Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible browser hijack, google keeps redirecting


  • This topic is locked This topic is locked
22 replies to this topic

#1 cvbowlr

cvbowlr

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 09 August 2012 - 04:42 PM

Yesterday AVG popped up with a warning for Luhe.Sirefef.A virus. I ran AVG/Malbyes/Super Anti Malware/Spybot and removed everything those things found, including a lot of tracking cookies. They are no longer reporting any signs of the virus or trojans, but sometimes when searching via google I get redirected when clicking on the links. I use firefox and chrome, and it happens on both browsers. The redirect does not happen every time, but maybe around 20-25% of the time. It seems to happen quite often when I first open a broswer. I am running Windows 7 64-bit. I appreciate your help and thank you in advance.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Chris at 14:30:05 on 2012-08-09
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.4412 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Program Files (x86)\FlyVPN\FlyVPNBind.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A84686C8-39C7-447F-8132-11F8094545C5} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DA8C915B-62CE-45B5-AFEF-1BF9BC1C35DB} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\4zhhfbap.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\GRETECH\npgomtvx_nie.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Chris\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/12 00:49:55];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-6-28 146928]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cpuz132;cpuz132;\??\C:\Windows\system32\drivers\cpuz132_x64.sys --> C:\Windows\system32\drivers\cpuz132_x64.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-31 655944]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-21 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-2 136176]
S3 CYUSB;Cypress Generic USB Driver;C:\Windows\system32\Drivers\CYUSB.sys --> C:\Windows\system32\Drivers\CYUSB.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-2 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 113120]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
.
=============== Created Last 30 ================
.
2012-08-09 21:00:59 -------- d-----w- C:\Users\Chris\AppData\Local\{88EE67CA-1ECF-4BFC-9D9A-D56E56DA19EA}
2012-08-09 21:00:47 -------- d-----w- C:\Users\Chris\AppData\Local\{07CC294A-0861-4C4D-AC04-8BC32D7825B4}
2012-08-09 20:08:46 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-09 20:08:46 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-09 19:05:34 -------- d-----w- C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
2012-08-09 19:05:01 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-08-09 19:05:01 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-08-09 18:44:13 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-09 00:20:13 -------- d-----w- C:\Users\Chris\AppData\Local\{1ED4A7F7-1F0B-4F23-B251-B91593C0FA11}
2012-08-09 00:20:02 -------- d-----w- C:\Users\Chris\AppData\Local\{A83D5A89-9E07-440A-A782-BC379CE8A89B}
2012-08-08 12:19:37 -------- d-----w- C:\Users\Chris\AppData\Local\{C7724C55-663E-4632-9E21-7F9BB1BA898E}
2012-08-08 12:19:26 -------- d-----w- C:\Users\Chris\AppData\Local\{CD68C5EA-6512-43D5-8B98-A57870B8F623}
2012-08-08 00:19:01 -------- d-----w- C:\Users\Chris\AppData\Local\{E256D073-F9F4-4526-8EF8-A7855284178C}
2012-08-08 00:18:49 -------- d-----w- C:\Users\Chris\AppData\Local\{1FDA591F-524D-4C9C-8779-E02599799166}
2012-08-07 12:18:37 -------- d-----w- C:\Users\Chris\AppData\Local\{96D0CCEF-A789-41BE-9D38-06C40AB5069B}
2012-08-07 12:18:27 -------- d-----w- C:\Users\Chris\AppData\Local\{D05FA209-5A57-483D-A77F-D453A06CB7B8}
2012-08-07 00:18:14 -------- d-----w- C:\Users\Chris\AppData\Local\{4D08A092-40C3-4D37-9008-4935077A9CC2}
2012-08-07 00:18:03 -------- d-----w- C:\Users\Chris\AppData\Local\{D24EF6C8-C68C-450B-ABF8-479B2F030DFF}
2012-08-06 12:17:51 -------- d-----w- C:\Users\Chris\AppData\Local\{FAA10CA2-6BAE-4071-B958-607D40E8FBFB}
2012-08-06 12:17:40 -------- d-----w- C:\Users\Chris\AppData\Local\{054CCAFA-7F67-424D-9825-91014A415569}
2012-08-06 00:17:25 -------- d-----w- C:\Users\Chris\AppData\Local\{5F42EB30-6551-4D06-81C5-1AE54BA1C54D}
2012-08-06 00:17:14 -------- d-----w- C:\Users\Chris\AppData\Local\{E94E955E-F077-43B7-8D83-F8DA14074581}
2012-08-03 07:39:14 -------- d-----w- C:\Users\Chris\AppData\Local\{FFE3A554-94FB-480D-B759-191D1BEBED6D}
2012-08-03 07:39:03 -------- d-----w- C:\Users\Chris\AppData\Local\{DACB4812-9960-4BCC-B0B0-D48605105B07}
2012-08-02 19:38:51 -------- d-----w- C:\Users\Chris\AppData\Local\{1E3D1A14-9C13-485D-9C15-1EB325BC046D}
2012-08-02 19:38:39 -------- d-----w- C:\Users\Chris\AppData\Local\{D0BD8348-30F9-4C90-9902-64AFB5F1F4BA}
2012-08-02 07:38:26 -------- d-----w- C:\Users\Chris\AppData\Local\{9BAC479B-74F3-4B5B-B5CC-42D5BFBDCC04}
2012-08-02 07:38:14 -------- d-----w- C:\Users\Chris\AppData\Local\{592C8201-E577-4DBA-B271-66669D1D722B}
2012-08-01 19:37:49 -------- d-----w- C:\Users\Chris\AppData\Local\{FB8A7896-CF18-4651-8EFC-394BCBB7ABD6}
2012-08-01 19:37:39 -------- d-----w- C:\Users\Chris\AppData\Local\{C87E1084-BF79-4967-A085-F936BB190F8F}
2012-08-01 07:37:26 -------- d-----w- C:\Users\Chris\AppData\Local\{7061D4C7-23A4-454B-B2AE-833BF969B7E9}
2012-08-01 07:37:15 -------- d-----w- C:\Users\Chris\AppData\Local\{F70E63F8-885F-4E85-97AC-E182C1509182}
2012-07-31 19:36:49 -------- d-----w- C:\Users\Chris\AppData\Local\{5D28DEF5-1AE5-4FF7-8751-72059026AA5B}
2012-07-31 19:36:38 -------- d-----w- C:\Users\Chris\AppData\Local\{8D150F18-961C-4416-AC95-0CD1F00E5CD5}
2012-07-31 05:26:31 -------- d-----w- C:\Users\Chris\AppData\Local\{172678D6-7626-44DD-BDD0-7487CF1A71D8}
2012-07-31 05:26:20 -------- d-----w- C:\Users\Chris\AppData\Local\{9380C06F-0B99-4C03-9366-F4FC1E327406}
2012-07-30 17:26:08 -------- d-----w- C:\Users\Chris\AppData\Local\{BBC47A70-5BA8-4329-95EF-C4BEFA15678F}
2012-07-30 17:25:58 -------- d-----w- C:\Users\Chris\AppData\Local\{7D915435-B4E3-4CA4-B2CA-526652CC4063}
2012-07-30 05:25:45 -------- d-----w- C:\Users\Chris\AppData\Local\{C2C29C1C-62AC-48A9-8D0B-A55A383F2FB7}
2012-07-30 05:25:34 -------- d-----w- C:\Users\Chris\AppData\Local\{CB197A71-B89A-4833-A281-5A356BDAC9F1}
2012-07-29 17:25:22 -------- d-----w- C:\Users\Chris\AppData\Local\{507BC2DD-3698-4E1D-88D6-2AE65ACB1860}
2012-07-29 17:25:11 -------- d-----w- C:\Users\Chris\AppData\Local\{F41C3F30-DEB1-41B3-AC5D-13152231D66F}
2012-07-29 05:24:59 -------- d-----w- C:\Users\Chris\AppData\Local\{7EB34A8B-60E0-4027-9A48-AC33D7906806}
2012-07-29 05:24:48 -------- d-----w- C:\Users\Chris\AppData\Local\{0165EC29-E5CE-4BCC-999B-274608B40FA9}
2012-07-28 17:24:35 -------- d-----w- C:\Users\Chris\AppData\Local\{A38BE94F-EF0E-42FC-9B2B-1CD2D5C7D1BF}
2012-07-28 17:24:24 -------- d-----w- C:\Users\Chris\AppData\Local\{07F7BEEC-4819-46D9-B66F-5D31A02986F3}
2012-07-28 05:23:59 -------- d-----w- C:\Users\Chris\AppData\Local\{217933C6-8DC9-4BA6-B6EE-A63D40632398}
2012-07-28 05:23:48 -------- d-----w- C:\Users\Chris\AppData\Local\{28C12261-2F09-408E-BF1E-D439F9ECF058}
2012-07-27 17:23:24 -------- d-----w- C:\Users\Chris\AppData\Local\{2CC984D4-3633-4D99-A944-097A39E9A2E1}
2012-07-27 17:23:13 -------- d-----w- C:\Users\Chris\AppData\Local\{C937A81B-52A8-4B38-B0C8-379C4AF1FAE7}
2012-07-27 05:23:00 -------- d-----w- C:\Users\Chris\AppData\Local\{9BB7DEB1-4E9C-478E-A166-537E09F75C06}
2012-07-27 05:22:49 -------- d-----w- C:\Users\Chris\AppData\Local\{57C62942-4C4F-4A11-9947-893A1FA4AF6F}
2012-07-26 17:22:37 -------- d-----w- C:\Users\Chris\AppData\Local\{B214A18D-A64B-4702-9286-9E871EE73389}
2012-07-26 17:22:27 -------- d-----w- C:\Users\Chris\AppData\Local\{2922E541-0E6C-4239-A6FD-C25F9E5B1612}
2012-07-26 05:22:14 -------- d-----w- C:\Users\Chris\AppData\Local\{439DC083-32B5-40D0-B1D7-368C5AE9A644}
2012-07-26 05:22:03 -------- d-----w- C:\Users\Chris\AppData\Local\{81C38665-2A8A-4D74-90BF-BF5D84FB8F94}
2012-07-25 17:21:51 -------- d-----w- C:\Users\Chris\AppData\Local\{CDFE889B-BFF9-429C-A9C5-11FF84EBAC48}
2012-07-25 17:21:40 -------- d-----w- C:\Users\Chris\AppData\Local\{F8640BEE-8DD1-426A-9E88-C6C37871B499}
2012-07-25 05:21:28 -------- d-----w- C:\Users\Chris\AppData\Local\{2792C765-1415-44E6-94BF-D968B9EC0C3E}
2012-07-25 05:21:17 -------- d-----w- C:\Users\Chris\AppData\Local\{0E05652D-481F-4C3F-B531-5009228B2C2D}
2012-07-24 17:16:49 -------- d-----w- C:\Users\Chris\AppData\Local\{146F1104-1A5E-40C5-907B-8804EF570660}
2012-07-24 17:16:37 -------- d-----w- C:\Users\Chris\AppData\Local\{1ABC8BC8-C1B0-4C81-A9C5-C4CBF4627B2B}
2012-07-24 05:16:24 -------- d-----w- C:\Users\Chris\AppData\Local\{B7748369-FF1E-4E5B-B69B-4C0C01B930E6}
2012-07-24 05:16:13 -------- d-----w- C:\Users\Chris\AppData\Local\{210D7473-894B-40BD-BFE4-D1C2D68288E8}
2012-07-23 17:15:59 -------- d-----w- C:\Users\Chris\AppData\Local\{396695FA-CA61-43DB-A431-97A3FBA4CB36}
2012-07-23 17:15:48 -------- d-----w- C:\Users\Chris\AppData\Local\{A797CA45-064F-4A69-86DA-07F21554E3CE}
2012-07-23 16:36:50 -------- d-----w- C:\Users\Chris\AppData\Local\{5E944B5E-8A82-4C21-99D2-87B587BE230C}
2012-07-23 02:02:44 -------- d-----w- C:\Users\Chris\AppData\Local\{8C78415B-81C7-4912-A71D-6EA533B47FC5}
2012-07-23 02:02:33 -------- d-----w- C:\Users\Chris\AppData\Local\{66572F0E-DE36-4149-A890-D8BBAC493C45}
2012-07-18 07:38:48 -------- d-----w- C:\Users\Chris\AppData\Local\{3B80ECD0-1B62-400B-B89D-5958C1A03228}
2012-07-18 07:38:36 -------- d-----w- C:\Users\Chris\AppData\Local\{A2A6FB73-008A-448F-AA2D-9EBA9DF023A1}
2012-07-17 19:38:11 -------- d-----w- C:\Users\Chris\AppData\Local\{7CF1D6D6-5DF0-4D28-8FE3-34EF8D0EC451}
2012-07-17 19:37:59 -------- d-----w- C:\Users\Chris\AppData\Local\{A7102832-25CD-41CB-BF5D-238FD1F72B4A}
2012-07-13 07:16:19 -------- d-----w- C:\Users\Chris\AppData\Local\{C45FE579-F455-48E8-A5E5-45573DB3CB31}
2012-07-13 07:16:07 -------- d-----w- C:\Users\Chris\AppData\Local\{CDAF7EA6-134C-4FD1-AD05-C0E0A5200A5A}
2012-07-12 19:15:55 -------- d-----w- C:\Users\Chris\AppData\Local\{61BDB42E-7D7F-454E-ABC6-CC0154B7FFF2}
2012-07-12 19:15:44 -------- d-----w- C:\Users\Chris\AppData\Local\{8B0349DC-9ECD-4E6D-8C74-B1DFEBD6340F}
2012-07-12 07:15:30 -------- d-----w- C:\Users\Chris\AppData\Local\{198622F6-EC2B-41BC-8FC8-56486326FA1E}
2012-07-12 07:15:18 -------- d-----w- C:\Users\Chris\AppData\Local\{DD93741D-C775-46A0-B903-819CA1D5DB65}
2012-07-11 22:05:56 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 19:14:53 -------- d-----w- C:\Users\Chris\AppData\Local\{70DB8D8C-5665-4066-AAE8-4F5385A28AA7}
2012-07-11 19:14:41 -------- d-----w- C:\Users\Chris\AppData\Local\{6689C2F7-A15D-426D-AE31-FB1A05326B3D}
2012-07-11 07:14:28 -------- d-----w- C:\Users\Chris\AppData\Local\{8E6BEDDF-A6BA-4B71-94DA-3A4B625FE28C}
2012-07-11 07:14:14 -------- d-----w- C:\Users\Chris\AppData\Local\{B7A8AA9D-3084-4644-8398-2A22964D3392}
.
==================== Find3M ====================
.
2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-17 22:50:06 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2012-05-17 22:50:04 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
.
============= FINISH: 14:31:05.90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:54 PM

Posted 10 August 2012 - 02:31 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 cvbowlr

cvbowlr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 10 August 2012 - 11:53 AM

Thank you very much for your help. No additional problems to report and the computer seems to be running fine aside from the occasional redirect.

Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
AVG PC Tuneup 2011
Java™ 6 Update 31
Java version out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````




ComboFix 12-08-09.01 - Chris 08/10/2012 9:42.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.4190 [GMT -7:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 16:47 . 2012-08-10 16:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-10 16:47 . 2012-08-10 16:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-10 16:47 . 2012-08-10 16:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 16:47 . 2012-08-10 16:47 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-10 16:34 . 2012-08-10 16:35 -------- d--h--w- c:\windows\AxInstSV
2012-08-09 22:06 . 2012-08-09 22:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-09 22:06 . 2012-08-09 22:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-09 20:08 . 2012-08-09 20:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-09 20:08 . 2012-08-09 20:10 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-09 19:05 . 2012-08-09 19:05 -------- d-----w- c:\users\Chris\AppData\Roaming\SUPERAntiSpyware.com
2012-08-09 19:05 . 2012-08-09 19:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-09 19:05 . 2012-08-09 19:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-11 22:05 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 22:02 . 2009-10-14 12:51 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 20:46 . 2010-05-03 20:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 05:30 . 2012-07-11 06:17 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 05:50 . 2012-07-11 06:17 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-11 06:17 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-11 06:17 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-11 06:17 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-02 22:19 . 2012-06-19 07:04 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 07:04 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 07:04 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 07:04 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 07:03 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-19 07:04 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 07:04 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 07:03 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-19 07:04 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:38 . 2012-07-11 06:17 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-11 06:17 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-11 06:17 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-11 06:17 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-11 06:17 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-11 06:17 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-11 06:17 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-11 06:17 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-11 06:17 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-17 22:50 . 2012-05-17 22:50 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-05-17 22:50 . 2012-05-17 22:50 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-05-07 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[-] 2010-05-07 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-08-09_18.34.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-11 06:15 . 2012-08-10 00:07 61296 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-10 00:07 46772 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-23 23:26 . 2012-08-10 00:07 23470 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1379340593-1080860476-4187735682-1000_UserData.bin
+ 2012-08-09 23:52 . 2012-08-09 23:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-09 18:24 . 2012-08-09 18:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-09 23:52 . 2012-08-09 23:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-09 18:24 . 2012-08-09 18:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-09 22:06 . 2012-08-09 22:06 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe
+ 2012-08-09 22:06 . 2012-08-09 22:06 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-08-09 22:06 . 2012-08-09 22:06 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_Plugin.exe
+ 2009-07-14 05:01 . 2012-08-09 23:51 464536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-09 18:23 464536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-09 22:06 . 2012-08-09 22:06 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
+ 2012-08-09 22:06 . 2012-08-09 22:06 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
- 2011-06-19 08:43 . 2012-06-23 07:50 1542852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1379340593-1080860476-4187735682-1000-12288.dat
+ 2011-06-19 08:43 . 2012-08-09 23:51 1542852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1379340593-1080860476-4187735682-1000-12288.dat
+ 2009-07-14 02:34 . 2012-08-10 01:52 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-08-09 04:18 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-08-09 22:06 . 2012-08-09 22:06 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll
+ 2010-04-26 19:54 . 2012-08-09 23:51 21421900 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1379340593-1080860476-4187735682-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2010-05-06 251392]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 136176]
R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [2009-08-10 47104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-23 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-06 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-24 871408]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/12 00:49];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-06-29 05:50 146928]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-03-24 12032]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-12-19 314400]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 22:23]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 22:23]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1379340593-1080860476-4187735682-1000Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-24 00:15]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1379340593-1080860476-4187735682-1000UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-24 00:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\FlyVPN\FlyVPNBind.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\4zhhfbap.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-10 09:49:06
ComboFix-quarantined-files.txt 2012-08-10 16:49
.
Pre-Run: 18,653,609,984 bytes free
Post-Run: 18,593,423,360 bytes free
.
- - End Of File - - 39B3C4D2F5866368AC538CEB13DBC5B0

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:54 PM

Posted 10 August 2012 - 12:44 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 cvbowlr

cvbowlr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 10 August 2012 - 02:56 PM

