Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Win32:InstallCore -ANF [PNP]


  • This topic is locked This topic is locked
18 replies to this topic

#1 yargla

yargla

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 25 August 2012 - 03:00 AM

Hi,

I think my notebook is infected by a virus.

1) The symptoms are the following :

- The CPU load is 100% most of the time.
- The notebook is very slow.
- The Anti Virus Avast crashes when the notebook start.

2) I have realized a boot scan using the Anti Virus Avast and it has found the following malware :

a) Win32:InstallCore - AN [PUP]
B) Win32:InstallCore - F [PUP]

3) Even i have erased those malwares using Avast, the problem still exists :
a) I have uninstalled Avast because it failed at the boot start.
B) i have try several tools like Malwarebytes Anti-Malware, AVPTool, OTL, ComboFix, TDSSKiller.exe, aswMBR.exe,
ESET Online Scanner, AVPTool, Dr.Web CureIt.
But all those tools are useless when i use them because i am unable to understand the log files!

4) As i said, i think the problem is still here because :
a) The CPU load is still 100%.
B) I can't install an Anti Virus (Kasperky, Avast).
c) I can't update windows 7 with the service pack 1.

5) I think i need some help because i can't solve the problem by myself.

Best regards


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Emily at 9:03:42 on 2012-08-25
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4092.2724 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\WUDFHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3E7732DB-6223-4D3E-9F1A-60036F0060EE} : NameServer = 212.27.40.240,212.27.40.241
TCP: Interfaces\{DBDCC0BE-3419-43D8-8CC1-41E3940FD0DA} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\ibraku7q.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL -
FF - component: C:\Program Files (x86)\Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar_i.id - c694f4780000000000000a607681333d
FF - user.js: extensions.BabylonToolbar_i.hardId - c694f4780000000000000a607681333d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15510
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:52:00
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=060612_5_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 afcdpsrv;Service Acronis Nonstop Backup;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-8-23 3246040]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-17 655944]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 gupdate;Service Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-17 136176]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-13 227896]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Service Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-17 136176]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-24 18:03:46 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A841B3BD-DFFD-4C03-AEBA-F1E6ADF87D73}\mpengine.dll
2012-08-24 17:33:25 -------- d-----w- C:\ProgramData\AVAST Software
2012-08-24 17:33:25 -------- d-----w- C:\Program Files\AVAST Software
2012-08-24 17:04:19 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-23 23:13:23 -------- d-----w- C:\1cb1653c7ed05809e09536303d
2012-08-23 21:04:06 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2012-08-23 21:03:59 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
2012-08-23 21:03:56 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys
2012-08-23 21:03:47 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys
2012-08-23 12:47:00 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-08-23 12:47:00 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-08-23 12:11:33 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
2012-08-23 12:11:33 -------- d-----w- C:\Windows\System32\wbem\en-US
2012-08-23 11:47:32 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-23 11:46:35 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2012-08-23 11:46:35 109056 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2012-08-23 11:41:17 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-08-23 11:41:17 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-08-23 11:39:59 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-23 11:39:58 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2012-08-23 11:39:57 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-08-23 11:30:56 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-08-23 11:30:56 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-08-22 22:56:21 -------- d--h--w- C:\Windows\msdownld.tmp
2012-08-22 22:29:35 -------- d-----w- C:\Users\Emily\AppData\Local\Microsoft Help
2012-08-22 18:45:41 -------- d-----w- C:\d8113540223dc2c881
2012-08-22 07:02:46 -------- d-----w- C:\Users\Emily\DoctorWeb
2012-08-21 19:55:54 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-08-17 02:04:59 98816 ----a-w- C:\Windows\sed.exe
2012-08-17 02:04:59 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-17 02:04:59 256000 ----a-w- C:\Windows\PEV.exe
2012-08-17 02:04:59 208896 ----a-w- C:\Windows\MBR.exe
2012-08-17 01:42:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-17 00:56:58 -------- d-----w- C:\Windows\pss
2012-08-17 00:36:38 -------- d-----w- C:\Users\Emily\AppData\Local\{17A7C2A4-F61A-4971-B318-165320376587}
2012-08-17 00:34:42 -------- d-----w- C:\Users\Emily\AppData\Local\{E1D255EA-B97B-44C3-917E-7A9E8158AC9B}
2012-08-17 00:10:23 -------- d-----w- C:\Users\Emily\AppData\Local\{EEACDA2A-2C7C-4A0E-9264-C12584720142}
2012-08-17 00:09:14 -------- d-----w- C:\Users\Emily\AppData\Local\{5738A2A6-F56F-4A62-8287-0916E59DDF3C}
2012-08-16 23:18:31 -------- d-----w- C:\Windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-08-16 23:13:54 -------- d-----w- C:\Program Files (x86)\Enigma Software Group
2012-08-16 22:58:43 -------- d-----w- C:\Windows\7289B0CCBC414C7EA2C7DB1259E8E47A.TMP
2012-08-16 22:53:03 -------- d-----w- C:\Users\Emily\AppData\Local\{F3F2931B-20C9-4E50-ABEF-23E71F06DB12}
2012-08-16 22:51:16 -------- d-----w- C:\Users\Emily\AppData\Local\{A147D4DD-FFA2-4368-B139-3160ADCE651A}
2012-08-16 22:29:56 -------- d-----w- C:\sh4ldr
2012-08-16 22:29:56 -------- d-----w- C:\Program Files\Enigma Software Group
2012-08-16 22:29:18 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-08-16 22:14:31 -------- d-----w- C:\Users\Emily\AppData\Roaming\SpeedyPC Software
2012-08-16 22:14:31 -------- d-----w- C:\Users\Emily\AppData\Roaming\DriverCure
2012-08-16 22:14:06 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-08-16 21:34:10 -------- d-----w- C:\Users\Emily\AppData\Local\{AC35E22B-A2AD-4A3A-A856-B0DFEEDA1B5A}
2012-08-16 21:17:26 -------- d-----w- C:\Users\Emily\AppData\Local\{F5F174B3-C3ED-4C21-B28F-240B2C0CD186}
2012-08-16 19:02:08 -------- d-----w- C:\Program Files\CCleaner
2012-08-16 18:42:24 -------- d-----w- C:\Users\Emily\AppData\Local\{3D5546A6-4137-4FBA-9320-04BAC12FD8DE}
2012-08-16 18:39:06 -------- d-----w- C:\Users\Emily\AppData\Local\{0B2B3A18-D5F4-440D-81EE-BC9E23130C58}
2012-08-16 18:29:55 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-08-16 18:29:51 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-08-16 18:29:20 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-08-16 18:29:20 1460224 ----a-w- C:\Windows\System32\crypt32.dll
2012-08-16 18:29:20 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-08-16 18:29:19 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-08-16 18:29:19 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-08-16 18:29:19 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-08-16 18:29:08 58880 ----a-w- C:\Windows\System32\browcli.dll
2012-08-16 18:29:08 41472 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-16 18:29:08 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-16 18:28:43 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-08-16 18:28:41 956416 ----a-w- C:\Windows\System32\localspl.dll
2012-08-16 17:59:35 -------- d-----w- C:\Users\Emily\AppData\Local\{C8930C81-906B-4B69-AB6F-419B4EBF209D}
2012-08-16 10:52:33 -------- d-----w- C:\Users\Emily\AppData\Local\{256B5543-349E-4DB5-9D8A-E3CC9DE08C8F}
2012-08-16 09:15:56 -------- d-----w- C:\Users\Emily\AppData\Local\{38214E84-30CB-4520-A252-38BFA42C528C}
.
==================== Find3M ====================
.
2012-07-03 11:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-20 07:42:44 3678720 ----a-w- C:\Windows\System32\drivers\athrx.sys
2012-06-06 18:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 9:04:49,73 ===============

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:51 PM

Posted 28 August 2012 - 01:16 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Please post the logs for my review.

#3 yargla

yargla
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 29 August 2012 - 03:53 AM

Hi nasdaq,

Thanks for your answer.
Here are the following logs and the attached file MBR.zip.

Regards.


