Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google hijack/redirect virus that forces IE to open


  • This topic is locked This topic is locked
19 replies to this topic

#1 HOEDY

HOEDY

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 18 August 2012 - 08:33 PM

EDIT: I didn't see all the other similar google redirect problems before I posted. If my post is the same as someone elses please forgive me and let me know where to read for the solution.

So I've acquired this adware that has made it so a bunch of google results will be redirected 2 or 3 times to what is usually some video ad for getting chicks or improving your stuff and it has come to make googling next to pointless unless i copy/paste the url of the result into a new tab. It does this in firefox and IE and in chrome it usually gives a security warning and stops me from going to the popup ad. It opens IE to random videos when I have 0 applications running and so far I've run a few antivirus scans and nothing has been fixed. Thanks in advance for any help you can give me on this.

Here are my logs from DDS and GMER:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by owner at 11:32:49 on 2012-08-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2814.190 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\owner\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
"C:\Windows\System32\svchost.exe" -k LocalServiceDns
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
BHO: {326E768D-4182-46FD-9C16-1449A49795F4} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [googletalk] c:\users\owner\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WhatPulse] c:\program files\whatpulse\WhatPulse.exe
uRun: [Wootalyzer] "c:\program files\wootalyzer\woot.exe" /boot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [Valve] rundll32.exe c:\users\owner\appdata\local\valve\lqsozimi.dll,FECoreInstance
uRun: [Teytmi] c:\users\owner\appdata\roaming\yghy\buodl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\owner\appdata\roaming\microsoft\windows\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\roller~1.lnk - c:\users\owner\appdata\local\temp\{3585a715-9fb3-4537-b0fd-ccfd1b050b08}\{907b4640-266b-4a21-92fb-cd1a86cd0f63}\ATR1.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\toshib~1.lnk - c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNIE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://ak.imgag.com/imgag/cp/install/Crusher.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 76.14.0.8 76.14.0.9 76.14.96.14
TCP: Interfaces\{8FBCCC07-2F34-4DD1-B98C-4023EB418FA5} : DhcpNameServer = 76.14.0.8 76.14.0.9 76.14.96.14
TCP: Interfaces\{8FBCCC07-2F34-4DD1-B98C-4023EB418FA5}\45D22402E45647 : DhcpNameServer = 68.87.76.182 68.87.78.134
TCP: Interfaces\{8FBCCC07-2F34-4DD1-B98C-4023EB418FA5}\461646370727F6A6563647 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8FBCCC07-2F34-4DD1-B98C-4023EB418FA5}\E4544574541425F5745756374713 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\t6vfxiar.default\
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;Panda Boot Driver;c:\windows\system32\drivers\pavboot.sys [2011-8-31 28552]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-12-2 239168]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-5 7168]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-11-4 27320]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-1-13 20384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2009-1-16 39936]
S3 CyUsbNT;Cypress Manufacturing Driver;c:\windows\system32\drivers\CyUsbNT.sys [2005-2-16 28800]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 esgiguard;esgiguard;c:\program files\spyhunter\esgiguard.sys [2012-6-24 13088]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-5-16 9216]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
.
=============== Created Last 30 ================
.
2012-08-18 17:38:26 -------- d-----w- c:\users\owner\appdata\local\{B83A6CEB-9227-49F7-BE59-2D75BAABD319}
2012-08-18 01:56:08 104448 ----a-w- c:\programdata\2jFf5J64.exe
2012-08-18 01:55:44 104448 ----a-w- c:\users\owner\0.38779996927909455.exe
2012-08-18 01:07:50 184320 ----a-w- c:\programdata\microsoft\windows\drm\279C.tmp
2012-08-18 01:01:47 -------- d-----w- c:\users\owner\appdata\local\{A01A584E-40C0-4C0E-B2C4-A3F4DE720408}
2012-08-11 03:51:38 -------- d-----w- c:\users\owner\appdata\local\{7B5F5240-8E23-4E72-BD05-93E68C60A653}
2012-08-11 03:51:21 -------- d-----w- c:\users\owner\appdata\local\{6669D991-974D-4DFC-85B8-3DD2DC123CCE}
2012-08-11 03:46:25 -------- d-----w- c:\program files\SpyHunter
2012-08-11 03:24:10 -------- d-----w- c:\program files\Enigma Software Group
2012-08-11 03:23:21 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-11 03:23:18 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-08-11 03:03:24 -------- d-----w- c:\users\owner\appdata\roaming\SpeedyPC Software
2012-08-11 03:03:24 -------- d-----w- c:\users\owner\appdata\roaming\DriverCure
2012-08-11 03:03:16 -------- d-----w- c:\program files\common files\SpeedyPC Software
2012-08-11 03:03:13 -------- d-----w- c:\programdata\SpeedyPC Software
2012-08-11 03:03:13 -------- d-----w- c:\program files\SpeedyPC Software
2012-08-10 15:50:46 -------- d-----w- c:\users\owner\appdata\local\{9C29A79B-A07F-4E85-9444-96E7B9451BA9}
2012-08-10 15:50:34 -------- d-----w- c:\users\owner\appdata\local\{28AFCB86-F4D8-4BD6-81CE-BF0D74E96F62}
2012-08-09 19:30:31 -------- d-----w- c:\users\owner\appdata\local\{5982F26A-4A80-4CC6-8255-56CFCB861085}
2012-08-09 19:30:17 -------- d-----w- c:\users\owner\appdata\local\{D850C924-C619-41CE-8CB5-9A777257A7FF}
2012-08-09 18:28:47 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-09 07:29:49 -------- d-----w- c:\users\owner\appdata\local\{1F0FBD2B-1DF3-4B22-AA74-B59F8C9AEB68}
2012-08-09 07:29:37 -------- d-----w- c:\users\owner\appdata\local\{E4EBFD2D-588A-4A12-8C6B-223B5BA806AE}
2012-08-09 06:18:52 -------- d-----w- C:\Valve
2012-08-09 06:18:50 -------- d-----w- c:\users\owner\appdata\roaming\Yghy
2012-08-09 06:18:50 -------- d-----w- c:\users\owner\appdata\roaming\Ixqiy
2012-08-09 06:18:50 -------- d-----w- c:\users\owner\appdata\roaming\Ivvyek
2012-08-08 19:29:11 -------- d-----w- c:\users\owner\appdata\local\{6A076BCC-7CA6-4B11-9493-6CC028291FDC}
2012-08-08 07:28:46 -------- d-----w- c:\users\owner\appdata\local\{8210964D-86F7-4396-802D-03CCFBE73FF6}
2012-08-07 21:00:07 -------- d-----w- c:\users\owner\appdata\local\Valve
2012-08-07 18:28:19 -------- d-----w- c:\users\owner\appdata\local\{6EA4CC3F-6703-4004-848F-80A625BCF63F}
2012-08-07 06:27:54 -------- d-----w- c:\users\owner\appdata\local\{CA33B0F8-DB6A-43C1-BF71-ED533CBF67F2}
2012-08-06 17:24:04 -------- d-----w- c:\users\owner\appdata\local\{B5BC35B6-5DF2-4471-A530-D520025F643D}
2012-08-05 23:45:09 -------- d-----w- c:\users\owner\appdata\local\{0F49B280-E75D-4161-942E-946E6416C664}
2012-08-05 10:45:37 -------- d-----w- c:\users\owner\appdata\local\{8C9B880D-BBD0-4A5A-B715-5E593BBD21D2}
2012-08-04 23:41:53 -------- d-----w- c:\program files\iPod
2012-08-04 23:41:52 -------- d-----w- c:\program files\iTunes
2012-08-04 22:44:55 -------- d-----w- c:\users\owner\appdata\local\{B6F1BB6A-DCA2-4615-8D5E-E7D592D19798}
2012-08-04 22:44:43 -------- d-----w- c:\users\owner\appdata\local\{7F18E8BE-0D82-4BEA-B531-5D5341D317FB}
2012-08-04 22:38:09 -------- d-----w- c:\users\owner\appdata\local\Windows Live
.
==================== Find3M ====================
.
2012-08-11 02:36:17 176128 ------w- c:\windows\system32\atiesrxx.exe
2012-08-11 02:35:43 129632 ------w- c:\windows\system32\TODDSrv.exe
2012-08-09 18:28:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-12 02:40:48 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 11:36:35.14 ===============


Attached File  Attach.txt   9.36KB   2 downloads
Attached File  ark.txt   273.37KB   0 downloads

Edited by HOEDY, 18 August 2012 - 08:42 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 20 August 2012 - 03:27 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 HOEDY

HOEDY
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 20 August 2012 - 10:11 PM

The computer is getting laggy if i leave it sit and when it is too stressed it stops showing the transparent aero theme on W7 and shows classic windows themed parts. I cannot tell if this is general overheating or because of the ads that open up and the iexplore.exe processes are aplenty. The first time I tried to run combofix after running security check I got BSOD.

Need to run both again to get the log files. I'll edit this post with the logs when i have them.


EDIT 1:
Got blue screen multiple times now. Trying combofix again.
Posted Image








Results of screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SpyHunter
CCleaner (remove only)
Panda Cloud Cleaner
Java™ 6 Update 30
Java™ 6 Update 6
Java version out of Date!
Adobe Flash Player 11.1.102.55
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.75
Google Chrome 21.0.1180.79
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

Edited by HOEDY, 20 August 2012 - 10:33 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 21 August 2012 - 12:53 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 HOEDY

HOEDY
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 22 August 2012 - 12:17 PM

Google has been seeming less shifty lately but it doesnt feel fixed, yahoo search was giving me redirects too but only one time on each link and then it would allow me to search properly.
TDSSKiller found and cured a rootkit I believe. Recieved BSOD when running aswMBR for the first time and it said something like DRIVER IRQL NOT LESS OR EQUAL. I will try again now and edit this post if it works.
EDIT: Got aswMBR to run through with no problems this time. It did detect multiple infections though.


