 05:16 -------- d-----w- c:\program files (x86)\smartdl
2012-07-16 01:03 . 2012-07-16 01:03 184891 ----a-w- C:\torrent.exe
2012-07-14 00:46 . 2012-07-14 00:46 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-14 00:35 . 2012-07-14 00:35 328704 ----a-w- c:\windows\system32\services.exe.D04844BF92E57AC3
2012-07-14 00:14 . 2012-07-14 00:14 50392 ----a-w- c:\windows\system32\drivers\qylcgzrk.sys
2012-07-14 00:11 . 2012-07-14 00:11 328704 ----a-w- c:\windows\system32\services.exe.B948611C1C24FDCB
2012-07-14 00:04 . 2012-07-14 00:04 328704 ----a-w- c:\windows\system32\services.exe.8509E2E55F144360
2012-07-13 23:58 . 2012-07-13 23:58 328704 ----a-w- c:\windows\system32\services.exe.65A7D41244070F1B
2012-07-13 23:54 . 2012-07-13 23:54 328704 ----a-w- c:\windows\system32\services.exe.9D4D2E42797B7072
2012-07-13 23:50 . 2012-07-13 23:50 328704 ----a-w- c:\windows\system32\services.exe.5C528DDD12B6608C
2012-07-13 23:45 . 2012-07-13 23:45 328704 ----a-w- c:\windows\system32\services.exe.5ED42801372FC5C6
2012-07-13 23:10 . 2012-07-13 23:10 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-13 23:00 . 2012-07-13 23:00 -------- d-----w- C:\found.000
2012-07-11 08:03 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 09:14 . 2012-04-15 19:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 09:14 . 2011-07-20 00:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-14 00:46 . 2011-03-24 03:48 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 18:46 . 2011-10-18 02:30 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 00:33 . 2012-06-30 00:33 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-06-30 00:33 . 2012-06-30 00:33 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-06-30 00:33 . 2012-06-30 00:33 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-30 00:30 . 2012-06-30 00:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-11 03:25 . 2012-06-11 03:25 151601 ----a-w- c:\windows\SysWow64\temp.001
2012-06-11 03:25 . 2012-06-11 03:25 286773 ----a-w- c:\windows\SysWow64\temp.000
2012-06-11 03:25 . 2012-06-11 03:24 253952 ------w- c:\windows\Setup1.exe
2012-06-11 03:25 . 2012-06-11 03:24 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-06-09 05:30 . 2012-07-10 22:59 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 05:50 . 2012-07-10 22:59 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-10 22:59 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-10 22:59 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-10 22:59 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-02 22:19 . 2012-06-19 07:51 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 07:51 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 07:51 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 07:51 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 07:51 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 07:51 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 07:51 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-19 07:51 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-19 07:51 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:38 . 2012-07-10 22:59 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-10 22:59 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-10 22:59 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-10 22:59 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-10 22:59 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-10 22:59 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-10 22:59 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-10 22:59 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-10 22:59 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBit2.dll" [2011-05-09 176936]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBit2.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2011-05-13 13:25 86696 ----a-w- c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2011-05-13 86696]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBit2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2012-01-10 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HDD Regenerator"="c:\program files (x86)\HDD Regenerator\HDD Regenerator.exe" [2012-06-11 4249872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-7-20 576000]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-13 9216]
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 PsBoot;Panda boot driver;c:\windows\system32\Drivers\PsBoot.sys [x]
R1 pxofwxoc;pxofwxoc;c:\windows\system32\drivers\pxofwxoc.sys [x]
R1 vrwxxxme;vrwxxxme;c:\windows\system32\drivers\vrwxxxme.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-18 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2012-01-10 288112]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-20 1038088]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2011-11-12 24576]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-18 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-20 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 09:14]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-18 08:40]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-18 08:40]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101510841-2761474161-915512477-1001Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 17:46]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101510841-2761474161-915512477-1001UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 17:46]
.
2012-08-10 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-06 02:31]
.
2012-07-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47]
.
2012-08-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-04 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-04 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-04 417304]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Local Security Authortity Process - c:\users\Owner\AppData\Roaming\Microsoft\lsass.exe
Wow6432Node-HKLM-Run-Local Security Authortity Process - c:\users\Owner\AppData\Roaming\Microsoft\lsass.exe
Toolbar-Locked - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4101510841-2761474161-915512477-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**îùE*r**t"¦ÓûE*Q**d*@ ýE*p**| ]
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:501ac6e9
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-08-09 23:00:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-10 04:00
.
Pre-Run: 383,914,622,976 bytes free
Post-Run: 387,985,584,128 bytes free
.
- - End Of File - - 6F03CA7762CCCB8479FF5D4D54B755C4




I haven't redownloaded Firefox, and IE usually runs slow ( at least to me, which is why I prefer Firefox), but I haven't had any popups/new tabs. The computer itself isn't running as slow, and although the internet was sluggish at first (took about 8-15 seconds to load google)now it's taking about 5 seconds. Which, it still used to be faster, but again, I'm using IE, not Firefox. So I'm not sure if that has anything to do with it.

Can I redownload Firefox and use it, without a problem? Or should I wait?

Also, now everytime I go to a website/webpage, a little popup pops up, and it says: "You are about to leave a secure internet connection. It will be possible for others to view information you send. Do you want to continue?" on everything.

What's the next step doc? :)

Edited by scarletxsmiles, 09 August 2012 - 11:13 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 AM

Posted 10 August 2012 - 12:21 AM

Greetings

Also, now everytime I go to a website/webpage, a little popup pops up, and it says: "You are about to leave a secure internet connection. It will be possible for others to view information you send. Do you want to continue?" on everything.


put a checkmark in don't show me this again and go ahead and reinstall firefox



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 scarletxsmiles

scarletxsmiles
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 10 August 2012 - 02:29 AM