10:21:07.0060 3344 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:21:07.0091 3344 ============================================================
10:21:07.0091 3344 Current date / time: 2012/08/29 10:21:07.0091
10:21:07.0091 3344 SystemInfo:
10:21:07.0091 3344
10:21:07.0091 3344 OS Version: 6.1.7600 ServicePack: 0.0
10:21:07.0091 3344 Product type: Workstation
10:21:07.0091 3344 ComputerName: MONTAUBAN-PC
10:21:07.0091 3344 UserName: Emily
10:21:07.0091 3344 Windows directory: C:\Windows
10:21:07.0091 3344 System windows directory: C:\Windows
10:21:07.0091 3344 Running under WOW64
10:21:07.0091 3344 Processor architecture: Intel x64
10:21:07.0091 3344 Number of processors: 2
10:21:07.0091 3344 Page size: 0x1000
10:21:07.0091 3344 Boot type: Normal boot
10:21:07.0091 3344 ============================================================
10:21:10.0929 3344 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:21:10.0991 3344 ============================================================
10:21:10.0991 3344 \Device\Harddisk0\DR0:
10:21:10.0991 3344 MBR partitions:
10:21:10.0991 3344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
10:21:10.0991 3344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x2382D000
10:21:10.0991 3344 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23891000, BlocksNum 0x1B69800
10:21:10.0991 3344 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
10:21:10.0991 3344 ============================================================
10:21:11.0007 3344 C: <-> \Device\Harddisk0\DR0\Partition2
10:21:11.0069 3344 D: <-> \Device\Harddisk0\DR0\Partition3
10:21:11.0085 3344 E: <-> \Device\Harddisk0\DR0\Partition4
10:21:11.0085 3344 ============================================================
10:21:11.0085 3344 Initialize success
10:21:11.0085 3344 ============================================================
10:21:14.0860 1092 ============================================================
10:21:14.0860 1092 Scan started
10:21:14.0860 1092 Mode: Manual;
10:21:14.0860 1092 ============================================================
10:21:23.0612 1092 ================ Scan system memory ========================
10:21:23.0612 1092 System memory - ok
10:21:23.0627 1092 ================ Scan services =============================
10:21:23.0939 1092 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:21:23.0939 1092 1394ohci - ok
10:21:24.0017 1092 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
10:21:24.0017 1092 Accelerometer - ok
10:21:24.0048 1092 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:21:24.0048 1092 ACPI - ok
10:21:24.0080 1092 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:21:24.0080 1092 AcpiPmi - ok
10:21:24.0267 1092 [ B07B9F3B2B94E4FC5B0F496DDD65ADF2 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
10:21:24.0298 1092 AcrSch2Svc - ok
10:21:24.0360 1092 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:21:24.0376 1092 adp94xx - ok
10:21:24.0423 1092 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:21:24.0438 1092 adpahci - ok
10:21:24.0470 1092 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:21:24.0470 1092 adpu320 - ok
10:21:24.0516 1092 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:21:24.0516 1092 AeLookupSvc - ok
10:21:24.0735 1092 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
10:21:24.0735 1092 AESTFilters - ok
10:21:24.0828 1092 [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
10:21:24.0844 1092 afcdp - ok
10:21:24.0984 1092 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
10:21:25.0078 1092 afcdpsrv - ok
10:21:25.0218 1092 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
10:21:25.0234 1092 AFD - ok
10:21:25.0296 1092 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
10:21:25.0328 1092 AgereSoftModem - ok
10:21:25.0359 1092 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:21:25.0359 1092 agp440 - ok
10:21:25.0406 1092 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:21:25.0406 1092 ALG - ok
10:21:25.0484 1092 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:21:25.0484 1092 aliide - ok
10:21:25.0593 1092 [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:21:25.0593 1092 AMD External Events Utility - ok
10:21:25.0624 1092 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:21:25.0624 1092 amdide - ok
10:21:25.0686 1092 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:21:25.0702 1092 AmdK8 - ok
10:21:25.0749 1092 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:21:25.0749 1092 AmdPPM - ok
10:21:25.0811 1092 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:21:25.0811 1092 amdsata - ok
10:21:25.0858 1092 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:21:25.0858 1092 amdsbs - ok
10:21:25.0905 1092 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:21:25.0905 1092 amdxata - ok
10:21:25.0952 1092 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
10:21:25.0952 1092 AppID - ok
10:21:25.0998 1092 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:21:25.0998 1092 AppIDSvc - ok
10:21:26.0045 1092 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
10:21:26.0045 1092 Appinfo - ok
10:21:26.0170 1092 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:21:26.0170 1092 Apple Mobile Device - ok
10:21:26.0326 1092 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:21:26.0342 1092 arc - ok
10:21:26.0342 1092 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:21:26.0342 1092 arcsas - ok
10:21:26.0420 1092 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:21:26.0420 1092 AsyncMac - ok
10:21:26.0498 1092 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:21:26.0498 1092 atapi - ok
10:21:26.0654 1092 [ B4421D8CDADC441F76BA39532A3E3414 ] athr C:\Windows\system32\DRIVERS\athrx.sys
10:21:26.0763 1092 athr - ok
10:21:26.0888 1092 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
10:21:26.0888 1092 AtiHdmiService - ok
10:21:27.0090 1092 [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:21:27.0231 1092 atikmdag - ok
10:21:27.0324 1092 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
10:21:27.0324 1092 AtiPcie - ok
10:21:27.0402 1092 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:21:27.0449 1092 AudioEndpointBuilder - ok
10:21:27.0496 1092 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:21:27.0496 1092 AudioSrv - ok
10:21:27.0590 1092 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:21:27.0590 1092 AxInstSV - ok
10:21:27.0668 1092 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:21:27.0683 1092 b06bdrv - ok
10:21:27.0730 1092 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:21:27.0746 1092 b57nd60a - ok
10:21:27.0777 1092 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:21:27.0777 1092 BDESVC - ok
10:21:27.0808 1092 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:21:27.0808 1092 Beep - ok
10:21:27.0902 1092 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
10:21:27.0933 1092 BFE - ok
10:21:28.0026 1092 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
10:21:28.0058 1092 BITS - ok
10:21:28.0151 1092 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:21:28.0151 1092 blbdrive - ok
10:21:28.0292 1092 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:21:28.0307 1092 Bonjour Service - ok
10:21:28.0385 1092 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:21:28.0385 1092 bowser - ok
10:21:28.0463 1092 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:21:28.0463 1092 BrFiltLo - ok
10:21:28.0494 1092 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:21:28.0494 1092 BrFiltUp - ok
10:21:28.0588 1092 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:21:28.0588 1092 BridgeMP - ok
10:21:28.0900 1092 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
10:21:28.0916 1092 Browser - ok
10:21:28.0978 1092 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:21:28.0978 1092 Brserid - ok
10:21:29.0009 1092 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:21:29.0009 1092 BrSerWdm - ok
10:21:29.0072 1092 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:21:29.0072 1092 BrUsbMdm - ok
10:21:29.0087 1092 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:21:29.0087 1092 BrUsbSer - ok
10:21:29.0118 1092 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:21:29.0118 1092 BTHMODEM - ok
10:21:29.0165 1092 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:21:29.0181 1092 bthserv - ok
10:21:29.0228 1092 catchme - ok
10:21:29.0306 1092 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:21:29.0306 1092 cdfs - ok
10:21:29.0384 1092 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:21:29.0399 1092 cdrom - ok
10:21:29.0477 1092 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
10:21:29.0493 1092 CertPropSvc - ok
10:21:29.0602 1092 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:21:29.0602 1092 circlass - ok
10:21:29.0680 1092 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:21:29.0696 1092 CLFS - ok
10:21:29.0742 1092 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:21:29.0742 1092 clr_optimization_v2.0.50727_32 - ok
10:21:29.0852 1092 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:21:29.0852 1092 clr_optimization_v2.0.50727_64 - ok
10:21:29.0898 1092 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:21:29.0898 1092 CmBatt - ok
10:21:29.0930 1092 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:21:29.0930 1092 cmdide - ok
10:21:29.0976 1092 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
10:21:29.0976 1092 CNG - ok
10:21:30.0086 1092 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
10:21:30.0101 1092 Com4QLBEx - ok
10:21:30.0132 1092 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:21:30.0132 1092 Compbatt - ok
10:21:30.0195 1092 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:21:30.0195 1092 CompositeBus - ok
10:21:30.0320 1092 COMSysApp - ok
10:21:30.0351 1092 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:21:30.0351 1092 crcdisk - ok
10:21:30.0460 1092 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:21:30.0476 1092 CryptSvc - ok
10:21:30.0585 1092 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:21:30.0585 1092 DcomLaunch - ok
10:21:30.0694 1092 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:21:30.0694 1092 defragsvc - ok
10:21:30.0741 1092 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:21:30.0741 1092 DfsC - ok
10:21:30.0772 1092 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
10:21:30.0772 1092 Dhcp - ok
10:21:30.0819 1092 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:21:30.0819 1092 discache - ok
10:21:30.0912 1092 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:21:30.0912 1092 Disk - ok
10:21:30.0959 1092 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:21:30.0975 1092 Dnscache - ok
10:21:31.0022 1092 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
10:21:31.0022 1092 dot3svc - ok
10:21:31.0037 1092 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
10:21:31.0053 1092 DPS - ok
10:21:31.0131 1092 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:21:31.0131 1092 drmkaud - ok
10:21:31.0193 1092 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:21:31.0209 1092 DXGKrnl - ok
10:21:31.0287 1092 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:21:31.0287 1092 EapHost - ok
10:21:31.0396 1092 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:21:31.0459 1092 ebdrv - ok
10:21:31.0505 1092 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
10:21:31.0505 1092 EFS - ok
10:21:31.0646 1092 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:21:31.0677 1092 ehRecvr - ok
10:21:31.0708 1092 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:21:31.0708 1092 ehSched - ok
10:21:31.0755 1092 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:21:31.0771 1092 elxstor - ok
10:21:31.0833 1092 [ 524C79054636D2E5751169005006460B ] enecir C:\Windows\system32\DRIVERS\enecir.sys
10:21:31.0833 1092 enecir - ok
10:21:31.0911 1092 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:21:31.0911 1092 ErrDev - ok
10:21:32.0020 1092 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:21:32.0020 1092 EventSystem - ok
10:21:32.0098 1092 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:21:32.0114 1092 exfat - ok
10:21:32.0192 1092 ezSharedSvc - ok
10:21:32.0223 1092 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:21:32.0223 1092 fastfat - ok
10:21:32.0332 1092 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
10:21:32.0348 1092 Fax - ok
10:21:32.0379 1092 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:21:32.0379 1092 fdc - ok
10:21:32.0410 1092 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:21:32.0410 1092 fdPHost - ok
10:21:32.0441 1092 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:21:32.0441 1092 FDResPub - ok
10:21:32.0504 1092 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:21:32.0504 1092 FileInfo - ok
10:21:32.0597 1092 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:21:32.0597 1092 Filetrace - ok
10:21:32.0613 1092 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:21:32.0613 1092 flpydisk - ok
10:21:32.0644 1092 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:21:32.0644 1092 FltMgr - ok
10:21:32.0707 1092 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
10:21:32.0738 1092 FontCache - ok
10:21:32.0800 1092 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:21:32.0800 1092 FontCache3.0.0.0 - ok
10:21:32.0831 1092 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:21:32.0847 1092 FsDepends - ok
10:21:32.0878 1092 [ DC0DCE4EC2C5D2CF6472F9FD6AA9A7DC ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
10:21:32.0878 1092 fssfltr - ok
10:21:32.0972 1092 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:21:33.0019 1092 fsssvc - ok
10:21:33.0050 1092 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:21:33.0050 1092 Fs_Rec - ok
10:21:33.0143 1092 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:21:33.0143 1092 fvevol - ok
10:21:33.0175 1092 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:21:33.0175 1092 gagp30kx - ok
10:21:33.0299 1092 [ 1FDA0DF739234C4023851A282DD28704 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
10:21:33.0299 1092 GameConsoleService - ok
10:21:33.0487 1092 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:21:33.0487 1092 GamesAppService - ok
10:21:33.0549 1092 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:21:33.0549 1092 GEARAspiWDM - ok
10:21:33.0596 1092 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
10:21:33.0611 1092 gpsvc - ok
10:21:33.0845 1092 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:21:33.0845 1092 gupdate - ok
10:21:33.0908 1092 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:21:33.0908 1092 gupdatem - ok
10:21:33.0970 1092 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:21:33.0970 1092 gusvc - ok
10:21:34.0017 1092 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:21:34.0017 1092 hcw85cir - ok
10:21:34.0095 1092 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:21:34.0095 1092 HdAudAddService - ok
10:21:34.0142 1092 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:21:34.0142 1092 HDAudBus - ok
10:21:34.0157 1092 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:21:34.0157 1092 HidBatt - ok
10:21:34.0173 1092 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:21:34.0189 1092 HidBth - ok
10:21:34.0251 1092 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:21:34.0251 1092 HidIr - ok
10:21:34.0298 1092 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:21:34.0345 1092 hidserv - ok
10:21:34.0423 1092 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:21:34.0423 1092 HidUsb - ok
10:21:34.0516 1092 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:21:34.0516 1092 hkmsvc - ok
10:21:34.0547 1092 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:21:34.0547 1092 HomeGroupListener - ok
10:21:34.0719 1092 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:21:34.0719 1092 HomeGroupProvider - ok
10:21:34.0875 1092 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
10:21:34.0875 1092 HP Support Assistant Service - ok
10:21:35.0000 1092 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:21:35.0000 1092 HPDrvMntSvc.exe - ok
10:21:35.0047 1092 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
10:21:35.0047 1092 hpdskflt - ok
10:21:35.0125 1092 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
10:21:35.0140 1092 HpqKbFiltr - ok
10:21:35.0327 1092 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
10:21:35.0343 1092 hpqwmiex - ok
10:21:35.0437 1092 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:21:35.0437 1092 HpSAMD - ok
10:21:35.0483 1092 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
10:21:35.0483 1092 hpsrv - ok
10:21:35.0515 1092 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:21:35.0530 1092 HTTP - ok
10:21:35.0577 1092 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:21:35.0577 1092 hwpolicy - ok
10:21:35.0655 1092 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:21:35.0655 1092 i8042prt - ok
10:21:35.0733 1092 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:21:35.0733 1092 iaStorV - ok
10:21:35.0827 1092 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:21:35.0873 1092 idsvc - ok
10:21:36.0045 1092 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:21:36.0217 1092 igfx - ok
10:21:36.0232 1092 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:21:36.0232 1092 iirsp - ok
10:21:36.0295 1092 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
10:21:36.0310 1092 IKEEXT - ok
10:21:36.0341 1092 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:21:36.0341 1092 intelide - ok
10:21:36.0388 1092 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:21:36.0388 1092 intelppm - ok
10:21:36.0404 1092 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:21:36.0404 1092 IPBusEnum - ok
10:21:36.0451 1092 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:21:36.0451 1092 IpFilterDriver - ok
10:21:36.0497 1092 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:21:36.0513 1092 iphlpsvc - ok
10:21:36.0544 1092 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:21:36.0544 1092 IPMIDRV - ok
10:21:36.0653 1092 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:21:36.0653 1092 IPNAT - ok
10:21:36.0856 1092 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:21:36.0872 1092 iPod Service - ok
10:21:36.0950 1092 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:21:36.0950 1092 IRENUM - ok
10:21:37.0106 1092 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:21:37.0106 1092 isapnp - ok
10:21:37.0168 1092 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:21:37.0168 1092 iScsiPrt - ok
10:21:37.0293 1092 [ F8844B00C10E386C704C610E95A9847D ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
10:21:37.0309 1092 JMCR - ok
10:21:37.0527 1092 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:21:37.0527 1092 kbdclass - ok
10:21:37.0605 1092 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:21:37.0605 1092 kbdhid - ok
10:21:37.0683 1092 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
10:21:37.0683 1092 KeyIso - ok
10:21:37.0730 1092 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:21:37.0730 1092 KSecDD - ok
10:21:37.0745 1092 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:21:37.0745 1092 KSecPkg - ok
10:21:37.0808 1092 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:21:37.0808 1092 ksthunk - ok
10:21:37.0839 1092 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:21:37.0855 1092 KtmRm - ok
10:21:37.0917 1092 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:21:37.0948 1092 LanmanServer - ok
10:21:38.0011 1092 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:21:38.0011 1092 LanmanWorkstation - ok
10:21:38.0104 1092 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:21:38.0104 1092 lltdio - ok
10:21:38.0369 1092 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:21:38.0401 1092 lltdsvc - ok
10:21:38.0447 1092 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:21:38.0447 1092 lmhosts - ok
10:21:38.0525 1092 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:21:38.0525 1092 LSI_FC - ok
10:21:38.0635 1092 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:21:38.0650 1092 LSI_SAS - ok
10:21:38.0744 1092 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:21:38.0791 1092 LSI_SAS2 - ok
10:21:38.0931 1092 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:21:38.0931 1092 LSI_SCSI - ok
10:21:39.0009 1092 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:21:39.0040 1092 luafv - ok
10:21:39.0196 1092 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:21:39.0196 1092 MBAMProtector - ok
10:21:39.0337 1092 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:21:39.0337 1092 MBAMService - ok
10:21:39.0430 1092 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:21:39.0430 1092 Mcx2Svc - ok
10:21:39.0461 1092 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:21:39.0461 1092 megasas - ok
10:21:39.0555 1092 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:21:39.0555 1092 MegaSR - ok
10:21:39.0695 1092 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
10:21:39.0711 1092 Microsoft Office Groove Audit Service - ok
10:21:39.0773 1092 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:21:39.0773 1092 MMCSS - ok
10:21:39.0805 1092 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:21:39.0820 1092 Modem - ok
10:21:39.0867 1092 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:21:39.0883 1092 monitor - ok
10:21:39.0961 1092 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:21:39.0961 1092 mouclass - ok
10:21:40.0054 1092 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:21:40.0054 1092 mouhid - ok
10:21:40.0085 1092 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:21:40.0101 1092 mountmgr - ok
10:21:40.0148 1092 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\drivers\mpio.sys
10:21:40.0148 1092 mpio - ok
10:21:40.0195 1092 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:21:40.0351 1092 mpsdrv - ok
10:21:40.0460 1092 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:21:40.0507 1092 MpsSvc - ok
10:21:40.0538 1092 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:21:40.0538 1092 MRxDAV - ok
10:21:40.0569 1092 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:21:40.0569 1092 mrxsmb - ok
10:21:40.0616 1092 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:21:40.0616 1092 mrxsmb10 - ok
10:21:40.0663 1092 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:21:40.0663 1092 mrxsmb20 - ok
10:21:40.0678 1092 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\drivers\msahci.sys
10:21:40.0678 1092 msahci - ok
10:21:40.0741 1092 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:21:40.0741 1092 msdsm - ok
10:21:40.0772 1092 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:21:40.0772 1092 MSDTC - ok
10:21:40.0803 1092 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:21:40.0819 1092 Msfs - ok
10:21:40.0881 1092 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:21:40.0881 1092 mshidkmdf - ok
10:21:40.0912 1092 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:21:40.0912 1092 msisadrv - ok
10:21:40.0959 1092 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:21:40.0959 1092 MSiSCSI - ok
10:21:40.0975 1092 msiserver - ok
10:21:41.0053 1092 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:21:41.0053 1092 MSKSSRV - ok
10:21:41.0115 1092 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:21:41.0131 1092 MSPCLOCK - ok
10:21:41.0146 1092 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:21:41.0146 1092 MSPQM - ok
10:21:41.0271 1092 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:21:41.0271 1092 MsRPC - ok
10:21:41.0318 1092 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:21:41.0318 1092 mssmbios - ok
10:21:41.0349 1092 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:21:41.0349 1092 MSTEE - ok
10:21:41.0396 1092 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:21:41.0396 1092 MTConfig - ok
10:21:41.0427 1092 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:21:41.0427 1092 Mup - ok