09:58:43.0923 5364 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
09:58:44.0292 5364 ============================================================
09:58:44.0292 5364 Current date / time: 2012/08/22 09:58:44.0292
09:58:44.0292 5364 SystemInfo:
09:58:44.0292 5364
09:58:44.0292 5364 OS Version: 6.1.7601 ServicePack: 1.0
09:58:44.0292 5364 Product type: Workstation
09:58:44.0292 5364 ComputerName: OWNER-PC
09:58:44.0293 5364 UserName: owner
09:58:44.0293 5364 Windows directory: C:\Windows
09:58:44.0293 5364 System windows directory: C:\Windows
09:58:44.0293 5364 Processor architecture: Intel x86
09:58:44.0293 5364 Number of processors: 2
09:58:44.0293 5364 Page size: 0x1000
09:58:44.0293 5364 Boot type: Normal boot
09:58:44.0293 5364 ============================================================
09:58:45.0754 5364 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:58:45.0757 5364 ============================================================
09:58:45.0757 5364 \Device\Harddisk0\DR0:
09:58:45.0758 5364 MBR partitions:
09:58:45.0758 5364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1C30B000
09:58:45.0758 5364 ============================================================
09:58:45.0780 5364 C: <-> \Device\Harddisk0\DR0\Partition1
09:58:45.0781 5364 ============================================================
09:58:45.0781 5364 Initialize success
09:58:45.0781 5364 ============================================================
09:58:59.0506 4900 ============================================================
09:58:59.0506 4900 Scan started
09:58:59.0506 4900 Mode: Manual;
09:58:59.0506 4900 ============================================================
09:59:02.0038 4900 ================ Scan system memory ========================
09:59:02.0038 4900 System memory - ok
09:59:02.0041 4900 ================ Scan services =============================
09:59:02.0478 4900 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:59:02.0483 4900 1394ohci - ok
09:59:02.0519 4900 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:59:02.0525 4900 ACPI - ok
09:59:02.0601 4900 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:59:02.0613 4900 AcpiPmi - ok
09:59:02.0655 4900 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:59:02.0664 4900 adp94xx - ok
09:59:02.0692 4900 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:59:02.0699 4900 adpahci - ok
09:59:02.0753 4900 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:59:02.0758 4900 adpu320 - ok
09:59:02.0791 4900 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:59:02.0794 4900 AeLookupSvc - ok
09:59:02.0844 4900 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
09:59:02.0850 4900 AFD - ok
09:59:02.0917 4900 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
09:59:02.0952 4900 AgereSoftModem - ok
09:59:02.0975 4900 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
09:59:02.0979 4900 agp440 - ok
09:59:03.0001 4900 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
09:59:03.0005 4900 aic78xx - ok
09:59:03.0093 4900 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
09:59:03.0098 4900 ALG - ok
09:59:03.0147 4900 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
09:59:03.0149 4900 aliide - ok
09:59:03.0198 4900 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:59:03.0200 4900 amdagp - ok
09:59:03.0211 4900 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
09:59:03.0214 4900 amdide - ok
09:59:03.0246 4900 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:59:03.0249 4900 AmdK8 - ok
09:59:03.0274 4900 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:59:03.0276 4900 AmdPPM - ok
09:59:03.0364 4900 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:59:03.0371 4900 amdsata - ok
09:59:03.0408 4900 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
09:59:03.0413 4900 amdsbs - ok
09:59:03.0437 4900 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:59:03.0440 4900 amdxata - ok
09:59:03.0471 4900 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
09:59:03.0473 4900 AppID - ok
09:59:03.0509 4900 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:59:03.0511 4900 AppIDSvc - ok
09:59:03.0523 4900 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
09:59:03.0525 4900 Appinfo - ok
09:59:03.0630 4900 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:59:03.0637 4900 Apple Mobile Device - ok
09:59:03.0670 4900 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
09:59:03.0675 4900 AppMgmt - ok
09:59:03.0724 4900 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
09:59:03.0727 4900 arc - ok
09:59:03.0753 4900 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:59:03.0759 4900 arcsas - ok
09:59:03.0835 4900 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\Windows\system32\drivers\ASCTRM.sys
09:59:03.0838 4900 ASCTRM - ok
09:59:03.0870 4900 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:59:03.0871 4900 AsyncMac - ok
09:59:03.0895 4900 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
09:59:03.0896 4900 atapi - ok
09:59:03.0964 4900 [ AC4ADAC154563AB41CC79B0257BC685A ] athr C:\Windows\system32\DRIVERS\athr.sys
09:59:04.0002 4900 athr - ok
09:59:04.0212 4900 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:59:04.0414 4900 atikmdag - ok
09:59:04.0469 4900 [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
09:59:04.0471 4900 AtiPcie - ok
09:59:04.0528 4900 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:59:04.0537 4900 AudioEndpointBuilder - ok
09:59:04.0550 4900 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:59:04.0554 4900 Audiosrv - ok
09:59:04.0579 4900 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:59:04.0582 4900 AxInstSV - ok
09:59:04.0616 4900 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
09:59:04.0624 4900 b06bdrv - ok
09:59:04.0658 4900 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:59:04.0664 4900 b57nd60x - ok
09:59:04.0705 4900 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
09:59:04.0708 4900 BDESVC - ok
09:59:04.0724 4900 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
09:59:04.0726 4900 Beep - ok
09:59:04.0731 4900 BFE - ok
09:59:04.0788 4900 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:59:04.0790 4900 blbdrive - ok
09:59:04.0869 4900 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:59:04.0876 4900 Bonjour Service - ok
09:59:04.0909 4900 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:59:04.0915 4900 bowser - ok
09:59:04.0936 4900 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
09:59:04.0940 4900 BrFiltLo - ok
09:59:04.0974 4900 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
09:59:04.0976 4900 BrFiltUp - ok
09:59:05.0027 4900 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
09:59:05.0031 4900 Browser - ok
09:59:05.0064 4900 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:59:05.0071 4900 Brserid - ok
09:59:05.0093 4900 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:59:05.0097 4900 BrSerWdm - ok
09:59:05.0115 4900 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:59:05.0117 4900 BrUsbMdm - ok
09:59:05.0126 4900 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:59:05.0128 4900 BrUsbSer - ok
09:59:05.0151 4900 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:59:05.0153 4900 BTHMODEM - ok
09:59:05.0184 4900 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
09:59:05.0187 4900 bthserv - ok
09:59:05.0230 4900 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:59:05.0233 4900 cdfs - ok
09:59:05.0273 4900 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:59:05.0277 4900 cdrom - ok
09:59:05.0310 4900 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
09:59:05.0312 4900 CertPropSvc - ok
09:59:05.0341 4900 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
09:59:05.0343 4900 circlass - ok
09:59:05.0368 4900 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
09:59:05.0373 4900 CLFS - ok
09:59:05.0466 4900 [ 323E04EF0A7120437FDE7F331A4A5356 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:59:05.0475 4900 clr_optimization_v2.0.50727_32 - ok
09:59:05.0551 4900 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:59:05.0571 4900 clr_optimization_v4.0.30319_32 - ok
09:59:05.0633 4900 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:59:05.0636 4900 CmBatt - ok
09:59:05.0656 4900 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:59:05.0659 4900 cmdide - ok
09:59:05.0707 4900 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
09:59:05.0714 4900 CNG - ok
09:59:05.0774 4900 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:59:05.0778 4900 Compbatt - ok
09:59:05.0817 4900 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
09:59:05.0822 4900 CompositeBus - ok
09:59:05.0840 4900 COMSysApp - ok
09:59:05.0862 4900 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:59:05.0863 4900 crcdisk - ok
09:59:05.0896 4900 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:59:05.0900 4900 CryptSvc - ok
09:59:05.0942 4900 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
09:59:05.0949 4900 CSC - ok
09:59:05.0986 4900 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
09:59:05.0995 4900 CscService - ok
09:59:06.0044 4900 [ 5C5138819E9F6DE1A2B18432414C92F1 ] CYUSB C:\Windows\system32\Drivers\CYUSB.sys
09:59:06.0047 4900 CYUSB - ok
09:59:06.0106 4900 [ 90A71FC40EADE3D1789B0ED2CA80B1CF ] CyUsbNT C:\Windows\system32\Drivers\CyUsbNT.sys
09:59:06.0108 4900 CyUsbNT - ok
09:59:06.0166 4900 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
09:59:06.0176 4900 DcomLaunch - ok
09:59:06.0218 4900 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
09:59:06.0223 4900 defragsvc - ok
09:59:06.0253 4900 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:59:06.0257 4900 DfsC - ok
09:59:06.0298 4900 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:59:06.0304 4900 Dhcp - ok
09:59:06.0322 4900 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
09:59:06.0323 4900 discache - ok
09:59:06.0364 4900 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
09:59:06.0368 4900 Disk - ok
09:59:06.0401 4900 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
09:59:06.0404 4900 dmvsc - ok
09:59:06.0457 4900 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:59:06.0462 4900 Dnscache - ok
09:59:06.0502 4900 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
09:59:06.0507 4900 dot3svc - ok
09:59:06.0528 4900 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
09:59:06.0533 4900 DPS - ok
09:59:06.0586 4900 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:59:06.0588 4900 drmkaud - ok
09:59:06.0640 4900 [ FB38473835476A6FB272215A1D972AF9 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
09:59:06.0645 4900 dtsoftbus01 - ok
09:59:06.0698 4900 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:59:06.0717 4900 DXGKrnl - ok
09:59:06.0773 4900 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
09:59:06.0777 4900 EapHost - ok
09:59:06.0927 4900 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
09:59:07.0054 4900 ebdrv - ok
09:59:07.0086 4900 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
09:59:07.0089 4900 EFS - ok
09:59:07.0160 4900 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:59:07.0189 4900 ehRecvr - ok
09:59:07.0213 4900 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
09:59:07.0220 4900 ehSched - ok
09:59:07.0266 4900 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:59:07.0292 4900 elxstor - ok
09:59:07.0326 4900 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:59:07.0327 4900 ErrDev - ok
09:59:07.0420 4900 [ DF96C3CD6AE15F6D0A6BCB70F9C1E88D ] esgiguard C:\Program Files\SpyHunter\esgiguard.sys
09:59:07.0425 4900 esgiguard - ok
09:59:07.0497 4900 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
09:59:07.0507 4900 EventSystem - ok
09:59:07.0554 4900 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
09:59:07.0563 4900 exfat - ok
09:59:07.0621 4900 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:59:07.0625 4900 fastfat - ok
09:59:07.0681 4900 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
09:59:07.0698 4900 Fax - ok
09:59:07.0736 4900 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
09:59:07.0738 4900 fdc - ok
09:59:07.0749 4900 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
09:59:07.0751 4900 fdPHost - ok
09:59:07.0769 4900 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
09:59:07.0773 4900 FDResPub - ok
09:59:07.0790 4900 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:59:07.0792 4900 FileInfo - ok
09:59:07.0812 4900 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:59:07.0814 4900 Filetrace - ok
09:59:07.0863 4900 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:59:07.0880 4900 FLEXnet Licensing Service - ok
09:59:07.0901 4900 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
09:59:07.0903 4900 flpydisk - ok
09:59:07.0935 4900 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:59:07.0940 4900 FltMgr - ok
09:59:07.0991 4900 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
09:59:08.0023 4900 FontCache - ok
09:59:08.0092 4900 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:59:08.0097 4900 FontCache3.0.0.0 - ok
09:59:08.0172 4900 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:59:08.0175 4900 FsDepends - ok
09:59:08.0251 4900 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:59:08.0255 4900 Fs_Rec - ok
09:59:08.0303 4900 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:59:08.0307 4900 fvevol - ok
09:59:08.0371 4900 [ CBC22823628544735625B280665E434E ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
09:59:08.0373 4900 FwLnk - ok
09:59:08.0399 4900 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:59:08.0402 4900 gagp30kx - ok
09:59:08.0531 4900 [ 3EAFDD637416393722AA98E940DFD0A0 ] GameConsoleService C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
09:59:08.0571 4900 GameConsoleService - ok
09:59:08.0634 4900 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
09:59:08.0639 4900 GEARAspiWDM - ok
09:59:08.0697 4900 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
09:59:08.0714 4900 gpsvc - ok
09:59:08.0788 4900 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:59:08.0798 4900 gusvc - ok
09:59:08.0833 4900 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:59:08.0836 4900 hcw85cir - ok
09:59:08.0860 4900 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:59:08.0863 4900 HDAudBus - ok
09:59:08.0880 4900 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
09:59:08.0883 4900 HidBatt - ok
09:59:08.0901 4900 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:59:08.0904 4900 HidBth - ok
09:59:08.0936 4900 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
09:59:08.0938 4900 HidIr - ok
09:59:08.0971 4900 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
09:59:08.0974 4900 hidserv - ok
09:59:09.0018 4900 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:59:09.0020 4900 HidUsb - ok
09:59:09.0053 4900 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:59:09.0056 4900 hkmsvc - ok
09:59:09.0077 4900 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:59:09.0083 4900 HomeGroupListener - ok
09:59:09.0118 4900 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:59:09.0124 4900 HomeGroupProvider - ok
09:59:09.0142 4900 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:59:09.0144 4900 HpSAMD - ok
09:59:09.0173 4900 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:59:09.0183 4900 HTTP - ok
09:59:09.0197 4900 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:59:09.0197 4900 hwpolicy - ok
09:59:09.0236 4900 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:59:09.0239 4900 i8042prt - ok
09:59:09.0284 4900 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:59:09.0291 4900 iaStorV - ok
09:59:09.0395 4900 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:59:09.0400 4900 IDriverT - ok
09:59:09.0488 4900 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:59:09.0525 4900 idsvc - ok
09:59:09.0568 4900 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:59:09.0571 4900 iirsp - ok
09:59:09.0615 4900 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
09:59:09.0636 4900 IKEEXT - ok
09:59:09.0732 4900 [ B9CBD3DEA7CA02868621173BF7A2AF9F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:59:09.0808 4900 IntcAzAudAddService - ok
09:59:09.0845 4900 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
09:59:09.0852 4900 intelide - ok
09:59:09.0883 4900 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