02:27:36.0934 1820 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
02:27:37.0371 1820 ============================================================
02:27:37.0371 1820 Current date / time: 2012/08/10 02:27:37.0371
02:27:37.0371 1820 SystemInfo:
02:27:37.0371 1820
02:27:37.0371 1820 OS Version: 6.1.7600 ServicePack: 0.0
02:27:37.0371 1820 Product type: Workstation
02:27:37.0371 1820 ComputerName: AR765BY2JV
02:27:37.0371 1820 UserName: Owner
02:27:37.0371 1820 Windows directory: C:\Windows
02:27:37.0371 1820 System windows directory: C:\Windows
02:27:37.0371 1820 Running under WOW64
02:27:37.0371 1820 Processor architecture: Intel x64
02:27:37.0371 1820 Number of processors: 4
02:27:37.0371 1820 Page size: 0x1000
02:27:37.0371 1820 Boot type: Normal boot
02:27:37.0371 1820 ============================================================
02:27:37.0683 1820 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:27:37.0683 1820 Drive \Device\Harddisk1\DR1 - Size: 0x3B5980000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x790, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:27:37.0698 1820 ============================================================
02:27:37.0698 1820 \Device\Harddisk0\DR0:
02:27:37.0698 1820 MBR partitions:
02:27:37.0698 1820 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x187F000
02:27:37.0698 1820 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1893000, BlocksNum 0x72E73000
02:27:37.0698 1820 \Device\Harddisk1\DR1:
02:27:37.0698 1820 MBR partitions:
02:27:37.0698 1820 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DAAC00
02:27:37.0698 1820 ============================================================
02:27:37.0729 1820 C: <-> \Device\Harddisk0\DR0\Partition1
02:27:37.0729 1820 ============================================================
02:27:37.0729 1820 Initialize success
02:27:37.0729 1820 ============================================================
02:27:44.0406 0796 ============================================================
02:27:44.0406 0796 Scan started
02:27:44.0406 0796 Mode: Manual;
02:27:44.0406 0796 ============================================================
02:27:45.0592 0796 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
02:27:45.0592 0796 1394ohci - ok
02:27:45.0654 0796 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
02:27:45.0654 0796 ACPI - ok
02:27:45.0670 0796 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
02:27:45.0670 0796 AcpiPmi - ok
02:27:45.0763 0796 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
02:27:45.0763 0796 adfs - ok
02:27:45.0982 0796 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
02:27:45.0982 0796 Adobe Version Cue CS4 - ok
02:27:46.0138 0796 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:27:46.0153 0796 AdobeFlashPlayerUpdateSvc - ok
02:27:46.0216 0796 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
02:27:46.0216 0796 adp94xx - ok
02:27:46.0294 0796 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
02:27:46.0309 0796 adpahci - ok
02:27:46.0356 0796 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
02:27:46.0356 0796 adpu320 - ok
02:27:46.0403 0796 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
02:27:46.0403 0796 AeLookupSvc - ok
02:27:46.0497 0796 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
02:27:46.0512 0796 AFD - ok
02:27:46.0621 0796 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
02:27:46.0621 0796 agp440 - ok
02:27:46.0637 0796 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
02:27:46.0637 0796 ALG - ok
02:27:46.0653 0796 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
02:27:46.0653 0796 aliide - ok
02:27:46.0684 0796 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
02:27:46.0684 0796 amdide - ok
02:27:46.0715 0796 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
02:27:46.0715 0796 AmdK8 - ok
02:27:46.0731 0796 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
02:27:46.0731 0796 AmdPPM - ok
02:27:46.0777 0796 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
02:27:46.0777 0796 amdsata - ok
02:27:46.0824 0796 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
02:27:46.0824 0796 amdsbs - ok
02:27:46.0840 0796 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
02:27:46.0840 0796 amdxata - ok
02:27:46.0887 0796 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
02:27:46.0887 0796 AppID - ok
02:27:46.0902 0796 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
02:27:46.0902 0796 AppIDSvc - ok
02:27:46.0933 0796 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
02:27:46.0933 0796 Appinfo - ok
02:27:47.0011 0796 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:27:47.0011 0796 Apple Mobile Device - ok
02:27:47.0058 0796 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
02:27:47.0058 0796 arc - ok
02:27:47.0074 0796 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
02:27:47.0074 0796 arcsas - ok
02:27:47.0089 0796 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:27:47.0089 0796 AsyncMac - ok
02:27:47.0121 0796 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
02:27:47.0121 0796 atapi - ok
02:27:47.0183 0796 AudioEndpointBuilder (e1ffd1f7b043aef0acc9e7593043fd4c) C:\Windows\System32\Audiosrv.dll
02:27:47.0183 0796 AudioEndpointBuilder - ok
02:27:47.0199 0796 AudioSrv (e1ffd1f7b043aef0acc9e7593043fd4c) C:\Windows\System32\Audiosrv.dll
02:27:47.0199 0796 AudioSrv - ok
02:27:47.0230 0796 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
02:27:47.0230 0796 AxInstSV - ok
02:27:47.0308 0796 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
02:27:47.0308 0796 b06bdrv - ok
02:27:47.0339 0796 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:27:47.0339 0796 b57nd60a - ok
02:27:47.0526 0796 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
02:27:47.0557 0796 BCM43XX - ok
02:27:47.0651 0796 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
02:27:47.0651 0796 BDESVC - ok
02:27:47.0682 0796 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:27:47.0682 0796 Beep - ok
02:27:47.0745 0796 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
02:27:47.0760 0796 BFE - ok
02:27:47.0807 0796 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:27:47.0807 0796 blbdrive - ok
02:27:47.0901 0796 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
02:27:47.0901 0796 Bonjour Service - ok
02:27:47.0979 0796 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
02:27:47.0979 0796 bowser - ok
02:27:48.0025 0796 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:27:48.0025 0796 BrFiltLo - ok
02:27:48.0057 0796 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:27:48.0057 0796 BrFiltUp - ok
02:27:48.0088 0796 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
02:27:48.0088 0796 BridgeMP - ok
02:27:48.0119 0796 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
02:27:48.0119 0796 Browser - ok
02:27:48.0166 0796 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:27:48.0166 0796 Brserid - ok
02:27:48.0181 0796 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:27:48.0181 0796 BrSerWdm - ok
02:27:48.0181 0796 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:27:48.0181 0796 BrUsbMdm - ok
02:27:48.0197 0796 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:27:48.0197 0796 BrUsbSer - ok
02:27:48.0197 0796 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
02:27:48.0197 0796 BTHMODEM - ok
02:27:48.0228 0796 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
02:27:48.0228 0796 bthserv - ok
02:27:48.0369 0796 catchme - ok
02:27:48.0415 0796 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:27:48.0415 0796 cdfs - ok
02:27:48.0447 0796 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
02:27:48.0447 0796 cdrom - ok
02:27:48.0478 0796 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
02:27:48.0478 0796 CertPropSvc - ok
02:27:48.0493 0796 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
02:27:48.0493 0796 circlass - ok
02:27:48.0525 0796 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:27:48.0525 0796 CLFS - ok
02:27:48.0587 0796 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:27:48.0587 0796 clr_optimization_v2.0.50727_32 - ok
02:27:48.0634 0796 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:27:48.0634 0796 clr_optimization_v2.0.50727_64 - ok
02:27:48.0743 0796 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:27:48.0743 0796 clr_optimization_v4.0.30319_32 - ok
02:27:48.0774 0796 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:27:48.0790 0796 clr_optimization_v4.0.30319_64 - ok
02:27:48.0821 0796 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
02:27:48.0821 0796 CmBatt - ok
02:27:48.0837 0796 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
02:27:48.0837 0796 cmdide - ok
02:27:48.0915 0796 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
02:27:48.0930 0796 CNG - ok
02:27:48.0946 0796 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
02:27:48.0946 0796 Compbatt - ok
02:27:48.0961 0796 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
02:27:48.0961 0796 CompositeBus - ok
02:27:48.0961 0796 COMSysApp - ok
02:27:48.0993 0796 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
02:27:48.0993 0796 crcdisk - ok
02:27:49.0039 0796 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
02:27:49.0039 0796 CryptSvc - ok
02:27:49.0086 0796 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