Hello,

11:52:33.0760 4896 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:52:34.0244 4896 ============================================================
11:52:34.0244 4896 Current date / time: 2012/08/10 11:52:34.0244
11:52:34.0244 4896 SystemInfo:
11:52:34.0244 4896
11:52:34.0244 4896 OS Version: 6.1.7600 ServicePack: 0.0
11:52:34.0244 4896 Product type: Workstation
11:52:34.0244 4896 ComputerName: CHRIS-PCA
11:52:34.0244 4896 UserName: Chris
11:52:34.0244 4896 Windows directory: C:\Windows
11:52:34.0244 4896 System windows directory: C:\Windows
11:52:34.0244 4896 Running under WOW64
11:52:34.0244 4896 Processor architecture: Intel x64
11:52:34.0244 4896 Number of processors: 8
11:52:34.0244 4896 Page size: 0x1000
11:52:34.0244 4896 Boot type: Normal boot
11:52:34.0244 4896 ============================================================
11:52:34.0774 4896 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:52:34.0774 4896 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:52:34.0805 4896 Drive \Device\Harddisk2\DR2 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:52:34.0805 4896 Drive \Device\Harddisk3\DR3 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:52:34.0805 4896 Drive \Device\Harddisk4\DR4 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:52:41.0326 4896 ============================================================
11:52:41.0326 4896 \Device\Harddisk0\DR0:
11:52:41.0342 4896 MBR partitions:
11:52:41.0342 4896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
11:52:41.0342 4896 \Device\Harddisk1\DR1:
11:52:41.0342 4896 MBR partitions:
11:52:41.0342 4896 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
11:52:41.0342 4896 \Device\Harddisk2\DR2:
11:52:41.0373 4896 MBR partitions:
11:52:41.0373 4896 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x219957F8
11:52:41.0373 4896 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x21996000, BlocksNum 0x32000
11:52:41.0373 4896 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x219C8000, BlocksNum 0x3A65800
11:52:41.0373 4896 \Device\Harddisk3\DR3:
11:52:41.0373 4896 MBR partitions:
11:52:41.0373 4896 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22EEB000
11:52:41.0373 4896 \Device\Harddisk4\DR4:
11:52:41.0373 4896 MBR partitions:
11:52:41.0373 4896 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAEA87AF0
11:52:41.0373 4896 ============================================================
11:52:41.0389 4896 C: <-> \Device\Harddisk3\DR3\Partition0
11:52:41.0420 4896 D: <-> \Device\Harddisk2\DR2\Partition0
11:52:41.0451 4896 H: <-> \Device\Harddisk0\DR0\Partition0
11:52:41.0467 4896 I: <-> \Device\Harddisk4\DR4\Partition0
11:52:41.0513 4896 F: <-> \Device\Harddisk1\DR1\Partition0
11:52:41.0560 4896 G: <-> \Device\Harddisk2\DR2\Partition2
11:52:41.0560 4896 ============================================================
11:52:41.0560 4896 Initialize success
11:52:41.0560 4896 ============================================================
11:52:46.0630 3872 ============================================================
11:52:46.0630 3872 Scan started
11:52:46.0630 3872 Mode: Manual;
11:52:46.0630 3872 ============================================================
11:52:47.0098 3872 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
11:52:47.0114 3872 !SASCORE - ok
11:52:47.0176 3872 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
11:52:47.0176 3872 1394ohci - ok
11:52:47.0192 3872 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
11:52:47.0192 3872 ACPI - ok
11:52:47.0207 3872 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
11:52:47.0207 3872 AcpiPmi - ok
11:52:47.0223 3872 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:52:47.0223 3872 adp94xx - ok
11:52:47.0254 3872 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:52:47.0254 3872 adpahci - ok
11:52:47.0254 3872 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:52:47.0270 3872 adpu320 - ok
11:52:47.0270 3872 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:52:47.0270 3872 AeLookupSvc - ok
11:52:47.0317 3872 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
11:52:47.0317 3872 AFD - ok
11:52:47.0317 3872 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
11:52:47.0317 3872 agp440 - ok
11:52:47.0332 3872 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:52:47.0332 3872 ALG - ok
11:52:47.0348 3872 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
11:52:47.0348 3872 aliide - ok
11:52:47.0348 3872 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
11:52:47.0348 3872 amdide - ok
11:52:47.0363 3872 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:52:47.0363 3872 AmdK8 - ok
11:52:47.0363 3872 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:52:47.0363 3872 AmdPPM - ok
11:52:47.0379 3872 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
11:52:47.0379 3872 amdsata - ok
11:52:47.0395 3872 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:52:47.0395 3872 amdsbs - ok
11:52:47.0410 3872 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
11:52:47.0410 3872 amdxata - ok
11:52:47.0426 3872 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:52:47.0426 3872 AppID - ok
11:52:47.0426 3872 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:52:47.0426 3872 AppIDSvc - ok
11:52:47.0441 3872 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
11:52:47.0441 3872 Appinfo - ok
11:52:47.0504 3872 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:52:47.0504 3872 Apple Mobile Device - ok
11:52:47.0519 3872 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
11:52:47.0535 3872 AppMgmt - ok
11:52:47.0551 3872 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:52:47.0551 3872 arc - ok
11:52:47.0551 3872 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:52:47.0551 3872 arcsas - ok
11:52:47.0566 3872 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:52:47.0566 3872 AsyncMac - ok
11:52:47.0582 3872 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
11:52:47.0582 3872 atapi - ok
11:52:47.0613 3872 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
11:52:47.0644 3872 AudioEndpointBuilder - ok
11:52:47.0644 3872 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
11:52:47.0644 3872 AudioSrv - ok
11:52:47.0722 3872 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
11:52:47.0722 3872 AVGIDSHA - ok
11:52:47.0753 3872 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
11:52:47.0753 3872 Avgldx64 - ok
11:52:47.0769 3872 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
11:52:47.0769 3872 Avgmfx64 - ok
11:52:47.0785 3872 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
11:52:47.0785 3872 Avgrkx64 - ok
11:52:47.0831 3872 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
11:52:47.0831 3872 avgwd - ok
11:52:47.0847 3872 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
11:52:47.0847 3872 AxInstSV - ok
11:52:47.0878 3872 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:52:47.0878 3872 b06bdrv - ok
11:52:47.0894 3872 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:52:47.0894 3872 b57nd60a - ok
11:52:47.0909 3872 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:52:47.0909 3872 BDESVC - ok
11:52:47.0925 3872 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:52:47.0925 3872 Beep - ok
11:52:47.0941 3872 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
11:52:47.0956 3872 BFE - ok
11:52:47.0987 3872 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
11:52:47.0987 3872 BITS - ok
11:52:48.0003 3872 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:52:48.0003 3872 blbdrive - ok
11:52:48.0065 3872 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:52:48.0065 3872 Bonjour Service - ok
11:52:48.0097 3872 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:52:48.0097 3872 bowser - ok
11:52:48.0097 3872 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:52:48.0112 3872 BrFiltLo - ok
11:52:48.0112 3872 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:52:48.0112 3872 BrFiltUp - ok
11:52:48.0128 3872 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:52:48.0128 3872 BridgeMP - ok
11:52:48.0143 3872 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
11:52:48.0143 3872 Browser - ok
11:52:48.0159 3872 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:52:48.0159 3872 Brserid - ok
11:52:48.0175 3872 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:52:48.0175 3872 BrSerWdm - ok
11:52:48.0190 3872 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:52:48.0190 3872 BrUsbMdm - ok
11:52:48.0190 3872 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:52:48.0190 3872 BrUsbSer - ok
11:52:48.0206 3872 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:52:48.0206 3872 BTHMODEM - ok
11:52:48.0221 3872 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:52:48.0221 3872 bthserv - ok
11:52:48.0237 3872 catchme - ok
11:52:48.0253 3872 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:52:48.0253 3872 cdfs - ok
11:52:48.0268 3872 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
11:52:48.0268 3872 cdrom - ok
11:52:48.0284 3872 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
11:52:48.0299 3872 CertPropSvc - ok
11:52:48.0299 3872 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:52:48.0299 3872 circlass - ok
11:52:48.0315 3872 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:52:48.0315 3872 CLFS - ok
11:52:48.0362 3872 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:52:48.0362 3872 clr_optimization_v2.0.50727_32 - ok
11:52:48.0377 3872 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:52:48.0377 3872 clr_optimization_v2.0.50727_64 - ok
11:52:48.0440 3872 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:52:48.0440 3872 clr_optimization_v4.0.30319_32 - ok
11:52:48.0471 3872 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:52:48.0471 3872 clr_optimization_v4.0.30319_64 - ok
11:52:48.0487 3872 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:52:48.0487 3872 CmBatt - ok
11:52:48.0487 3872 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
11:52:48.0487 3872 cmdide - ok
11:52:48.0518 3872 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
11:52:48.0518 3872 CNG - ok
11:52:48.0533 3872 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:52:48.0533 3872 Compbatt - ok
11:52:48.0533 3872 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:52:48.0533 3872 CompositeBus - ok
11:52:48.0533 3872 COMSysApp - ok
11:52:48.0565 3872 cpuz132 (c9c25778efe890baa4087e32937016a0) C:\Windows\system32\drivers\cpuz132_x64.sys
11:52:48.0565 3872 cpuz132 - ok
11:52:48.0565 3872 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:52:48.0565 3872 crcdisk - ok
11:52:48.0596 3872 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
11:52:48.0611 3872 CryptSvc - ok
11:52:48.0627 3872 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
11:52:48.0627 3872 CSC - ok
11:52:48.0658 3872 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
11:52:48.0674 3872 CscService - ok
11:52:48.0689 3872 CYUSB (8ec96b753727b380089d66d4ab5869df) C:\Windows\system32\Drivers\CYUSB.sys
11:52:48.0689 3872 CYUSB - ok
11:52:48.0721 3872 danewFltr (003626f7ca17c204f16cd5047af0703a) C:\Windows\system32\drivers\danew.sys
11:52:48.0721 3872 danewFltr - ok
11:52:48.0752 3872 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
11:52:48.0752 3872 DcomLaunch - ok
11:52:48.0783 3872 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:52:48.0783 3872 defragsvc - ok
11:52:48.0814 3872 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
11:52:48.0814 3872 DfsC - ok
11:52:48.0830 3872 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
11:52:48.0830 3872 Dhcp - ok
11:52:48.0845 3872 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:52:48.0845 3872 discache - ok
11:52:48.0861 3872 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:52:48.0861 3872 Disk - ok
11:52:48.0877 3872 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
11:52:48.0877 3872 Dnscache - ok
11:52:48.0908 3872 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
11:52:48.0908 3872 dot3svc - ok
11:52:48.0908 3872 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
11:52:48.0908 3872 DPS - ok
11:52:48.0939 3872 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:52:48.0939 3872 drmkaud - ok
11:52:48.0970 3872 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
11:52:48.0970 3872 DXGKrnl - ok
11:52:49.0001 3872 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
11:52:49.0001 3872 E1G60 - ok
11:52:49.0001 3872 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:52:49.0001 3872 EapHost - ok
11:52:49.0095 3872 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:52:49.0111 3872 ebdrv - ok
11:52:49.0157 3872 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
11:52:49.0157 3872 EFS - ok
11:52:49.0204 3872 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
11:52:49.0220 3872 ehRecvr - ok
11:52:49.0220 3872 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:52:49.0220 3872 ehSched - ok
11:52:49.0267 3872 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:52:49.0267 3872 elxstor - ok
11:52:49.0282 3872 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
11:52:49.0282 3872 ErrDev - ok
11:52:49.0313 3872 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:52:49.0313 3872 EventSystem - ok
11:52:49.0329 3872 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:52:49.0329 3872 exfat - ok
11:52:49.0345 3872 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:52:49.0345 3872 fastfat - ok
11:52:49.0376 3872 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
11:52:49.0376 3872 Fax - ok
11:52:49.0376 3872 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:52:49.0376 3872 fdc - ok
11:52:49.0391 3872 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:52:49.0391 3872 fdPHost - ok
11:52:49.0407 3872 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:52:49.0407 3872 FDResPub - ok
11:52:49.0407 3872 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:52:49.0407 3872 FileInfo - ok
11:52:49.0423 3872 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:52:49.0423 3872 Filetrace - ok
11:52:49.0423 3872 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:52:49.0423 3872 flpydisk - ok
11:52:49.0438 3872 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:52:49.0438 3872 FltMgr - ok
11:52:49.0485 3872 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll
11:52:49.0485 3872 FontCache - ok
11:52:49.0516 3872 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:52:49.0516 3872 FontCache3.0.0.0 - ok
11:52:49.0516 3872 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:52:49.0516 3872 FsDepends - ok
11:52:49.0547 3872 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
11:52:49.0547 3872 Fs_Rec - ok
11:52:49.0563 3872 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:52:49.0563 3872 fvevol - ok
11:52:49.0579 3872 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:52:49.0579 3872 gagp30kx - ok
11:52:49.0610 3872 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:52:49.0610 3872 GEARAspiWDM - ok
11:52:49.0641 3872 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
11:52:49.0641 3872 gpsvc - ok
11:52:49.0703 3872 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:52:49.0703 3872 gupdate - ok
11:52:49.0703 3872 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:52:49.0703 3872 gupdatem - ok
11:52:49.0719 3872 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:52:49.0719 3872 hcw85cir - ok
11:52:49.0750 3872 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
11:52:49.0750 3872 HdAudAddService - ok
11:52:49.0766 3872 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:52:49.0766 3872 HDAudBus - ok
11:52:49.0766 3872 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:52:49.0766 3872 HidBatt - ok
11:52:49.0781 3872 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:52:49.0781 3872 HidBth - ok
11:52:49.0781 3872 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:52:49.0781 3872 HidIr - ok
11:52:49.0797 3872 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:52:49.0797 3872 hidserv - ok
11:52:49.0813 3872 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
11:52:49.0813 3872 HidUsb - ok
11:52:49.0828 3872 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
11:52:49.0828 3872 hkmsvc - ok
11:52:49.0844 3872 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
11:52:49.0844 3872 HomeGroupListener - ok
11:52:49.0859 3872 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
11:52:49.0859 3872 HomeGroupProvider - ok
11:52:49.0875 3872 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:52:49.0875 3872 HpSAMD - ok
11:52:49.0906 3872 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:52:49.0922 3872 HTTP - ok
11:52:49.0922 3872 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:52:49.0922 3872 hwpolicy - ok
11:52:49.0937 3872 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:52:49.0953 3872 i8042prt - ok
11:52:49.0969 3872 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
11:52:49.0969 3872 iaStorV - ok
11:52:50.0031 3872 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:52:50.0031 3872 idsvc - ok
11:52:50.0047 3872 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:52:50.0047 3872 iirsp - ok
11:52:50.0078 3872 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
11:52:50.0078 3872 IKEEXT - ok
11:52:50.0218 3872 IntcAzAudAddService (150ac23f21dbdbf8488408ba944b0d65) C:\Windows\system32\drivers\RTKVHD64.sys
11:52:50.0249 3872 IntcAzAudAddService - ok
11:52:50.0281 3872 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
11:52:50.0281 3872 intelide - ok
11:52:50.0296 3872 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:52:50.0296 3872 intelppm - ok
11:52:50.0312 3872 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:52:50.0312 3872 IPBusEnum - ok
11:52:50.0327 3872 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:52:50.0327 3872 IpFilterDriver - ok
11:52:50.0359 3872 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
11:52:50.0359 3872 iphlpsvc - ok
11:52:50.0374 3872 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:52:50.0374 3872 IPMIDRV - ok
11:52:50.0374 3872 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:52:50.0390 3872 IPNAT - ok
11:52:50.0437 3872 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
11:52:50.0437 3872 iPod Service - ok
11:52:50.0452 3872 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:52:50.0452 3872 IRENUM - ok
11:52:50.0468 3872 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
11:52:50.0468 3872 isapnp - ok
11:52:50.0468 3872 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
11:52:50.0468 3872 iScsiPrt - ok
11:52:50.0483 3872 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:52:50.0483 3872 kbdclass - ok
11:52:50.0499 3872 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
11:52:50.0499 3872 kbdhid - ok
11:52:50.0515 3872 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:52:50.0515 3872 KeyIso - ok
11:52:50.0530 3872 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
11:52:50.0530 3872 KSecDD - ok
11:52:50.0546 3872 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
11:52:50.0546 3872 KSecPkg - ok
11:52:50.0561 3872 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:52:50.0561 3872 ksthunk - ok
11:52:50.0593 3872 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:52:50.0593 3872 KtmRm - ok
11:52:50.0624 3872 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
11:52:50.0624 3872 LanmanServer - ok
11:52:50.0639 3872 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
11:52:50.0639 3872 LanmanWorkstation - ok
11:52:50.0702 3872 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:52:50.0702 3872 LightScribeService - ok
11:52:50.0702 3872 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:52:50.0702 3872 lltdio - ok
11:52:50.0733 3872 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:52:50.0733 3872 lltdsvc - ok
11:52:50.0733 3872 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:52:50.0749 3872 lmhosts - ok
11:52:50.0764 3872 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:52:50.0764 3872 LSI_FC - ok
11:52:50.0764 3872 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:52:50.0764 3872 LSI_SAS - ok
11:52:50.0780 3872 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:52:50.0780 3872 LSI_SAS2 - ok
11:52:50.0780 3872 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:52:50.0780 3872 LSI_SCSI - ok
11:52:50.0811 3872 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:52:50.0811 3872 luafv - ok
11:52:50.0842 3872 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
11:52:50.0842 3872 MBAMProtector - ok
11:52:50.0998 3872 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:52:50.0998 3872 MBAMService - ok
11:52:51.0014 3872 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
11:52:51.0014 3872 Mcx2Svc - ok
11:52:51.0029 3872 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:52:51.0029 3872 megasas - ok
11:52:51.0029 3872 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:52:51.0045 3872 MegaSR - ok
11:52:51.0076 3872 Microsoft SharePoint Workspace Audit Service - ok
11:52:51.0092 3872 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:52:51.0092 3872 MMCSS - ok
11:52:51.0092 3872 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:52:51.0092 3872 Modem - ok
11:52:51.0107 3872 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:52:51.0107 3872 monitor - ok
11:52:51.0123 3872 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:52:51.0123 3872 mouclass - ok
11:52:51.0139 3872 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:52:51.0139 3872 mouhid - ok
11:52:51.0139 3872 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:52:51.0139 3872 mountmgr - ok
11:52:51.0217 3872 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:52:51.0217 3872 MozillaMaintenance - ok
11:52:51.0217 3872 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
11:52:51.0217 3872 mpio - ok
11:52:51.0232 3872 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:52:51.0232 3872 mpsdrv - ok
11:52:51.0279 3872 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
11:52:51.0295 3872 MpsSvc - ok
11:52:51.0310 3872 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:52:51.0310 3872 MRxDAV - ok
11:52:51.0326 3872 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:52:51.0341 3872 mrxsmb - ok
11:52:51.0357 3872 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:52:51.0357 3872 mrxsmb10 - ok
11:52:51.0373 3872 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:52:51.0373 3872 mrxsmb20 - ok
11:52:51.0388 3872 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
11:52:51.0388 3872 msahci - ok
11:52:51.0388 3872 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
11:52:51.0404 3872 msdsm - ok
11:52:51.0404 3872 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:52:51.0419 3872 MSDTC - ok
11:52:51.0419 3872 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:52:51.0419 3872 Msfs - ok
11:52:51.0435 3872 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:52:51.0435 3872 mshidkmdf - ok
11:52:51.0435 3872 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
11:52:51.0435 3872 msisadrv - ok
11:52:51.0451 3872 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:52:51.0451 3872 MSiSCSI - ok
11:52:51.0451 3872 msiserver - ok
11:52:51.0466 3872 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:52:51.0466 3872 MSKSSRV - ok
11:52:51.0482 3872 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:52:51.0482 3872 MSPCLOCK - ok
11:52:51.0482 3872 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:52:51.0482 3872 MSPQM - ok
11:52:51.0497 3872 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:52:51.0497 3872 MsRPC - ok
11:52:51.0513 3872 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:52:51.0513 3872 mssmbios - ok
11:52:51.0513 3872 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:52:51.0513 3872 MSTEE - ok
11:52:51.0513 3872 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:52:51.0513 3872 MTConfig - ok
11:52:51.0529 3872 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:52:51.0529 3872 Mup - ok
11:52:51.0560 3872 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
11:52:51.0560 3872 napagent - ok
11:52:51.0575 3872 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:52:51.0575 3872 NativeWifiP - ok
11:52:51.0653 3872 NAUpdate (e4534bccdd1ea7a7a256bb9d6688a5fc) C:\Program Files (x86)\Nero\Update\NASvc.exe
11:52:51.0653 3872 NAUpdate - ok