09:59:09.0885 4900 intelppm - ok
09:59:09.0904 4900 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:59:09.0907 4900 IPBusEnum - ok
09:59:09.0957 4900 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:59:09.0960 4900 IpFilterDriver - ok
09:59:10.0012 4900 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:59:10.0019 4900 IPMIDRV - ok
09:59:10.0052 4900 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:59:10.0055 4900 IPNAT - ok
09:59:10.0149 4900 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:59:10.0182 4900 iPod Service - ok
09:59:10.0217 4900 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:59:10.0218 4900 IRENUM - ok
09:59:10.0233 4900 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:59:10.0235 4900 isapnp - ok
09:59:10.0253 4900 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:59:10.0258 4900 iScsiPrt - ok
09:59:10.0355 4900 [ 957135960E7533EA5C7EA0BFB34F8EFD ] jswpsapi C:\Program Files\Jumpstart\jswpsapi.exe
09:59:10.0388 4900 jswpsapi - ok
09:59:10.0412 4900 [ 11AD410F41AF42BA12E63187E3EC141A ] jswpslwf C:\Windows\system32\DRIVERS\jswpslwf.sys
09:59:10.0415 4900 jswpslwf - ok
09:59:10.0445 4900 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:59:10.0448 4900 kbdclass - ok
09:59:10.0466 4900 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:59:10.0468 4900 kbdhid - ok
09:59:10.0480 4900 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
09:59:10.0482 4900 KeyIso - ok
09:59:10.0531 4900 [ E8CA038F51F7761BD6E3A3B0B8014263 ] KR10I C:\Windows\system32\drivers\kr10i.sys
09:59:10.0535 4900 KR10I - ok
09:59:10.0576 4900 [ 6A4ADB9186DD0E114E623DAF57E42B31 ] KR10N C:\Windows\system32\drivers\kr10n.sys
09:59:10.0585 4900 KR10N - ok
09:59:10.0641 4900 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:59:10.0643 4900 KSecDD - ok
09:59:10.0669 4900 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:59:10.0673 4900 KSecPkg - ok
09:59:10.0703 4900 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
09:59:10.0711 4900 KtmRm - ok
09:59:10.0784 4900 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
09:59:10.0818 4900 LanmanServer - ok
09:59:10.0862 4900 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:59:10.0870 4900 LanmanWorkstation - ok
09:59:10.0915 4900 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:59:10.0919 4900 lltdio - ok
09:59:10.0959 4900 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:59:10.0966 4900 lltdsvc - ok
09:59:10.0985 4900 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
09:59:10.0989 4900 lmhosts - ok
09:59:11.0028 4900 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:59:11.0034 4900 LSI_FC - ok
09:59:11.0065 4900 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:59:11.0068 4900 LSI_SAS - ok
09:59:11.0085 4900 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
09:59:11.0087 4900 LSI_SAS2 - ok
09:59:11.0100 4900 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:59:11.0103 4900 LSI_SCSI - ok
09:59:11.0118 4900 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
09:59:11.0120 4900 luafv - ok
09:59:11.0150 4900 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:59:11.0154 4900 Mcx2Svc - ok
09:59:11.0170 4900 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
09:59:11.0180 4900 megasas - ok
09:59:11.0196 4900 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
09:59:11.0202 4900 MegaSR - ok
09:59:11.0279 4900 Microsoft SharePoint Workspace Audit Service - ok
09:59:11.0323 4900 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
09:59:11.0329 4900 MMCSS - ok
09:59:11.0347 4900 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
09:59:11.0351 4900 Modem - ok
09:59:11.0379 4900 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:59:11.0382 4900 monitor - ok
09:59:11.0436 4900 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:59:11.0438 4900 mouclass - ok
09:59:11.0479 4900 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:59:11.0481 4900 mouhid - ok
09:59:11.0506 4900 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:59:11.0510 4900 mountmgr - ok
09:59:11.0593 4900 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:59:11.0598 4900 MozillaMaintenance - ok
09:59:11.0628 4900 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
09:59:11.0634 4900 mpio - ok
09:59:11.0659 4900 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:59:11.0661 4900 mpsdrv - ok
09:59:11.0706 4900 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:59:11.0710 4900 MRxDAV - ok
09:59:11.0758 4900 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:59:11.0762 4900 mrxsmb - ok
09:59:11.0798 4900 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:59:11.0803 4900 mrxsmb10 - ok
09:59:11.0820 4900 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:59:11.0823 4900 mrxsmb20 - ok
09:59:11.0839 4900 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
09:59:11.0842 4900 msahci - ok
09:59:11.0867 4900 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:59:11.0870 4900 msdsm - ok
09:59:11.0903 4900 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
09:59:11.0908 4900 MSDTC - ok
09:59:11.0941 4900 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:59:11.0943 4900 Msfs - ok
09:59:11.0960 4900 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:59:11.0962 4900 mshidkmdf - ok
09:59:11.0974 4900 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:59:11.0975 4900 msisadrv - ok
09:59:12.0020 4900 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:59:12.0025 4900 MSiSCSI - ok
09:59:12.0033 4900 msiserver - ok
09:59:12.0071 4900 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:59:12.0073 4900 MSKSSRV - ok
09:59:12.0102 4900 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:59:12.0104 4900 MSPCLOCK - ok
09:59:12.0115 4900 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:59:12.0117 4900 MSPQM - ok
09:59:12.0151 4900 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:59:12.0155 4900 MsRPC - ok
09:59:12.0175 4900 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:59:12.0177 4900 mssmbios - ok
09:59:12.0186 4900 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:59:12.0187 4900 MSTEE - ok
09:59:12.0217 4900 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
09:59:12.0219 4900 MTConfig - ok
09:59:12.0240 4900 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
09:59:12.0242 4900 Mup - ok
09:59:12.0278 4900 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
09:59:12.0286 4900 napagent - ok
09:59:12.0343 4900 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:59:12.0349 4900 NativeWifiP - ok
09:59:12.0394 4900 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:59:12.0409 4900 NDIS - ok
09:59:12.0452 4900 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:59:12.0454 4900 NdisCap - ok
09:59:12.0487 4900 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:59:12.0489 4900 NdisTapi - ok
09:59:12.0502 4900 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:59:12.0505 4900 Ndisuio - ok
09:59:12.0517 4900 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:59:12.0521 4900 NdisWan - ok
09:59:12.0534 4900 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:59:12.0537 4900 NDProxy - ok
09:59:12.0553 4900 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:59:12.0555 4900 NetBIOS - ok
09:59:12.0576 4900 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:59:12.0580 4900 NetBT - ok
09:59:12.0594 4900 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
09:59:12.0596 4900 Netlogon - ok
09:59:12.0642 4900 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
09:59:12.0649 4900 Netman - ok
09:59:12.0722 4900 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
09:59:12.0730 4900 netprofm - ok
09:59:12.0794 4900 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:59:12.0798 4900 NetTcpPortSharing - ok
09:59:12.0851 4900 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:59:12.0854 4900 nfrd960 - ok
09:59:12.0883 4900 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:59:12.0890 4900 NlaSvc - ok
09:59:12.0905 4900 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:59:12.0907 4900 Npfs - ok
09:59:12.0936 4900 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
09:59:12.0939 4900 nsi - ok
09:59:12.0954 4900 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:59:12.0954 4900 nsiproxy - ok
09:59:13.0010 4900 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:59:13.0044 4900 Ntfs - ok
09:59:13.0071 4900 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
09:59:13.0073 4900 Null - ok
09:59:13.0098 4900 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:59:13.0102 4900 nvraid - ok
09:59:13.0136 4900 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:59:13.0140 4900 nvstor - ok
09:59:13.0173 4900 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:59:13.0176 4900 nv_agp - ok
09:59:13.0194 4900 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:59:13.0196 4900 ohci1394 - ok
09:59:13.0271 4900 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:59:13.0282 4900 ose - ok
09:59:13.0453 4900 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:59:13.0601 4900 osppsvc - ok
09:59:13.0655 4900 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:59:13.0662 4900 p2pimsvc - ok
09:59:13.0734 4900 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
09:59:13.0743 4900 p2psvc - ok
09:59:13.0828 4900 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
09:59:13.0834 4900 Parport - ok
09:59:13.0872 4900 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:59:13.0876 4900 partmgr - ok
09:59:13.0891 4900 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
09:59:13.0893 4900 Parvdm - ok
09:59:13.0933 4900 [ 3ADB8BD6154A3EF87496E8FCE9C22493 ] pavboot C:\Windows\system32\drivers\pavboot.sys
09:59:13.0935 4900 pavboot - ok
09:59:13.0953 4900 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:59:13.0959 4900 PcaSvc - ok
09:59:13.0974 4900 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
09:59:13.0977 4900 pci - ok
09:59:13.0991 4900 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
09:59:13.0993 4900 pciide - ok
09:59:14.0018 4900 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:59:14.0022 4900 pcmcia - ok
09:59:14.0032 4900 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
09:59:14.0035 4900 pcw - ok
09:59:14.0070 4900 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:59:14.0085 4900 PEAUTH - ok
09:59:14.0136 4900 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:59:14.0170 4900 PeerDistSvc - ok
09:59:14.0252 4900 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
09:59:14.0298 4900 pla - ok
09:59:14.0346 4900 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:59:14.0355 4900 PlugPlay - ok
09:59:14.0367 4900 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:59:14.0372 4900 PNRPAutoReg - ok
09:59:14.0400 4900 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:59:14.0406 4900 PNRPsvc - ok
09:59:14.0436 4900 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:59:14.0445 4900 PolicyAgent - ok
09:59:14.0488 4900 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
09:59:14.0494 4900 Power - ok
09:59:14.0540 4900 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:59:14.0543 4900 PptpMiniport - ok
09:59:14.0568 4900 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
09:59:14.0571 4900 Processor - ok
09:59:14.0630 4900 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
09:59:14.0636 4900 ProfSvc - ok
09:59:14.0652 4900 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:59:14.0654 4900 ProtectedStorage - ok
09:59:14.0670 4900 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:59:14.0673 4900 Psched - ok
09:59:14.0709 4900 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
09:59:14.0712 4900 PxHelp20 - ok
09:59:14.0771 4900 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:59:14.0818 4900 ql2300 - ok
09:59:14.0865 4900 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:59:14.0868 4900 ql40xx - ok
09:59:14.0908 4900 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
09:59:14.0915 4900 QWAVE - ok
09:59:14.0927 4900 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:59:14.0929 4900 QWAVEdrv - ok
09:59:14.0944 4900 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:59:14.0946 4900 RasAcd - ok
09:59:14.0980 4900 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:59:14.0982 4900 RasAgileVpn - ok
09:59:15.0000 4900 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
09:59:15.0005 4900 RasAuto - ok
09:59:15.0025 4900 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:59:15.0028 4900 Rasl2tp - ok
09:59:15.0064 4900 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
09:59:15.0072 4900 RasMan - ok
09:59:15.0092 4900 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:59:15.0094 4900 RasPppoe - ok
09:59:15.0126 4900 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:59:15.0129 4900 RasSstp - ok
09:59:15.0146 4900 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:59:15.0151 4900 rdbss - ok
09:59:15.0168 4900 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:59:15.0170 4900 rdpbus - ok
09:59:15.0182 4900 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:59:15.0183 4900 RDPCDD - ok
09:59:15.0226 4900 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:59:15.0230 4900 RDPDR - ok
09:59:15.0259 4900 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:59:15.0260 4900 RDPENCDD - ok
09:59:15.0271 4900 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:59:15.0272 4900 RDPREFMP - ok
09:59:15.0312 4900 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:59:15.0314 4900 RdpVideoMiniport - ok
09:59:15.0367 4900 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:59:15.0372 4900 RDPWD - ok
09:59:15.0412 4900 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:59:15.0417 4900 rdyboost - ok
09:59:15.0455 4900 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
09:59:15.0461 4900 RemoteAccess - ok
09:59:15.0495 4900 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:59:15.0503 4900 RemoteRegistry - ok
09:59:15.0530 4900 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:59:15.0535 4900 RpcEptMapper - ok
09:59:15.0568 4900 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
09:59:15.0571 4900 RpcLocator - ok
09:59:15.0601 4900 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
09:59:15.0607 4900 RpcSs - ok
09:59:15.0664 4900 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:59:15.0669 4900 rspndr - ok
09:59:15.0712 4900 [ 912C0A8C7E9B2467CF6DAE1B64B72779 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
09:59:15.0717 4900 RTL8169 - ok
09:59:15.0745 4900 [ D1FB9A678BD6C2B1129FCB09D5FEB6DD ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
09:59:15.0748 4900 RTSTOR - ok
09:59:15.0782 4900 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:59:15.0784 4900 s3cap - ok
09:59:15.0810 4900 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
09:59:15.0814 4900 SamSs - ok
09:59:15.0857 4900 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:59:15.0862 4900 sbp2port - ok
09:59:15.0903 4900 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:59:15.0910 4900 SCardSvr - ok
09:59:15.0937 4900 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:59:15.0940 4900 scfilter - ok
09:59:15.0978 4900 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
09:59:15.0999 4900 Schedule - ok
09:59:16.0025 4900 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:59:16.0027 4900 SCPolicySvc - ok
09:59:16.0051 4900 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:59:16.0057 4900 SDRSVC - ok
09:59:16.0080 4900 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:59:16.0083 4900 secdrv - ok
09:59:16.0093 4900 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
09:59:16.0098 4900 seclogon - ok
09:59:16.0123 4900 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
09:59:16.0128 4900 SENS - ok
09:59:16.0156 4900 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:59:16.0161 4900 SensrSvc - ok
09:59:16.0184 4900 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
09:59:16.0186 4900 Serenum - ok
09:59:16.0214 4900 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
09:59:16.0217 4900 Serial - ok
09:59:16.0246 4900 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:59:16.0247 4900 sermouse - ok
09:59:16.0292 4900 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
09:59:16.0298 4900 SessionEnv - ok
09:59:16.0325 4900 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:59:16.0327 4900 sffdisk - ok