02:27:49.0102 0796 DcomLaunch - ok
02:27:49.0133 0796 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
02:27:49.0133 0796 defragsvc - ok
02:27:49.0195 0796 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
02:27:49.0195 0796 DfsC - ok
02:27:49.0227 0796 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
02:27:49.0227 0796 Dhcp - ok
02:27:49.0258 0796 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:27:49.0258 0796 discache - ok
02:27:49.0289 0796 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
02:27:49.0289 0796 Disk - ok
02:27:49.0351 0796 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
02:27:49.0351 0796 Dnscache - ok
02:27:49.0461 0796 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
02:27:49.0461 0796 DockLoginService - ok
02:27:49.0507 0796 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
02:27:49.0507 0796 dot3svc - ok
02:27:49.0523 0796 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
02:27:49.0523 0796 DPS - ok
02:27:49.0554 0796 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:27:49.0554 0796 drmkaud - ok
02:27:49.0663 0796 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
02:27:49.0663 0796 DXGKrnl - ok
02:27:49.0710 0796 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
02:27:49.0710 0796 EapHost - ok
02:27:49.0882 0796 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
02:27:49.0913 0796 ebdrv - ok
02:27:50.0038 0796 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
02:27:50.0038 0796 EFS - ok
02:27:50.0116 0796 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
02:27:50.0116 0796 ehRecvr - ok
02:27:50.0147 0796 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
02:27:50.0147 0796 ehSched - ok
02:27:50.0225 0796 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
02:27:50.0225 0796 elxstor - ok
02:27:50.0241 0796 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
02:27:50.0241 0796 ErrDev - ok
02:27:50.0287 0796 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
02:27:50.0303 0796 EventSystem - ok
02:27:50.0334 0796 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:27:50.0334 0796 exfat - ok
02:27:50.0365 0796 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:27:50.0365 0796 fastfat - ok
02:27:50.0428 0796 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
02:27:50.0428 0796 Fax - ok
02:27:50.0459 0796 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
02:27:50.0459 0796 fdc - ok
02:27:50.0490 0796 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
02:27:50.0490 0796 fdPHost - ok
02:27:50.0506 0796 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
02:27:50.0506 0796 FDResPub - ok
02:27:50.0521 0796 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:27:50.0521 0796 FileInfo - ok
02:27:50.0537 0796 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:27:50.0537 0796 Filetrace - ok
02:27:50.0646 0796 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:27:50.0662 0796 FLEXnet Licensing Service - ok
02:27:50.0787 0796 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
02:27:50.0802 0796 FLEXnet Licensing Service 64 - ok
02:27:50.0911 0796 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
02:27:50.0911 0796 flpydisk - ok
02:27:50.0943 0796 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
02:27:50.0943 0796 FltMgr - ok
02:27:51.0005 0796 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\Windows\system32\DRIVERS\FlyUsb.sys
02:27:51.0005 0796 FlyUsb - ok
02:27:51.0114 0796 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
02:27:51.0130 0796 FontCache - ok
02:27:51.0177 0796 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:27:51.0177 0796 FontCache3.0.0.0 - ok
02:27:51.0208 0796 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:27:51.0208 0796 FsDepends - ok
02:27:51.0239 0796 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
02:27:51.0239 0796 fssfltr - ok
02:27:51.0364 0796 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
02:27:51.0395 0796 fsssvc - ok
02:27:51.0504 0796 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
02:27:51.0504 0796 Fs_Rec - ok
02:27:51.0582 0796 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:27:51.0582 0796 fvevol - ok
02:27:51.0629 0796 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:27:51.0629 0796 gagp30kx - ok
02:27:51.0707 0796 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:27:51.0707 0796 GEARAspiWDM - ok
02:27:51.0785 0796 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
02:27:51.0801 0796 gpsvc - ok
02:27:51.0879 0796 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:27:51.0879 0796 gupdate - ok
02:27:51.0894 0796 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:27:51.0894 0796 gupdatem - ok
02:27:51.0925 0796 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:27:51.0925 0796 hcw85cir - ok
02:27:51.0957 0796 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
02:27:51.0957 0796 HDAudBus - ok
02:27:51.0972 0796 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
02:27:51.0972 0796 HidBatt - ok
02:27:51.0988 0796 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
02:27:51.0988 0796 HidBth - ok
02:27:52.0035 0796 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
02:27:52.0035 0796 HidIr - ok
02:27:52.0050 0796 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
02:27:52.0050 0796 hidserv - ok
02:27:52.0097 0796 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
02:27:52.0097 0796 HidUsb - ok
02:27:52.0113 0796 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
02:27:52.0113 0796 hkmsvc - ok
02:27:52.0128 0796 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
02:27:52.0128 0796 HomeGroupListener - ok
02:27:52.0159 0796 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
02:27:52.0159 0796 HomeGroupProvider - ok
02:27:52.0269 0796 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
02:27:52.0269 0796 hpqcxs08 - ok
02:27:52.0300 0796 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
02:27:52.0300 0796 hpqddsvc - ok
02:27:52.0347 0796 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
02:27:52.0347 0796 HpSAMD - ok
02:27:52.0456 0796 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
02:27:52.0471 0796 HPSLPSVC - ok
02:27:52.0534 0796 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
02:27:52.0534 0796 HTTP - ok
02:27:52.0549 0796 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
02:27:52.0549 0796 hwpolicy - ok
02:27:52.0596 0796 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
02:27:52.0596 0796 i8042prt - ok
02:27:52.0643 0796 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
02:27:52.0643 0796 iaStor - ok
02:27:52.0799 0796 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
02:27:52.0799 0796 IAStorDataMgrSvc - ok
02:27:52.0893 0796 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
02:27:52.0893 0796 iaStorV - ok
02:27:52.0986 0796 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
02:27:52.0986 0796 IDriverT - ok
02:27:53.0080 0796 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:27:53.0095 0796 idsvc - ok
02:27:53.0751 0796 igfx (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdkmd64.sys
02:27:53.0875 0796 igfx - ok
02:27:53.0985 0796 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
02:27:53.0985 0796 iirsp - ok
02:27:54.0047 0796 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
02:27:54.0063 0796 IKEEXT - ok
02:27:54.0094 0796 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
02:27:54.0094 0796 Impcd - ok
02:27:54.0234 0796 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
02:27:54.0265 0796 IntcAzAudAddService - ok
02:27:54.0375 0796 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
02:27:54.0375 0796 IntcDAud - ok
02:27:54.0406 0796 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
02:27:54.0406 0796 intelide - ok
02:27:54.0437 0796 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:27:54.0437 0796 intelppm - ok
02:27:54.0468 0796 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
02:27:54.0468 0796 IPBusEnum - ok
02:27:54.0499 0796 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:27:54.0499 0796 IpFilterDriver - ok
02:27:54.0546 0796 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
02:27:54.0562 0796 iphlpsvc - ok
02:27:54.0577 0796 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
02:27:54.0577 0796 IPMIDRV - ok
02:27:54.0593 0796 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:27:54.0609 0796 IPNAT - ok
02:27:54.0718 0796 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
02:27:54.0733 0796 iPod Service - ok
02:27:54.0811 0796 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:27:54.0811 0796 IRENUM - ok
02:27:54.0827 0796 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
02:27:54.0827 0796 isapnp - ok
02:27:54.0874 0796 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
02:27:54.0874 0796 iScsiPrt - ok
02:27:54.0952 0796 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
02:27:54.0952 0796 ivusb - ok
02:27:54.0999 0796 k57nd60a (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys
02:27:55.0014 0796 k57nd60a - ok
02:27:55.0030 0796 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
02:27:55.0030 0796 kbdclass - ok
02:27:55.0045 0796 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
02:27:55.0045 0796 kbdhid - ok
02:27:55.0092 0796 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
02:27:55.0092 0796 KeyIso - ok