11:52:51.0700 3872 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
11:52:51.0700 3872 NDIS - ok
11:52:51.0716 3872 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:52:51.0716 3872 NdisCap - ok
11:52:51.0716 3872 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:52:51.0716 3872 NdisTapi - ok
11:52:51.0731 3872 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:52:51.0731 3872 Ndisuio - ok
11:52:51.0731 3872 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:52:51.0747 3872 NdisWan - ok
11:52:51.0747 3872 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:52:51.0747 3872 NDProxy - ok
11:52:51.0763 3872 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:52:51.0763 3872 NetBIOS - ok
11:52:51.0778 3872 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:52:51.0778 3872 NetBT - ok
11:52:51.0794 3872 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:52:51.0794 3872 Netlogon - ok
11:52:51.0809 3872 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:52:51.0809 3872 Netman - ok
11:52:51.0825 3872 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:52:51.0856 3872 netprofm - ok
11:52:51.0887 3872 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:52:51.0887 3872 NetTcpPortSharing - ok
11:52:51.0887 3872 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:52:51.0887 3872 nfrd960 - ok
11:52:51.0903 3872 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
11:52:51.0903 3872 NlaSvc - ok
11:52:51.0919 3872 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:52:51.0919 3872 Npfs - ok
11:52:51.0934 3872 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:52:51.0934 3872 nsi - ok
11:52:51.0934 3872 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:52:51.0934 3872 nsiproxy - ok
11:52:51.0981 3872 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
11:52:51.0997 3872 Ntfs - ok
11:52:52.0043 3872 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:52:52.0043 3872 Null - ok
11:52:52.0402 3872 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:52:52.0449 3872 nvlddmkm - ok
11:52:52.0496 3872 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
11:52:52.0496 3872 nvraid - ok
11:52:52.0496 3872 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
11:52:52.0496 3872 nvstor - ok
11:52:52.0543 3872 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
11:52:52.0558 3872 nvsvc - ok
11:52:52.0652 3872 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:52:52.0667 3872 nvUpdatusService - ok
11:52:52.0699 3872 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
11:52:52.0699 3872 nv_agp - ok
11:52:52.0714 3872 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:52:52.0714 3872 ohci1394 - ok
11:52:52.0745 3872 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:52:52.0745 3872 ose64 - ok
11:52:52.0886 3872 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:52:52.0901 3872 osppsvc - ok
11:52:52.0948 3872 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:52:52.0948 3872 p2pimsvc - ok
11:52:52.0979 3872 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:52:52.0979 3872 p2psvc - ok
11:52:52.0995 3872 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:52:52.0995 3872 Parport - ok
11:52:53.0011 3872 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
11:52:53.0026 3872 partmgr - ok
11:52:53.0026 3872 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:52:53.0026 3872 PcaSvc - ok
11:52:53.0042 3872 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
11:52:53.0042 3872 pci - ok
11:52:53.0042 3872 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
11:52:53.0042 3872 pciide - ok
11:52:53.0057 3872 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:52:53.0057 3872 pcmcia - ok
11:52:53.0057 3872 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:52:53.0057 3872 pcw - ok
11:52:53.0089 3872 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:52:53.0089 3872 PEAUTH - ok
11:52:53.0135 3872 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
11:52:53.0135 3872 PeerDistSvc - ok
11:52:53.0167 3872 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:52:53.0167 3872 PerfHost - ok
11:52:53.0245 3872 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
11:52:53.0245 3872 pla - ok
11:52:53.0276 3872 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
11:52:53.0276 3872 PlugPlay - ok
11:52:53.0291 3872 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:52:53.0291 3872 PNRPAutoReg - ok
11:52:53.0307 3872 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:52:53.0323 3872 PNRPsvc - ok
11:52:53.0338 3872 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
11:52:53.0338 3872 PolicyAgent - ok
11:52:53.0354 3872 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:52:53.0354 3872 Power - ok
11:52:53.0385 3872 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:52:53.0385 3872 PptpMiniport - ok
11:52:53.0401 3872 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:52:53.0401 3872 Processor - ok
11:52:53.0401 3872 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
11:52:53.0416 3872 ProfSvc - ok
11:52:53.0432 3872 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:52:53.0432 3872 ProtectedStorage - ok
11:52:53.0447 3872 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:52:53.0447 3872 Psched - ok
11:52:53.0494 3872 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:52:53.0494 3872 ql2300 - ok
11:52:53.0541 3872 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:52:53.0541 3872 ql40xx - ok
11:52:53.0572 3872 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:52:53.0572 3872 QWAVE - ok
11:52:53.0572 3872 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:52:53.0572 3872 QWAVEdrv - ok
11:52:53.0588 3872 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:52:53.0588 3872 RasAcd - ok
11:52:53.0603 3872 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:52:53.0603 3872 RasAgileVpn - ok
11:52:53.0619 3872 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:52:53.0619 3872 RasAuto - ok
11:52:53.0619 3872 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:52:53.0619 3872 Rasl2tp - ok
11:52:53.0650 3872 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
11:52:53.0650 3872 RasMan - ok
11:52:53.0650 3872 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:52:53.0650 3872 RasPppoe - ok
11:52:53.0666 3872 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:52:53.0666 3872 RasSstp - ok
11:52:53.0681 3872 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:52:53.0681 3872 rdbss - ok
11:52:53.0697 3872 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:52:53.0697 3872 rdpbus - ok
11:52:53.0697 3872 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:52:53.0697 3872 RDPCDD - ok
11:52:53.0713 3872 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
11:52:53.0713 3872 RDPDR - ok
11:52:53.0713 3872 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:52:53.0713 3872 RDPENCDD - ok
11:52:53.0728 3872 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:52:53.0728 3872 RDPREFMP - ok
11:52:53.0744 3872 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
11:52:53.0744 3872 RDPWD - ok
11:52:53.0759 3872 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
11:52:53.0759 3872 rdyboost - ok
11:52:53.0791 3872 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:52:53.0791 3872 RemoteAccess - ok
11:52:53.0806 3872 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:52:53.0806 3872 RemoteRegistry - ok
11:52:53.0806 3872 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:52:53.0806 3872 RpcEptMapper - ok
11:52:53.0822 3872 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:52:53.0822 3872 RpcLocator - ok
11:52:53.0853 3872 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
11:52:53.0853 3872 RpcSs - ok
11:52:53.0869 3872 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:52:53.0869 3872 rspndr - ok
11:52:53.0900 3872 RTL8167 (66f9f7161d147b6486a22feb9425930d) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:52:53.0900 3872 RTL8167 - ok
11:52:53.0915 3872 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
11:52:53.0915 3872 s3cap - ok
11:52:53.0931 3872 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:52:53.0931 3872 SamSs - ok
11:52:53.0978 3872 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:52:53.0993 3872 SASDIFSV - ok
11:52:53.0993 3872 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:52:54.0009 3872 SASKUTIL - ok
11:52:54.0025 3872 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
11:52:54.0025 3872 sbp2port - ok
11:52:54.0025 3872 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:52:54.0025 3872 SCardSvr - ok
11:52:54.0040 3872 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:52:54.0040 3872 scfilter - ok
11:52:54.0087 3872 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
11:52:54.0087 3872 Schedule - ok
11:52:54.0103 3872 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
11:52:54.0103 3872 SCPolicySvc - ok
11:52:54.0118 3872 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
11:52:54.0118 3872 SDRSVC - ok
11:52:54.0149 3872 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:52:54.0149 3872 secdrv - ok
11:52:54.0165 3872 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
11:52:54.0165 3872 seclogon - ok
11:52:54.0165 3872 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:52:54.0165 3872 SENS - ok
11:52:54.0181 3872 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:52:54.0181 3872 SensrSvc - ok
11:52:54.0196 3872 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:52:54.0196 3872 Serenum - ok
11:52:54.0212 3872 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:52:54.0212 3872 Serial - ok
11:52:54.0212 3872 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:52:54.0212 3872 sermouse - ok
11:52:54.0227 3872 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
11:52:54.0227 3872 SessionEnv - ok
11:52:54.0243 3872 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:52:54.0243 3872 sffdisk - ok
11:52:54.0274 3872 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:52:54.0274 3872 sffp_mmc - ok
11:52:54.0274 3872 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
11:52:54.0290 3872 sffp_sd - ok
11:52:54.0290 3872 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:52:54.0290 3872 sfloppy - ok
11:52:54.0321 3872 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:52:54.0321 3872 SharedAccess - ok
11:52:54.0337 3872 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
11:52:54.0337 3872 ShellHWDetection - ok
11:52:54.0352 3872 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:52:54.0352 3872 SiSRaid2 - ok
11:52:54.0368 3872 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:52:54.0368 3872 SiSRaid4 - ok
11:52:54.0383 3872 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:52:54.0383 3872 Smb - ok
11:52:54.0383 3872 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:52:54.0383 3872 SNMPTRAP - ok
11:52:54.0399 3872 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:52:54.0399 3872 spldr - ok
11:52:54.0430 3872 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
11:52:54.0430 3872 Spooler - ok
11:52:54.0524 3872 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
11:52:54.0539 3872 sppsvc - ok
11:52:54.0602 3872 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:52:54.0602 3872 sppuinotify - ok
11:52:54.0649 3872 sptd (88e5162e58c8919cc873f5d8946197cf) C:\Windows\System32\Drivers\sptd.sys
11:52:54.0649 3872 sptd - ok
11:52:54.0680 3872 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
11:52:54.0680 3872 srv - ok
11:52:54.0695 3872 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
11:52:54.0695 3872 srv2 - ok
11:52:54.0727 3872 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
11:52:54.0727 3872 srvnet - ok
11:52:54.0742 3872 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:52:54.0742 3872 SSDPSRV - ok
11:52:54.0758 3872 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:52:54.0758 3872 SstpSvc - ok
11:52:54.0773 3872 Steam Client Service - ok
11:52:54.0836 3872 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:52:54.0836 3872 Stereo Service - ok
11:52:54.0851 3872 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:52:54.0851 3872 stexstor - ok
11:52:54.0883 3872 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
11:52:54.0883 3872 stisvc - ok
11:52:54.0898 3872 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
11:52:54.0898 3872 storflt - ok
11:52:54.0914 3872 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
11:52:54.0914 3872 storvsc - ok
11:52:54.0914 3872 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:52:54.0914 3872 swenum - ok
11:52:54.0961 3872 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
11:52:54.0961 3872 SwitchBoard - ok
11:52:54.0992 3872 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:52:54.0992 3872 swprv - ok
11:52:55.0039 3872 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
11:52:55.0054 3872 SysMain - ok
11:52:55.0101 3872 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
11:52:55.0101 3872 TabletInputService - ok
11:52:55.0117 3872 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
11:52:55.0117 3872 TapiSrv - ok
11:52:55.0117 3872 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:52:55.0117 3872 TBS - ok
11:52:55.0195 3872 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
11:52:55.0210 3872 Tcpip - ok
11:52:55.0288 3872 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
11:52:55.0288 3872 TCPIP6 - ok
11:52:55.0319 3872 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:52:55.0319 3872 tcpipreg - ok
11:52:55.0335 3872 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:52:55.0335 3872 TDPIPE - ok
11:52:55.0351 3872 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
11:52:55.0366 3872 TDTCP - ok
11:52:55.0366 3872 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:52:55.0382 3872 tdx - ok
11:52:55.0382 3872 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
11:52:55.0382 3872 TermDD - ok
11:52:55.0429 3872 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
11:52:55.0429 3872 TermService - ok
11:52:55.0444 3872 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:52:55.0444 3872 Themes - ok
11:52:55.0460 3872 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:52:55.0460 3872 THREADORDER - ok
11:52:55.0475 3872 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:52:55.0475 3872 TrkWks - ok
11:52:55.0507 3872 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
11:52:55.0507 3872 TrustedInstaller - ok
11:52:55.0507 3872 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:52:55.0507 3872 tssecsrv - ok
11:52:55.0538 3872 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:52:55.0538 3872 tunnel - ok
11:52:55.0538 3872 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:52:55.0538 3872 uagp35 - ok
11:52:55.0553 3872 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
11:52:55.0553 3872 udfs - ok
11:52:55.0569 3872 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:52:55.0569 3872 UI0Detect - ok
11:52:55.0585 3872 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:52:55.0585 3872 uliagpkx - ok
11:52:55.0600 3872 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
11:52:55.0600 3872 umbus - ok
11:52:55.0616 3872 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:52:55.0616 3872 UmPass - ok
11:52:55.0616 3872 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
11:52:55.0616 3872 UmRdpService - ok
11:52:55.0647 3872 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:52:55.0647 3872 upnphost - ok
11:52:55.0678 3872 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
11:52:55.0678 3872 USBAAPL64 - ok
11:52:55.0694 3872 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
11:52:55.0694 3872 usbccgp - ok
11:52:55.0709 3872 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
11:52:55.0709 3872 usbcir - ok
11:52:55.0709 3872 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
11:52:55.0725 3872 usbehci - ok
11:52:55.0725 3872 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
11:52:55.0725 3872 usbhub - ok
11:52:55.0741 3872 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
11:52:55.0741 3872 usbohci - ok
11:52:55.0741 3872 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:52:55.0741 3872 usbprint - ok
11:52:55.0756 3872 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:52:55.0756 3872 USBSTOR - ok
11:52:55.0772 3872 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:52:55.0772 3872 usbuhci - ok
11:52:55.0772 3872 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:52:55.0772 3872 UxSms - ok
11:52:55.0787 3872 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
11:52:55.0803 3872 VaultSvc - ok
11:52:55.0803 3872 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:52:55.0803 3872 vdrvroot - ok
11:52:55.0819 3872 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
11:52:55.0819 3872 vds - ok
11:52:55.0834 3872 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:52:55.0834 3872 vga - ok
11:52:55.0850 3872 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:52:55.0850 3872 VgaSave - ok
11:52:55.0865 3872 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
11:52:55.0865 3872 vhdmp - ok
11:52:55.0897 3872 vhidmini (1161acff728d97f75d74d2f1465f8a46) C:\Windows\system32\DRIVERS\vHidDev.sys
11:52:55.0897 3872 vhidmini - ok
11:52:55.0897 3872 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
11:52:55.0897 3872 viaide - ok
11:52:55.0912 3872 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
11:52:55.0912 3872 vmbus - ok
11:52:55.0928 3872 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
11:52:55.0928 3872 VMBusHID - ok
11:52:55.0928 3872 vmci - ok
11:52:55.0928 3872 VMnetAdapter - ok
11:52:55.0943 3872 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
11:52:55.0943 3872 volmgr - ok
11:52:55.0959 3872 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:52:55.0975 3872 volmgrx - ok
11:52:55.0975 3872 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
11:52:55.0990 3872 volsnap - ok
11:52:56.0021 3872 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:52:56.0021 3872 vsmraid - ok
11:52:56.0068 3872 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
11:52:56.0084 3872 VSS - ok
11:52:56.0131 3872 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:52:56.0146 3872 vwifibus - ok
11:52:56.0146 3872 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:52:56.0162 3872 W32Time - ok
11:52:56.0162 3872 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:52:56.0162 3872 WacomPen - ok
11:52:56.0177 3872 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:52:56.0193 3872 WANARP - ok
11:52:56.0193 3872 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:52:56.0193 3872 Wanarpv6 - ok
11:52:56.0255 3872 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:52:56.0255 3872 WatAdminSvc - ok
11:52:56.0302 3872 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
11:52:56.0302 3872 wbengine - ok
11:52:56.0333 3872 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:52:56.0333 3872 WbioSrvc - ok
11:52:56.0349 3872 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
11:52:56.0349 3872 wcncsvc - ok
11:52:56.0365 3872 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:52:56.0365 3872 WcsPlugInService - ok
11:52:56.0380 3872 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:52:56.0380 3872 Wd - ok
11:52:56.0411 3872 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:52:56.0411 3872 Wdf01000 - ok
11:52:56.0411 3872 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:52:56.0427 3872 WdiServiceHost - ok
11:52:56.0427 3872 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:52:56.0427 3872 WdiSystemHost - ok
11:52:56.0458 3872 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
11:52:56.0458 3872 WebClient - ok
11:52:56.0474 3872 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:52:56.0474 3872 Wecsvc - ok
11:52:56.0474 3872 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:52:56.0489 3872 wercplsupport - ok
11:52:56.0489 3872 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:52:56.0489 3872 WerSvc - ok
11:52:56.0505 3872 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:52:56.0505 3872 WfpLwf - ok
11:52:56.0505 3872 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:52:56.0505 3872 WIMMount - ok
11:52:56.0536 3872 WinDefend - ok
11:52:56.0536 3872 WinHttpAutoProxySvc - ok
11:52:56.0567 3872 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:52:56.0567 3872 Winmgmt - ok
11:52:56.0645 3872 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
11:52:56.0645 3872 WinRM - ok
11:52:56.0755 3872 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
11:52:56.0755 3872 WinUsb - ok
11:52:56.0786 3872 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:52:56.0786 3872 Wlansvc - ok
11:52:56.0879 3872 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:52:56.0879 3872 wlidsvc - ok
11:52:56.0926 3872 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:52:56.0926 3872 WmiAcpi - ok
11:52:56.0942 3872 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:52:56.0942 3872 wmiApSrv - ok
11:52:56.0957 3872 WMPNetworkSvc - ok
11:52:56.0973 3872 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:52:56.0973 3872 WPCSvc - ok
11:52:56.0973 3872 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
11:52:56.0973 3872 WPDBusEnum - ok
11:52:56.0989 3872 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:52:56.0989 3872 ws2ifsl - ok
11:52:57.0035 3872 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
11:52:57.0035 3872 wscsvc - ok
11:52:57.0067 3872 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
11:52:57.0067 3872 WSDPrintDevice - ok
11:52:57.0082 3872 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
11:52:57.0082 3872 WSDScan - ok
11:52:57.0082 3872 WSearch - ok
11:52:57.0160 3872 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:52:57.0176 3872 wuauserv - ok
11:52:57.0223 3872 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
11:52:57.0223 3872 WudfPf - ok
11:52:57.0238 3872 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:52:57.0238 3872 WUDFRd - ok
11:52:57.0254 3872 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
11:52:57.0254 3872 wudfsvc - ok
11:52:57.0269 3872 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:52:57.0269 3872 WwanSvc - ok
11:52:57.0379 3872 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
11:52:57.0379 3872 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
11:52:57.0410 3872 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:52:57.0425 3872 \Device\Harddisk0\DR0 - ok
11:52:57.0425 3872 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
11:52:57.0425 3872 \Device\Harddisk1\DR1 - ok
11:52:57.0457 3872 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
11:52:57.0566 3872 \Device\Harddisk2\DR2 - ok
11:52:57.0566 3872 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk3\DR3
11:52:57.0581 3872 \Device\Harddisk3\DR3 - ok
11:52:57.0581 3872 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4
11:52:57.0581 3872 \Device\Harddisk4\DR4 - ok
11:52:57.0581 3872 Boot (0x1200) (0fcc30c0ba5f29c3a2e30697382941a8) \Device\Harddisk0\DR0\Partition0
11:52:57.0581 3872 \Device\Harddisk0\DR0\Partition0 - ok
11:52:57.0581 3872 Boot (0x1200) (e3e99620630f992c7ca0ee44db7e7fb5) \Device\Harddisk1\DR1\Partition0
11:52:57.0581 3872 \Device\Harddisk1\DR1\Partition0 - ok
11:52:57.0613 3872 Boot (0x1200) (6605b0987c1399916e2949c93d43286d) \Device\Harddisk2\DR2\Partition0
11:52:57.0613 3872 \Device\Harddisk2\DR2\Partition0 - ok
11:52:57.0613 3872 Boot (0x1200) (886a7dc4a9be75f2d7311fab6e1b1d41) \Device\Harddisk2\DR2\Partition1
11:52:57.0613 3872 \Device\Harddisk2\DR2\Partition1 - ok
11:52:57.0644 3872 Boot (0x1200) (3d4976fe64146343fbe28589cb30ec31) \Device\Harddisk2\DR2\Partition2
11:52:57.0644 3872 \Device\Harddisk2\DR2\Partition2 - ok
11:52:57.0644 3872 Boot (0x1200) (de5bd9895341433e79fb498ec25b9553) \Device\Harddisk3\DR3\Partition0
11:52:57.0644 3872 \Device\Harddisk3\DR3\Partition0 - ok
11:52:57.0644 3872 Boot (0x1200) (5d1d7caf58b39cd35b70f6bde7ead7fe) \Device\Harddisk4\DR4\Partition0
11:52:57.0659 3872 \Device\Harddisk4\DR4\Partition0 - ok
11:52:57.0659 3872 ============================================================
11:52:57.0659 3872 Scan finished
11:52:57.0659 3872 ============================================================
11:52:57.0659 5300 Detected object count: 0
11:52:57.0659 5300 Actual detected object count: 0
11:53:31.0911 7068 Deinitialize success







aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 12:04:31
-----------------------------
12:04:31.745 OS Version: Windows x64 6.1.7600
12:04:31.745 Number of processors: 8 586 0x1A04
12:04:31.745 ComputerName: CHRIS-PCA UserName: Chris
12:04:32.447 Initialize success
12:04:36.393 AVAST engine defs: 12081001
12:04:41.183 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:04:41.183 Disk 0 Vendor: WDC_WD10EAVS-14D7B1 01.01A01 Size: 953869MB BusType: 3
12:04:41.183 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-5
12:04:41.198 Disk 1 Vendor: ST3250820AS 3.CHL Size: 238475MB BusType: 3
12:04:41.198 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP4T1L0-7
12:04:41.198 Disk 2 Vendor: WDC_WD3200AAKS-00B3A0 01.03A01 Size: 305245MB BusType: 3
12:04:41.198 Disk 3 (boot) \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP5T1L0-9
12:04:41.198 Disk 3 Vendor: WDC_WD3000GLFS-01F8U0 03.03V01 Size: 286168MB BusType: 3
12:04:41.214 Disk 3 MBR read successfully
12:04:41.214 Disk 3 MBR scan
12:04:41.229 Disk 3 Windows VISTA default MBR code
12:04:41.229 Disk 3 Partition 1 00 07 HPFS/NTFS NTFS 286166 MB offset 2048
12:04:41.245 Disk 3 scanning C:\Windows\system32\drivers
12:04:56.205 Service scanning
12:05:10.511 Modules scanning
12:05:10.511 Disk 3 trace - called modules:
12:05:10.511 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
12:05:10.511 1 nt!IofCallDriver -> \Device\Harddisk3\DR3[0xfffffa8006c46060]
12:05:10.526 3 CLASSPNP.SYS[fffff880018a743f] -> nt!IofCallDriver -> [0xfffffa800693be40]
12:05:10.526 5 ACPI.sys[fffff88000f9a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T1L0-9[0xfffffa8006977060]
12:05:11.696 AVAST engine scan C:\Windows
12:05:29.137 AVAST engine scan C:\Windows\system32
12:10:49.936 AVAST engine scan C:\Windows\system32\drivers
12:11:15.427 AVAST engine scan C:\Users\Chris
12:20:20.039 File: C:\Users\Chris\AppData\Local\{3f6a4df7-028c-3677-0e01-7d794beddc9c}\U\00000004.@ **INFECTED** Win32:Malware-gen
12:20:20.086 File: C:\Users\Chris\AppData\Local\{3f6a4df7-028c-3677-0e01-7d794beddc9c}\U\000000cb.@ **INFECTED** Win32:Malware-gen
12:20:20.102 File: C:\Users\Chris\AppData\Local\{3f6a4df7-028c-3677-0e01-7d794beddc9c}\U\80000000.@ **INFECTED** Win32:Malware-gen
12:20:20.133 File: C:\Users\Chris\AppData\Local\{3f6a4df7-028c-3677-0e01-7d794beddc9c}\U\80000032.@ **INFECTED** Win32:Downloader-PKU [Trj]
12:20:20.164 File: C:\Users\Chris\AppData\Local\{3f6a4df7-028c-3677-0e01-7d794beddc9c}\U\80000064.@ **INFECTED** Win32:Malware-gen
12:43:42.193 AVAST engine scan C:\ProgramData
12:54:34.903 Scan finished successfully
12:54:50.473 Disk 3 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
12:54:50.473 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:54 PM