10:21:41.0474 1092 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
10:21:41.0474 1092 napagent - ok
10:21:41.0552 1092 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:21:41.0552 1092 NativeWifiP - ok
10:21:41.0645 1092 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:21:41.0661 1092 NDIS - ok
10:21:41.0739 1092 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:21:41.0739 1092 NdisCap - ok
10:21:41.0801 1092 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:21:41.0801 1092 NdisTapi - ok
10:21:41.0864 1092 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:21:41.0864 1092 Ndisuio - ok
10:21:41.0911 1092 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:21:41.0911 1092 NdisWan - ok
10:21:41.0942 1092 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:21:41.0942 1092 NDProxy - ok
10:21:41.0989 1092 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:21:42.0004 1092 NetBIOS - ok
10:21:42.0020 1092 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:21:42.0035 1092 NetBT - ok
10:21:42.0067 1092 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
10:21:42.0067 1092 Netlogon - ok
10:21:42.0129 1092 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:21:42.0129 1092 Netman - ok
10:21:42.0160 1092 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:21:42.0176 1092 netprofm - ok
10:21:42.0332 1092 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:21:42.0332 1092 NetTcpPortSharing - ok
10:21:42.0613 1092 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
10:21:42.0753 1092 netw5v64 - ok
10:21:42.0784 1092 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:21:42.0784 1092 nfrd960 - ok
10:21:42.0956 1092 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:21:42.0971 1092 NlaSvc - ok
10:21:43.0034 1092 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:21:43.0034 1092 Npfs - ok
10:21:43.0065 1092 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:21:43.0081 1092 nsi - ok
10:21:43.0096 1092 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:21:43.0096 1092 nsiproxy - ok
10:21:43.0174 1092 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:21:43.0252 1092 Ntfs - ok
10:21:43.0283 1092 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:21:43.0283 1092 Null - ok
10:21:43.0346 1092 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:21:43.0346 1092 nvraid - ok
10:21:43.0377 1092 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:21:43.0377 1092 nvstor - ok
10:21:43.0393 1092 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:21:43.0393 1092 nv_agp - ok
10:21:43.0549 1092 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:21:43.0564 1092 odserv - ok
10:21:43.0611 1092 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:21:43.0611 1092 ohci1394 - ok
10:21:43.0658 1092 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:21:43.0658 1092 ose - ok
10:21:43.0798 1092 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:21:43.0829 1092 p2pimsvc - ok
10:21:43.0876 1092 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:21:43.0923 1092 p2psvc - ok
10:21:43.0954 1092 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:21:43.0954 1092 Parport - ok
10:21:43.0985 1092 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:21:44.0001 1092 partmgr - ok
10:21:44.0048 1092 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:21:44.0048 1092 PcaSvc - ok
10:21:44.0095 1092 pccsmcfd - ok
10:21:44.0126 1092 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\drivers\pci.sys
10:21:44.0126 1092 pci - ok
10:21:44.0141 1092 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:21:44.0157 1092 pciide - ok
10:21:44.0188 1092 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:21:44.0188 1092 pcmcia - ok
10:21:44.0375 1092 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:21:44.0375 1092 pcw - ok
10:21:44.0469 1092 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:21:44.0485 1092 PEAUTH - ok
10:21:44.0641 1092 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:21:44.0641 1092 PerfHost - ok
10:21:44.0797 1092 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
10:21:44.0843 1092 pla - ok
10:21:45.0062 1092 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:21:45.0077 1092 PlugPlay - ok
10:21:45.0093 1092 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:21:45.0093 1092 PNRPAutoReg - ok
10:21:45.0140 1092 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:21:45.0155 1092 PNRPsvc - ok
10:21:45.0202 1092 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:21:45.0218 1092 PolicyAgent - ok
10:21:45.0265 1092 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:21:45.0265 1092 Power - ok
10:21:45.0374 1092 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:21:45.0374 1092 PptpMiniport - ok
10:21:45.0421 1092 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:21:45.0421 1092 Processor - ok
10:21:45.0452 1092 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
10:21:45.0467 1092 ProfSvc - ok
10:21:45.0483 1092 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:21:45.0483 1092 ProtectedStorage - ok
10:21:45.0545 1092 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:21:45.0545 1092 Psched - ok
10:21:45.0608 1092 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:21:45.0639 1092 ql2300 - ok
10:21:45.0670 1092 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:21:45.0686 1092 ql40xx - ok
10:21:45.0717 1092 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:21:45.0733 1092 QWAVE - ok
10:21:45.0795 1092 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:21:45.0795 1092 QWAVEdrv - ok
10:21:45.0826 1092 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:21:45.0826 1092 RasAcd - ok
10:21:45.0920 1092 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:21:45.0920 1092 RasAgileVpn - ok
10:21:45.0967 1092 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:21:45.0967 1092 RasAuto - ok
10:21:46.0013 1092 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:21:46.0013 1092 Rasl2tp - ok
10:21:46.0045 1092 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
10:21:46.0060 1092 RasMan - ok
10:21:46.0107 1092 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:21:46.0107 1092 RasPppoe - ok
10:21:46.0263 1092 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:21:46.0388 1092 RasSstp - ok
10:21:46.0419 1092 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:21:46.0435 1092 rdbss - ok
10:21:46.0481 1092 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:21:46.0481 1092 rdpbus - ok
10:21:46.0513 1092 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:21:46.0513 1092 RDPCDD - ok
10:21:46.0622 1092 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:21:46.0622 1092 RDPENCDD - ok
10:21:46.0684 1092 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:21:46.0684 1092 RDPREFMP - ok
10:21:46.0809 1092 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:21:46.0871 1092 RDPWD - ok
10:21:46.0981 1092 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:21:46.0981 1092 rdyboost - ok
10:21:47.0059 1092 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:21:47.0074 1092 RemoteAccess - ok
10:21:47.0105 1092 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:21:47.0105 1092 RemoteRegistry - ok
10:21:47.0199 1092 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
10:21:47.0199 1092 RichVideo - ok
10:21:47.0215 1092 RimUsb - ok
10:21:47.0277 1092 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:21:47.0293 1092 RpcEptMapper - ok
10:21:47.0324 1092 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:21:47.0324 1092 RpcLocator - ok
10:21:47.0417 1092 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
10:21:47.0417 1092 RpcSs - ok
10:21:47.0511 1092 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:21:47.0511 1092 rspndr - ok
10:21:47.0589 1092 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:21:47.0589 1092 RTL8167 - ok
10:21:47.0605 1092 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
10:21:47.0605 1092 SamSs - ok
10:21:47.0651 1092 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:21:47.0651 1092 sbp2port - ok
10:21:47.0714 1092 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:21:47.0729 1092 SCardSvr - ok
10:21:47.0745 1092 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:21:47.0745 1092 scfilter - ok
10:21:47.0823 1092 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
10:21:47.0854 1092 Schedule - ok
10:21:47.0901 1092 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:21:47.0901 1092 SCPolicySvc - ok
10:21:47.0948 1092 [ 2C8D162EFAF73ABD36D8BCBB6340CAE7 ] sdbus C:\Windows\system32\drivers\sdbus.sys
10:21:47.0948 1092 sdbus - ok
10:21:48.0010 1092 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:21:48.0026 1092 SDRSVC - ok
10:21:48.0104 1092 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:21:48.0104 1092 secdrv - ok
10:21:48.0151 1092 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
10:21:48.0151 1092 seclogon - ok
10:21:48.0182 1092 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:21:48.0182 1092 SENS - ok
10:21:48.0338 1092 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:21:48.0353 1092 SensrSvc - ok
10:21:48.0385 1092 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:21:48.0431 1092 Serenum - ok
10:21:48.0478 1092 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:21:48.0525 1092 Serial - ok
10:21:48.0665 1092 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:21:48.0665 1092 sermouse - ok
10:21:48.0790 1092 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
10:21:48.0790 1092 SessionEnv - ok
10:21:48.0853 1092 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:21:48.0853 1092 sffdisk - ok
10:21:48.0915 1092 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:21:48.0915 1092 sffp_mmc - ok
10:21:48.0946 1092 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:21:48.0946 1092 sffp_sd - ok
10:21:48.0962 1092 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:21:48.0962 1092 sfloppy - ok
10:21:49.0055 1092 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:21:49.0055 1092 SharedAccess - ok
10:21:49.0133 1092 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:21:49.0149 1092 ShellHWDetection - ok
10:21:49.0196 1092 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:21:49.0196 1092 SiSRaid2 - ok
10:21:49.0274 1092 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:21:49.0274 1092 SiSRaid4 - ok
10:21:49.0352 1092 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:21:49.0352 1092 Smb - ok
10:21:49.0445 1092 [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
10:21:49.0461 1092 snapman - ok
10:21:49.0523 1092 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:21:49.0539 1092 SNMPTRAP - ok
10:21:49.0570 1092 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:21:49.0570 1092 spldr - ok
10:21:49.0633 1092 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
10:21:49.0664 1092 Spooler - ok
10:21:49.0773 1092 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
10:21:49.0882 1092 sppsvc - ok
10:21:49.0945 1092 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:21:49.0945 1092 sppuinotify - ok
10:21:49.0991 1092 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:21:49.0991 1092 srv - ok
10:21:50.0054 1092 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:21:50.0054 1092 srv2 - ok
10:21:50.0116 1092 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:21:50.0116 1092 SrvHsfHDA - ok
10:21:50.0163 1092 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:21:50.0210 1092 SrvHsfV92 - ok
10:21:50.0257 1092 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:21:50.0272 1092 SrvHsfWinac - ok
10:21:50.0288 1092 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:21:50.0303 1092 srvnet - ok
10:21:50.0381 1092 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:21:50.0381 1092 SSDPSRV - ok
10:21:50.0428 1092 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:21:50.0428 1092 SstpSvc - ok
10:21:50.0849 1092 [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
10:21:50.0865 1092 STacSV - ok
10:21:50.0912 1092 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:21:50.0912 1092 stexstor - ok
10:21:51.0068 1092 [ DFFBC024DFC7BB05B2129E05CBC7A201 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
10:21:51.0068 1092 STHDA - ok
10:21:51.0161 1092 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
10:21:51.0177 1092 stisvc - ok
10:21:51.0208 1092 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:21:51.0208 1092 swenum - ok
10:21:51.0255 1092 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:21:51.0271 1092 swprv - ok
10:21:51.0411 1092 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:21:51.0411 1092 SynTP - ok
10:21:51.0489 1092 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
10:21:51.0536 1092 SysMain - ok
10:21:51.0567 1092 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:21:51.0567 1092 TabletInputService - ok
10:21:51.0614 1092 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
10:21:51.0629 1092 TapiSrv - ok
10:21:51.0661 1092 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:21:51.0661 1092 TBS - ok
10:21:51.0770 1092 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:21:51.0801 1092 Tcpip - ok
10:21:51.0879 1092 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:21:51.0895 1092 TCPIP6 - ok
10:21:51.0910 1092 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:21:51.0910 1092 tcpipreg - ok
10:21:51.0988 1092 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:21:51.0988 1092 TDPIPE - ok
10:21:52.0066 1092 [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
10:21:52.0097 1092 tdrpman273 - ok
10:21:52.0144 1092 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:21:52.0144 1092 TDTCP - ok
10:21:52.0175 1092 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:21:52.0175 1092 tdx - ok
10:21:52.0222 1092 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:21:52.0222 1092 TermDD - ok
10:21:52.0378 1092 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
10:21:52.0409 1092 TermService - ok
10:21:52.0550 1092 TFsExDisk - ok
10:21:52.0581 1092 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:21:52.0628 1092 Themes - ok
10:21:52.0675 1092 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:21:52.0690 1092 THREADORDER - ok
10:21:52.0784 1092 [ EBBAEA02F0095A798000C7E06B16D41B ] timounter C:\Windows\system32\DRIVERS\timntr.sys
10:21:52.0815 1092 timounter - ok
10:21:52.0877 1092 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:21:52.0877 1092 TrkWks - ok
10:21:52.0924 1092 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:21:52.0924 1092 TrustedInstaller - ok
10:21:52.0971 1092 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:21:52.0971 1092 tssecsrv - ok
10:21:53.0049 1092 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:21:53.0049 1092 tunnel - ok
10:21:53.0096 1092 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:21:53.0096 1092 uagp35 - ok
10:21:53.0143 1092 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:21:53.0158 1092 udfs - ok
10:21:53.0221 1092 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:21:53.0221 1092 UI0Detect - ok
10:21:53.0252 1092 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:21:53.0252 1092 uliagpkx - ok
10:21:53.0361 1092 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\drivers\umbus.sys
10:21:53.0361 1092 umbus - ok
10:21:53.0439 1092 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:21:53.0439 1092 UmPass - ok
10:21:53.0486 1092 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:21:53.0501 1092 upnphost - ok
10:21:53.0564 1092 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:21:53.0579 1092 USBAAPL64 - ok
10:21:53.0626 1092 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:21:53.0626 1092 usbccgp - ok
10:21:53.0673 1092 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:21:53.0673 1092 usbcir - ok
10:21:53.0720 1092 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:21:53.0720 1092 usbehci - ok
10:21:53.0782 1092 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
10:21:53.0782 1092 usbfilter - ok
10:21:53.0829 1092 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:21:53.0829 1092 usbhub - ok
10:21:53.0845 1092 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:21:53.0860 1092 usbohci - ok
10:21:53.0907 1092 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:21:53.0907 1092 usbprint - ok
10:21:53.0954 1092 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
10:21:53.0954 1092 USBSTOR - ok
10:21:53.0985 1092 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:21:53.0985 1092 usbuhci - ok
10:21:54.0063 1092 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:21:54.0063 1092 usbvideo - ok
10:21:54.0125 1092 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
10:21:54.0125 1092 usb_rndisx - ok
10:21:54.0141 1092 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:21:54.0157 1092 UxSms - ok
10:21:54.0172 1092 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
10:21:54.0172 1092 VaultSvc - ok
10:21:54.0266 1092 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:21:54.0266 1092 vdrvroot - ok
10:21:54.0375 1092 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
10:21:54.0391 1092 vds - ok
10:21:54.0422 1092 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:21:54.0422 1092 vga - ok
10:21:54.0453 1092 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:21:54.0453 1092 VgaSave - ok
10:21:54.0484 1092 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:21:54.0484 1092 vhdmp - ok
10:21:54.0515 1092 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:21:54.0515 1092 viaide - ok
10:21:54.0609 1092 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:21:54.0609 1092 volmgr - ok
10:21:54.0656 1092 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:21:54.0656 1092 volmgrx - ok
10:21:54.0765 1092 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:21:54.0781 1092 volsnap - ok
10:21:54.0843 1092 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:21:54.0843 1092 vsmraid - ok
10:21:55.0015 1092 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
10:21:55.0061 1092 VSS - ok
10:21:55.0124 1092 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:21:55.0124 1092 vwifibus - ok
10:21:55.0171 1092 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:21:55.0171 1092 vwififlt - ok
10:21:55.0233 1092 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:21:55.0233 1092 vwifimp - ok
10:21:55.0280 1092 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:21:55.0295 1092 W32Time - ok
10:21:55.0342 1092 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:21:55.0342 1092 WacomPen - ok
10:21:55.0436 1092 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:21:55.0436 1092 WANARP - ok
10:21:55.0451 1092 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:21:55.0451 1092 Wanarpv6 - ok
10:21:55.0654 1092 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:21:55.0685 1092 WatAdminSvc - ok
10:21:55.0779 1092 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
10:21:55.0810 1092 wbengine - ok
10:21:55.0982 1092 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:21:56.0013 1092 WbioSrvc - ok
10:21:56.0044 1092 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:21:56.0060 1092 wcncsvc - ok
10:21:56.0091 1092 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:21:56.0153 1092 WcsPlugInService - ok
10:21:56.0185 1092 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:21:56.0185 1092 Wd - ok
10:21:56.0309 1092 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:21:56.0309 1092 Wdf01000 - ok
10:21:56.0341 1092 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:21:56.0341 1092 WdiServiceHost - ok
10:21:56.0356 1092 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:21:56.0356 1092 WdiSystemHost - ok
10:21:56.0465 1092 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
10:21:56.0481 1092 WebClient - ok
10:21:56.0543 1092 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:21:56.0575 1092 Wecsvc - ok
10:21:56.0606 1092 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:21:56.0606 1092 wercplsupport - ok
10:21:56.0715 1092 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:21:56.0715 1092 WerSvc - ok
10:21:56.0824 1092 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:21:56.0824 1092 WfpLwf - ok
10:21:56.0840 1092 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:21:56.0855 1092 WIMMount - ok
10:21:56.0918 1092 WinDefend - ok
10:21:56.0933 1092 WinHttpAutoProxySvc - ok
10:21:57.0089 1092 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:21:57.0089 1092 Winmgmt - ok
10:21:57.0167 1092 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
10:21:57.0214 1092 WinRM - ok
10:21:57.0370 1092 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:21:57.0386 1092 WinUsb - ok
10:21:57.0448 1092 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:21:57.0464 1092 Wlansvc - ok
10:21:57.0651 1092 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:21:57.0651 1092 wlcrasvc - ok
10:21:57.0791 1092 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:21:57.0838 1092 wlidsvc - ok
10:21:57.0885 1092 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:21:57.0885 1092 WmiAcpi - ok
10:21:57.0916 1092 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:21:57.0916 1092 wmiApSrv - ok
10:21:58.0025 1092 WMPNetworkSvc - ok
10:21:58.0072 1092 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:21:58.0072 1092 WPCSvc - ok
10:21:58.0181 1092 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:21:58.0197 1092 WPDBusEnum - ok
10:21:58.0337 1092 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:21:58.0337 1092 ws2ifsl - ok
10:21:58.0431 1092 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
10:21:58.0447 1092 wscsvc - ok
10:21:58.0462 1092 WSearch - ok
10:21:58.0525 1092 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:21:58.0603 1092 wuauserv - ok
10:21:58.0634 1092 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:21:58.0634 1092 WudfPf - ok
10:21:58.0727 1092 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:21:58.0727 1092 WUDFRd - ok
10:21:58.0790 1092 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:21:58.0790 1092 wudfsvc - ok
10:21:58.0821 1092 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:21:58.0837 1092 WwanSvc - ok
10:21:58.0930 1092 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
10:21:58.0946 1092 yukonw7 - ok
10:21:59.0008 1092 ================ Scan global ===============================
10:21:59.0039 1092 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:21:59.0117 1092 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
10:21:59.0133 1092 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
10:21:59.0180 1092 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:21:59.0211 1092 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:21:59.0242 1092 [Global] - ok
10:21:59.0242 1092 ================ Scan MBR ==================================
10:21:59.0258 1092 [ 132A9C0D32AA2BE8BF4DF110B8A2293C ] \Device\Harddisk0\DR0
10:22:00.0069 1092 \Device\Harddisk0\DR0 - ok
10:22:00.0069 1092 ================ Scan VBR ==================================
10:22:00.0147 1092 [ B72843A6CA09C128FFD1781ACFE1E123 ] \Device\Harddisk0\DR0\Partition1
10:22:00.0147 1092 \Device\Harddisk0\DR0\Partition1 - ok
10:22:00.0241 1092 [ D4D3F7EB753AFBC81F5241A6FDE9774E ] \Device\Harddisk0\DR0\Partition2
10:22:00.0241 1092 \Device\Harddisk0\DR0\Partition2 - ok
10:22:00.0381 1092 [ 835BFA2EF70833EE6B42355757A63C46 ] \Device\Harddisk0\DR0\Partition3
10:22:00.0397 1092 \Device\Harddisk0\DR0\Partition3 - ok
10:22:00.0412 1092 [ 9D5102B74F0D434146CC5156A4C2E3B7 ] \Device\Harddisk0\DR0\Partition4
10:22:00.0412 1092 \Device\Harddisk0\DR0\Partition4 - ok
10:22:00.0412 1092 ============================================================
10:22:00.0412 1092 Scan finished
10:22:00.0412 1092 ============================================================
10:22:00.0443 4148 Detected object count: 0
10:22:00.0443 4148 Actual detected object count: 0
10:23:15.0479 1964 Deinitialize success