02:27:55.0139 0796 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
02:27:55.0139 0796 KSecDD - ok
02:27:55.0155 0796 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
02:27:55.0170 0796 KSecPkg - ok
02:27:55.0186 0796 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:27:55.0186 0796 ksthunk - ok
02:27:55.0233 0796 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
02:27:55.0248 0796 KtmRm - ok
02:27:55.0279 0796 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
02:27:55.0279 0796 LanmanServer - ok
02:27:55.0311 0796 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
02:27:55.0311 0796 LanmanWorkstation - ok
02:27:55.0716 0796 LeapFrog Connect Device Service (3c879d04bb6466e2853c3155b635cc45) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
02:27:55.0779 0796 LeapFrog Connect Device Service - ok
02:27:55.0888 0796 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:27:55.0888 0796 lltdio - ok
02:27:55.0935 0796 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
02:27:55.0935 0796 lltdsvc - ok
02:27:55.0950 0796 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
02:27:55.0950 0796 lmhosts - ok
02:27:55.0981 0796 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:27:55.0981 0796 LSI_FC - ok
02:27:55.0997 0796 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:27:55.0997 0796 LSI_SAS - ok
02:27:56.0028 0796 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:27:56.0028 0796 LSI_SAS2 - ok
02:27:56.0044 0796 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:27:56.0044 0796 LSI_SCSI - ok
02:27:56.0075 0796 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:27:56.0075 0796 luafv - ok
02:27:56.0137 0796 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
02:27:56.0137 0796 mcdbus - ok
02:27:56.0169 0796 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
02:27:56.0169 0796 Mcx2Svc - ok
02:27:56.0184 0796 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
02:27:56.0184 0796 megasas - ok
02:27:56.0215 0796 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
02:27:56.0215 0796 MegaSR - ok
02:27:56.0247 0796 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
02:27:56.0247 0796 MEIx64 - ok
02:27:56.0356 0796 Microsoft SharePoint Workspace Audit Service - ok
02:27:56.0387 0796 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:27:56.0387 0796 MMCSS - ok
02:27:56.0418 0796 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:27:56.0418 0796 Modem - ok
02:27:56.0434 0796 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:27:56.0434 0796 monitor - ok
02:27:56.0465 0796 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
02:27:56.0465 0796 mouclass - ok
02:27:56.0496 0796 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:27:56.0496 0796 mouhid - ok
02:27:56.0527 0796 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
02:27:56.0527 0796 mountmgr - ok
02:27:56.0621 0796 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
02:27:56.0621 0796 MozillaMaintenance - ok
02:27:56.0652 0796 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
02:27:56.0652 0796 mpio - ok
02:27:56.0715 0796 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:27:56.0715 0796 mpsdrv - ok
02:27:56.0808 0796 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
02:27:56.0808 0796 MpsSvc - ok
02:27:56.0839 0796 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
02:27:56.0839 0796 MRxDAV - ok
02:27:56.0886 0796 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:27:56.0902 0796 mrxsmb - ok
02:27:56.0933 0796 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:27:56.0933 0796 mrxsmb10 - ok
02:27:56.0949 0796 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:27:56.0949 0796 mrxsmb20 - ok
02:27:56.0980 0796 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
02:27:56.0980 0796 msahci - ok
02:27:57.0011 0796 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
02:27:57.0011 0796 msdsm - ok
02:27:57.0042 0796 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
02:27:57.0042 0796 MSDTC - ok
02:27:57.0058 0796 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:27:57.0058 0796 Msfs - ok
02:27:57.0073 0796 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:27:57.0073 0796 mshidkmdf - ok
02:27:57.0073 0796 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
02:27:57.0089 0796 msisadrv - ok
02:27:57.0120 0796 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
02:27:57.0120 0796 MSiSCSI - ok
02:27:57.0120 0796 msiserver - ok
02:27:57.0136 0796 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:27:57.0136 0796 MSKSSRV - ok
02:27:57.0151 0796 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:27:57.0151 0796 MSPCLOCK - ok
02:27:57.0167 0796 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:27:57.0167 0796 MSPQM - ok
02:27:57.0198 0796 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
02:27:57.0198 0796 MsRPC - ok
02:27:57.0214 0796 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
02:27:57.0214 0796 mssmbios - ok
02:27:57.0229 0796 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:27:57.0229 0796 MSTEE - ok
02:27:57.0245 0796 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
02:27:57.0261 0796 MTConfig - ok
02:27:57.0276 0796 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:27:57.0276 0796 Mup - ok
02:27:57.0307 0796 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
02:27:57.0323 0796 napagent - ok
02:27:57.0354 0796 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:27:57.0354 0796 NativeWifiP - ok
02:27:57.0417 0796 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
02:27:57.0432 0796 NDIS - ok
02:27:57.0448 0796 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:27:57.0448 0796 NdisCap - ok
02:27:57.0479 0796 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:27:57.0479 0796 NdisTapi - ok
02:27:57.0495 0796 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
02:27:57.0495 0796 Ndisuio - ok
02:27:57.0526 0796 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
02:27:57.0526 0796 NdisWan - ok
02:27:57.0541 0796 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
02:27:57.0541 0796 NDProxy - ok
02:27:57.0588 0796 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
02:27:57.0588 0796 Net Driver HPZ12 - ok
02:27:57.0619 0796 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:27:57.0619 0796 NetBIOS - ok
02:27:57.0635 0796 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
02:27:57.0651 0796 NetBT - ok
02:27:57.0697 0796 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
02:27:57.0697 0796 Netlogon - ok
02:27:57.0729 0796 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
02:27:57.0729 0796 Netman - ok
02:27:57.0760 0796 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
02:27:57.0775 0796 netprofm - ok
02:27:57.0822 0796 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:27:57.0838 0796 NetTcpPortSharing - ok
02:27:57.0869 0796 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
02:27:57.0869 0796 nfrd960 - ok
02:27:57.0900 0796 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
02:27:57.0916 0796 NlaSvc - ok
02:27:57.0916 0796 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:27:57.0931 0796 Npfs - ok
02:27:57.0931 0796 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
02:27:57.0931 0796 nsi - ok
02:27:57.0947 0796 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:27:57.0947 0796 nsiproxy - ok
02:27:58.0072 0796 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
02:27:58.0103 0796 Ntfs - ok
02:27:58.0197 0796 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:27:58.0197 0796 Null - ok
02:27:58.0259 0796 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
02:27:58.0259 0796 nvraid - ok
02:27:58.0275 0796 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
02:27:58.0290 0796 nvstor - ok
02:27:58.0321 0796 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
02:27:58.0321 0796 nv_agp - ok
02:27:58.0353 0796 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
02:27:58.0353 0796 ohci1394 - ok
02:27:58.0446 0796 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:27:58.0446 0796 ose64 - ok
02:27:58.0805 0796 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:27:58.0852 0796 osppsvc - ok
02:27:58.0961 0796 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:27:58.0977 0796 p2pimsvc - ok
02:27:59.0008 0796 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
02:27:59.0008 0796 p2psvc - ok
02:27:59.0055 0796 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
02:27:59.0055 0796 Parport - ok
02:27:59.0101 0796 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
02:27:59.0101 0796 partmgr - ok
02:27:59.0133 0796 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
02:27:59.0133 0796 PcaSvc - ok
02:27:59.0148 0796 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
02:27:59.0164 0796 pci - ok
02:27:59.0164 0796 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
02:27:59.0164 0796 pciide - ok
02:27:59.0195 0796 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
02:27:59.0195 0796 pcmcia - ok
02:27:59.0226 0796 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:27:59.0226 0796 pcw - ok
02:27:59.0257 0796 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:27:59.0273 0796 PEAUTH - ok
02:27:59.0335 0796 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
02:27:59.0335 0796 PerfHost - ok
02:27:59.0429 0796 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