09:59:16.0348 4900 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:59:16.0350 4900 sffp_mmc - ok
09:59:16.0380 4900 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:59:16.0382 4900 sffp_sd - ok
09:59:16.0409 4900 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:59:16.0412 4900 sfloppy - ok
09:59:16.0446 4900 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:59:16.0454 4900 ShellHWDetection - ok
09:59:16.0500 4900 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:59:16.0503 4900 sisagp - ok
09:59:16.0545 4900 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
09:59:16.0547 4900 SiSRaid2 - ok
09:59:16.0573 4900 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:59:16.0576 4900 SiSRaid4 - ok
09:59:16.0607 4900 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:59:16.0609 4900 Smb - ok
09:59:16.0654 4900 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:59:16.0658 4900 SNMPTRAP - ok
09:59:16.0687 4900 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
09:59:16.0689 4900 spldr - ok
09:59:16.0713 4900 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
09:59:16.0722 4900 Spooler - ok
09:59:16.0885 4900 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
09:59:16.0995 4900 sppsvc - ok
09:59:17.0014 4900 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:59:17.0021 4900 sppuinotify - ok
09:59:17.0074 4900 [ D15DA1BA189770D93EEA2D7E18F95AF9 ] sptd C:\Windows\System32\Drivers\sptd.sys
09:59:17.0091 4900 sptd - ok
09:59:17.0141 4900 SpyHunter 4 Service - ok
09:59:17.0193 4900 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:59:17.0202 4900 srv - ok
09:59:17.0228 4900 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:59:17.0235 4900 srv2 - ok
09:59:17.0268 4900 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:59:17.0272 4900 srvnet - ok
09:59:17.0295 4900 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:59:17.0302 4900 SSDPSRV - ok
09:59:17.0332 4900 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:59:17.0337 4900 SstpSvc - ok
09:59:17.0356 4900 Steam Client Service - ok
09:59:17.0389 4900 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
09:59:17.0392 4900 stexstor - ok
09:59:17.0444 4900 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
09:59:17.0464 4900 StiSvc - ok
09:59:17.0509 4900 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:59:17.0512 4900 storflt - ok
09:59:17.0539 4900 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:59:17.0543 4900 storvsc - ok
09:59:17.0613 4900 [ 3E4239B92139F7174A0DA7D53FE5E1AB ] SVRPEDRV C:\Windows\System32\sysprep\PEDrv.sys
09:59:17.0617 4900 SVRPEDRV - ok
09:59:17.0650 4900 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:59:17.0656 4900 swenum - ok
09:59:17.0736 4900 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
09:59:17.0746 4900 swprv - ok
09:59:17.0785 4900 [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
09:59:17.0793 4900 Synth3dVsc - ok
09:59:17.0838 4900 [ 70534D1E4F9AC990536D5FB5B550B3DE ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:59:17.0843 4900 SynTP - ok
09:59:17.0892 4900 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
09:59:17.0926 4900 SysMain - ok
09:59:17.0986 4900 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:59:17.0994 4900 TabletInputService - ok
09:59:18.0036 4900 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
09:59:18.0050 4900 TapiSrv - ok
09:59:18.0062 4900 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
09:59:18.0066 4900 TBS - ok
09:59:18.0121 4900 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:59:18.0155 4900 Tcpip - ok
09:59:18.0215 4900 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:59:18.0226 4900 TCPIP6 - ok
09:59:18.0269 4900 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:59:18.0272 4900 tcpipreg - ok
09:59:18.0308 4900 [ 6FDFBA25002CE4BAC463AC866AE71405 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
09:59:18.0314 4900 tdcmdpst - ok
09:59:18.0338 4900 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:59:18.0347 4900 TDPIPE - ok
09:59:18.0375 4900 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:59:18.0377 4900 TDTCP - ok
09:59:18.0413 4900 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:59:18.0416 4900 tdx - ok
09:59:18.0435 4900 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:59:18.0437 4900 TermDD - ok
09:59:18.0471 4900 [ 052306FD76793D5D5AB5D9891FD1ADBB ] terminpt C:\Windows\system32\drivers\terminpt.sys
09:59:18.0474 4900 terminpt - ok
09:59:18.0512 4900 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
09:59:18.0531 4900 TermService - ok
09:59:18.0548 4900 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
09:59:18.0553 4900 Themes - ok
09:59:18.0573 4900 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
09:59:18.0575 4900 THREADORDER - ok
09:59:18.0650 4900 [ 08BBFD363517D30B26765198E49E448B ] TNaviSrv C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
09:59:18.0659 4900 TNaviSrv - ok
09:59:18.0697 4900 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
09:59:18.0704 4900 TrkWks - ok
09:59:18.0767 4900 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:59:18.0773 4900 TrustedInstaller - ok
09:59:18.0845 4900 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:59:18.0852 4900 tssecsrv - ok
09:59:18.0886 4900 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:59:18.0889 4900 TsUsbFlt - ok
09:59:18.0920 4900 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
09:59:18.0923 4900 TsUsbGD - ok
09:59:18.0969 4900 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
09:59:18.0975 4900 tsusbhub - ok
09:59:19.0000 4900 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:59:19.0003 4900 tunnel - ok
09:59:19.0058 4900 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
09:59:19.0060 4900 TVALZ - ok
09:59:19.0077 4900 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:59:19.0081 4900 uagp35 - ok
09:59:19.0098 4900 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:59:19.0103 4900 udfs - ok
09:59:19.0139 4900 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:59:19.0143 4900 UI0Detect - ok
09:59:19.0168 4900 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:59:19.0170 4900 uliagpkx - ok
09:59:19.0200 4900 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:59:19.0203 4900 umbus - ok
09:59:19.0228 4900 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
09:59:19.0231 4900 UmPass - ok
09:59:19.0275 4900 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
09:59:19.0282 4900 UmRdpService - ok
09:59:19.0300 4900 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
09:59:19.0309 4900 upnphost - ok
09:59:19.0359 4900 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
09:59:19.0361 4900 USBAAPL - ok
09:59:19.0398 4900 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:59:19.0401 4900 usbccgp - ok
09:59:19.0432 4900 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:59:19.0435 4900 usbcir - ok
09:59:19.0460 4900 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:59:19.0463 4900 usbehci - ok
09:59:19.0505 4900 [ 19999CA8E83F16D271AFC467B84718D7 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
09:59:19.0508 4900 usbfilter - ok
09:59:19.0544 4900 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:59:19.0550 4900 usbhub - ok
09:59:19.0558 4900 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:59:19.0560 4900 usbohci - ok
09:59:19.0579 4900 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:59:19.0584 4900 usbprint - ok
09:59:19.0642 4900 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:59:19.0644 4900 usbscan - ok
09:59:19.0691 4900 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:59:19.0693 4900 USBSTOR - ok
09:59:19.0720 4900 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:59:19.0722 4900 usbuhci - ok
09:59:19.0826 4900 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
09:59:19.0830 4900 usbvideo - ok
09:59:19.0910 4900 [ 8C5094A8AB24DE7496C7C19942F2DF04 ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS
09:59:19.0913 4900 UVCFTR - ok
09:59:19.0971 4900 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
09:59:19.0975 4900 UxSms - ok
09:59:19.0988 4900 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
09:59:19.0990 4900 VaultSvc - ok
09:59:20.0034 4900 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:59:20.0036 4900 vdrvroot - ok
09:59:20.0075 4900 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
09:59:20.0093 4900 vds - ok
09:59:20.0106 4900 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:59:20.0108 4900 vga - ok
09:59:20.0129 4900 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:59:20.0131 4900 VgaSave - ok
09:59:20.0140 4900 VGPU - ok
09:59:20.0162 4900 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:59:20.0167 4900 vhdmp - ok
09:59:20.0196 4900 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:59:20.0199 4900 viaagp - ok
09:59:20.0210 4900 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
09:59:20.0213 4900 ViaC7 - ok
09:59:20.0233 4900 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
09:59:20.0235 4900 viaide - ok
09:59:20.0264 4900 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:59:20.0271 4900 vmbus - ok
09:59:20.0288 4900 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:59:20.0291 4900 VMBusHID - ok
09:59:20.0304 4900 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:59:20.0306 4900 volmgr - ok
09:59:20.0332 4900 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:59:20.0338 4900 volmgrx - ok
09:59:20.0362 4900 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:59:20.0368 4900 volsnap - ok
09:59:20.0390 4900 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:59:20.0394 4900 vsmraid - ok
09:59:20.0446 4900 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
09:59:20.0480 4900 VSS - ok
09:59:20.0508 4900 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:59:20.0512 4900 vwifibus - ok
09:59:20.0535 4900 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:59:20.0537 4900 vwififlt - ok
09:59:20.0569 4900 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:59:20.0571 4900 vwifimp - ok
09:59:20.0597 4900 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
09:59:20.0605 4900 W32Time - ok
09:59:20.0623 4900 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:59:20.0625 4900 WacomPen - ok
09:59:20.0645 4900 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:59:20.0648 4900 WANARP - ok
09:59:20.0656 4900 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:59:20.0658 4900 Wanarpv6 - ok
09:59:20.0730 4900 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:59:20.0778 4900 WatAdminSvc - ok
09:59:20.0868 4900 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
09:59:20.0913 4900 wbengine - ok
09:59:20.0938 4900 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:59:20.0945 4900 WbioSrvc - ok
09:59:20.0963 4900 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:59:20.0974 4900 wcncsvc - ok
09:59:20.0992 4900 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:59:20.0997 4900 WcsPlugInService - ok
09:59:21.0027 4900 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
09:59:21.0030 4900 Wd - ok
09:59:21.0054 4900 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:59:21.0063 4900 Wdf01000 - ok
09:59:21.0077 4900 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:59:21.0082 4900 WdiServiceHost - ok
09:59:21.0086 4900 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:59:21.0090 4900 WdiSystemHost - ok
09:59:21.0118 4900 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
09:59:21.0135 4900 WebClient - ok
09:59:21.0154 4900 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:59:21.0161 4900 Wecsvc - ok
09:59:21.0177 4900 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:59:21.0183 4900 wercplsupport - ok
09:59:21.0217 4900 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
09:59:21.0223 4900 WerSvc - ok
09:59:21.0262 4900 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:59:21.0266 4900 WfpLwf - ok
09:59:21.0293 4900 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:59:21.0295 4900 WIMMount - ok
09:59:21.0307 4900 WinHttpAutoProxySvc - ok
09:59:21.0375 4900 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:59:21.0379 4900 Winmgmt - ok
09:59:21.0433 4900 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
09:59:21.0504 4900 WinRM - ok
09:59:21.0631 4900 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:59:21.0635 4900 WinUsb - ok
09:59:21.0692 4900 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:59:21.0724 4900 Wlansvc - ok
09:59:21.0893 4900 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:59:21.0943 4900 wlidsvc - ok
09:59:21.0975 4900 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:59:21.0978 4900 WmiAcpi - ok
09:59:22.0026 4900 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:59:22.0031 4900 wmiApSrv - ok
09:59:22.0130 4900 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:59:22.0168 4900 WMPNetworkSvc - ok
09:59:22.0215 4900 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:59:22.0220 4900 WPCSvc - ok
09:59:22.0236 4900 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:59:22.0242 4900 WPDBusEnum - ok
09:59:22.0249 4900 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:59:22.0251 4900 ws2ifsl - ok
09:59:22.0259 4900 WSearch - ok
09:59:22.0284 4900 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:59:22.0295 4900 WudfPf - ok
09:59:22.0327 4900 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:59:22.0331 4900 WUDFRd - ok
09:59:22.0359 4900 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:59:22.0364 4900 wudfsvc - ok
09:59:22.0390 4900 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:59:22.0398 4900 WwanSvc - ok
09:59:22.0419 4900 ================ Scan global ===============================
09:59:22.0445 4900 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
09:59:22.0477 4900 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
09:59:22.0500 4900 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
09:59:22.0533 4900 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:59:22.0584 4900 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
09:59:22.0592 4900 [Global] - ok
09:59:22.0593 4900 ================ Scan MBR ==================================
09:59:22.0617 4900 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:59:22.0618 4900 Suspicious mbr (Forged): \Device\Harddisk0\DR0
09:59:22.0674 4900 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
09:59:22.0674 4900 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
09:59:22.0687 4900 ================ Scan VBR ==================================
09:59:22.0708 4900 [ 9C305A7357B0FAD96B9717AD574C3464 ] \Device\Harddisk0\DR0\Partition1
09:59:22.0718 4900 \Device\Harddisk0\DR0\Partition1 - ok
09:59:22.0719 4900 ============================================================
09:59:22.0719 4900 Scan finished
09:59:22.0719 4900 ============================================================
09:59:22.0744 5984 Detected object count: 1
09:59:22.0745 5984 Actual detected object count: 1
09:59:30.0443 5984 \Device\Harddisk0\DR0\# - copied to quarantine
09:59:30.0447 5984 \Device\Harddisk0\DR0 - copied to quarantine
09:59:30.0480 5984 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
09:59:30.0493 5984 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
09:59:30.0496 5984 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
09:59:30.0501 5984 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
09:59:30.0507 5984 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
09:59:30.0508 5984 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
09:59:30.0523 5984 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
09:59:30.0532 5984 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
09:59:30.0534 5984 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
09:59:30.0536 5984 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
09:59:30.0538 5984 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
09:59:30.0542 5984 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
09:59:30.0543 5984 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
09:59:30.0545 5984 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
09:59:30.0551 5984 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
09:59:30.0552 5984 \Device\Harddisk0\DR0 - ok
09:59:30.0665 5984 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
10:00:09.0123 4828 Deinitialize success