=========================================================================================================================================


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-29 10:25:15
-----------------------------
10:25:15.178 OS Version: Windows x64 6.1.7600
10:25:15.178 Number of processors: 2 586 0x602
10:25:15.178 ComputerName: MONTAUBAN-PC UserName: Emily
10:25:16.738 Initialize success
10:25:51.662 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:25:51.662 Disk 0 Vendor: WDC_WD3200BEKT-60V5T1 12.01A12 Size: 305245MB BusType: 11
10:25:51.708 Disk 0 MBR read successfully
10:25:51.708 Disk 0 MBR scan
10:25:51.708 Disk 0 unknown MBR code
10:25:51.724 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
10:25:51.740 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 290906 MB offset 409600
10:25:51.771 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14035 MB offset 596185088
10:25:51.786 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
10:25:51.802 Disk 0 scanning C:\Windows\system32\drivers
10:25:57.418 Service scanning
10:26:11.380 Modules scanning
10:26:11.380 Disk 0 trace - called modules:
10:26:11.427 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:26:11.427 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004914060]
10:26:11.427 3 CLASSPNP.SYS[fffff880010ec43f] -> nt!IofCallDriver -> [0xfffffa80049133e0]
10:26:11.442 5 hpdskflt.sys[fffff88002191189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004855060]
10:26:11.442 Scan finished successfully
10:26:43.235 Disk 0 MBR has been saved successfully to "C:\tmp\log\MBR.dat"
10:26:43.235 The log file has been saved successfully to "C:\tmp\log\aswMBR.txt"


========================================================================================================================================

# AdwCleaner v1.801 - Rapport créé le 29/08/2012 à 10:35:02
# Mis à jour le 14/08/2012 par Xplode
# Système d'exploitation : Windows 7 Home Premium (64 bits)
# Nom d'utilisateur : Emily - MONTAUBAN-PC
# Mode de démarrage : Normal
# Exécuté depuis : C:\tmp\tools\adwcleaner.exe
# Option [Recherche]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Présent : C:\Users\Emily\AppData\LocalLow\BabylonToolbar
Dossier Présent : C:\Users\Emily\AppData\LocalLow\searchquband
Dossier Présent : C:\Users\Emily\AppData\LocalLow\Searchqutoolbar
Dossier Présent : C:\Users\Emily\AppData\Roaming\Babylon
Dossier Présent : C:\Users\genevieve\AppData\Roaming\Mozilla\Firefox\Profiles\fjrr79cl.default\Searchqutoolbar
Dossier Présent : C:\Users\genevieve\AppData\Roaming\Mozilla\Firefox\Profiles\fjrr79cl.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Dossier Présent : C:\Users\genevieve\AppData\Roaming\Mozilla\Firefox\Profiles\fjrr79cl.default\extensions\crossriderapp2258@crossrider.com
Dossier Présent : C:\Users\Lulu Castagnette\AppData\Roaming\Mozilla\Firefox\Profiles\bps6evgz.default\Searchqutoolbar
Dossier Présent : C:\Users\Lulu Castagnette\AppData\Roaming\Mozilla\Firefox\Profiles\bps6evgz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Dossier Présent : C:\Users\Lulu Castagnette\AppData\Roaming\Mozilla\Firefox\Profiles\bps6evgz.default\extensions\crossriderapp2258@crossrider.com
Dossier Présent : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\ibraku7q.default\Searchqutoolbar
Dossier Présent : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\ibraku7q.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Dossier Présent : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\ibraku7q.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Dossier Présent : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\ibraku7q.default\extensions\ffxtlbr@babylon.com
Dossier Présent : C:\ProgramData\Babylon
Dossier Présent : C:\ProgramData\boost_interprocess
Dossier Présent : C:\ProgramData\Tarma Installer
Dossier Présent : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Dossier Présent : C:\Program Files (x86)\DAEMON Tools Toolbar
Dossier Présent : C:\Program Files (x86)\Searchqu Toolbar
Fichier Présent : C:\Users\genevieve\AppData\Roaming\Mozilla\Firefox\Profiles\fjrr79cl.default\searchplugins\daemon-search.xml
Fichier Présent : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\ibraku7q.default\searchplugins\Search_Results.xml
Fichier Présent : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
Fichier Présent : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Fichier Présent : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Fichier Présent : C:\user.js

***** [Registre] *****

Clé Présente : HKCU\Software\AppDataLow\Software\I Want This
Clé Présente : HKCU\Software\AppDataLow\Software\searchqutoolbar
Clé Présente : HKCU\Software\DataMngr_Toolbar
Clé Présente : HKCU\Software\DealPly
Clé Présente : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Clé Présente : HKCU\Software\InstalledBrowserExtensions
Clé Présente : HKLM\SOFTWARE\Babylon
Clé Présente : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clé Présente : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Clé Présente : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Clé Présente : HKLM\SOFTWARE\DealPly
Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Clé Présente : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
[x64] Clé Présente : HKCU\Software\AppDataLow\Software\I Want This
[x64] Clé Présente : HKCU\Software\AppDataLow\Software\searchqutoolbar
[x64] Clé Présente : HKCU\Software\DataMngr_Toolbar
[x64] Clé Présente : HKCU\Software\DealPly
[x64] Clé Présente : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
[x64] Clé Présente : HKCU\Software\InstalledBrowserExtensions
[x64] Clé Présente : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Clé Présente : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
[x64] Clé Présente : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1

***** [Registre - GUID] *****

Clé Présente : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[x64] Clé Présente : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
[x64] Clé Présente : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
[x64] Clé Présente : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
[x64] Clé Présente : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
[x64] Clé Présente : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
[x64] Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
[x64] Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x64] Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
[x64] Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
[x64] Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
[x64] Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
[x64] Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
[x64] Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[x64] Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v3.6.4 (fr)

Nom du profil : default
Fichier : C:\Users\genevieve\AppData\Roaming\Mozilla\Firefox\Profiles\fjrr79cl.default\prefs.js

Présente : user_pref("extensions.crossriderapp2258.adsOldValue", -1);

Nom du profil : default
Fichier : C:\Users\Lulu Castagnette\AppData\Roaming\Mozilla\Firefox\Profiles\bps6evgz.default\prefs.js

Présente : user_pref("extensions.crossriderapp2258.adsOldValue", -1);

Nom du profil : default
Fichier : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\ibraku7q.default\prefs.js