02:27:59.0460 0796 pla - ok
02:27:59.0523 0796 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
02:27:59.0523 0796 PlugPlay - ok
02:27:59.0585 0796 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
02:27:59.0585 0796 Pml Driver HPZ12 - ok
02:27:59.0601 0796 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
02:27:59.0601 0796 PNRPAutoReg - ok
02:27:59.0616 0796 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
02:27:59.0616 0796 PNRPsvc - ok
02:27:59.0679 0796 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
02:27:59.0679 0796 PolicyAgent - ok
02:27:59.0725 0796 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
02:27:59.0725 0796 Power - ok
02:27:59.0788 0796 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
02:27:59.0788 0796 PptpMiniport - ok
02:27:59.0803 0796 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
02:27:59.0803 0796 Processor - ok
02:27:59.0866 0796 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
02:27:59.0866 0796 ProfSvc - ok
02:27:59.0913 0796 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
02:27:59.0913 0796 ProtectedStorage - ok
02:27:59.0928 0796 PsBoot - ok
02:27:59.0975 0796 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
02:27:59.0975 0796 Psched - ok
02:28:00.0006 0796 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
02:28:00.0006 0796 PxHlpa64 - ok
02:28:00.0022 0796 pxofwxoc - ok
02:28:00.0131 0796 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
02:28:00.0147 0796 ql2300 - ok
02:28:00.0256 0796 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
02:28:00.0256 0796 ql40xx - ok
02:28:00.0287 0796 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
02:28:00.0303 0796 QWAVE - ok
02:28:00.0318 0796 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:28:00.0318 0796 QWAVEdrv - ok
02:28:00.0334 0796 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:28:00.0334 0796 RasAcd - ok
02:28:00.0365 0796 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:28:00.0365 0796 RasAgileVpn - ok
02:28:00.0381 0796 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
02:28:00.0381 0796 RasAuto - ok
02:28:00.0396 0796 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:28:00.0396 0796 Rasl2tp - ok
02:28:00.0427 0796 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
02:28:00.0443 0796 RasMan - ok
02:28:00.0459 0796 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:28:00.0459 0796 RasPppoe - ok
02:28:00.0474 0796 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:28:00.0474 0796 RasSstp - ok
02:28:00.0505 0796 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
02:28:00.0505 0796 rdbss - ok
02:28:00.0537 0796 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:28:00.0537 0796 rdpbus - ok
02:28:00.0552 0796 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:28:00.0552 0796 RDPCDD - ok
02:28:00.0568 0796 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:28:00.0568 0796 RDPENCDD - ok
02:28:00.0583 0796 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:28:00.0583 0796 RDPREFMP - ok
02:28:00.0630 0796 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
02:28:00.0630 0796 RDPWD - ok
02:28:00.0661 0796 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
02:28:00.0661 0796 rdyboost - ok
02:28:00.0693 0796 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
02:28:00.0693 0796 RemoteAccess - ok
02:28:00.0739 0796 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
02:28:00.0739 0796 RemoteRegistry - ok
02:28:00.0802 0796 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
02:28:00.0802 0796 RpcEptMapper - ok
02:28:00.0817 0796 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
02:28:00.0817 0796 RpcLocator - ok
02:28:00.0864 0796 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
02:28:00.0864 0796 RpcSs - ok
02:28:00.0895 0796 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:28:00.0895 0796 rspndr - ok
02:28:00.0942 0796 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
02:28:00.0942 0796 SamSs - ok
02:28:00.0958 0796 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
02:28:00.0958 0796 sbp2port - ok
02:28:01.0005 0796 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
02:28:01.0005 0796 SCardSvr - ok
02:28:01.0020 0796 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
02:28:01.0020 0796 scfilter - ok
02:28:01.0098 0796 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
02:28:01.0114 0796 Schedule - ok
02:28:01.0129 0796 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
02:28:01.0129 0796 SCPolicySvc - ok
02:28:01.0145 0796 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
02:28:01.0161 0796 SDRSVC - ok
02:28:01.0207 0796 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:28:01.0207 0796 secdrv - ok
02:28:01.0223 0796 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
02:28:01.0223 0796 seclogon - ok
02:28:01.0239 0796 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
02:28:01.0239 0796 SENS - ok
02:28:01.0254 0796 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
02:28:01.0254 0796 SensrSvc - ok
02:28:01.0285 0796 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:28:01.0285 0796 Serenum - ok
02:28:01.0301 0796 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:28:01.0301 0796 Serial - ok
02:28:01.0332 0796 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
02:28:01.0332 0796 sermouse - ok
02:28:01.0363 0796 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
02:28:01.0363 0796 SessionEnv - ok
02:28:01.0379 0796 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
02:28:01.0379 0796 sffdisk - ok
02:28:01.0395 0796 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
02:28:01.0395 0796 sffp_mmc - ok
02:28:01.0395 0796 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
02:28:01.0395 0796 sffp_sd - ok
02:28:01.0410 0796 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
02:28:01.0410 0796 sfloppy - ok
02:28:01.0473 0796 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
02:28:01.0473 0796 SharedAccess - ok
02:28:01.0519 0796 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
02:28:01.0519 0796 ShellHWDetection - ok
02:28:01.0551 0796 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:28:01.0551 0796 SiSRaid2 - ok
02:28:01.0566 0796 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
02:28:01.0566 0796 SiSRaid4 - ok
02:28:01.0582 0796 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:28:01.0582 0796 Smb - ok
02:28:01.0613 0796 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
02:28:01.0613 0796 SNMPTRAP - ok
02:28:01.0629 0796 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:28:01.0629 0796 spldr - ok
02:28:01.0675 0796 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
02:28:01.0691 0796 Spooler - ok
02:28:01.0878 0796 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
02:28:01.0925 0796 sppsvc - ok
02:28:02.0034 0796 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
02:28:02.0050 0796 sppuinotify - ok
02:28:02.0112 0796 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
02:28:02.0128 0796 srv - ok
02:28:02.0190 0796 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
02:28:02.0190 0796 srv2 - ok
02:28:02.0221 0796 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
02:28:02.0221 0796 srvnet - ok
02:28:02.0237 0796 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
02:28:02.0237 0796 SSDPSRV - ok
02:28:02.0253 0796 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
02:28:02.0253 0796 SstpSvc - ok
02:28:02.0284 0796 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
02:28:02.0284 0796 stexstor - ok
02:28:02.0331 0796 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
02:28:02.0331 0796 StillCam - ok
02:28:02.0393 0796 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
02:28:02.0409 0796 stisvc - ok
02:28:02.0424 0796 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
02:28:02.0424 0796 swenum - ok
02:28:02.0565 0796 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
02:28:02.0580 0796 SwitchBoard - ok
02:28:02.0627 0796 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
02:28:02.0643 0796 swprv - ok
02:28:02.0752 0796 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
02:28:02.0783 0796 SysMain - ok
02:28:02.0877 0796 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
02:28:02.0877 0796 TabletInputService - ok
02:28:02.0908 0796 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
02:28:02.0923 0796 TapiSrv - ok
02:28:02.0923 0796 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
02:28:02.0923 0796 TBS - ok
02:28:03.0079 0796 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
02:28:03.0095 0796 Tcpip - ok
02:28:03.0267 0796 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
02:28:03.0282 0796 TCPIP6 - ok
02:28:03.0329 0796 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
02:28:03.0329 0796 tcpipreg - ok
02:28:03.0345 0796 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:28:03.0345 0796 TDPIPE - ok
02:28:03.0407 0796 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
02:28:03.0407 0796 TDTCP - ok
02:28:03.0423 0796 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
02:28:03.0423 0796 tdx - ok
02:28:03.0454 0796 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
02:28:03.0454 0796 TermDD - ok
02:28:03.0501 0796 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
02:28:03.0516 0796 TermService - ok