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-22 10:20:06
-----------------------------
10:20:06.990 OS Version: Windows 6.1.7601 Service Pack 1
10:20:06.990 Number of processors: 2 586 0x301
10:20:06.992 ComputerName: OWNER-PC UserName: owner
10:20:18.448 Initialize success
10:20:34.068 AVAST engine defs: 12082200
10:21:04.500 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:21:04.513 Disk 0 Vendor: WDC_WD2500BEVS-26UST0 01.01A01 Size: 238475MB BusType: 11
10:21:04.552 Disk 0 MBR read successfully
10:21:04.560 Disk 0 MBR scan
10:21:04.573 Disk 0 Windows 7 default MBR code
10:21:04.590 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
10:21:04.606 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 230934 MB offset 3074048
10:21:04.645 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 6040 MB offset 476026880
10:21:04.659 Disk 0 scanning sectors +488396800
10:21:04.765 Disk 0 scanning C:\Windows\system32\drivers
10:21:18.619 Service scanning
10:21:45.411 Service TNaviSrv C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe **INFECTED** Win32:Patched-WQ [Trj]
10:21:51.250 Modules scanning
10:22:00.230 Disk 0 trace - called modules:
10:22:00.252 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
10:22:00.259 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84b06030]
10:22:00.268 3 CLASSPNP.SYS[8a18859e] -> nt!IofCallDriver -> [0x84f8f5c8]
10:22:00.276 5 ACPI.sys[89bbc3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84f9c908]
10:22:01.936 AVAST engine scan C:\Windows
10:22:06.228 AVAST engine scan C:\Windows\system32
10:24:44.501 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
10:24:44.552 File: C:\Windows\assembly\GAC\Desktop_ini.vir **INFECTED** Win32:Sirefef-PL [Rtk]
10:24:44.597 File: C:\Windows\assembly\GAC\Desktop_ini.vir0 **INFECTED** Win32:Sirefef-PL [Rtk]
10:25:18.074 File: C:\Windows\assembly\GAC_MSIL\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
10:26:20.160 AVAST engine scan C:\Windows\system32\drivers
10:26:35.314 AVAST engine scan C:\Users\owner
10:26:35.525 File: C:\Users\owner\0.38779996927909455.exe **INFECTED** Win32:Alureon-AVP [Trj]
10:32:32.747 File: C:\Users\owner\AppData\Local\Temp\D2EF.tmp **INFECTED** Win32:Alureon-AVS [Trj]
10:32:45.140 File: C:\Users\owner\AppData\Local\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\n.vir **INFECTED** Win32:Sirefef-PL [Rtk]
10:33:02.390 File: C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\bde05a-28dc62f0 **INFECTED** Win32:MalOb-GR [Cryp]
10:34:14.009 File: C:\Users\owner\AppData\Roaming\ss.exe **INFECTED** Win32:FakeRean [Trj]
10:34:19.624 File: C:\Users\owner\AppData\Roaming\Yghy\buodl.exe **INFECTED** Win32:Spyware-gen [Spy]
10:49:49.802 AVAST engine scan C:\ProgramData
10:49:49.983 File: C:\ProgramData\2jFf5J64.exe **INFECTED** Win32:Alureon-AVP [Trj]
10:50:20.428 File: C:\ProgramData\Microsoft\Windows\DRM\279C.tmp **INFECTED** Win32:Alureon-AVP [Trj]
10:50:20.586 File: C:\ProgramData\Microsoft\Windows\DRM\C798.tmp **INFECTED** Win32:Alureon-AVS [Trj]
10:51:46.362 Scan finished successfully
11:04:43.933 Disk 0 MBR has been saved successfully to "C:\Users\owner\Desktop\MBR.dat"
11:04:43.943 The log file has been saved successfully to "C:\Users\owner\Desktop\aswMBR.txt"