Présente : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Présente : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Présente : user_pref("browser.search.order.1", "Search Results");
Présente : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Présente : user_pref("extensions.BabylonToolbar.admin", false);
Présente : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Présente : user_pref("extensions.BabylonToolbar.babExt", "");
Présente : user_pref("extensions.BabylonToolbar.babTrack", "affID=110819&tt=060612_5_");
Présente : user_pref("extensions.BabylonToolbar.bbDpng", 23);
Présente : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Présente : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Présente : user_pref("extensions.BabylonToolbar.hmpg", true);
Présente : user_pref("extensions.BabylonToolbar.id", "c694f4780000000000000a607681333d");
Présente : user_pref("extensions.BabylonToolbar.instlDay", "15510");
Présente : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Présente : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=110819&tt=060612[...]
Présente : user_pref("extensions.BabylonToolbar.lastDP", 23);
Présente : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1711:52:00");
Présente : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Présente : user_pref("extensions.BabylonToolbar.newTab", false);
Présente : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=060612_[...]
Présente : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Présente : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Présente : user_pref("extensions.BabylonToolbar.propectorlck", 84281061);
Présente : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Présente : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Présente : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Présente : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Présente : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Présente : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Présente : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Présente : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Présente : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1711:52:00");
Présente : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Présente : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Présente : user_pref("extensions.BabylonToolbar_i.babExt", "");
Présente : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=060612_5_");
Présente : user_pref("extensions.BabylonToolbar_i.hardId", "c694f4780000000000000a607681333d");
Présente : user_pref("extensions.BabylonToolbar_i.id", "c694f4780000000000000a607681333d");
Présente : user_pref("extensions.BabylonToolbar_i.instlDay", "15510");
Présente : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Présente : user_pref("extensions.BabylonToolbar_i.newTab", false);
Présente : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Présente : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Présente : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Présente : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Présente : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Présente : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Présente : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:52:00");
Présente : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Présente : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
Présente : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1340099568);
Présente : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false[...]
Présente : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
Présente : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
Présente : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
Présente : user_pref("extensions.crossriderapp2258.2258.active", true);
Présente : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Présente : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Présente : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n_GPL_PID = 21;\nfunction parse_url([...]
Présente : user_pref("extensions.crossriderapp2258.2258.backgroundver", 10);
Présente : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Présente : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Présente : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Présente : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Présente : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1340099568");
Présente : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Présente : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Présente : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1340099568");
Présente : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Présente : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1345159460");
Présente : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.expiration", "Fri Aug 24 2012 01:24:20 [...]
Présente : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.value", "%7B%22geoplugin_request%22%3A%[...]
Présente : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Présente : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Présente : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Présente : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Présente : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Présente : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2233673%22");
Présente : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Présente : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221209%22");
Présente : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Présente : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2246930%22");
Présente : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Présente : user_pref("extensions.crossriderapp2258.2258.domain", "");
Présente : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Présente : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Présente : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Présente : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Présente : user_pref("extensions.crossriderapp2258.2258.group", 0);
Présente : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Présente : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Présente : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Présente : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Présente : user_pref("extensions.crossriderapp2258.2258.js", "\nvar _GPL_PID=21,_GPL_baseCDN=\"contentcache-a.a[...]
Présente : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Présente : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Présente : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Présente : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Présente : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Présente : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Présente : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 1);
Présente : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Présente : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Présente : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 1);
Présente : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Présente : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Présente : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Présente : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function h(){v[...]
Présente : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Présente : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 3);
Présente : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "/*!\n * jQuery JavaScript Lib[...]
Présente : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Présente : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 1);
Présente : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16");
Présente : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15");
Présente : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Présente : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 5);
Présente : user_pref("extensions.crossriderapp2258.2258.premium", true);
Présente : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Présente : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Présente : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Présente : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Présente : user_pref("extensions.crossriderapp2258.2258.thankyou", "");
Présente : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Présente : user_pref("extensions.crossriderapp2258.2258.ver", 67);
Présente : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Présente : user_pref("extensions.crossriderapp2258.apps", "2258");
Présente : user_pref("extensions.crossriderapp2258.bic", "13809bcc70efe0b9ba776c9d0bc9601c");
Présente : user_pref("extensions.crossriderapp2258.cid", 2258);
Présente : user_pref("extensions.crossriderapp2258.firstrun", false);
Présente : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Présente : user_pref("extensions.crossriderapp2258.installationdate", 1340193163);
Présente : user_pref("extensions.crossriderapp2258.lastcheck", 22419324);
Présente : user_pref("extensions.crossriderapp2258.lastcheckitem", 22419324);
Présente : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1340810141876");
Présente : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1340810141855");

-\\ Google Chrome v21.0.1180.83

Fichier : C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Preferences

Présente : "homepage": "hxxp://www.searchnu.com/414",
Présente : "urls_to_restore_on_startup": [ "hxxp://www.searchnu.com/414", "hxxp://fr.msn.com/?ocid=ieh[...]
Présente : "name": "Search Results",
Présente : "search_url": "hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=414&sr=0&q={searchTer[...]
Présente : "homepage": "hxxp://www.searchnu.com/414",
Présente : "urls_to_restore_on_startup": [ "hxxp://www.searchnu.com/414", "hxxp://fr.msn.com/?ocid=iehp03[...]

*************************

AdwCleaner[R1].txt - [21977 octets] - [29/08/2012 10:35:02]

########## EOF - C:\AdwCleaner[R1].txt - [22106 octets] ##########

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:51 PM

Posted 29 August 2012 - 09:37 AM

Remove the AdWare, PUB found.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please post the logs and let me know what problem persists.

#5 yargla

yargla
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 29 August 2012 - 11:36 AM

Hi Nasdaq,

Thanks for your help.

The following presents the 3 log files.

Best regards.

# AdwCleaner v1.801 - Rapport créé le 29/08/2012 à 16:43:14
# Mis à jour le 14/08/2012 par Xplode
# Système d'exploitation : Windows 7 Home Premium (64 bits)
# Nom d'utilisateur : Emily - MONTAUBAN-PC
# Mode de démarrage : Normal
# Exécuté depuis : C:\tmp\tools\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Users\Emily\AppData\LocalLow\BabylonToolbar
Dossier Supprimé : C:\Users\Emily\AppData\LocalLow\searchquband
Dossier Supprimé : C:\Users\Emily\AppData\LocalLow\Searchqutoolbar
Dossier Supprimé : C:\Users\Emily\AppData\Roaming\Babylon
Dossier Supprimé : C:\Users\genevieve\AppData\Roaming\Mozilla\Firefox\Profiles\fjrr79cl.default\Searchqutoolbar
Dossier Supprimé : C:\Users\genevieve\AppData\Roaming\Mozilla\Firefox\Profiles\fjrr79cl.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Dossier Supprimé : C:\Users\genevieve\AppData\Roaming\Mozilla\Firefox\Profiles\fjrr79cl.default\extensions\crossriderapp2258@crossrider.com
Dossier Supprimé : C:\Users\Lulu Castagnette\AppData\Roaming\Mozilla\Firefox\Profiles\bps6evgz.default\Searchqutoolbar
Dossier Supprimé : C:\Users\Lulu Castagnette\AppData\Roaming\Mozilla\Firefox\Profiles\bps6evgz.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Dossier Supprimé : C:\Users\Lulu Castagnette\AppData\Roaming\Mozilla\Firefox\Profiles\bps6evgz.default\extensions\crossriderapp2258@crossrider.com
Dossier Supprimé : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\ibraku7q.default\Searchqutoolbar
Dossier Supprimé : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\ibraku7q.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Dossier Supprimé : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\ibraku7q.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Dossier Supprimé : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\ibraku7q.default\extensions\ffxtlbr@babylon.com
Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\ProgramData\boost_interprocess
Dossier Supprimé : C:\ProgramData\Tarma Installer
Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Dossier Supprimé : C:\Program Files (x86)\DAEMON Tools Toolbar
Dossier Supprimé : C:\Program Files (x86)\Searchqu Toolbar
Fichier Supprimé : C:\Users\genevieve\AppData\Roaming\Mozilla\Firefox\Profiles\fjrr79cl.default\searchplugins\daemon-search.xml
Fichier Supprimé : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\ibraku7q.default\searchplugins\Search_Results.xml
Fichier Supprimé : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Fichier Supprimé : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Fichier Supprimé : C:\user.js

***** [Registre] *****

Clé Supprimée : HKCU\Software\AppDataLow\Software\I Want This
Clé Supprimée : HKCU\Software\AppDataLow\Software\searchqutoolbar
Clé Supprimée : HKCU\Software\DataMngr_Toolbar
Clé Supprimée : HKCU\Software\DealPly
Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Clé Supprimée : HKCU\Software\InstalledBrowserExtensions
Clé Supprimée : HKLM\SOFTWARE\Babylon
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Clé Supprimée : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Clé Supprimée : HKLM\SOFTWARE\DealPly
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

***** [Registre - GUID] *****

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[x64] Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
[x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
[x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
[x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
[x64] Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v3.6.4 (fr)

Nom du profil : default
Fichier : C:\Users\genevieve\AppData\Roaming\Mozilla\Firefox\Profiles\fjrr79cl.default\prefs.js

C:\Users\genevieve\AppData\Roaming\Mozilla\Firefox\Profiles\fjrr79cl.default\user.js ... Supprimé !

Supprimée : user_pref("extensions.crossriderapp2258.adsOldValue", -1);

Nom du profil : default
Fichier : C:\Users\Lulu Castagnette\AppData\Roaming\Mozilla\Firefox\Profiles\bps6evgz.default\prefs.js

Supprimée : user_pref("extensions.crossriderapp2258.adsOldValue", -1);

Nom du profil : default
Fichier : C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\ibraku7q.default\prefs.js

C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\ibraku7q.default\user.js ... Supprimé !

Supprimée : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Supprimée : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Supprimée : user_pref("browser.search.order.1", "Search Results");
Supprimée : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Supprimée : user_pref("extensions.BabylonToolbar.admin", false);
Supprimée : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Supprimée : user_pref("extensions.BabylonToolbar.babExt", "");
Supprimée : user_pref("extensions.BabylonToolbar.babTrack", "affID=110819&tt=060612_5_");
Supprimée : user_pref("extensions.BabylonToolbar.bbDpng", 23);
Supprimée : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Supprimée : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Supprimée : user_pref("extensions.BabylonToolbar.hmpg", true);
Supprimée : user_pref("extensions.BabylonToolbar.id", "c694f4780000000000000a607681333d");
Supprimée : user_pref("extensions.BabylonToolbar.instlDay", "15510");
Supprimée : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Supprimée : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=110819&tt=060612[...]
Supprimée : user_pref("extensions.BabylonToolbar.lastDP", 23);
Supprimée : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1711:52:00");
Supprimée : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Supprimée : user_pref("extensions.BabylonToolbar.newTab", false);
Supprimée : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?affID=110819&tt=060612_[...]
Supprimée : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Supprimée : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Supprimée : user_pref("extensions.BabylonToolbar.propectorlck", 84281061);
Supprimée : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Supprimée : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Supprimée : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Supprimée : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Supprimée : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Supprimée : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Supprimée : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Supprimée : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Supprimée : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1711:52:00");
Supprimée : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Supprimée : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Supprimée : user_pref("extensions.BabylonToolbar_i.babExt", "");
Supprimée : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=060612_5_");
Supprimée : user_pref("extensions.BabylonToolbar_i.hardId", "c694f4780000000000000a607681333d");
Supprimée : user_pref("extensions.BabylonToolbar_i.id", "c694f4780000000000000a607681333d");
Supprimée : user_pref("extensions.BabylonToolbar_i.instlDay", "15510");
Supprimée : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Supprimée : user_pref("extensions.BabylonToolbar_i.newTab", false);
Supprimée : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Supprimée : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Supprimée : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Supprimée : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Supprimée : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Supprimée : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Supprimée : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:52:00");
Supprimée : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Supprimée : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
Supprimée : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1340099568);
Supprimée : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false[...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
Supprimée : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
Supprimée : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
Supprimée : user_pref("extensions.crossriderapp2258.2258.active", true);
Supprimée : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Supprimée : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Supprimée : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n_GPL_PID = 21;\nfunction parse_url([...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.backgroundver", 10);
Supprimée : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Supprimée : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Supprimée : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Supprimée : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1340099568");
Supprimée : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1340099568");
Supprimée : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1345159460");
Supprimée : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.expiration", "Fri Aug 24 2012 01:24:20 [...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.value", "%7B%22geoplugin_request%22%3A%[...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Supprimée : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2233673%22");
Supprimée : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221209%22");
Supprimée : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2246930%22");
Supprimée : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Supprimée : user_pref("extensions.crossriderapp2258.2258.domain", "");
Supprimée : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Supprimée : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Supprimée : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Supprimée : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Supprimée : user_pref("extensions.crossriderapp2258.2258.group", 0);
Supprimée : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Supprimée : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Supprimée : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.js", "\nvar _GPL_PID=21,_GPL_baseCDN=\"contentcache-a.a[...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Supprimée : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Supprimée : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Supprimée : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Supprimée : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Supprimée : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 1);
Supprimée : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Supprimée : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 1);
Supprimée : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Supprimée : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Supprimée : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function h(){v[...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Supprimée : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 3);
Supprimée : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "/*!\n * jQuery JavaScript Lib[...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Supprimée : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 1);
Supprimée : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16");
Supprimée : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15");
Supprimée : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Supprimée : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 5);
Supprimée : user_pref("extensions.crossriderapp2258.2258.premium", true);
Supprimée : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Supprimée : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Supprimée : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Supprimée : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Supprimée : user_pref("extensions.crossriderapp2258.2258.thankyou", "");
Supprimée : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Supprimée : user_pref("extensions.crossriderapp2258.2258.ver", 67);
Supprimée : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Supprimée : user_pref("extensions.crossriderapp2258.apps", "2258");
Supprimée : user_pref("extensions.crossriderapp2258.bic", "13809bcc70efe0b9ba776c9d0bc9601c");
Supprimée : user_pref("extensions.crossriderapp2258.cid", 2258);
Supprimée : user_pref("extensions.crossriderapp2258.firstrun", false);
Supprimée : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Supprimée : user_pref("extensions.crossriderapp2258.installationdate", 1340193163);
Supprimée : user_pref("extensions.crossriderapp2258.lastcheck", 22419324);
Supprimée : user_pref("extensions.crossriderapp2258.lastcheckitem", 22419324);
Supprimée : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1340810141876");
Supprimée : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1340810141855");

-\\ Google Chrome v21.0.1180.83

Fichier : C:\Users\Emily\AppData\Local\Google\Chrome\User Data\Default\Preferences

Supprimée : "homepage": "hxxp://www.searchnu.com/414",
Supprimée : "urls_to_restore_on_startup": [ "hxxp://www.searchnu.com/414", "hxxp://fr.msn.com/?ocid=ieh[...]
Supprimée : "name": "Search Results",
Supprimée : "search_url": "hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=414&sr=0&q={searchTer[...]
Supprimée : "homepage": "hxxp://www.searchnu.com/414",
Supprimée : "urls_to_restore_on_startup": [ "hxxp://www.searchnu.com/414", "hxxp://fr.msn.com/?ocid=iehp03[...]