02:28:03.0532 0796 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
02:28:03.0532 0796 Themes - ok
02:28:03.0547 0796 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
02:28:03.0547 0796 THREADORDER - ok
02:28:03.0563 0796 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
02:28:03.0563 0796 TrkWks - ok
02:28:03.0610 0796 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
02:28:03.0610 0796 TrustedInstaller - ok
02:28:03.0625 0796 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:28:03.0641 0796 tssecsrv - ok
02:28:03.0657 0796 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
02:28:03.0657 0796 tunnel - ok
02:28:03.0672 0796 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
02:28:03.0672 0796 uagp35 - ok
02:28:03.0719 0796 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
02:28:03.0719 0796 udfs - ok
02:28:03.0750 0796 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
02:28:03.0750 0796 UI0Detect - ok
02:28:03.0782 0796 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
02:28:03.0782 0796 uliagpkx - ok
02:28:03.0782 0796 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
02:28:03.0797 0796 umbus - ok
02:28:03.0813 0796 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
02:28:03.0813 0796 UmPass - ok
02:28:03.0844 0796 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
02:28:03.0860 0796 upnphost - ok
02:28:03.0922 0796 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
02:28:03.0922 0796 USBAAPL64 - ok
02:28:03.0969 0796 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
02:28:03.0984 0796 usbccgp - ok
02:28:04.0000 0796 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
02:28:04.0000 0796 usbcir - ok
02:28:04.0016 0796 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
02:28:04.0016 0796 usbehci - ok
02:28:04.0047 0796 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
02:28:04.0062 0796 usbhub - ok
02:28:04.0109 0796 usbio (5c4219c10b5887dff85e1d2779aed55b) C:\Windows\system32\Drivers\dsiarhwprog_x64.sys
02:28:04.0109 0796 usbio - ok
02:28:04.0125 0796 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
02:28:04.0125 0796 usbohci - ok
02:28:04.0140 0796 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:28:04.0140 0796 usbprint - ok
02:28:04.0218 0796 usbser (0f0c72a657c622286013788b886968ad) C:\Windows\system32\DRIVERS\usbser.sys
02:28:04.0218 0796 usbser - ok
02:28:04.0281 0796 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:28:04.0281 0796 USBSTOR - ok
02:28:04.0296 0796 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
02:28:04.0296 0796 usbuhci - ok
02:28:04.0312 0796 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
02:28:04.0312 0796 UxSms - ok
02:28:04.0374 0796 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
02:28:04.0374 0796 VaultSvc - ok
02:28:04.0390 0796 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
02:28:04.0390 0796 vdrvroot - ok
02:28:04.0421 0796 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
02:28:04.0437 0796 vds - ok
02:28:04.0452 0796 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:28:04.0452 0796 vga - ok
02:28:04.0468 0796 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:28:04.0468 0796 VgaSave - ok
02:28:04.0484 0796 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
02:28:04.0499 0796 vhdmp - ok
02:28:04.0515 0796 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
02:28:04.0515 0796 viaide - ok
02:28:04.0546 0796 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
02:28:04.0546 0796 volmgr - ok
02:28:04.0577 0796 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
02:28:04.0593 0796 volmgrx - ok
02:28:04.0608 0796 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
02:28:04.0624 0796 volsnap - ok
02:28:04.0640 0796 vrwxxxme - ok
02:28:04.0655 0796 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
02:28:04.0655 0796 vsmraid - ok
02:28:04.0827 0796 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
02:28:04.0842 0796 VSS - ok
02:28:04.0952 0796 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
02:28:04.0952 0796 vwifibus - ok
02:28:04.0967 0796 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
02:28:04.0967 0796 vwififlt - ok
02:28:04.0998 0796 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
02:28:05.0014 0796 W32Time - ok
02:28:05.0030 0796 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
02:28:05.0030 0796 WacomPen - ok
02:28:05.0045 0796 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
02:28:05.0045 0796 WANARP - ok
02:28:05.0061 0796 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
02:28:05.0061 0796 Wanarpv6 - ok
02:28:05.0186 0796 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
02:28:05.0201 0796 WatAdminSvc - ok
02:28:05.0310 0796 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
02:28:05.0326 0796 wbengine - ok
02:28:05.0420 0796 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
02:28:05.0420 0796 WbioSrvc - ok
02:28:05.0451 0796 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
02:28:05.0466 0796 wcncsvc - ok
02:28:05.0466 0796 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
02:28:05.0466 0796 WcsPlugInService - ok
02:28:05.0513 0796 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
02:28:05.0513 0796 Wd - ok
02:28:05.0560 0796 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:28:05.0576 0796 Wdf01000 - ok
02:28:05.0607 0796 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:28:05.0607 0796 WdiServiceHost - ok
02:28:05.0607 0796 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
02:28:05.0607 0796 WdiSystemHost - ok
02:28:05.0669 0796 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
02:28:05.0669 0796 WebClient - ok
02:28:05.0685 0796 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
02:28:05.0700 0796 Wecsvc - ok
02:28:05.0716 0796 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
02:28:05.0716 0796 wercplsupport - ok
02:28:05.0747 0796 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
02:28:05.0747 0796 WerSvc - ok
02:28:05.0794 0796 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:28:05.0794 0796 WfpLwf - ok
02:28:05.0810 0796 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:28:05.0810 0796 WIMMount - ok
02:28:05.0825 0796 WinDefend - ok
02:28:05.0841 0796 WinHttpAutoProxySvc - ok
02:28:05.0888 0796 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
02:28:05.0888 0796 Winmgmt - ok
02:28:05.0997 0796 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
02:28:06.0028 0796 WinRM - ok
02:28:06.0153 0796 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
02:28:06.0153 0796 WinUsb - ok
02:28:06.0215 0796 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
02:28:06.0231 0796 Wlansvc - ok
02:28:06.0278 0796 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
02:28:06.0278 0796 wlcrasvc - ok
02:28:06.0418 0796 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:28:06.0449 0796 wlidsvc - ok
02:28:06.0543 0796 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
02:28:06.0543 0796 WmiAcpi - ok
02:28:06.0590 0796 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
02:28:06.0605 0796 wmiApSrv - ok
02:28:06.0621 0796 WMPNetworkSvc - ok
02:28:06.0652 0796 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
02:28:06.0652 0796 WPCSvc - ok
02:28:06.0730 0796 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
02:28:06.0730 0796 WPDBusEnum - ok
02:28:06.0746 0796 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:28:06.0746 0796 ws2ifsl - ok
02:28:06.0808 0796 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
02:28:06.0824 0796 wscsvc - ok
02:28:06.0886 0796 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
02:28:06.0886 0796 WSDPrintDevice - ok
02:28:06.0886 0796 WSearch - ok
02:28:07.0073 0796 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
02:28:07.0104 0796 wuauserv - ok
02:28:07.0182 0796 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
02:28:07.0182 0796 WudfPf - ok
02:28:07.0214 0796 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:28:07.0214 0796 WUDFRd - ok
02:28:07.0229 0796 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll
02:28:07.0229 0796 wudfsvc - ok
02:28:07.0276 0796 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
02:28:07.0276 0796 WwanSvc - ok
02:28:07.0401 0796 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
02:28:07.0416 0796 YahooAUService - ok
02:28:07.0432 0796 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
02:28:07.0682 0796 \Device\Harddisk0\DR0 - ok
02:28:07.0682 0796 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
02:28:07.0682 0796 \Device\Harddisk1\DR1 - ok
02:28:07.0697 0796 Boot (0x1200) (00e9728c773ea9e1b4e96631e02cdc9a) \Device\Harddisk0\DR0\Partition0
02:28:07.0697 0796 \Device\Harddisk0\DR0\Partition0 - ok
02:28:07.0697 0796 Boot (0x1200) (a3de021d82edbacfdccee4f96bfbd610) \Device\Harddisk0\DR0\Partition1
02:28:07.0697 0796 \Device\Harddisk0\DR0\Partition1 - ok
02:28:07.0713 0796 Boot (0x1200) (17b53e6b68238301bca524010d1a8dd2) \Device\Harddisk1\DR1\Partition0
02:28:07.0713 0796 \Device\Harddisk1\DR1\Partition0 - ok
02:28:07.0713 0796 ============================================================
02:28:07.0713 0796 Scan finished
02:28:07.0713 0796 ============================================================
02:28:07.0713 0760 Detected object count: 0
02:28:07.0713 0760 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 AM