Edited by HOEDY, 22 August 2012 - 01:08 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 22 August 2012 - 12:43 PM

now i would like you to try and run combofix for me now



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 HOEDY

HOEDY
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 22 August 2012 - 01:16 PM

Combofix is running now and got to the cmd screen for the first time yet. It also asked me to update to a version releeased today and I did.

#8 HOEDY

HOEDY
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 22 August 2012 - 01:45 PM

Combofix ran and removed some things. After rebooting I saw a windows firewall message for the first time since this started and it was initially unable to be turned on because of the virus, it now seems to be on and protected. I had noticed that my recycle bin was moved to the left and put in order with my files before and I always put it on the bottom right and after combofix finished(and I saw in the other log file that desktop.ini was infected) the recycle bin is where i put it and my files are no longer in forced alpha order. I can't tell if the popups are gone unless I leave the computer idle for a bit but as of now it seems to be performing way better.



ComboFix 12-08-22.01 - owner 08/22/2012 11:13:04.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2814.1510 [GMT -7:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\2jFf5J64.exe
c:\users\owner\0.38779996927909455.exe
c:\users\owner\AppData\Local\gklq.exe
c:\users\owner\AppData\Local\hkoa.exe
c:\users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{19084048-36D8-4295-A6F0-CA5D9817C14A}.xps
c:\users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{72023599-5ABD-46D2-AE15-EC3C04019DEE}.xps
c:\users\owner\AppData\Local\oplw.exe
c:\users\owner\AppData\Local\upjf.exe
c:\users\owner\AppData\Roaming\Ixqiy
c:\users\owner\AppData\Roaming\Ixqiy\iwzu.meq
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
c:\users\owner\AppData\Roaming\Yghy
c:\users\owner\AppData\Roaming\Yghy\buodl.exe
c:\users\owner\Documents\~WRL3836.tmp
c:\windows\Installer\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\@
c:\windows\Installer\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\L\00000004.@
c:\windows\Installer\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\L\201d3dde
c:\windows\Installer\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\n
c:\windows\Installer\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\U\00000004.@
c:\windows\Installer\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\U\00000008.@
c:\windows\Installer\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\U\000000cb.@
c:\windows\Installer\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\U\80000000.@
c:\windows\Installer\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\U\80000032.@
c:\windows\system32\config\systemprofile\0.1364040684914779.exe
c:\windows\system32\pt
c:\windows\system32\pt\smartfacevcp.dll.mui
c:\windows\system32\pt\toscdspd.cpl.mui
.
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe . . . is infected!!
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe . . . was deleted!! You should re-install the program it pertains to
.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
2012-08-22 18:25 . 2012-08-22 18:27 -------- d-----w- c:\users\owner\AppData\Local\temp
2012-08-22 18:25 . 2012-08-22 18:25 -------- d-----w- c:\users\TB2\AppData\Local\temp
2012-08-22 18:25 . 2012-08-22 18:25 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-22 18:25 . 2012-08-22 18:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-22 16:59 . 2012-08-22 16:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-19 23:24 . 2012-08-19 23:24 122880 ----a-w- c:\programdata\Microsoft\Windows\DRM\C798.tmp
2012-08-18 06:30 . 2012-08-18 06:30 -------- d-----w- c:\windows\Sun
2012-08-18 01:07 . 2012-08-18 01:07 184320 ----a-w- c:\programdata\Microsoft\Windows\DRM\279C.tmp
2012-08-11 03:46 . 2012-08-11 04:49 -------- d-----w- c:\program files\SpyHunter
2012-08-11 03:24 . 2012-08-11 03:24 -------- d-----w- c:\program files\Enigma Software Group
2012-08-11 03:23 . 2012-08-11 03:48 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-11 03:23 . 2012-08-11 03:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-08-11 03:03 . 2012-08-11 03:03 -------- d-----w- c:\users\owner\AppData\Roaming\SpeedyPC Software
2012-08-11 03:03 . 2012-08-11 03:03 -------- d-----w- c:\users\owner\AppData\Roaming\DriverCure
2012-08-11 03:03 . 2012-08-11 03:03 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-08-11 03:03 . 2012-08-11 03:03 -------- d-----w- c:\programdata\SpeedyPC Software
2012-08-11 03:03 . 2012-08-11 03:03 -------- d-----w- c:\program files\SpeedyPC Software
2012-08-09 18:28 . 2012-08-09 18:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-09 06:18 . 2012-08-09 06:18 -------- d-----w- C:\Valve
2012-08-09 06:18 . 2012-08-22 16:59 -------- d-----w- c:\users\owner\AppData\Roaming\Ivvyek
2012-08-07 21:00 . 2012-08-07 21:00 -------- d-----w- c:\users\owner\AppData\Local\Valve
2012-08-04 23:41 . 2012-08-04 23:41 -------- d-----w- c:\program files\iPod
2012-08-04 23:41 . 2012-08-04 23:42 -------- d-----w- c:\program files\iTunes
2012-08-04 22:38 . 2012-08-11 03:52 -------- d-----w- c:\users\owner\AppData\Local\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-11 02:36 . 2009-08-18 10:36 176128 ------w- c:\windows\system32\atiesrxx.exe
2012-08-11 02:35 . 2008-05-05 18:09 129632 ------w- c:\windows\system32\TODDSrv.exe
2012-08-09 18:28 . 2011-07-02 21:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-04 22:40 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-12 02:40 . 2012-07-12 10:01 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-11 10:10 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 10:10 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 10:10 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-21 09:28 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 09:28 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 09:28 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 09:28 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 09:28 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 09:28 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 09:28 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 09:28 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-21 09:28 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33 . 2012-07-12 10:06 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 10:06 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 10:06 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 10:06 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 10:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-11 10:10 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 10:10 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 10:10 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 10:10 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 10:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-07-18 21:40 . 2011-11-28 05:47 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"googletalk"="c:\users\owner\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 39408]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2009-04-08 2814976]
"Wootalyzer"="c:\program files\Wootalyzer\woot.exe" [2009-03-26 374272]
"Valve"="c:\users\owner\AppData\Local\Valve\lqsozimi.dll" [2012-05-28 1327104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RollerCoaster Tycoon 3 Registration.lnk - c:\users\owner\AppData\Local\Temp\{3585A715-9FB3-4537-B0FD-CCFD1B050B08}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2011-9-3 1106432]
TOSHIBA Face Recognition Watcher.lnk - c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2008-4-24 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [x]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [x]
R3 CyUsbNT;Cypress Manufacturing Driver;c:\windows\system32\Drivers\CyUsbNT.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;c:\program files\SpyHunter\esgiguard.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 pavboot;Panda Boot Driver;c:\windows\system32\drivers\pavboot.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-05 06:58]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 02:36]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 02:36]
.
2012-08-22 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-07-06 20:52]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 76.14.0.8 76.14.0.9 76.14.96.14
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t6vfxiar.default\
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Teytmi - c:\users\owner\AppData\Roaming\Yghy\buodl.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
SafeBoot-48340292.sys
SafeBoot-91795348.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-08-22 11:34:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-22 18:34
.
Pre-Run: 6,080,098,304 bytes free
Post-Run: 3,904,176,128 bytes free
.
- - End Of File - - 188319CFA255EFB27800806CB28F443E

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 22 August 2012 - 02:20 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\programdata\Microsoft\Windows\DRM
c:\users\owner\AppData\Roaming\SpeedyPC Software
c:\users\owner\AppData\Roaming\DriverCure
c:\program files\Common Files\SpeedyPC Software
c:\programdata\SpeedyPC Software
c:\program files\SpeedyPC Software
c:\users\owner\AppData\Roaming\Ivvyek
c:\users\owner\AppData\Local\Valve

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

Edited by gringo_pr, 23 August 2012 - 09:51 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 HOEDY

HOEDY
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 22 August 2012 - 10:11 PM

In taskmanager I still see some iexplorer.exe processes that shouldn't exist but I'm not getting any popups.

Here is te new combofix log.