*************************

AdwCleaner[R1].txt - [22058 octets] - [29/08/2012 10:35:02]
AdwCleaner[S1].txt - [20603 octets] - [29/08/2012 16:43:14]

########## EOF - C:\AdwCleaner[S1].txt - [20732 octets] ##########

==================================================================================================================================
ComboFix 12-08-28.03 - Emily 29/08/2012 17:45:37.4.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4092.2798 [GMT 2:00]
Lancé depuis: c:\tmp\tools\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-07-28 au 2012-08-29 ))))))))))))))))))))))))))))))))))))
.
.
2012-08-29 15:56 . 2012-08-29 15:56 -------- d-----w- c:\users\Lulu Castagnette\AppData\Local\temp
2012-08-29 15:56 . 2012-08-29 15:56 -------- d-----w- c:\users\genevieve\AppData\Local\temp
2012-08-29 15:56 . 2012-08-29 15:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-24 18:03 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A841B3BD-DFFD-4C03-AEBA-F1E6ADF87D73}\mpengine.dll
2012-08-24 17:33 . 2012-08-24 17:40 -------- d-----w- c:\programdata\AVAST Software
2012-08-24 17:33 . 2012-08-24 17:33 -------- d-----w- c:\program files\AVAST Software
2012-08-23 23:13 . 2012-08-24 00:35 -------- d-----w- C:\1cb1653c7ed05809e09536303d
2012-08-23 21:04 . 2012-08-23 21:04 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-08-23 21:03 . 2012-08-23 21:03 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2012-08-23 21:03 . 2012-08-23 21:03 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-08-23 21:03 . 2012-08-23 21:03 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-08-23 21:03 . 2012-08-23 21:10 -------- d-----w- c:\program files (x86)\Acronis
2012-08-23 21:03 . 2012-08-23 21:04 -------- d-----w- c:\program files (x86)\Common Files\Acronis
2012-08-23 12:47 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-08-23 12:47 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-08-23 12:11 . 2012-08-23 12:11 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-08-23 12:11 . 2012-08-23 12:11 -------- d-----w- c:\windows\system32\wbem\en-US
2012-08-23 11:47 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-23 11:46 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2012-08-23 11:46 . 2009-10-10 02:41 109056 ----a-w- c:\windows\system32\drivers\sdbus.sys
2012-08-23 11:41 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-08-23 11:41 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-08-23 11:39 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-23 11:39 . 2011-06-16 05:31 199680 ----a-w- c:\windows\system32\xmllite.dll
2012-08-23 11:39 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2012-08-23 11:39 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-08-23 11:30 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-08-23 11:30 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-08-22 22:56 . 2012-08-23 11:58 -------- d--h--w- c:\windows\msdownld.tmp
2012-08-22 22:29 . 2012-08-22 22:29 -------- d-----w- c:\users\Emily\AppData\Local\Microsoft Help
2012-08-22 18:45 . 2012-08-23 10:53 -------- d-----w- C:\d8113540223dc2c881
2012-08-22 07:02 . 2012-08-22 11:27 -------- d-----w- c:\users\Emily\DoctorWeb
2012-08-21 19:55 . 2012-08-21 19:55 -------- d-----w- c:\programdata\Kaspersky Lab
2012-08-17 01:42 . 2012-08-17 01:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-16 23:18 . 2012-08-16 23:47 -------- d-----w- c:\windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-08-16 23:13 . 2012-08-16 23:13 -------- d-----w- c:\program files (x86)\Enigma Software Group
2012-08-16 22:58 . 2012-08-16 23:02 -------- d-----w- c:\windows\7289B0CCBC414C7EA2C7DB1259E8E47A.TMP
2012-08-16 22:29 . 2012-08-16 23:47 -------- d-----w- C:\sh4ldr
2012-08-16 22:29 . 2012-08-16 22:29 -------- d-----w- c:\program files\Enigma Software Group
2012-08-16 22:29 . 2012-08-16 23:11 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-16 22:14 . 2012-08-16 22:14 -------- d-----w- c:\users\Emily\AppData\Roaming\SpeedyPC Software
2012-08-16 22:14 . 2012-08-16 22:14 -------- d-----w- c:\users\Emily\AppData\Roaming\DriverCure
2012-08-16 22:14 . 2012-08-16 22:55 -------- d-----w- c:\programdata\SpeedyPC Software
2012-08-16 19:02 . 2012-08-16 19:02 -------- d-----w- c:\program files\CCleaner
2012-08-16 18:29 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-08-16 18:29 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-08-16 18:29 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-08-16 18:29 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-08-16 18:29 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-08-16 18:29 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-08-16 18:29 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-08-16 18:29 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-08-16 18:29 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-16 18:29 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll
2012-08-16 18:29 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-16 18:29 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-16 18:28 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-08-16 18:28 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-24 00:43 . 2011-03-28 17:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-03 02:27 . 2010-03-22 12:57 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 16:21 . 2011-01-13 15:46 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-03 11:46 . 2010-05-31 11:34 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 07:42 . 2012-06-20 07:42 3678720 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-06-06 18:59 . 2012-06-06 18:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-02 22:19 . 2012-06-21 15:12 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 15:12 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 15:12 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 15:12 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 15:12 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 15:12 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 15:12 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 15:11 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 15:11 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2012-08-24_09.15.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:46 . 2012-08-24 17:29 81864 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-08-29 15:57 . 2012-08-29 15:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-24 09:11 . 2012-08-24 09:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-24 09:11 . 2012-08-24 09:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-29 15:57 . 2012-08-29 15:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-08-24 09:10 400392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-29 15:56 400392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-03-23 20:05 . 2012-08-29 14:44 1868308 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2489960082-1411877195-1193092763-1002-12288.dat
- 2010-03-23 20:05 . 2012-08-23 23:31 1868308 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2489960082-1411877195-1193092763-1002-12288.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
.
c:\users\Lulu Castagnette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-17 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-17 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-13 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2012-08-23 1263200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 afcdpsrv;Service Acronis Nonstop Backup;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-08-23 3246040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-08-23 285280]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-17 15:26]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-17 15:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: Interfaces\{3E7732DB-6223-4D3E-9F1A-60036F0060EE}: NameServer = 212.27.40.240,212.27.40.241
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\ibraku7q.default\
FF - prefs.js: browser.startup.homepage - hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Heure de fin: 2012-08-29 18:17:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-08-29 16:17
ComboFix2.txt 2012-08-24 09:28
ComboFix3.txt 2012-08-17 02:50
.
Avant-CF: 230 640 672 768 octets libres
Après-CF: 230 290 894 848 octets libres
.
- - End Of File - - 78BC821F9DC9195E6AB1C6D9EB08517D

=========================================================================================================================================

Results of screen317's Security Check version 0.99.49
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 24
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (3.6.4) Firefox out of Date!
Mozilla Thunderbird (3.0.4) Thunderbird out of Date!
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:51 PM

Posted 29 August 2012 - 01:10 PM

Learn how to install Windows 7 Service Pack 1 (SP1)
http://windows.microsoft.com/installwindows7sp1

Click the Out of date service pack!! on the SecurityCheck log and update your Service Pack.
===

============= new canned speech. ====

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Old versions....


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

Please let me know what problem persists.

#7 yargla

yargla
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 29 August 2012 - 03:19 PM

Hi Nasdaq,

Thanks for your answer.

As i said at the begining of this topic, i can't update windows with the service pack 1 (nor install an antivirus like kasperky or avast).

That is why i think there a malware, a virus, or something like that on that computer.

The following describes what it happens when i try to update Windows with the service pack 1 (using Windows update) :

At the end of the installation of the service pack 1, a Window presents this text (which i traduce from french to english):

"The update has been istalled"
"Restart now to finish the updates installation"

So i click on "restart now"

Then a new window presents the following:

"Service pack configuration x%"
"Do not shutdown the computer"

Then the computer restart

Then a new window presents the following:

"wait please..."
"Windows configuration preparation"
"Do not shutdown the computer"

Then a new window presents the following:

"Service pack configuration"
"44% done"
"do not shutdown the computer"

Then the window is stuck on 44%

Then a new window presents the following:

"Service pack configuration failed"
"cancell of the modifications"
"do not shutdown the computer"

The failed update procedure has ran for 1 hour around !

Then the computer restart again with the same windows :

"Windows configuration preparation"
"Do not shutdown the computer"

And so on ...

so i can't up date windows withe the sercice pack 1

Now i will update java, flash player and then Adobe.

Best regards

#8 yargla

yargla
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 30 August 2012 - 05:30 AM

Hi Nasdaq,

the following presents the security check log file after the updates (java, flash, Adobe reader and flash player).

As you can see, the windows service pack 1 update fails.

Best regards.


Results of screen317's Security Check version 0.99.49
Windows 7 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 24
Java 7 Update 6
Adobe Flash Player 11.4.402.265
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0)
Mozilla Thunderbird (15.0.)
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:51 PM

Posted 30 August 2012 - 01:20 PM

Let see what we can find.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#10 yargla

yargla
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 30 August 2012 - 01:49 PM

Hi Nasdaq,

Thanks for your answer.


The following presents the log file.

Moreover, as i said, the computer is very slow because of the cpu load which is 100 % most of the time (the ventilator is very noisy).
I don't know if it can help but there is always 2 processes named svchost.exe which consume all the cpu load.

Best regards.

Farbar Service Scanner Version: 06-08-2012
Ran by Emily (administrator) on 30-08-2012 at 20:40:04
Running from "C:\tmp\tools"
Microsoft Windows 7 Édition Familiale Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-27 10:17] - [2011-12-28 05:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 16:41] - [2012-03-30 13:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-14 02:09] - [2009-07-14 03:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 01:36] - [2009-07-14 03:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-08-16 20:29] - [2012-04-24 07:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:51 PM

Posted 31 August 2012 - 06:42 AM

Download this Process Explorer tool.
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
RUN IT AND TRY to find the Process / file that is draining your CPU.
Instructions on the help file.

Look at the svchost.exe processes and see if you can find out what files are dependent of it.

Process Explorer works on Windows 9x/Me, Windows NT 4.0, Windows 2000, Windows XP, Server 2003, and 64-bit versions of Windows for x64 processors, and Windows Vista.

#12 yargla

yargla
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 31 August 2012 - 12:24 PM

Hi Nasdaq,
Thanks for your answer.

I will try to be as clear as possible...
There are 2 svchost.exe which consume the cpu.

For the first one, which is svchost.exe (netsvc) the following presents :

==========================================================================================
2) The associated services
==========================================================================================

BITS
EapHost
gpsvc
IKEEXT
iphlpsvc
LanmanServer
ProfSvc
RasAuto
RasMan
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
Themes
Winmgmt
wuauserv

==========================================================================================
2) The associated DLL
==========================================================================================
Process: svchost.exe Pid: 1056