Posted 10 August 2012 - 02:36 AM

were you able to run aswMBR?
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 scarletxsmiles

scarletxsmiles
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 10 August 2012 - 02:42 AM

Currently running it. On Quick scan- It's been stuck on a pandasecurity file for a while now (6 minutes)...I deleted panda earlier though. I'm not sure why there's still traces of it...

And it's finally moved on. Weird. I'll post the log when it's done.

As of 02:58am (it's now 3:21 am) it's been stuck on "C:\Users\Owner\Downloads\WDLinkSetup_v1.00.03\WDLinkSetup.exe"

Just so you know. I think I'll just head to bed, let it run it's course, then post the log in the morning. This is taking longer than I thought. I'm sorry!

Edited by scarletxsmiles, 10 August 2012 - 03:22 AM.


#11 scarletxsmiles

scarletxsmiles
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 10 August 2012 - 03:45 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 02:30:19
-----------------------------
02:30:19.717 OS Version: Windows x64 6.1.7600
02:30:19.717 Number of processors: 4 586 0x2A07
02:30:19.717 ComputerName: AR765BY2JV UserName: Owner
02:30:22.197 Initialize success
02:31:16.232 AVAST engine defs: 12080901
02:31:27.245 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:31:27.245 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 3
02:31:27.245 Disk 0 MBR read successfully
02:31:27.261 Disk 0 MBR scan
02:31:27.261 Disk 0 Windows VISTA default MBR code
02:31:27.261 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
02:31:27.277 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12542 MB offset 81920
02:31:27.292 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941286 MB offset 25767936
02:31:27.308 Disk 0 scanning C:\Windows\system32\drivers
02:31:36.309 Service scanning
02:31:56.402 Modules scanning
02:31:56.402 Disk 0 trace - called modules:
02:31:56.417 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
02:31:56.417 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b41060]
02:31:56.433 3 CLASSPNP.SYS[fffff880013aa43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800600b050]
02:31:58.586 AVAST engine scan C:\Windows
02:32:03.157 AVAST engine scan C:\Windows\system32
02:34:19.704 AVAST engine scan C:\Windows\system32\drivers
02:34:30.655 AVAST engine scan C:\Users\Owner
03:27:49.713 AVAST engine scan C:\ProgramData
03:29:35.205 Scan finished successfully
03:44:02.198 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
03:44:02.198 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 AM

Posted 10 August 2012 - 03:55 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 


Folder::
c:\program files (x86)\BitTorrentBar

Driver::
pxofwxoc
vrwxxxme

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 scarletxsmiles

scarletxsmiles
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 10 August 2012 - 03:42 PM

So my boyfriend ran it for me, last night, but apparently he went to bed while it was running, and so he didn't save the produced log file. Is there any way to find it, or do I need to re-run it?

#14 scarletxsmiles

scarletxsmiles
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 10 August 2012 - 03:59 PM