Posted 10 August 2012 - 03:10 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 cvbowlr

cvbowlr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 10 August 2012 - 03:31 PM

Hello,

Just finished running those.


Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 10-08-2012 13:22:35
Running from K:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13374568 2011-12-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [251392 2010-05-05] ()
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\Windows\System32\acaptuser64.dll

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

========================== Drivers (Whitelisted) =============

0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
3 CYUSB; C:\Windows\System32\Drivers\CYUSB.sys [47104 2009-08-10] (Cypress Semiconductor)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2010-04-23] (Duplex Secure Ltd.)
2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [146928 2010-06-28] (CyberLink Corp.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
0 vmci; C:\Windows\System32\DRIVERS\vmci.sys [x]
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-10 13:22 - 2012-08-10 13:22 - 00000000 ____D C:\FRST
2012-08-10 12:14 - 2012-08-10 12:14 - 01439703 ____A (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2012-08-10 12:14 - 2012-08-10 12:14 - 00001908 ____A C:\Windows\diagwrn.xml
2012-08-10 12:14 - 2012-08-10 12:14 - 00001908 ____A C:\Windows\diagerr.xml
2012-08-10 12:02 - 2012-08-10 12:03 - 00000000 ____D C:\Users\Chris\Desktop\Lynda.com.Excel.2010.Pivot.Tables.in.Depth-QUASAR
2012-08-10 11:54 - 2012-08-10 11:54 - 00003032 ____A C:\Users\Chris\Desktop\aswMBR.txt
2012-08-10 10:51 - 2012-08-10 10:52 - 04731392 ____A (AVAST Software) C:\Users\Chris\Desktop\aswMBR.exe
2012-08-10 10:51 - 2012-08-10 10:51 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Chris\Desktop\tdsskiller(1).exe
2012-08-10 09:19 - 2012-08-10 09:28 - 00000000 ____D C:\Users\Chris\Downloads\Total Recall 2012 720p TS XViD - ARiSE
2012-08-10 08:49 - 2012-08-10 08:49 - 00016235 ____A C:\ComboFix.txt
2012-08-10 08:37 - 2012-08-10 08:37 - 00001148 ____A C:\Users\Chris\Desktop\checkup.txt
2012-08-10 08:35 - 2012-08-10 08:35 - 00881494 ____A C:\Users\Chris\Desktop\SecurityCheck(1).exe
2012-08-10 01:01 - 2012-08-10 01:01 - 00000000 ____D C:\Users\Chris\AppData\Local\{B51BBA6F-3BE2-4B8C-9B82-10000F6E39E2}
2012-08-10 01:01 - 2012-08-10 01:01 - 00000000 ____D C:\Users\Chris\AppData\Local\{7AB830D4-4DCB-4AB9-8FF0-8FC4B0B9317E}
2012-08-09 22:15 - 2012-08-09 22:15 - 00000000 ____D C:\Users\Chris\Downloads\AbbyWinters.12.08.04.Fenna.Hardcore.XXX.720p.MP4-KTR
2012-08-09 22:13 - 2012-08-09 22:13 - 00000000 ____D C:\Users\Chris\Downloads\Odd.Jobs.XXX.BDRip.XviD-STARLETS
2012-08-09 22:11 - 2012-08-09 22:30 - 00000000 ____D C:\Users\Chris\Downloads\CollegeRules.12.08.09.Orgy.At.The.Dorm.XXX.720p.MP4-KTR
2012-08-09 21:41 - 2012-08-09 22:34 - 00000000 ____D C:\Users\Chris\Downloads\Anger.Management.S01E08.720p.HDTV.x264-IMMERSE
2012-08-09 21:40 - 2012-08-09 22:56 - 00000000 ____D C:\Users\Chris\Downloads\Louie.S03E07.720p.HDTV.x264-EVOLVE
2012-08-09 14:06 - 2012-08-09 14:06 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-09 14:06 - 2012-08-09 14:06 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-09 13:31 - 2012-08-09 13:31 - 00025950 ____A C:\Users\Chris\Desktop\DDS.txt
2012-08-09 13:31 - 2012-08-09 13:31 - 00011735 ____A C:\Users\Chris\Desktop\Attach.txt
2012-08-09 13:29 - 2012-08-09 13:29 - 00607260 ____R (Swearware) C:\Users\Chris\Desktop\dds.com
2012-08-09 13:25 - 2012-08-09 13:25 - 00000582 ____A C:\Users\Chris\Desktop\defogger_disable.log
2012-08-09 13:25 - 2012-08-09 13:25 - 00000020 ____A C:\Users\Chris\defogger_reenable
2012-08-09 13:24 - 2012-08-09 13:24 - 00050477 ____A C:\Users\Chris\Desktop\Defogger.exe
2012-08-09 13:00 - 2012-08-09 13:01 - 00000000 ____D C:\Users\Chris\AppData\Local\{88EE67CA-1ECF-4BFC-9D9A-D56E56DA19EA}
2012-08-09 13:00 - 2012-08-09 13:00 - 00000000 ____D C:\Users\Chris\AppData\Local\{07CC294A-0861-4C4D-AC04-8BC32D7825B4}
2012-08-09 12:08 - 2012-08-09 12:25 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-08-09 12:08 - 2012-08-09 12:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-09 12:08 - 2012-08-09 12:08 - 00001262 ____A C:\Users\Chris\Desktop\Spybot - Search & Destroy.lnk
2012-08-09 12:07 - 2012-08-09 12:07 - 16409960 ____A (Safer Networking Limited ) C:\Users\Chris\Desktop\spybotsd162.exe
2012-08-09 11:05 - 2012-08-09 11:05 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-08-09 11:05 - 2012-08-09 11:05 - 00000000 ____D C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
2012-08-09 11:05 - 2012-08-09 11:05 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-08-09 11:05 - 2012-08-09 11:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-08-09 10:59 - 2012-08-09 10:59 - 19077672 ____A (SUPERAntiSpyware.com) C:\Users\Chris\Desktop\SAS_881A20D8.EXE
2012-08-09 10:01 - 2012-08-09 10:01 - 00881494 ____A C:\Users\Chris\Desktop\SecurityCheck.exe
2012-08-09 10:00 - 2012-08-10 08:38 - 04728003 ____R (Swearware) C:\Users\Chris\Desktop\ComboFix.exe
2012-08-09 08:54 - 2012-08-09 08:54 - 00284608 ____A C:\Windows\Minidump\080912-31917-01.dmp
2012-08-09 00:49 - 2012-08-09 00:50 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Chris\Desktop\tdsskiller.exe
2012-08-08 20:47 - 2012-08-08 20:49 - 00014318 ____A C:\Users\Chris\Desktop\New Text Document.txt
2012-08-08 16:20 - 2012-08-08 16:20 - 00000000 ____D C:\Users\Chris\AppData\Local\{A83D5A89-9E07-440A-A782-BC379CE8A89B}
2012-08-08 16:20 - 2012-08-08 16:20 - 00000000 ____D C:\Users\Chris\AppData\Local\{1ED4A7F7-1F0B-4F23-B251-B91593C0FA11}
2012-08-08 14:36 - 2012-08-08 14:37 - 00000000 ____D C:\Users\Chris\Documents\Fax
2012-08-08 11:54 - 2012-08-08 12:01 - 00000000 ____D C:\Users\Chris\Downloads\Total Recall 2012 NEW TS x264 AAC-UNiQUE
2012-08-08 04:19 - 2012-08-08 04:19 - 00000000 ____D C:\Users\Chris\AppData\Local\{CD68C5EA-6512-43D5-8B98-A57870B8F623}
2012-08-08 04:19 - 2012-08-08 04:19 - 00000000 ____D C:\Users\Chris\AppData\Local\{C7724C55-663E-4632-9E21-7F9BB1BA898E}
2012-08-07 20:37 - 2012-08-07 20:43 - 00000000 ____D C:\Users\Chris\Downloads\The Dictator UNRATED 2012 BRRip XviD AC3-SANTi
2012-08-07 16:19 - 2012-08-07 16:19 - 00000000 ____D C:\Users\Chris\AppData\Local\{E256D073-F9F4-4526-8EF8-A7855284178C}
2012-08-07 16:18 - 2012-08-07 16:19 - 00000000 ____D C:\Users\Chris\AppData\Local\{1FDA591F-524D-4C9C-8779-E02599799166}
2012-08-07 04:18 - 2012-08-07 04:18 - 00000000 ____D C:\Users\Chris\AppData\Local\{D05FA209-5A57-483D-A77F-D453A06CB7B8}
2012-08-07 04:18 - 2012-08-07 04:18 - 00000000 ____D C:\Users\Chris\AppData\Local\{96D0CCEF-A789-41BE-9D38-06C40AB5069B}
2012-08-06 16:55 - 2012-08-06 16:56 - 00000000 ____D C:\Users\Chris\Downloads\The.Hunger.Games.2012 .BRRip.XviD.AC3-Voltage
2012-08-06 16:54 - 2012-08-06 16:58 - 00000000 ____D C:\Users\Chris\Downloads\Machine_Head-Wacken_Open_Air_(2012)-x264-2012-SRP
2012-08-06 16:49 - 2012-08-06 16:49 - 00000000 ____D C:\Users\Chris\Downloads\Rock.Of.Ages.2012.TS.XVID-26K
2012-08-06 16:18 - 2012-08-06 16:18 - 00000000 ____D C:\Users\Chris\AppData\Local\{D24EF6C8-C68C-450B-ABF8-479B2F030DFF}
2012-08-06 16:18 - 2012-08-06 16:18 - 00000000 ____D C:\Users\Chris\AppData\Local\{4D08A092-40C3-4D37-9008-4935077A9CC2}
2012-08-06 16:04 - 2012-08-06 16:26 - 00000000 ____D C:\Users\Chris\Downloads\Extreme.Waterparks.S01E06.HDTV.X264-CRiMSON
2012-08-06 16:03 - 2012-08-06 16:04 - 00000000 ____D C:\Users\Chris\Downloads\Pink-Blow_Me_(One_Last_Kiss)-1080p-x264-2012-FRAY
2012-08-06 13:08 - 2012-08-06 15:50 - 00000000 ____D C:\Users\Chris\Downloads\Political.Animals.S01E04.720p.HDTV.X264-DIMENSION
2012-08-06 12:54 - 2012-08-06 13:03 - 00000000 ____D C:\Users\Chris\Downloads\X-Art.12.08.03.Jessie.Farewell.XXX.1080p.MP4-KTR
2012-08-06 04:17 - 2012-08-06 04:18 - 00000000 ____D C:\Users\Chris\AppData\Local\{FAA10CA2-6BAE-4071-B958-607D40E8FBFB}
2012-08-06 04:17 - 2012-08-06 04:17 - 00000000 ____D C:\Users\Chris\AppData\Local\{054CCAFA-7F67-424D-9825-91014A415569}
2012-08-05 21:24 - 2012-08-06 15:06 - 00000000 ____D C:\Users\Chris\Downloads\The.Newsroom.2012.S01E07.720p.HDTV.x264-EVOLVE
2012-08-05 19:32 - 2012-08-05 23:18 - 00000000 ____D C:\Users\Chris\Downloads\True.Blood.S05E09.720p.HDTV.x264-EVOLVE
2012-08-05 18:55 - 2012-08-05 19:52 - 00000000 ____D C:\Users\Chris\Downloads\Weeds.S08E06.720p.HDTV.x264-IMMERSE
2012-08-05 18:21 - 2012-08-05 19:24 - 00000000 ____D C:\Users\Chris\Downloads\Falling.Skies.S02E08.720p.HDTV.x264-COMPULSiON
2012-08-05 17:59 - 2012-08-05 17:59 - 00014840 ____A C:\Users\Chris\Desktop\Battleship.(2012).BRRip.XviD-LTRG.torrent
2012-08-05 16:17 - 2012-08-05 16:17 - 00000000 ____D C:\Users\Chris\AppData\Local\{E94E955E-F077-43B7-8D83-F8DA14074581}
2012-08-05 16:17 - 2012-08-05 16:17 - 00000000 ____D C:\Users\Chris\AppData\Local\{5F42EB30-6551-4D06-81C5-1AE54BA1C54D}
2012-08-03 07:41 - 2012-08-03 09:33 - 00000000 ____D C:\Users\Chris\Downloads\Louie.S03E06.720p.HDTV.x264-EVOLVE
2012-08-02 23:39 - 2012-08-02 23:39 - 00000000 ____D C:\Users\Chris\AppData\Local\{FFE3A554-94FB-480D-B759-191D1BEBED6D}
2012-08-02 23:39 - 2012-08-02 23:39 - 00000000 ____D C:\Users\Chris\AppData\Local\{DACB4812-9960-4BCC-B0B0-D48605105B07}
2012-08-02 22:52 - 2012-08-02 22:53 - 00000000 ____D C:\Users\Chris\Downloads\Stories
2012-08-02 22:52 - 2012-08-02 22:53 - 00000000 ____D C:\Users\Chris\Downloads\All That Remains - For We Are Many
2012-08-02 20:18 - 2012-08-02 21:38 - 00000000 ____D C:\Users\Chris\Downloads\Political.Animals.S01E03.HDTV.x264-LOL
2012-08-02 19:23 - 2012-08-02 19:55 - 00000000 ____D C:\Users\Chris\Downloads\Anger.Management.S01E07.720p.HDTV.x264-EVOLVE
2012-08-02 18:04 - 2012-08-02 18:04 - 00028102 ____A C:\Users\Chris\Desktop\Wrath.of.the.Titans.2012.NTSC.DVDR-ToF.torrent
2012-08-02 18:02 - 2012-08-02 18:02 - 00028010 ____A C:\Users\Chris\Desktop\Tinker.Tailor.Soldier.Spy.2011.PAL.DVDR-FICODVDR.torrent
2012-08-02 17:54 - 2012-08-02 17:54 - 00027824 ____A C:\Users\Chris\Desktop\Red.Tails.2012.DVDR-MPTDVD.torrent
2012-08-02 17:53 - 2012-08-02 17:53 - 00027445 ____A C:\Users\Chris\Desktop\Mr.Poppers.Penguins.2011.NTSC.DVDR-BULLDOZER.torrent
2012-08-02 17:48 - 2012-08-02 17:48 - 00027842 ____A C:\Users\Chris\Desktop\Haywire.2011.DVDR-MPTDVD.torrent
2012-08-02 11:38 - 2012-08-02 11:39 - 00000000 ____D C:\Users\Chris\AppData\Local\{1E3D1A14-9C13-485D-9C15-1EB325BC046D}
2012-08-02 11:38 - 2012-08-02 11:38 - 00000000 ____D C:\Users\Chris\AppData\Local\{D0BD8348-30F9-4C90-9902-64AFB5F1F4BA}
2012-08-01 23:38 - 2012-08-01 23:38 - 00000000 ____D C:\Users\Chris\AppData\Local\{9BAC479B-74F3-4B5B-B5CC-42D5BFBDCC04}
2012-08-01 23:38 - 2012-08-01 23:38 - 00000000 ____D C:\Users\Chris\AppData\Local\{592C8201-E577-4DBA-B271-66669D1D722B}
2012-08-01 11:37 - 2012-08-01 11:38 - 00000000 ____D C:\Users\Chris\AppData\Local\{FB8A7896-CF18-4651-8EFC-394BCBB7ABD6}
2012-08-01 11:37 - 2012-08-01 11:37 - 00000000 ____D C:\Users\Chris\AppData\Local\{C87E1084-BF79-4967-A085-F936BB190F8F}
2012-08-01 11:30 - 2012-08-01 11:31 - 00000000 ____D C:\Users\Chris\Downloads\Russian amateur kitchen bleep
2012-07-31 23:41 - 2012-07-31 23:49 - 00000000 ____D C:\Users\Chris\Downloads\X-Art.12.07.29.Silvie.Transcendence.XXX.1080p.MOV-KTR
2012-07-31 23:40 - 2012-07-31 23:42 - 00000000 ____D C:\Users\Chris\Downloads\Russian amateur couple bleep at home
2012-07-31 23:37 - 2012-07-31 23:50 - 00000000 ____D C:\Users\Chris\Downloads\MassageGirls18.12.07.14.Kaylee.XXX.720p.WMV-KTR
2012-07-31 23:37 - 2012-07-31 23:37 - 00000000 ____D C:\Users\Chris\AppData\Local\{F70E63F8-885F-4E85-97AC-E182C1509182}
2012-07-31 23:37 - 2012-07-31 23:37 - 00000000 ____D C:\Users\Chris\AppData\Local\{7061D4C7-23A4-454B-B2AE-833BF969B7E9}
2012-07-31 21:05 - 2012-08-01 12:10 - 00000000 ____D C:\Users\Chris\Downloads\Covert.Affairs.S03E04.720p.HDTV.x264-EVOLVE
2012-07-31 20:57 - 2012-08-01 10:31 - 00000000 ____D C:\Users\Chris\Downloads\Workaholics.S03E10.720p.HDTV.x264-EVOLVE
2012-07-31 20:56 - 2012-08-01 11:16 - 00000000 ____D C:\Users\Chris\Downloads\White.Collar.S04E04.PROPER.720p.HDTV.x264-EVOLVE
2012-07-31 13:21 - 2012-07-31 13:21 - 00262144 ____A C:\Windows\Minidump\073112-27378-01.dmp
2012-07-31 11:36 - 2012-07-31 11:36 - 00000000 ____D C:\Users\Chris\AppData\Local\{8D150F18-961C-4416-AC95-0CD1F00E5CD5}
2012-07-31 11:36 - 2012-07-31 11:36 - 00000000 ____D C:\Users\Chris\AppData\Local\{5D28DEF5-1AE5-4FF7-8751-72059026AA5B}
2012-07-31 09:53 - 2012-07-31 10:14 - 00000000 ____D C:\Users\Chris\Downloads\The.Pill.XXX.DVDRip.XviD-Jiggly
2012-07-31 09:19 - 2012-07-31 09:20 - 00000000 ____D C:\Users\Chris\Downloads\The.Dark.Knight.Rises.2012.TS.NEW.SOURCE.XVID-26K
2012-07-30 21:26 - 2012-07-30 21:26 - 00000000 ____D C:\Users\Chris\AppData\Local\{9380C06F-0B99-4C03-9366-F4FC1E327406}
2012-07-30 21:26 - 2012-07-30 21:26 - 00000000 ____D C:\Users\Chris\AppData\Local\{172678D6-7626-44DD-BDD0-7487CF1A71D8}
2012-07-30 11:20 - 2012-07-30 11:20 - 00000000 ____D C:\Users\Chris\Downloads\Pink-Blow_Me_(One_Last_Kiss)-DDC-1080p-x264-2012-GRMV_iNT
2012-07-30 09:26 - 2012-07-30 09:26 - 00000000 ____D C:\Users\Chris\AppData\Local\{BBC47A70-5BA8-4329-95EF-C4BEFA15678F}
2012-07-30 09:25 - 2012-07-30 09:26 - 00000000 ____D C:\Users\Chris\AppData\Local\{7D915435-B4E3-4CA4-B2CA-526652CC4063}
2012-07-29 21:25 - 2012-07-29 21:25 - 00000000 ____D C:\Users\Chris\AppData\Local\{CB197A71-B89A-4833-A281-5A356BDAC9F1}
2012-07-29 21:25 - 2012-07-29 21:25 - 00000000 ____D C:\Users\Chris\AppData\Local\{C2C29C1C-62AC-48A9-8D0B-A55A383F2FB7}
2012-07-29 09:25 - 2012-07-29 09:25 - 00000000 ____D C:\Users\Chris\AppData\Local\{F41C3F30-DEB1-41B3-AC5D-13152231D66F}
2012-07-29 09:25 - 2012-07-29 09:25 - 00000000 ____D C:\Users\Chris\AppData\Local\{507BC2DD-3698-4E1D-88D6-2AE65ACB1860}
2012-07-28 21:24 - 2012-07-28 21:25 - 00000000 ____D C:\Users\Chris\AppData\Local\{7EB34A8B-60E0-4027-9A48-AC33D7906806}
2012-07-28 21:24 - 2012-07-28 21:24 - 00000000 ____D C:\Users\Chris\AppData\Local\{0165EC29-E5CE-4BCC-999B-274608B40FA9}
2012-07-28 09:24 - 2012-07-28 09:24 - 00000000 ____D C:\Users\Chris\AppData\Local\{A38BE94F-EF0E-42FC-9B2B-1CD2D5C7D1BF}
2012-07-28 09:24 - 2012-07-28 09:24 - 00000000 ____D C:\Users\Chris\AppData\Local\{07F7BEEC-4819-46D9-B66F-5D31A02986F3}
2012-07-27 21:23 - 2012-07-27 21:24 - 00000000 ____D C:\Users\Chris\AppData\Local\{217933C6-8DC9-4BA6-B6EE-A63D40632398}
2012-07-27 21:23 - 2012-07-27 21:23 - 00000000 ____D C:\Users\Chris\AppData\Local\{28C12261-2F09-408E-BF1E-D439F9ECF058}
2012-07-27 19:01 - 2012-07-27 19:01 - 00287720 ____A C:\Windows\Minidump\072712-32479-01.dmp
2012-07-27 09:23 - 2012-07-27 09:23 - 00000000 ____D C:\Users\Chris\AppData\Local\{C937A81B-52A8-4B38-B0C8-379C4AF1FAE7}
2012-07-27 09:23 - 2012-07-27 09:23 - 00000000 ____D C:\Users\Chris\AppData\Local\{2CC984D4-3633-4D99-A944-097A39E9A2E1}
2012-07-26 21:23 - 2012-07-26 21:23 - 00000000 ____D C:\Users\Chris\AppData\Local\{9BB7DEB1-4E9C-478E-A166-537E09F75C06}
2012-07-26 21:22 - 2012-07-26 21:23 - 00000000 ____D C:\Users\Chris\AppData\Local\{57C62942-4C4F-4A11-9947-893A1FA4AF6F}
2012-07-26 09:22 - 2012-07-26 09:22 - 00000000 ____D C:\Users\Chris\AppData\Local\{B214A18D-A64B-4702-9286-9E871EE73389}
2012-07-26 09:22 - 2012-07-26 09:22 - 00000000 ____D C:\Users\Chris\AppData\Local\{2922E541-0E6C-4239-A6FD-C25F9E5B1612}
2012-07-25 21:22 - 2012-07-25 21:22 - 00000000 ____D C:\Users\Chris\AppData\Local\{81C38665-2A8A-4D74-90BF-BF5D84FB8F94}
2012-07-25 21:22 - 2012-07-25 21:22 - 00000000 ____D C:\Users\Chris\AppData\Local\{439DC083-32B5-40D0-B1D7-368C5AE9A644}
2012-07-25 09:21 - 2012-07-25 09:22 - 00000000 ____D C:\Users\Chris\AppData\Local\{CDFE889B-BFF9-429C-A9C5-11FF84EBAC48}
2012-07-25 09:21 - 2012-07-25 09:21 - 00000000 ____D C:\Users\Chris\AppData\Local\{F8640BEE-8DD1-426A-9E88-C6C37871B499}
2012-07-24 21:21 - 2012-07-24 21:21 - 00000000 ____D C:\Users\Chris\AppData\Local\{2792C765-1415-44E6-94BF-D968B9EC0C3E}
2012-07-24 21:21 - 2012-07-24 21:21 - 00000000 ____D C:\Users\Chris\AppData\Local\{0E05652D-481F-4C3F-B531-5009228B2C2D}
2012-07-24 09:16 - 2012-07-24 09:16 - 00000000 ____D C:\Users\Chris\AppData\Local\{1ABC8BC8-C1B0-4C81-A9C5-C4CBF4627B2B}
2012-07-24 09:16 - 2012-07-24 09:16 - 00000000 ____D C:\Users\Chris\AppData\Local\{146F1104-1A5E-40C5-907B-8804EF570660}
2012-07-24 07:54 - 2012-07-24 07:57 - 00000000 ____D C:\Users\Chris\Downloads\The.Dark.Knight.Rises.2012.CAM.NEW.XVID-26K
2012-07-23 21:16 - 2012-07-23 21:16 - 00000000 ____D C:\Users\Chris\AppData\Local\{B7748369-FF1E-4E5B-B69B-4C0C01B930E6}
2012-07-23 21:16 - 2012-07-23 21:16 - 00000000 ____D C:\Users\Chris\AppData\Local\{210D7473-894B-40BD-BFE4-D1C2D68288E8}
2012-07-23 17:55 - 2012-07-23 17:56 - 00008683 ____A C:\Users\Chris\Documents\Uninstall STAR WARS The Old Republic.log
2012-07-23 09:15 - 2012-07-23 09:16 - 00000000 ____D C:\Users\Chris\AppData\Local\{396695FA-CA61-43DB-A431-97A3FBA4CB36}
2012-07-23 09:15 - 2012-07-23 09:15 - 00000000 ____D C:\Users\Chris\AppData\Local\{A797CA45-064F-4A69-86DA-07F21554E3CE}
2012-07-23 08:36 - 2012-07-23 08:36 - 00000000 ____D C:\Users\Chris\AppData\Local\{5E944B5E-8A82-4C21-99D2-87B587BE230C}
2012-07-22 18:48 - 2012-07-22 18:48 - 00027617 ____A C:\Users\Chris\Desktop\The.Dark.Knight.2008.NTSC.DVDR-ANiPUNK.torrent
2012-07-22 18:02 - 2012-07-22 18:02 - 00000000 ____D C:\Users\Chris\AppData\Local\{8C78415B-81C7-4912-A71D-6EA533B47FC5}
2012-07-22 18:02 - 2012-07-22 18:02 - 00000000 ____D C:\Users\Chris\AppData\Local\{66572F0E-DE36-4149-A890-D8BBAC493C45}
2012-07-17 23:38 - 2012-07-17 23:38 - 00000000 ____D C:\Users\Chris\AppData\Local\{A2A6FB73-008A-448F-AA2D-9EBA9DF023A1}
2012-07-17 23:38 - 2012-07-17 23:38 - 00000000 ____D C:\Users\Chris\AppData\Local\{3B80ECD0-1B62-400B-B89D-5958C1A03228}
2012-07-17 13:28 - 2012-07-17 13:32 - 00000000 ____D C:\Users\Chris\Downloads\TED.2012.TS.XViD.AC3.Hive-CM8
2012-07-17 13:09 - 2012-07-17 13:09 - 00029119 ____A C:\Users\Chris\Desktop\Casa.de.mi.Padre.(2012).BRRip.XviD-LTRG.torrent
2012-07-17 11:38 - 2012-07-17 11:38 - 00000000 ____D C:\Users\Chris\AppData\Local\{7CF1D6D6-5DF0-4D28-8FE3-34EF8D0EC451}
2012-07-17 11:37 - 2012-07-17 11:38 - 00000000 ____D C:\Users\Chris\AppData\Local\{A7102832-25CD-41CB-BF5D-238FD1F72B4A}
2012-07-12 23:16 - 2012-07-12 23:16 - 00000000 ____D C:\Users\Chris\AppData\Local\{CDAF7EA6-134C-4FD1-AD05-C0E0A5200A5A}
2012-07-12 23:16 - 2012-07-12 23:16 - 00000000 ____D C:\Users\Chris\AppData\Local\{C45FE579-F455-48E8-A5E5-45573DB3CB31}
2012-07-12 20:30 - 2012-07-12 20:36 - 00000000 ____D C:\Users\Chris\Downloads\The.Amazing.Spiderman.2012.TS.XViD.AC3.Hive-CM8
2012-07-12 11:15 - 2012-07-12 11:16 - 00000000 ____D C:\Users\Chris\AppData\Local\{61BDB42E-7D7F-454E-ABC6-CC0154B7FFF2}
2012-07-12 11:15 - 2012-07-12 11:15 - 00000000 ____D C:\Users\Chris\AppData\Local\{8B0349DC-9ECD-4E6D-8C74-B1DFEBD6340F}
2012-07-11 23:15 - 2012-07-11 23:15 - 00000000 ____D C:\Users\Chris\AppData\Local\{DD93741D-C775-46A0-B903-819CA1D5DB65}
2012-07-11 23:15 - 2012-07-11 23:15 - 00000000 ____D C:\Users\Chris\AppData\Local\{198622F6-EC2B-41BC-8FC8-56486326FA1E}
2012-07-11 15:42 - 2012-07-11 15:43 - 00000000 ____D C:\Users\Chris\Downloads\Volbeat-Fallen-x264-2011-FRAY_INT
2012-07-11 14:05 - 2012-06-11 19:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 14:01 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 14:01 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 14:01 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 14:01 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 14:01 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 14:01 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 14:01 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 14:01 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 14:01 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 14:01 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 14:01 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 14:01 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 14:01 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 14:01 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 14:01 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 14:01 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 14:01 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 14:01 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 14:01 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 14:01 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 14:01 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 14:01 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 14:01 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 14:01 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 14:01 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 14:01 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 14:01 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 14:01 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 11:14 - 2012-07-11 11:15 - 00000000 ____D C:\Users\Chris\AppData\Local\{70DB8D8C-5665-4066-AAE8-4F5385A28AA7}
2012-07-11 11:14 - 2012-07-11 11:14 - 00000000 ____D C:\Users\Chris\AppData\Local\{6689C2F7-A15D-426D-AE31-FB1A05326B3D}