Name Description Company Name Path
{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000030.db C:\ProgramData\Microsoft\Windows\Caches\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000030.db
{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x000000000000000d.db C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x000000000000000d.db
actxprxy.dll ActiveX Interface Marshaling Library Microsoft Corporation C:\Windows\System32\actxprxy.dll
advapi32.dll API avancées Windows 32 Microsoft Corporation C:\Windows\System32\advapi32.dll
apisetschema.dll ApiSet Schema DLL Microsoft Corporation C:\Windows\System32\apisetschema.dll
apphelp.dll Fichier DLL du client de compatibilité des applications Microsoft Corporation C:\Windows\System32\apphelp.dll
atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation C:\Windows\System32\atl.dll
authz.dll Authorization Framework Microsoft Corporation C:\Windows\System32\authz.dll
avrt.dll Multimedia Realtime Runtime Microsoft Corporation C:\Windows\System32\avrt.dll
bcrypt.dll Windows Cryptographic Primitives Library Microsoft Corporation C:\Windows\System32\bcrypt.dll
bcryptprimitives.dll Windows Cryptographic Primitives Library Microsoft Corporation C:\Windows\System32\bcryptprimitives.dll
bitsigd.dll Background Intelligent Transfer Service IGD Support Microsoft Corporation C:\Windows\System32\bitsigd.dll
bitsperf.dll Perfmon Counter Access Microsoft Corporation C:\Windows\System32\bitsperf.dll
browser.dll DLL du service Explorateur d’ordinateurs Microsoft Corporation C:\Windows\System32\browser.dll
cabinet.dll Microsoft® Cabinet File API Microsoft Corporation C:\Windows\System32\cabinet.dll
cfgmgr32.dll Configuration Manager DLL Microsoft Corporation C:\Windows\System32\cfgmgr32.dll
clbcatq.dll COM+ Configuration Catalog Microsoft Corporation C:\Windows\System32\clbcatq.dll
clusapi.dll Bibliothèque d’API de cluster Microsoft Corporation C:\Windows\System32\clusapi.dll
comctl32.dll Bibliothèque de contrôles de l’expérience utilisateur Microsoft Corporation C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7\comctl32.dll
credssp.dll Credential Delegation Security Package Microsoft Corporation C:\Windows\System32\credssp.dll
credui.dll Interface utilisateur du gestionnaire d’informations d’identification Microsoft Corporation C:\Windows\System32\credui.dll
crypt32.dll Crypto API32 Microsoft Corporation C:\Windows\System32\crypt32.dll
cryptbase.dll Base cryptographic API DLL Microsoft Corporation C:\Windows\System32\cryptbase.dll
cryptdll.dll Cryptography Manager Microsoft Corporation C:\Windows\System32\cryptdll.dll
cryptsp.dll Cryptographic Service Provider API Microsoft Corporation C:\Windows\System32\cryptsp.dll
cversions.2.db C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db
cversions.2.db C:\ProgramData\Microsoft\Windows\Caches\cversions.2.db
devobj.dll Device Information Set DLL Microsoft Corporation C:\Windows\System32\devobj.dll
devrtl.dll Device Management Run Time Library Microsoft Corporation C:\Windows\System32\devrtl.dll
dhcpcsvc.dll Service client DHCP Microsoft Corporation C:\Windows\System32\dhcpcsvc.dll
dhcpcsvc6.dll Client DHCPv6 Microsoft Corporation C:\Windows\System32\dhcpcsvc6.dll
dnsapi.dll DNS DLL de l’API Client Microsoft Corporation C:\Windows\System32\dnsapi.dll
dsrole.dll DS Role Client DLL Microsoft Corporation C:\Windows\System32\dsrole.dll
dssenh.dll Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider Microsoft Corporation C:\Windows\System32\dssenh.dll
eappcfg.dll Configuration d’homologue EAP Microsoft Corporation C:\Windows\System32\eappcfg.dll
eapphost.dll Service homologue EAPHost Microsoft Microsoft Corporation C:\Windows\System32\eapphost.dll
eappprxy.dll Microsoft EAPHost Peer Client DLL Microsoft Corporation C:\Windows\System32\eappprxy.dll
eapsvc.dll Service EAPHost Microsoft Microsoft Corporation C:\Windows\System32\eapsvc.dll
es.dll COM+ Microsoft Corporation C:\Windows\System32\es.dll
esent.dll Moteur de stockage extensible pour Microsoft® Windows® Microsoft Corporation C:\Windows\System32\esent.dll
esscli.dll WMI Microsoft Corporation C:\Windows\System32\wbem\esscli.dll
fastprox.dll WMI Custom Marshaller Microsoft Corporation C:\Windows\System32\wbem\fastprox.dll
FirewallAPI.dll API du Pare-feu Windows Microsoft Corporation C:\Windows\System32\FirewallAPI.dll
fveapi.dll API de chiffrement de lecteur BitLocker Windows Microsoft Corporation C:\Windows\System32\fveapi.dll
fvecerts.dll BitLocker Certificates Library Microsoft Corporation C:\Windows\System32\fvecerts.dll
FWPUCLNT.DLL API en mode utilisateur FWP/IPsec Microsoft Corporation C:\Windows\System32\FWPUCLNT.DLL
gdi32.dll GDI Client DLL Microsoft Corporation C:\Windows\System32\gdi32.dll
gpapi.dll API client de stratégie de groupe Microsoft Corporation C:\Windows\System32\gpapi.dll
gpsvc.dll Client de stratégie de groupe Microsoft Corporation C:\Windows\System32\gpsvc.dll
hnetcfg.dll Gestionnaire de configuration de réseau domestique Microsoft Corporation C:\Windows\System32\hnetcfg.dll
icmp.dll ICMP DLL Microsoft Corporation C:\Windows\System32\icmp.dll
IKEEXT.DLL Extension IKE Microsoft Corporation C:\Windows\System32\IKEEXT.DLL
imm32.dll Multi-User Windows IMM32 API Client DLL Microsoft Corporation C:\Windows\System32\imm32.dll
IPHLPAPI.DLL API de l’application d’assistance IP Microsoft Corporation C:\Windows\System32\IPHLPAPI.DLL
iphlpsvc.dll Service offrant une connectivité IPv6 sur un réseau IPv4. Microsoft Corporation C:\Windows\System32\iphlpsvc.dll
ipnathlp.dll Composants de l’application d’assistance à Microsoft NAT Microsoft Corporation C:\Windows\System32\ipnathlp.dll
kerberos.dll Package de sécurité Kerberos Microsoft Corporation C:\Windows\System32\kerberos.dll
kernel32.dll DLL du client API BASE Windows NT Microsoft Corporation C:\Windows\System32\kernel32.dll
KernelBase.dll DLL du client API BASE Windows NT Microsoft Corporation C:\Windows\System32\KernelBase.dll
KernelBase.dll.mui DLL du client API BASE Windows NT Microsoft Corporation C:\Windows\System32\fr-FR\KernelBase.dll.mui
ktmw32.dll Windows KTM Win32 Client DLL Microsoft Corporation C:\Windows\System32\ktmw32.dll
locale.nls C:\Windows\System32\locale.nls
logoncli.dll Net Logon Client DLL Microsoft Corporation C:\Windows\System32\logoncli.dll
lpk.dll Language Pack Microsoft Corporation C:\Windows\System32\lpk.dll
mdnsNSP.dll Bonjour Namespace Provider Apple Inc. C:\Program Files\Bonjour\mdnsNSP.dll
mmcss.dll Service Planificateur de classes multimédias Microsoft Corporation C:\Windows\System32\mmcss.dll
mprapi.dll Windows NT MP Router Administration DLL Microsoft Corporation C:\Windows\System32\mprapi.dll
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation C:\Windows\System32\msasn1.dll
msctf.dll DLL de MSCTF Server Microsoft Corporation C:\Windows\System32\msctf.dll
mspatcha.dll Microsoft File Patch Application API Microsoft Corporation C:\Windows\System32\mspatcha.dll
msvcrt.dll Windows NT CRT DLL Microsoft Corporation C:\Windows\System32\msvcrt.dll
mswsock.dll Fournisseur de service Sockets 2.0 de Microsoft Windows Microsoft Corporation C:\Windows\System32\mswsock.dll
ncobjapi.dll Microsoft Corporation C:\Windows\System32\ncobjapi.dll
NCProv.dll Non-COM WMI Event Provision APIs Microsoft Corporation C:\Windows\System32\wbem\NCProv.dll
ncrypt.dll Bibliothèque de chiffrement Windows Microsoft Corporation C:\Windows\System32\ncrypt.dll
ndiscapCfg.dll NdisCap Notify Object Microsoft Corporation C:\Windows\System32\ndiscapCfg.dll
netapi32.dll Net Win32 API DLL Microsoft Corporation C:\Windows\System32\netapi32.dll
netcfgx.dll Objets de configuration du réseau Microsoft Corporation C:\Windows\System32\netcfgx.dll
netjoin.dll Domain Join DLL Microsoft Corporation C:\Windows\System32\netjoin.dll
netprofm.dll Gestionnaire de listes de réseaux Microsoft Corporation C:\Windows\System32\netprofm.dll
netshell.dll Noyau des Connexions réseau Microsoft Corporation C:\Windows\System32\netshell.dll
netutils.dll Net Win32 API Helpers DLL Microsoft Corporation C:\Windows\System32\netutils.dll
nlaapi.dll Network Location Awareness 2 Microsoft Corporation C:\Windows\System32\nlaapi.dll
npmproxy.dll Network List Manager Proxy Microsoft Corporation C:\Windows\System32\npmproxy.dll
nsi.dll NSI User-mode interface DLL Microsoft Corporation C:\Windows\System32\nsi.dll
ntdll.dll DLL Couche NT Microsoft Corporation C:\Windows\System32\ntdll.dll
ntdsapi.dll Active Directory Domain Services API Microsoft Corporation C:\Windows\System32\ntdsapi.dll
ntmarta.dll Fournisseur MARTA Windows NT Microsoft Corporation C:\Windows\System32\ntmarta.dll
ole32.dll Microsoft OLE pour Windows Microsoft Corporation C:\Windows\System32\ole32.dll
oleaut32.dll Microsoft Corporation C:\Windows\System32\oleaut32.dll
pcwum.dll Compteurs de performance pour DLL native Windows Microsoft Corporation C:\Windows\System32\pcwum.dll
profapi.dll User Profile Basic API Microsoft Corporation C:\Windows\System32\profapi.dll
profsvc.dll ProfSvc Microsoft Corporation C:\Windows\System32\profsvc.dll
profsvc.dll.mui ProfSvc Microsoft Corporation C:\Windows\System32\fr-FR\profsvc.dll.mui
propsys.dll Système de propriétés Microsoft Microsoft Corporation C:\Windows\System32\propsys.dll
psapi.dll Process Status Helper Microsoft Corporation C:\Windows\System32\psapi.dll
qmgr.dll Service de transfert intelligent en arrière-plan Microsoft Corporation C:\Windows\System32\qmgr.dll
rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation C:\Windows\System32\rasadhlp.dll
rasapi32.dll API d’Accès réseau à distance Microsoft Corporation C:\Windows\System32\rasapi32.dll
rasauto.dll Gestionnaire de numérotation automatique d’accès distant Microsoft Corporation C:\Windows\System32\rasauto.dll
rascfg.dll Objets de configuration RAS Microsoft Corporation C:\Windows\System32\rascfg.dll
raschap.dll Accès distant PPP CHAP Microsoft Corporation C:\Windows\System32\raschap.dll
rasman.dll Remote Access Connection Manager Microsoft Corporation C:\Windows\System32\rasman.dll
rasmans.dll Gestionnaire de connexions d’accès distant Microsoft Corporation C:\Windows\System32\rasmans.dll
rasppp.dll Remote Access PPP Microsoft Corporation C:\Windows\System32\rasppp.dll
rastapi.dll Remote Access TAPI Compliance Layer Microsoft Corporation C:\Windows\System32\rastapi.dll
repdrvfs.dll WMI Repository Driver Microsoft Corporation C:\Windows\System32\wbem\repdrvfs.dll
resutils.dll Microsoft Cluster Resource Utility DLL Microsoft Corporation C:\Windows\System32\resutils.dll
rpcrt4.dll Runtime d’appel de procédure distante Microsoft Corporation C:\Windows\System32\rpcrt4.dll
RpcRtRemote.dll Remote RPC Extension Microsoft Corporation C:\Windows\System32\RpcRtRemote.dll
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation C:\Windows\System32\rsaenh.dll
rtutils.dll Routing Utilities Microsoft Corporation C:\Windows\System32\rtutils.dll
samcli.dll Security Accounts Manager Client DLL Microsoft Corporation C:\Windows\System32\samcli.dll
samlib.dll SAM Library DLL Microsoft Corporation C:\Windows\System32\samlib.dll
schedsvc.dll Service du Planificateur de tâches Microsoft Corporation C:\Windows\System32\schedsvc.dll
sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation C:\Windows\System32\sechost.dll
seclogon.dll DLL de service d’ouverture de session secondaire Microsoft Corporation C:\Windows\System32\seclogon.dll
secur32.dll Security Support Provider Interface Microsoft Corporation C:\Windows\System32\secur32.dll
Sens.dll Service de notification d’événements système (SENS) Microsoft Corporation C:\Windows\System32\Sens.dll
setupapi.dll Installation de L’API Windows Microsoft Corporation C:\Windows\System32\setupapi.dll
shell32.dll DLL commune du shell Windows Microsoft Corporation C:\Windows\System32\shell32.dll
shlwapi.dll Bibliothèque d’utilitaires légers du Shell Microsoft Corporation C:\Windows\System32\shlwapi.dll
shsvcs.dll Dll des services Windows Shell Microsoft Corporation C:\Windows\System32\shsvcs.dll
slc.dll Dll de client de gestion de licences du logiciel Microsoft Corporation C:\Windows\System32\slc.dll
SortDefault.nls C:\Windows\Globalization\Sorting\SortDefault.nls
SPInf.dll Windows SPINF Microsoft Corporation C:\Windows\System32\SPInf.dll
sqmapi.dll SQM Client Microsoft Corporation C:\Windows\System32\sqmapi.dll
srvcli.dll Server Service Client DLL Microsoft Corporation C:\Windows\System32\srvcli.dll
srvsvc.dll DLL du service Serveur Microsoft Corporation C:\Windows\System32\srvsvc.dll
sscore.dll Fichier DLL principal du service Serveur Microsoft Corporation C:\Windows\System32\sscore.dll
ssdpapi.dll SSDP Client API DLL Microsoft Corporation C:\Windows\System32\ssdpapi.dll
sspicli.dll Security Support Provider Interface Microsoft Corporation C:\Windows\System32\sspicli.dll
svchost.exe Processus hôte pour les services Windows Microsoft Corporation C:\Windows\System32\svchost.exe
sxs.dll Fusion 2.5 Microsoft Corporation C:\Windows\System32\sxs.dll
sysntfy.dll Windows Notifications Dynamic Link Library Microsoft Corporation C:\Windows\System32\sysntfy.dll
tapi32.dll DLL Client de l'API Microsoft® Windows™ Téléphonie Microsoft Corporation C:\Windows\System32\tapi32.dll
taskcomp.dll Plug-in de compatibilité descendante du Planificateur de tâches Microsoft Corporation C:\Windows\System32\taskcomp.dll
tbs.dll TBS Microsoft Corporation C:\Windows\System32\tbs.dll
tcpipcfg.dll Objets de configuration du réseau Microsoft Corporation C:\Windows\System32\tcpipcfg.dll
themeservice.dll DLL du service des thèmes Windows Shell Microsoft Corporation C:\Windows\System32\themeservice.dll
TSChannel.dll Task Scheduler Proxy Microsoft Corporation C:\Windows\System32\TSChannel.dll
ubpm.dll DLL du Gestionnaire de processus d’arrière-plan unifiés Microsoft Corporation C:\Windows\System32\ubpm.dll
umb.dll User Mode Bus Driver Interface Dll Microsoft Corporation C:\Windows\System32\umb.dll
upnp.dll API UPnP de Point de contrôle Microsoft Corporation C:\Windows\System32\upnp.dll
upnphost.dll Hôte de périphérique UPnP Microsoft Corporation C:\Windows\System32\upnphost.dll
upnphost.dll.mui Hôte de périphérique UPnP Microsoft Corporation C:\Windows\System32\fr-FR\upnphost.dll.mui
user32.dll DLL client de l’API uilisateur de Windows multi-utilisateurs Microsoft Corporation C:\Windows\System32\user32.dll
userenv.dll Userenv Microsoft Corporation C:\Windows\System32\userenv.dll
usp10.dll Uniscribe Unicode script processor Microsoft Corporation C:\Windows\System32\usp10.dll
uxtheme.dll Bibliothèque de thèmes Ux Microsoft Microsoft Corporation C:\Windows\System32\uxtheme.dll
version.dll Version Checking and File Installation Libraries Microsoft Corporation C:\Windows\System32\version.dll
vpnike.dll VPNIKE Protocol Engine - Test dll Microsoft Corporation C:\Windows\System32\vpnike.dll
vssapi.dll Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL Microsoft Corporation C:\Windows\System32\vssapi.dll
vsstrace.dll Bibliothèque de suivi du service VSS Microsoft® Microsoft Corporation C:\Windows\System32\vsstrace.dll
wbemcomn.dll WMI Microsoft Corporation C:\Windows\System32\wbemcomn.dll
wbemcore.dll Infrastructure de gestion Windows Microsoft Corporation C:\Windows\System32\wbem\wbemcore.dll
wbemess.dll WMI Microsoft Corporation C:\Windows\System32\wbem\wbemess.dll
wbemprox.dll WMI Microsoft Corporation C:\Windows\System32\wbem\wbemprox.dll
wbemsvc.dll WMI Microsoft Corporation C:\Windows\System32\wbem\wbemsvc.dll
wdscore.dll Panther Engine Module Microsoft Corporation C:\Windows\System32\wdscore.dll
webio.dll API des protocoles de transfert Web Microsoft Corporation C:\Windows\System32\webio.dll
wer.dll DLL du rapport d’erreurs Windows Microsoft Corporation C:\Windows\System32\wer.dll
wevtapi.dll API de configuration et de consommation d’événements Microsoft Corporation C:\Windows\System32\wevtapi.dll
wiarpc.dll Windows Image Acquisition RPC client DLL Microsoft Corporation C:\Windows\System32\wiarpc.dll
winhttp.dll Services HTTP Windows Microsoft Corporation C:\Windows\System32\winhttp.dll
winnsi.dll Network Store Information RPC interface Microsoft Corporation C:\Windows\System32\winnsi.dll
winspool.drv Pilote de spouleur Windows Microsoft Corporation C:\Windows\System32\winspool.drv
winsta.dll Winstation Library Microsoft Corporation C:\Windows\System32\winsta.dll
wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation C:\Windows\System32\wintrust.dll
wkscli.dll Workstation Service Client DLL Microsoft Corporation C:\Windows\System32\wkscli.dll
Wldap32.dll DLL API LDAP Win32 Microsoft Corporation C:\Windows\System32\Wldap32.dll
WLIDNSP.DLL Microsoft® Windows Live ID Namespace Provider Microsoft Corp. C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
WmiPrvSD.dll WMI Microsoft Corporation C:\Windows\System32\wbem\WmiPrvSD.dll
WMIsvc.dll WMI Microsoft Corporation C:\Windows\System32\wbem\WMIsvc.dll
wmiutils.dll WMI Microsoft Corporation C:\Windows\System32\wbem\wmiutils.dll
wmsgapi.dll WinLogon IPC Client Microsoft Corporation C:\Windows\System32\wmsgapi.dll
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation C:\Windows\System32\ws2_32.dll
wship6.dll DLL d’application d’assistance Winsock2 (TL/IPv6) Microsoft Corporation C:\Windows\System32\wship6.dll
WSHTCPIP.DLL DLL d’application d’assistance Winsock2 (TL/IPv4) Microsoft Corporation C:\Windows\System32\WSHTCPIP.DLL
wtsapi32.dll Windows Remote Desktop Session Host Server SDK APIs Microsoft Corporation C:\Windows\System32\wtsapi32.dll
wuaueng.dll Agent de mise à jour automatique Windows Update Microsoft Corporation C:\Windows\System32\wuaueng.dll
wuaueng.dll.mui Agent de mise à jour automatique Windows Update Microsoft Corporation C:\Windows\System32\fr-FR\wuaueng.dll.mui
wups2.dll Windows Update client proxy stub 2 Microsoft Corporation C:\Windows\System32\wups2.dll
xmllite.dll Microsoft XmlLite Library Microsoft Corporation C:\Windows\System32\xmllite.dll