ComboFix 12-08-09.01 - Owner 08/10/2012 5:18.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5992.3570 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BitTorrentBar
c:\program files (x86)\BitTorrentBar\BitTorrentBarToolbarHelper.exe
c:\program files (x86)\BitTorrentBar\BitTorrentBarToolbarHelper1.exe
c:\program files (x86)\BitTorrentBar\GottenAppsContextMenu.xml
c:\program files (x86)\BitTorrentBar\ldrtbBit0.dll
c:\program files (x86)\BitTorrentBar\ldrtbBit2.dll
c:\program files (x86)\BitTorrentBar\ldrtbBitT.dll
c:\program files (x86)\BitTorrentBar\OtherAppsContextMenu.xml
c:\program files (x86)\BitTorrentBar\prxtbBit0.dll
c:\program files (x86)\BitTorrentBar\prxtbBit2.dll
c:\program files (x86)\BitTorrentBar\prxtbBitT.dll
c:\program files (x86)\BitTorrentBar\SharedAppsContextMenu.xml
c:\program files (x86)\BitTorrentBar\tbBit0.dll
c:\program files (x86)\BitTorrentBar\tbBit2.dll
c:\program files (x86)\BitTorrentBar\tbBitT.dll
c:\program files (x86)\BitTorrentBar\toolbar.cfg
c:\program files (x86)\BitTorrentBar\ToolbarContextMenu.xml
c:\program files (x86)\BitTorrentBar\uninstall.exe
c:\program files (x86)\HDD Regenerator\HDD Regenerator.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_pxofwxoc
-------\Service_vrwxxxme
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 10:28 . 2012-08-10 10:28 -------- d-----w- c:\users\Experience\AppData\Local\temp
2012-08-10 10:28 . 2012-08-10 10:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 08:48 . 2012-08-10 08:48 -------- d-----w- c:\users\Mcx1-AR765BY2JV
2012-08-10 08:46 . 2012-08-10 08:46 -------- d-----w- c:\users\Owner\Tracing
2012-08-02 00:10 . 2012-08-02 00:13 -------- d-----w- c:\users\Owner\AppData\Roaming\Ventrilo
2012-08-02 00:09 . 2012-08-02 00:09 -------- d-----w- c:\program files (x86)\Ventrilo
2012-08-02 00:09 . 2012-08-02 00:09 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-31 03:10 . 2012-08-10 04:12 -------- d-----w- c:\program files (x86)\World of Warcraft
2012-07-31 03:10 . 2012-07-31 03:10 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-07-31 03:09 . 2012-07-31 05:56 -------- d-----w- c:\programdata\Blizzard Entertainment
2012-07-29 21:38 . 2009-08-20 04:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-07-25 05:16 . 2012-07-25 05:16 -------- d-----w- c:\program files (x86)\smartdl
2012-07-16 01:03 . 2012-07-16 01:03 184891 ----a-w- C:\torrent.exe
2012-07-14 00:46 . 2012-07-14 00:46 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-14 00:35 . 2012-07-14 00:35 328704 ----a-w- c:\windows\system32\services.exe.D04844BF92E57AC3
2012-07-14 00:14 . 2012-07-14 00:14 50392 ----a-w- c:\windows\system32\drivers\qylcgzrk.sys
2012-07-14 00:11 . 2012-07-14 00:11 328704 ----a-w- c:\windows\system32\services.exe.B948611C1C24FDCB
2012-07-14 00:04 . 2012-07-14 00:04 328704 ----a-w- c:\windows\system32\services.exe.8509E2E55F144360
2012-07-13 23:58 . 2012-07-13 23:58 328704 ----a-w- c:\windows\system32\services.exe.65A7D41244070F1B
2012-07-13 23:54 . 2012-07-13 23:54 328704 ----a-w- c:\windows\system32\services.exe.9D4D2E42797B7072
2012-07-13 23:50 . 2012-07-13 23:50 328704 ----a-w- c:\windows\system32\services.exe.5C528DDD12B6608C
2012-07-13 23:45 . 2012-07-13 23:45 328704 ----a-w- c:\windows\system32\services.exe.5ED42801372FC5C6
2012-07-13 23:10 . 2012-07-13 23:10 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-13 23:00 . 2012-07-13 23:00 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 09:14 . 2012-04-15 19:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 09:14 . 2011-07-20 00:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-14 00:46 . 2011-03-24 03:48 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 18:46 . 2011-10-18 02:30 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 00:33 . 2012-06-30 00:33 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-06-30 00:33 . 2012-06-30 00:33 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-06-30 00:33 . 2012-06-30 00:33 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-30 00:30 . 2012-06-30 00:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-12 03:02 . 2012-07-11 08:03 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-06-11 03:25 . 2012-06-11 03:25 151601 ----a-w- c:\windows\SysWow64\temp.001
2012-06-11 03:25 . 2012-06-11 03:25 286773 ----a-w- c:\windows\SysWow64\temp.000
2012-06-11 03:25 . 2012-06-11 03:24 253952 ------w- c:\windows\Setup1.exe
2012-06-11 03:25 . 2012-06-11 03:24 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-06-09 05:30 . 2012-07-10 22:59 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 05:50 . 2012-07-10 22:59 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-10 22:59 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-10 22:59 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-10 22:59 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-02 22:19 . 2012-06-19 07:51 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 07:51 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 07:51 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 07:51 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 07:51 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 07:51 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 07:51 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-19 07:51 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-19 07:51 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-11 08:00 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 08:00 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 08:00 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 08:00 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 08:00 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 08:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 08:00 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 08:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 08:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 08:00 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 08:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 08:00 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 08:00 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 08:00 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 08:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 08:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 08:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 08:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:38 . 2012-07-10 22:59 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-10 22:59 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-10 22:59 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-10 22:59 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-10 22:59 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-10 22:59 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-10 22:59 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-10 22:59 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-10 22:59 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-10_03.50.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-10 10:29 . 2012-08-10 10:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-10 03:50 . 2012-08-10 03:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-10 10:29 . 2012-08-10 10:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-10 03:50 . 2012-08-10 03:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-08-10 10:29 515596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-10 03:49 515596 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-20 02:36 . 2012-08-10 10:29 3192192 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4101510841-2761474161-915512477-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2011-05-13 13:25 86696 ----a-w- c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2011-05-13 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2012-01-10 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"Aimersoft Helper Compact.exe"="c:\program files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" [2012-02-20 1666560]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-7-20 576000]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-13 9216]
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 PsBoot;Panda boot driver;c:\windows\system32\Drivers\PsBoot.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-18 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2012-01-10 288112]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-20 1038088]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2011-11-12 24576]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-18 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-20 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-06-08 406056]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 09:14]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-18 08:40]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-18 08:40]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101510841-2761474161-915512477-1001Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 17:46]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4101510841-2761474161-915512477-1001UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-09 17:46]
.
2012-08-10 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-12-06 02:31]
.
2012-07-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47]
.
2012-08-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-04 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-04 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-04 417304]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"combofix"="c:\combofix\CF31266.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\bc4ozgyv.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files (x86)\BitTorrentBar\prxtbBit2.dll
BHO-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files (x86)\BitTorrentBar\prxtbBit2.dll
Toolbar-Locked - (no file)
Toolbar-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files (x86)\BitTorrentBar\prxtbBit2.dll
Wow6432Node-HKLM-Run-HDD Regenerator - c:\program files (x86)\HDD Regenerator\HDD Regenerator.exe
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-BitTorrentBar Toolbar - c:\program files (x86)\BitTorrentBar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4101510841-2761474161-915512477-1001\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**E*r**t"ӐE*Q**d*@ E*p**| ]
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:501ac6e9
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-08-10 05:38:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-10 10:38
ComboFix2.txt 2012-08-10 04:00
.
Pre-Run: 387,485,569,024 bytes free
Post-Run: 387,202,703,360 bytes free
.
- - End Of File - - 30F66A3A509B3F29DFDE33FAD03D2F03



I went ahead and posted this one-- It says 5:39am this morning, which sounds about right.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:29 AM

Posted 11 August 2012 - 03:25 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users