============ 3 Months Modified Files ========================

2012-08-10 12:19 - 2010-04-23 15:19 - 01751763 ____A C:\Windows\WindowsUpdate.log
2012-08-10 12:14 - 2012-08-10 12:14 - 01439703 ____A (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2012-08-10 12:14 - 2012-08-10 12:14 - 00001908 ____A C:\Windows\diagwrn.xml
2012-08-10 12:14 - 2012-08-10 12:14 - 00001908 ____A C:\Windows\diagerr.xml
2012-08-10 12:14 - 2011-11-25 20:45 - 00000611 ____A C:\Windows\setupact.log
2012-08-10 12:14 - 2011-11-25 20:45 - 00000000 ____A C:\Windows\setuperr.log
2012-08-10 12:12 - 2010-04-23 16:15 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1379340593-1080860476-4187735682-1000UA.job
2012-08-10 11:54 - 2012-08-10 11:54 - 00003032 ____A C:\Users\Chris\Desktop\aswMBR.txt
2012-08-10 11:38 - 2012-03-02 14:23 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-10 10:52 - 2012-08-10 10:51 - 04731392 ____A (AVAST Software) C:\Users\Chris\Desktop\aswMBR.exe
2012-08-10 10:51 - 2012-08-10 10:51 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Chris\Desktop\tdsskiller(1).exe
2012-08-10 08:49 - 2012-08-10 08:49 - 00016235 ____A C:\ComboFix.txt
2012-08-10 08:47 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-08-10 08:38 - 2012-08-09 10:00 - 04728003 ____R (Swearware) C:\Users\Chris\Desktop\ComboFix.exe
2012-08-10 08:37 - 2012-08-10 08:37 - 00001148 ____A C:\Users\Chris\Desktop\checkup.txt
2012-08-10 08:35 - 2012-08-10 08:35 - 00881494 ____A C:\Users\Chris\Desktop\SecurityCheck(1).exe
2012-08-10 03:12 - 2010-04-23 16:15 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1379340593-1080860476-4187735682-1000Core.job
2012-08-09 16:05 - 2012-03-02 14:23 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-09 15:52 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-09 14:06 - 2012-08-09 14:06 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-09 14:06 - 2012-08-09 14:06 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-09 13:31 - 2012-08-09 13:31 - 00025950 ____A C:\Users\Chris\Desktop\DDS.txt
2012-08-09 13:31 - 2012-08-09 13:31 - 00011735 ____A C:\Users\Chris\Desktop\Attach.txt
2012-08-09 13:29 - 2012-08-09 13:29 - 00607260 ____R (Swearware) C:\Users\Chris\Desktop\dds.com
2012-08-09 13:25 - 2012-08-09 13:25 - 00000582 ____A C:\Users\Chris\Desktop\defogger_disable.log
2012-08-09 13:25 - 2012-08-09 13:25 - 00000020 ____A C:\Users\Chris\defogger_reenable
2012-08-09 13:24 - 2012-08-09 13:24 - 00050477 ____A C:\Users\Chris\Desktop\Defogger.exe
2012-08-09 12:08 - 2012-08-09 12:08 - 00001262 ____A C:\Users\Chris\Desktop\Spybot - Search & Destroy.lnk
2012-08-09 12:07 - 2012-08-09 12:07 - 16409960 ____A (Safer Networking Limited ) C:\Users\Chris\Desktop\spybotsd162.exe
2012-08-09 11:05 - 2012-08-09 11:05 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-08-09 10:59 - 2012-08-09 10:59 - 19077672 ____A (SUPERAntiSpyware.com) C:\Users\Chris\Desktop\SAS_881A20D8.EXE
2012-08-09 10:24 - 2011-12-23 20:26 - 00011462 ____A C:\Windows\PFRO.log
2012-08-09 10:23 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-09 10:23 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-09 10:01 - 2012-08-09 10:01 - 00881494 ____A C:\Users\Chris\Desktop\SecurityCheck.exe
2012-08-09 08:54 - 2012-08-09 08:54 - 00284608 ____A C:\Windows\Minidump\080912-31917-01.dmp
2012-08-09 00:50 - 2012-08-09 00:49 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Chris\Desktop\tdsskiller.exe
2012-08-08 20:49 - 2012-08-08 20:47 - 00014318 ____A C:\Users\Chris\Desktop\New Text Document.txt
2012-08-05 17:59 - 2012-08-05 17:59 - 00014840 ____A C:\Users\Chris\Desktop\Battleship.(2012).BRRip.XviD-LTRG.torrent
2012-08-02 18:04 - 2012-08-02 18:04 - 00028102 ____A C:\Users\Chris\Desktop\Wrath.of.the.Titans.2012.NTSC.DVDR-ToF.torrent
2012-08-02 18:02 - 2012-08-02 18:02 - 00028010 ____A C:\Users\Chris\Desktop\Tinker.Tailor.Soldier.Spy.2011.PAL.DVDR-FICODVDR.torrent
2012-08-02 17:54 - 2012-08-02 17:54 - 00027824 ____A C:\Users\Chris\Desktop\Red.Tails.2012.DVDR-MPTDVD.torrent
2012-08-02 17:53 - 2012-08-02 17:53 - 00027445 ____A C:\Users\Chris\Desktop\Mr.Poppers.Penguins.2011.NTSC.DVDR-BULLDOZER.torrent
2012-08-02 17:48 - 2012-08-02 17:48 - 00027842 ____A C:\Users\Chris\Desktop\Haywire.2011.DVDR-MPTDVD.torrent
2012-07-31 13:21 - 2012-07-31 13:21 - 00262144 ____A C:\Windows\Minidump\073112-27378-01.dmp
2012-07-29 18:00 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-27 19:01 - 2012-07-27 19:01 - 00287720 ____A C:\Windows\Minidump\072712-32479-01.dmp
2012-07-23 17:56 - 2012-07-23 17:55 - 00008683 ____A C:\Users\Chris\Documents\Uninstall STAR WARS The Old Republic.log
2012-07-22 18:48 - 2012-07-22 18:48 - 00027617 ____A C:\Users\Chris\Desktop\The.Dark.Knight.2008.NTSC.DVDR-ANiPUNK.torrent
2012-07-17 13:09 - 2012-07-17 13:09 - 00029119 ____A C:\Users\Chris\Desktop\Casa.de.mi.Padre.(2012).BRRip.XviD-LTRG.torrent
2012-07-11 14:40 - 2009-07-13 20:45 - 04968352 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 14:02 - 2009-10-14 04:51 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-09 11:31 - 2012-07-09 11:31 - 00027341 ____A C:\Users\Chris\Desktop\The.Three.Stooges.2012.NTSC.DVDR-KART3LDVD.torrent
2012-07-07 20:34 - 2012-07-07 20:34 - 00293513 ____A C:\Users\Chris\Desktop\American.Reunion.UNRATED.2012.720p.BRRiP.XViD.AC3-LEGi0N.torrent
2012-07-06 08:35 - 2012-07-06 08:35 - 00291184 ____A C:\Windows\Minidump\070612-30092-01.dmp
2012-07-05 14:13 - 2012-07-05 14:13 - 00027674 ____A C:\Users\Chris\Desktop\Tim.and.Erics.Billion.Dollar.Movie.LIMITED.DVDR-MPTDVD.torrent
2012-07-04 11:08 - 2012-07-04 11:08 - 00262144 ____A C:\Windows\Minidump\070412-25053-01.dmp
2012-07-03 14:34 - 2012-07-03 14:34 - 00291184 ____A C:\Windows\Minidump\070312-31855-01.dmp
2012-07-03 12:46 - 2010-05-03 12:24 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-30 11:57 - 2012-06-30 11:57 - 00028074 ____A C:\Users\Chris\Desktop\Wanderlust.DVDR-MPTDVD.torrent
2012-06-24 11:56 - 2012-06-24 11:56 - 00291184 ____A C:\Windows\Minidump\062412-27939-01.dmp
2012-06-23 23:52 - 2012-06-23 23:52 - 00000000 ____A C:\Users\Chris\Documents\koKR.txt
2012-06-23 23:45 - 2012-06-24 01:23 - 00002059 ____A C:\Users\Chris\Documents\Variables.txt
2012-06-17 16:39 - 2012-06-17 16:39 - 00262144 ____A C:\Windows\Minidump\061712-32463-01.dmp
2012-06-13 09:42 - 2012-06-13 09:42 - 00291160 ____A C:\Windows\Minidump\061312-33633-01.dmp
2012-06-11 19:02 - 2012-07-11 14:05 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 10:24 - 2010-04-24 16:16 - 00001077 ___AH C:\IPH.PH
2012-06-10 21:56 - 2012-06-10 21:56 - 00025613 ____A C:\Users\Chris\Desktop\Seven.Days.in.Utopia.2011.COMPLETE.R1.NTSC.DVDR-CME.torrent
2012-06-08 21:30 - 2012-07-10 22:17 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-10 22:17 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 11:56 - 2012-06-08 11:56 - 00027410 ____A C:\Users\Chris\Desktop\Project.X.2012.NTSC.DVDR-FiCODVDR.torrent
2012-06-08 11:56 - 2012-06-08 11:56 - 00015347 ____A C:\Users\Chris\Desktop\21.Jump.Street.2012.BRRip.XviD.AC3-SANTi.torrent
2012-06-07 12:53 - 2012-06-07 12:53 - 00028340 ____A C:\Users\Chris\Desktop\Sherlock.Holmes.A.Game.Of.Shadows.2011.R1.NTSC.DVDR-ToF.torrent
2012-06-05 21:50 - 2012-07-10 22:17 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-10 22:17 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-10 22:17 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-10 22:17 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 13:37 - 2012-06-05 13:37 - 00007602 ____A C:\Users\Chris\AppData\Local\Resmon.ResmonCfg
2012-06-02 14:19 - 2012-06-18 23:04 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-18 23:04 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-18 23:04 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-18 23:04 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-18 23:04 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-18 23:03 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:15 - 2012-06-18 23:04 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-18 23:04 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-18 23:03 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 14:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 14:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 14:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 14:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 14:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 14:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 14:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 14:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 14:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 14:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 14:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 14:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 14:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 14:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 14:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 14:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 14:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 14:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 14:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 14:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 14:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 14:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 14:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 14:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 14:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 14:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 14:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:38 - 2012-07-10 22:17 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-10 22:17 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-10 22:17 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-10 22:17 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-10 22:17 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-10 22:17 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-10 22:17 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-10 22:17 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-10 22:17 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-27 20:37 - 2012-05-27 20:37 - 00027432 ____A C:\Users\Chris\Desktop\Safe.House.2012.NTSC.DVDR-KART3LDVD.torrent
2012-05-25 17:24 - 2012-05-25 17:24 - 00027610 ____A C:\Users\Chris\Desktop\Ghost.Rider.Spirit.Of.Vengeance.2011.DVDR-DEPRiVED.torrent
2012-05-18 09:52 - 2012-05-18 09:52 - 00095876 ____A C:\Users\Chris\Desktop\John.Carter.2012.DVDR-DEPRiVED.torrent
2012-05-17 23:25 - 2012-05-17 23:24 - 30622864 ____A C:\Users\Chris\Downloads\American Head Charge - Sugars of Someday.flac
2012-05-17 14:50 - 2012-05-17 14:50 - 00071680 ____A (Beepa P/L) C:\Windows\System32\frapsv64.dll
2012-05-17 14:50 - 2012-05-17 14:50 - 00065536 ____A (Beepa P/L) C:\Windows\SysWOW64\frapsvid.dll
2012-05-15 01:34 - 2012-05-15 01:34 - 00418344 ____A C:\Users\Chris\Documents\ARelog.zip