ComboFix 12-08-22.03 - owner 08/22/2012 15:12:50.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2814.1604 [GMT -7:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
Command switches used :: c:\users\owner\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\SpeedyPC Software
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\ad_generic.jpg
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_md.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_mo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_pu.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_pu_md.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_pu_mo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\Logo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\min.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\min_md.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\min_mo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\progress_glow.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\topbar_gradient.png
c:\program files\Common Files\SpeedyPC Software\UUS3\LiteUnzip.dll
c:\program files\Common Files\SpeedyPC Software\UUS3\settings.xml
c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll
c:\program files\SpeedyPC Software
c:\program files\SpeedyPC Software\SpeedyPC\7ZipDLL.dll
c:\program files\SpeedyPC Software\SpeedyPC\colors.xml
c:\program files\SpeedyPC Software\SpeedyPC\CommonLoggingExtension.pxt
c:\program files\SpeedyPC Software\SpeedyPC\CommonSpecialist.pxt
c:\program files\SpeedyPC Software\SpeedyPC\ExtensionManager.dll
c:\program files\SpeedyPC Software\SpeedyPC\filecachedb.xml
c:\program files\SpeedyPC Software\SpeedyPC\HandleUpdate.dll
c:\program files\SpeedyPC Software\SpeedyPC\HTML\0_days.htm
c:\program files\SpeedyPC Software\SpeedyPC\HTML\1_days.htm
c:\program files\SpeedyPC Software\SpeedyPC\HTML\15_days.htm
c:\program files\SpeedyPC Software\SpeedyPC\HTML\2_days.htm
c:\program files\SpeedyPC Software\SpeedyPC\HTML\30_days.htm
c:\program files\SpeedyPC Software\SpeedyPC\HTML\5_days.htm
c:\program files\SpeedyPC Software\SpeedyPC\HTML\container_content_bkimg.gif
c:\program files\SpeedyPC Software\SpeedyPC\HTML\container_content_leftimg.gif
c:\program files\SpeedyPC Software\SpeedyPC\HTML\container_content_rightimg.gif
c:\program files\SpeedyPC Software\SpeedyPC\HTML\error_connect.html
c:\program files\SpeedyPC Software\SpeedyPC\HTML\images\10x10.gif
c:\program files\SpeedyPC Software\SpeedyPC\HTML\images\10x10tile.gif
c:\program files\SpeedyPC Software\SpeedyPC\HTML\images\contentwrapper.gif
c:\program files\SpeedyPC Software\SpeedyPC\HTML\images\error_internet.jpg
c:\program files\SpeedyPC Software\SpeedyPC\HTML\images\footerbarfill.gif
c:\program files\SpeedyPC Software\SpeedyPC\HTML\images\info_bubble.jpg
c:\program files\SpeedyPC Software\SpeedyPC\HTML\images\pcha_background.jpg
c:\program files\SpeedyPC Software\SpeedyPC\HTML\images\tile_footerbarbase.jpg
c:\program files\SpeedyPC Software\SpeedyPC\HTML\images\tile_subheadbarbase.jpg
c:\program files\SpeedyPC Software\SpeedyPC\HTML\images\tile_titlebarbase.jpg
c:\program files\SpeedyPC Software\SpeedyPC\HTML\main.css
c:\program files\SpeedyPC Software\SpeedyPC\HTML\main_error.css
c:\program files\SpeedyPC Software\SpeedyPC\HTML\package_titlebar_bkimg.jpg
c:\program files\SpeedyPC Software\SpeedyPC\HTML\uninstall\box_screen.jpg
c:\program files\SpeedyPC Software\SpeedyPC\HTML\uninstall\default_button.gif
c:\program files\SpeedyPC Software\SpeedyPC\HTML\uninstall\default_button_over.gif
c:\program files\SpeedyPC Software\SpeedyPC\HTML\uninstall\header_background.jpg
c:\program files\SpeedyPC Software\SpeedyPC\HTML\uninstall\index.html
c:\program files\SpeedyPC Software\SpeedyPC\Images\Audio\cancel.wav
c:\program files\SpeedyPC Software\SpeedyPC\Images\Audio\complete.wav
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\btn.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\btn_over.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_bho.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_defrag.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_file.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_generalsettings.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_ignore.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_junk.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_privacy.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_process.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_registry.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_schedule.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\button_startup.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\register.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\register_over.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\register_over_small.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\register_small.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\renew.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\renew_over.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\settings_button.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\settings_button_over.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\start.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\buttons\start_over.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\defrag\c_empty.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\defrag\c_frag.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\defrag\c_unfrag.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\defrag\c_unknown.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\defrag\c_unmove.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\bottom_logo.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\close.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\dlg_title.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\logo.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\max.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\min.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\register.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\register_close.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\register_close_over.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\register_over.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\renew.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\renew_over.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\restore.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\tab_bg.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\tabactive_bg.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\tabover_bg.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\tfn_bg.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\tfn_logo.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\title_bar.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\top_logo.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Frame\upper_divider.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\general\collapse.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\general\delete.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\general\expand.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\general\progress_glow.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\bho.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\dup_audio.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\dup_doc.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\dup_image.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\dup_other.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\dup_video.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\ig_drivers.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\ig_proc.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\ig_reg.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\junk.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\priv_3rd.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\priv_browser.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\priv_email.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\priv_fs.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\priv_im.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\priv_multi.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\priv_office.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\priv_other.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\priv_windows.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_apppath.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_com.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_dll.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_empty.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_extensions.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_filepath.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_font.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_help.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_shortcut.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_startup.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\reg_uninstall.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\group\startup.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_about.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_bho.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_clean.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_defrag.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_file.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_junk.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_junk_settings.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_malware.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_performance.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_privacy.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_process.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_registry.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_restore.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_settings.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_startup.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\header_tools.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\settings_general.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\settings_ignore.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\settings_privacy.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\settings_registry.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\headers\settings_schedule.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Icons\info.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Icons\warning.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\list\other.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\list\process\bho.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\list\process\process.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\list\process\startup.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_malware16.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_malware24.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_malware32.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_system16.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_system24.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_system32.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unknown16.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unknown24.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unknown32.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unwanted16.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unwanted24.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unwanted32.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_userapp16.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_userapp24.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_userapp32.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\animation\01.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\animation\02.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\animation\03.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\animation\04.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\animation\05.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\animation\06.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\animation\07.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\animation\08.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\animation\09.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\check.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\damage1.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\damage2.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\damage3.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\damage4.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\damage5.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\damage6.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\error.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\error_large.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\Fix.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\Fix_over.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\junk.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\malware.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\md5.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\privacy.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\process-animation.gif
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\rating_h.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\rating_h_scan.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\rating_l.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\rating_l_scan.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\rating_m.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\rating_m_scan.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\rating_mh.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\rating_mh_scan.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\rating_ml.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\rating_ml_scan.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\registry.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\security_high.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\security_low.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Scan\warning.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Tabs\overview.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Tabs\restore.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Tabs\scan.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Tabs\settings.png
c:\program files\SpeedyPC Software\SpeedyPC\Images\Tabs\tools.png
c:\program files\SpeedyPC Software\SpeedyPC\LiteUnzip.dll
c:\program files\SpeedyPC Software\SpeedyPC\LiteZip.dll
c:\program files\SpeedyPC Software\SpeedyPC\LogSettings.xml
c:\program files\SpeedyPC Software\SpeedyPC\MyResources.dll
c:\program files\SpeedyPC Software\SpeedyPC\privacy.db
c:\program files\SpeedyPC Software\SpeedyPC\RegHookSpecialist.pxt
c:\program files\SpeedyPC Software\SpeedyPC\SandBoxer.dll
c:\program files\SpeedyPC Software\SpeedyPC\settings.xml
c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe
c:\program files\SpeedyPC Software\SpeedyPC\sqlite3.dll
c:\program files\SpeedyPC Software\SpeedyPC\tfn.xml
c:\program files\SpeedyPC Software\SpeedyPC\uninstall.exe
c:\program files\SpeedyPC Software\SpeedyPC\UNS.xml
c:\program files\SpeedyPC Software\SpeedyPC\Utility.pxt
c:\program files\SpeedyPC Software\SpeedyPC\whitelist.dat
c:\programdata\Microsoft\Windows\DRM
c:\programdata\Microsoft\Windows\DRM\279C.tmp
c:\programdata\Microsoft\Windows\DRM\blackbox.bin
c:\programdata\Microsoft\Windows\DRM\C798.tmp
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-18\Indiv01.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-1063116495-4114681664-2467881189-1000\Indiv01.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-1063116495-4114681664-2467881189-1003\Indiv01.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.bla
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.key
c:\programdata\Microsoft\Windows\DRM\Cache\Indiv01.tmp
c:\programdata\Microsoft\Windows\DRM\drmstore.hds
c:\programdata\Microsoft\Windows\DRM\DRMv1.key
c:\programdata\Microsoft\Windows\DRM\IndivBox.key
c:\programdata\Microsoft\Windows\DRM\migration.log
c:\programdata\Microsoft\Windows\DRM\migration.log.source
c:\programdata\Microsoft\Windows\DRM\preupgrade\blackbox.bin
c:\programdata\Microsoft\Windows\DRM\preupgrade\drmstore.hds
c:\programdata\Microsoft\Windows\DRM\preupgrade\DRMv1.key
c:\programdata\Microsoft\Windows\DRM\preupgrade\IndivBox.key
c:\programdata\Microsoft\Windows\DRM\preupgrade\migration.log
c:\programdata\Microsoft\Windows\DRM\preupgrade\v2ksndv.bla
c:\programdata\Microsoft\Windows\DRM\preupgrade\v3ks.bla
c:\programdata\Microsoft\Windows\DRM\preupgrade\v3ks.sec
c:\programdata\Microsoft\Windows\DRM\v2ksndv.bla
c:\programdata\Microsoft\Windows\DRM\v3ks.bla
c:\programdata\Microsoft\Windows\DRM\v3ks.sec
c:\programdata\SpeedyPC Software
c:\programdata\SpeedyPC Software\SpeedyPC Pro\dc_db.db
c:\programdata\SpeedyPC Software\UUS3\Master.xml
c:\programdata\SpeedyPC Software\UUS3\Patch.xml
c:\programdata\SpeedyPC Software\UUS3\SpeedyPC\Database.xml
c:\programdata\SpeedyPC Software\UUS3\SpeedyPC\Master.xml
c:\programdata\SpeedyPC Software\UUS3\SpeedyPC\Patch.xml
c:\programdata\SpeedyPC Software\UUS3\SpeedyPC\Update.xml
c:\programdata\SpeedyPC Software\UUS3\Update.xml
c:\users\owner\AppData\Local\Valve
c:\users\owner\AppData\Local\Valve\lqsozimi.dll
c:\users\owner\AppData\Roaming\DriverCure
c:\users\owner\AppData\Roaming\DriverCure\LogFile.txt
c:\users\owner\AppData\Roaming\Ivvyek
c:\users\owner\AppData\Roaming\SpeedyPC Software
c:\windows\system32\SET3E5B.tmp
c:\windows\system32\SET3FA4.tmp
c:\windows\system32\SET5052.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))
.
.
2012-08-22 22:24 . 2012-08-23 03:02 -------- d-----w- c:\users\owner\AppData\Local\temp
2012-08-22 22:24 . 2012-08-22 22:24 -------- d-----w- c:\users\TB2\AppData\Local\temp
2012-08-22 22:24 . 2012-08-22 22:24 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-22 22:24 . 2012-08-22 22:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-22 19:11 . 2012-08-22 19:11 -------- d-----w- c:\users\owner\AppData\Local\AMD
2012-08-22 19:11 . 2012-08-22 19:11 -------- d-----w- c:\programdata\ATI
2012-08-22 19:10 . 2012-08-22 19:10 -------- d-----w- c:\program files\AMD AVT
2012-08-22 19:10 . 2012-08-22 19:10 -------- d-----w- c:\program files\AMD APP
2012-08-22 19:10 . 2012-08-22 19:10 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-08-22 19:09 . 2012-08-22 19:10 -------- d-----w- c:\programdata\AMD
2012-08-22 19:09 . 2010-02-18 16:18 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys
2012-08-22 19:09 . 2012-08-22 19:10 -------- d-----w- c:\program files\ATI Technologies
2012-08-22 16:59 . 2012-08-22 16:59 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-18 06:30 . 2012-08-18 06:30 -------- d-----w- c:\windows\Sun
2012-08-11 03:46 . 2012-08-11 04:49 -------- d-----w- c:\program files\SpyHunter
2012-08-11 03:24 . 2012-08-11 03:24 -------- d-----w- c:\program files\Enigma Software Group
2012-08-11 03:23 . 2012-08-11 03:48 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP
2012-08-11 03:23 . 2012-08-11 03:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-08-09 18:28 . 2012-08-09 18:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-09 06:18 . 2012-08-09 06:18 -------- d-----w- C:\Valve
2012-08-04 23:41 . 2012-08-04 23:41 -------- d-----w- c:\program files\iPod
2012-08-04 23:41 . 2012-08-04 23:42 -------- d-----w- c:\program files\iTunes
2012-08-04 22:38 . 2012-08-11 03:52 -------- d-----w- c:\users\owner\AppData\Local\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-11 02:35 . 2008-05-05 18:09 129632 ------w- c:\windows\system32\TODDSrv.exe
2012-08-09 18:28 . 2011-07-02 21:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-04 22:40 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-04 09:32 . 2012-07-04 09:32 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-07-04 09:32 . 2012-07-04 09:32 65024 ----a-w- c:\windows\system32\OpenVideo.dll
2012-07-04 09:31 . 2012-07-04 09:31 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-07-04 09:30 . 2012-07-04 09:30 13008384 ----a-w- c:\windows\system32\amdocl.dll
2012-07-04 09:30 . 2012-07-04 09:30 50176 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-04 06:58 . 2012-07-04 06:58 10070016 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-04 06:35 . 2012-07-04 06:35 19586048 ----a-w- c:\windows\system32\atioglxx.dll
2012-07-04 06:27 . 2012-07-04 06:27 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-04 06:27 . 2012-07-04 06:27 918528 ----a-w- c:\windows\system32\aticfx32.dll
2012-07-04 06:21 . 2012-07-04 06:21 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-04 06:21 . 2012-07-04 06:21 453632 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-04 06:20 . 2012-07-04 06:20 217088 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-04 06:19 . 2012-07-04 06:19 163840 ----a-w- c:\windows\system32\atitmmxx.dll
2012-07-04 06:19 . 2012-07-04 06:19 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-04 06:19 . 2012-07-04 06:19 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-07-04 06:18 . 2009-07-13 22:09 6811648 ----a-w- c:\windows\system32\atidxx32.dll
2012-07-04 05:36 . 2012-07-04 05:36 58368 ----a-w- c:\windows\system32\coinst_8.97.100.3.dll
2012-07-04 05:36 . 2012-07-04 05:36 1960960 ----a-w- c:\windows\system32\atiumdmv.dll
2012-07-04 05:35 . 2009-06-10 21:19 6245888 ----a-w- c:\windows\system32\atiumdag.dll
2012-07-04 05:28 . 2009-07-13 22:09 4749312 ----a-w- c:\windows\system32\atiumdva.dll
2012-07-04 05:11 . 2012-07-04 05:11 56832 ----a-w- c:\windows\system32\atimpc32.dll
2012-07-04 05:11 . 2012-07-04 05:11 56832 ----a-w- c:\windows\system32\amdpcom32.dll
2012-07-04 05:11 . 2012-07-04 05:11 364544 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-04 05:11 . 2012-07-04 05:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-04 05:11 . 2012-07-04 05:11 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-07-04 05:10 . 2012-07-04 05:10 290304 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-04 05:09 . 2012-07-04 05:09 42496 ----a-w- c:\windows\system32\atiuxpag.dll
2012-07-04 05:09 . 2012-07-04 05:09 32768 ----a-w- c:\windows\system32\atiu9pag.dll
2012-07-04 05:09 . 2012-07-04 05:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-04 05:04 . 2012-07-04 05:04 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-07-04 05:04 . 2012-07-04 05:04 44544 ----a-w- c:\windows\system32\aticalcl.dll
2012-07-04 04:59 . 2012-07-04 04:59 13402112 ----a-w- c:\windows\system32\aticaldd.dll
2012-06-12 02:40 . 2012-07-12 10:01 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-06 05:05 . 2012-07-11 10:10 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05 . 2012-07-11 10:10 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03 . 2012-07-11 10:10 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:19 . 2012-06-21 09:28 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 09:28 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 09:28 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 09:28 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 09:28 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 09:28 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 09:28 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 09:28 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-21 09:28 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33 . 2012-07-12 10:06 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 10:06 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 10:06 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 10:06 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 10:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45 . 2012-07-11 10:10 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45 . 2012-07-11 10:10 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40 . 2012-07-11 10:10 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40 . 2012-07-11 10:10 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39 . 2012-07-11 10:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-07-18 21:40 . 2011-11-28 05:47 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"googletalk"="c:\users\owner\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 39408]
"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2009-04-08 2814976]
"Wootalyzer"="c:\program files\Wootalyzer\woot.exe" [2009-03-26 374272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
.
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RollerCoaster Tycoon 3 Registration.lnk - c:\users\owner\AppData\Local\Temp\{3585A715-9FB3-4537-B0FD-CCFD1B050B08}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2011-9-3 1106432]
TOSHIBA Face Recognition Watcher.lnk - c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2008-4-24 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
.
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [x]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys [x]
R3 CyUsbNT;Cypress Manufacturing Driver;c:\windows\system32\Drivers\CyUsbNT.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 esgiguard;esgiguard;c:\program files\SpyHunter\esgiguard.sys [x]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDrv.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 pavboot;Panda Boot Driver;c:\windows\system32\drivers\pavboot.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-05 06:58]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 02:36]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 02:36]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 76.14.0.8 76.14.0.9 76.14.96.14
FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\t6vfxiar.default\
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Valve - c:\users\owner\AppData\Local\Valve\lqsozimi.dll
AddRemove-{604CD5A1-4520-4844-B064-A3D884B77E91} - c:\program files\SpeedyPC Software\SpeedyPC\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\windows\system32\conhost.exe
c:\program files\windows defender\MpCmdRun.exe
.
**************************************************************************
.
Completion time: 2012-08-22 20:05:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-23 03:05
ComboFix2.txt 2012-08-22 18:34
.
Pre-Run: 3,655,557,120 bytes free
Post-Run: 4,270,981,120 bytes free
.
- - End Of File - - F365CBD6DBFAE2E32A39EC2BBD125A16