ZeroAccess:
C:\Users\Chris\AppData\Local\{3f6a4df7-028c-3677-0e01-7d794beddc9c}
C:\Users\Chris\AppData\Local\{3f6a4df7-028c-3677-0e01-7d794beddc9c}\@
C:\Users\Chris\AppData\Local\{3f6a4df7-028c-3677-0e01-7d794beddc9c}\L
C:\Users\Chris\AppData\Local\{3f6a4df7-028c-3677-0e01-7d794beddc9c}\U
C:\Users\Chris\AppData\Local\{3f6a4df7-028c-3677-0e01-7d794beddc9c}\L\00000004.@
C:\Users\Chris\AppData\Local\{3f6a4df7-028c-3677-0e01-7d794beddc9c}\U\00000004.@
C:\Users\Chris\AppData\Local\{3f6a4df7-028c-3677-0e01-7d794beddc9c}\U\00000008.@
C:\Users\Chris\AppData\Local\{3f6a4df7-028c-3677-0e01-7d794beddc9c}\U\000000cb.@
C:\Users\Chris\AppData\Local\{3f6a4df7-028c-3677-0e01-7d794beddc9c}\U\80000000.@
C:\Users\Chris\AppData\Local\{3f6a4df7-028c-3677-0e01-7d794beddc9c}\U\80000032.@
C:\Users\Chris\AppData\Local\{3f6a4df7-028c-3677-0e01-7d794beddc9c}\U\80000064.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 6135.18 MB
Available physical RAM: 5375.46 MB
Total Pagefile: 6133.33 MB
Available Pagefile: 5373.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:279.46 GB) (Free:12.76 GB) NTFS
2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (NewVolume) (Fixed) (Total:931.51 GB) (Free:793.05 GB) NTFS
4 Drive g: (Chris Media) (Fixed) (Total:268.79 GB) (Free:71.77 GB) NTFS
5 Drive h: (Chris Temp) (Fixed) (Total:29.2 GB) (Free:28.95 GB) NTFS
7 Drive j: (CJH External) (Fixed) (Total:1397.27 GB) (Free:199.75 GB) NTFS
8 Drive k: (patriot) (Removable) (Total:29.94 GB) (Free:29.94 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (CJH) (Fixed) (Total:232.88 GB) (Free:143.93 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 298 GB 1024 KB
Disk 2 Online 279 GB 0 B
Disk 3 Online 931 GB 0 B
Disk 4 Online 1397 GB 0 B
Disk 5 Online 29 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 232 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y CJH NTFS Partition 232 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 268 GB 1024 KB
Partition 2 Primary 100 MB 268 GB
Partition 3 Primary 29 GB 268 GB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 G Chris Media NTFS Partition 268 GB Healthy

==================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 1
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 H Chris Temp NTFS Partition 29 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 279 GB 1024 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 C NTFS Partition 279 GB Healthy

==================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 931 GB 31 KB

==================================================================================

Disk: 3
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 F NewVolume NTFS Partition 931 GB Healthy

==================================================================================

Partitions of Disk 4:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1397 GB 31 KB

==================================================================================

Disk: 4
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J CJH Externa NTFS Partition 1397 GB Healthy

==================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 29 GB 14 MB

==================================================================================

Disk: 5
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K patriot FAT32 Removable 29 GB Healthy

==================================================================================

Last Boot: 2012-08-06 23:05

======================= End Of Log ==========================











Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 2012-08-10 13:24:10
Running from K:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\ERDNT\cache64\services.exe
[2011-11-25 17:34] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:54 PM

Posted 10 August 2012 - 05:12 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Users\Chris\AppData\Local\{3f6a4df7-028c-3677-0e01-7d794beddc9c}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 cvbowlr

cvbowlr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 10 August 2012 - 05:23 PM

Ran the fixlist.


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 2012-08-10 15:20:21 Run:1
Running from K:\

==============================================

C:\Users\Chris\AppData\Local\{3f6a4df7-028c-3677-0e01-7d794beddc9c} moved successfully.

==== End of Fixlog ====

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:54 PM

Posted 10 August 2012 - 08:59 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 cvbowlr

cvbowlr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 10 August 2012 - 10:38 PM

Hello. I'm still occasionally get redirected when I click on a google search link with chrome. It appears to happen almost 100% of the time when I first open the browser. Aside from that things seem fine.



ComboFix 12-08-09.01 - Chris 08/10/2012 20:26:46.4.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.4560 [GMT -7:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
Command switches used :: c:\users\Chris\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-11 03:32 . 2012-08-11 03:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-11 03:32 . 2012-08-11 03:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-11 03:32 . 2012-08-11 03:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-11 03:32 . 2012-08-11 03:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-10 23:27 . 2012-08-11 03:24 -------- d--h--w- c:\windows\AxInstSV
2012-08-10 21:22 . 2012-08-10 21:22 -------- d-----w- C:\FRST
2012-08-09 22:06 . 2012-08-09 22:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-09 22:06 . 2012-08-09 22:06 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-09 20:08 . 2012-08-09 20:25 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-09 20:08 . 2012-08-09 20:10 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-09 19:05 . 2012-08-09 19:05 -------- d-----w- c:\users\Chris\AppData\Roaming\SUPERAntiSpyware.com
2012-08-09 19:05 . 2012-08-09 19:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-09 19:05 . 2012-08-09 19:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 22:02 . 2009-10-14 12:51 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 20:46 . 2010-05-03 20:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 03:02 . 2012-07-11 22:05 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:30 . 2012-07-11 06:17 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 05:50 . 2012-07-11 06:17 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-11 06:17 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-11 06:17 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-11 06:17 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-02 22:19 . 2012-06-19 07:04 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 07:04 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 07:04 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 07:04 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 07:03 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-19 07:04 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 07:04 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 07:03 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-19 07:04 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 12:49 . 2012-07-11 22:01 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-11 22:01 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-11 22:01 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-11 22:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-11 22:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-11 22:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-11 22:01 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-11 22:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-11 22:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-11 22:01 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-11 22:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-11 22:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-11 22:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-11 22:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-11 22:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-11 22:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-11 22:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-11 22:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-11 22:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:38 . 2012-07-11 06:17 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-11 06:17 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-11 06:17 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-11 06:17 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-11 06:17 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-11 06:17 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-11 06:17 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-11 06:17 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-11 06:17 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-17 22:50 . 2012-05-17 22:50 71680 ----a-w- c:\windows\system32\frapsv64.dll
2012-05-17 22:50 . 2012-05-17 22:50 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-05-07 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[-] 2010-05-07 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-08-09_18.34.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-11 06:15 . 2012-08-10 22:23 61934 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-10 22:23 46876 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-23 23:26 . 2012-08-10 22:23 23534 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1379340593-1080860476-4187735682-1000_UserData.bin
+ 2012-08-10 22:21 . 2012-08-10 22:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-09 18:24 . 2012-08-09 18:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-10 22:21 . 2012-08-10 22:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-09 18:24 . 2012-08-09 18:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-09 22:06 . 2012-08-09 22:06 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe
+ 2012-08-09 22:06 . 2012-08-09 22:06 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-08-09 22:06 . 2012-08-09 22:06 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_Plugin.exe
+ 2009-07-14 05:01 . 2012-08-10 22:18 464536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-09 18:23 464536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-09 22:06 . 2012-08-09 22:06 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
+ 2012-08-09 22:06 . 2012-08-09 22:06 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
- 2011-06-19 08:43 . 2012-06-23 07:50 1542852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1379340593-1080860476-4187735682-1000-12288.dat
+ 2011-06-19 08:43 . 2012-08-09 23:51 1542852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1379340593-1080860476-4187735682-1000-12288.dat
+ 2009-07-14 02:34 . 2012-08-10 20:42 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-08-09 04:18 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-08-09 22:06 . 2012-08-09 22:06 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll
+ 2010-04-26 19:54 . 2012-08-10 22:18 21800284 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1379340593-1080860476-4187735682-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2010-05-06 251392]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 136176]
R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [2009-08-10 47104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-23 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-06 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-24 871408]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/10/12 00:49];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-06-29 05:50 146928]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-03-24 12032]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-12-19 314400]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 22:23]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-02 22:23]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1379340593-1080860476-4187735682-1000Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-24 00:15]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1379340593-1080860476-4187735682-1000UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-24 00:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\program files (x86)\FlyVPN\FlyVPNBind.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\4zhhfbap.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-10 20:33:48
ComboFix-quarantined-files.txt 2012-08-11 03:33
ComboFix2.txt 2012-08-10 16:49
.
Pre-Run: 6,181,261,312 bytes free
Post-Run: 6,230,032,384 bytes free
.
- - End Of File - - 0475ED4A2D52F267E6F4775381B6B59F

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:54 PM

Posted 10 August 2012 - 10:47 PM

Greetings


if it is only happening in chrome I want you to uninstall it and if asked about user data or settings remove that also


restart the computer and reinstall it - check it out for me



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 cvbowlr

cvbowlr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 10 August 2012 - 10:57 PM

I reinstalled chrome and it hasn't redirected so far. Ironically, when I opened and used firefox to search for chrome (via google) it redirected that link so now firefox is doing it again.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:54 PM

Posted 10 August 2012 - 11:07 PM

1.At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu
(on Windows XP, click the Help menu at the top of the Firefox window) and select Troubleshooting Information.
2.Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.
3.To continue, click Reset Firefox in the confirmation window that opens.
4.Firefox will close and be reset. When it's done, a window will list the information that was imported. Click Finish and Firefox will open.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 cvbowlr

cvbowlr
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:54 PM

Posted 10 August 2012 - 11:14 PM

Thank you. That appears to have fixed it. So something just got mixed up in the settings of the browsers? Also what was that file that we removed before? Did you notice anything else wrong based on the logs pasted?

Thank you so much for your time and help. I really appreciate it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users