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 22 August 2012 - 10:23 PM

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 HOEDY

HOEDY
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 23 August 2012 - 01:11 AM

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: owner [Admin rights]
Mode: Scan -- Date: 08/22/2012 23:09:01

Bad processes: 0

Registry Entries: 4
[SUSP PATH] RollerCoaster Tycoon 3 Registration.lnk @owner : C:\Users\owner\AppData\Local\Temp\{3585A715-9FB3-4537-B0FD-CCFD1B050B08}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:
[ZeroAccess][FOLDER] U : c:\windows\installer\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\L --> FOUND
[ZeroAccess][FILE] @ : c:\users\owner\appdata\local\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\owner\appdata\local\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\owner\appdata\local\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\L --> FOUND
[ZeroAccess][FILE] @ : c:\windows\system32\config\systemprofile\local settings\application data\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\@ --> FOUND
[ZeroAccess][FILE] n : c:\windows\system32\config\systemprofile\local settings\application data\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\n --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\system32\config\systemprofile\local settings\application data\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\system32\config\systemprofile\local settings\application data\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac\desktop.ini --> FOUND

Driver: [LOADED]

Infection : ZeroAccess

HOSTS File:
127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD2500BEVS-26UST0 ATA Device +++++
--- User ---
[MBR] c7a41e77b56cc03bf98d66b1aa5984bb
[BSP] 811582a231ea650f1feef42527a912da : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 230934 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 476026880 | Size: 6040 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 23 August 2012 - 06:16 AM

--Run RogueKiller--

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator" to start
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 HOEDY

HOEDY
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 23 August 2012 - 09:12 PM

Here is the new log file after deleting.

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: owner [Admin rights]
Mode: Remove -- Date: 08/23/2012 19:11:10

Bad processes: 0

Registry Entries: 4
[SUSP PATH] RollerCoaster Tycoon 3 Registration.lnk @owner : C:\Users\owner\AppData\Local\Temp\{3585A715-9FB3-4537-B0FD-CCFD1B050B08}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe -> DELETED
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:
[ZeroAccess][FOLDER] U : c:\windows\installer\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\windows\installer\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\L --> REMOVED
[ZeroAccess][FILE] @ : c:\users\owner\appdata\local\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\users\owner\appdata\local\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\users\owner\appdata\local\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\L --> REMOVED
[ZeroAccess][FILE] @ : c:\windows\system32\config\systemprofile\local settings\application data\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\@ --> REMOVED
[ZeroAccess][FILE] n : c:\windows\system32\config\systemprofile\local settings\application data\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\n --> REMOVED
[ZeroAccess][FOLDER] U : c:\windows\system32\config\systemprofile\local settings\application data\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\U --> REMOVED
[ZeroAccess][FOLDER] L : c:\windows\system32\config\systemprofile\local settings\application data\{2c568a31-3104-02a2-2506-ad0a4c4feff6}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac\desktop.ini --> REMOVED

Driver: [LOADED]

Infection : ZeroAccess

HOSTS File:
127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD2500BEVS-26UST0 ATA Device +++++
--- User ---
[MBR] c7a41e77b56cc03bf98d66b1aa5984bb
[BSP] 811582a231ea650f1feef42527a912da : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 230934 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 476026880 | Size: 6040 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:33 AM

Posted 23 August 2012 - 09:22 PM

status update please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users