==========================================================================================
3) The Handles
==========================================================================================

Type Name
ALPC Port \RPC Control\IUserProfile2
ALPC Port \RPC Control\OLE4D242C978BC74DB1BB999CFCDA1D
ALPC Port \ThemeApiPort
ALPC Port \RPC Control\senssvc
ALPC Port \RPC Control\SECLOGON
ALPC Port \RPC Control\RasmanLrpc
ALPC Port \RPC Control\VpnikeRpc
Desktop \Default
Directory \KnownDlls
Directory \BaseNamedObjects
Directory \BaseNamedObjects
Event \...\MmcssStatusEvent
Event \KernelObjects\MaximumCommitCondition
Event \BaseNamedObjects\TermSrvReadyEvent
Event \BaseNamedObjects\SENS Started Event
Event \Sessions\1\BaseNamedObjects\ThemeLoadedEvent
Event \BaseNamedObjects\{90A71FB9-BB49-4163-8AF0-7FCCBACE9EB5}ShellHWDetection
Event \BaseNamedObjects\{90A71FB9-BB49-4163-8AF0-7FCCBACE9EB5}ShellHWDetection
Event \BaseNamedObjects\WiaServiceStarted
Event \BaseNamedObjects\BFE_Notify_Event_{9ad04482-8fdb-4903-a5ff-0260974fe9db}
Event \BaseNamedObjects\BFE_Notify_Event_{7c5afbd1-30e7-4bc4-8435-c8db7649eccc}
Event \BaseNamedObjects\WINMGMT_COREDLL_CANSHUTDOWN
Event \BaseNamedObjects\WINMGMT_PROVIDER_CANSHUTDOWN
Event \BaseNamedObjects\WMI_SysEvent_LodCtr
Event \BaseNamedObjects\WMI_SysEvent_UnLodCtr
Event \BaseNamedObjects\WMI_RevAdap_Set
Event \BaseNamedObjects\WMI_RevAdap_ACK
Event \BaseNamedObjects\WMI_ProcessIdleTasksStart
Event \BaseNamedObjects\WMI_ProcessIdleTasksComplete
Event \BaseNamedObjects\LanmanServerNetworkInitialized
Event \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS
Event \BaseNamedObjects\WINMGMT_PROVIDER_CANSHUTDOWN
Event \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS
Event \BaseNamedObjects\WBEM_ESS_OPEN_FOR_BUSINESS
Event \BaseNamedObjects\BFE_Notify_Event_{8a66255e-48bc-4ca4-ac95-b18af3f8473c}
Event \BaseNamedObjects\EVENT_READYROOT/CIMV2PROVIDERSUBSYSTEM
Event \BaseNamedObjects\EVENT_READYROOT/CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
Event \BaseNamedObjects\EVENT_READYROOT/CIMV2SCM EVENT PROVIDER
Event \LanmanServerAnnounceEvent
Event \BaseNamedObjects\IPNAT
Event \BaseNamedObjects\RasAutoDialSharedConnectionEvent
File C:\Windows\System32
File \Device\KsecDD
File \Device\WMIDataDevice
File \Device\PcwDrv
File C:\Windows\Tasks\SCHEDLGU.TXT
File \Device\HarddiskVolume2
File C:\Windows\Tasks
File \Device\NamedPipe\atsvc
File \Device\NamedPipe\atsvc
File \Device\NamedPipe\atsvc
File \Device\Afd
File \Device\Afd
File \Device\NamedPipe\Winsock2\CatalogChangeListener-420-0
File \Device\Afd
File \Device\Afd
File \Device\Nsi
File C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7
File \Device\KsecDD
File \Device\KsecDD
File \Device\Afd\Endpoint
File \Device\Afd\Endpoint
File \Device\Afd\Endpoint
File \Device\Afd\Endpoint
File \Device\Afd\Endpoint
File \Device\Afd\Endpoint
File C:\Windows\System32\wbem\MOF
File C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7
File \Device\WMIDataDevice
File \Device\0000036d
File \Device\SrvAdmin
File \Device\LanmanServer
File \Device\SrvAdmin
File \Device\Srv2
File C:\Windows\System32\wbem\repository\MAPPING1.MAP
File C:\Windows\System32\wbem\repository\MAPPING2.MAP
File C:\Windows\System32\wbem\repository\MAPPING3.MAP
File C:\Windows\System32\wbem\repository\OBJECTS.DATA
File C:\Windows\System32\wbem\repository\INDEX.BTR
File \Device\NamedPipe\ROUTER
File \Device\NamedPipe\ROUTER
File \Device\NamedPipe\ROUTER
File C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7
File \Device\NamedPipe\srvsvc
File \Device\NamedPipe\srvsvc
File \Device\NamedPipe\srvsvc
File \Device\RasAcd
File C:\Windows\System32\fr-FR\upnphost.dll.mui
File \Device\NamedPipe\PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER
File \Device\NamedPipe\srvsvc
File C:\Windows\SoftwareDistribution\ReportingEvents.log
File \Device\Afd
File \Device\Afd
File C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
File C:\Windows\WindowsUpdate.log
File C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
File C:\Windows\System32\fr-FR\profsvc.dll.mui
File \Device\Afd
File \Device\Afd
File \Device\Afd
File C:\Windows\System32\fr-FR\KernelBase.dll.mui
File C:\Windows\System32\fr-FR\wuaueng.dll.mui
File \Device\Afd
File \Device\Afd
Job \BaseNamedObjects\WmiProviderSubSystemHostJob
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
Key HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER
Key HKU\.DEFAULT\Control Panel\International
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
Key HKCR
Key HKLM\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9
Key HKLM\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5
Key HKCU
Key HKCU
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\PropertyBag
Key HKU\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Key HKLM\SYSTEM\ControlSet001\services\IKEEXT
Key HKLM\SOFTWARE\Microsoft\NetworkAccessProtection\NapClient
Key HKLM\SYSTEM\ControlSet001\services\VSS\Diag\WMI Writer
Key HKLM\SOFTWARE\Microsoft\Tracing\IpHlpSvc
Key HKLM\SOFTWARE\Microsoft\Tracing\RASMAN
Key HKLM\SOFTWARE\Microsoft\Tracing\RASTAPI
Key HKLM\SOFTWARE\Microsoft\Tracing\tapi32
Key HKLM\SYSTEM\ControlSet001\services\SharedAccess\Epoch
Key HKLM\SYSTEM\ControlSet001\Enum
Key HKLM\SYSTEM\ControlSet001\services
Key HKLM\SYSTEM\ControlSet001\Control\CLASS
Key HKLM\SYSTEM\ControlSet001\Control\DeviceClasses
Key HKLM\SYSTEM\ControlSet001\Control\CoDeviceInstallers
Key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PerHwIdStorage
Key HKLM\SOFTWARE\Microsoft\Tracing\PPP
Key HKLM\SYSTEM\ControlSet001\services\RasMan\PPP
Key HKLM\SYSTEM\ControlSet001\services\LanmanWorkstation\Linkage
Key HKLM\SOFTWARE\Microsoft\Tracing\RASPAP
Key HKLM\SOFTWARE\Microsoft\Tracing\RASEAP
Key HKLM\SOFTWARE\Microsoft\Tracing\RASCCP
Key HKLM\SOFTWARE\Microsoft\Tracing\svchost_RASCHAP
Key HKLM\SOFTWARE\Microsoft\Tracing\VPNIKE
Key HKLM\SOFTWARE\Microsoft\Tracing\RASIPHLP
Key HKLM\SOFTWARE\Microsoft\Tracing\RASIPCP
Key HKLM\SOFTWARE\Microsoft\Tracing\RASIPV6CP
Key HKLM\SOFTWARE\Microsoft\Tracing\IPNATHLP
Key HKU\.DEFAULT
Key HKLM\SYSTEM\ControlSet001\services\TCPIP6\Parameters\Interfaces
Key HKU\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Key HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters
Key HKLM\SYSTEM\ControlSet001\services\VSS\Diag\BITS Writer
Key HKLM\SYSTEM\ControlSet001\services\LanmanServer\ShareProviders
Key HKLM\SYSTEM\ControlSet001\services\LanmanServer\Parameters
Key HKLM\SOFTWARE\Microsoft\Tracing\svchost_RASAPI32
Key HKLM\SOFTWARE\Microsoft\Tracing\svchost_RASMANCS
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Language Groups
Key HKLM\SYSTEM\ControlSet001\services\EapHost
Key HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces
Key HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER\MEMORY MANAGEMENT
Key HKLM\SYSTEM\ControlSet001\services\LanmanServer\Linkage
Key HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters
Key HKLM\SOFTWARE\Microsoft\Tracing\RASAUTO
Key HKCU
Key HKCU\Software\Microsoft\RAS AutoDial
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale
Key HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces
Key HKLM\SYSTEM\ControlSet001\services\TCPIP6\Parameters
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache
Mutant \BaseNamedObjects\d3b1bbc7-c020-4056-9ded-7c6f40b5a2fc
Mutant \BaseNamedObjects\FwtSqmSession101457921_S-1-5-18
Mutant \BaseNamedObjects\NetCfgWriteLock
Mutant \BaseNamedObjects\RasPbFile
Mutant \BaseNamedObjects\NetCfgWriteLock
Mutant \BaseNamedObjects\WindowsUpdateTracingMutex
Mutant \BaseNamedObjects\3a886eb8-fe40-4d0a-b78b-9e0bcb683fb7
Process atieclxx.exe(1524)
Process taskeng.exe(3020)
Process winlogon.exe(152)
Process winlogon.exe(152)
Process winlogon.exe(152)
Process <Accès refusé.

>
Process SynTPHelper.exe(2292)
Process SynTPEnh.exe(1700)
Process dwm.exe(1908)
Process explorer.exe(1924)
Process taskhost.exe(1428)
Process sttray64.exe(1492)
Process msseces.exe(1448)
Process explorer.exe(1924)
Process jusched.exe(2512)
Process perfmon.exe(2996)
Process taskeng.exe(3020)
Process svchost.exe(1056)
Process chrome.exe(2244)
Process <Accès refusé.

>
Process CLMLSvc.exe(2332)
Process chrome.exe(3108)
Process wuauclt.exe(1344)
Process procexp64.exe(3600)
Process <Accès refusé.

>
Process <Accès refusé.

>
Process <Accès refusé.

>
Process taskmgr.exe(3372)
Process wuauclt.exe(1344)
Process mbamgui.exe(2572)
Process notepad.exe(2564)
Section \BaseNamedObjects\MMF_BITS_s
Section \BaseNamedObjects\__ComCatalogCache__
Section \BaseNamedObjects\SENS Information Cache
Section \BaseNamedObjects\__ComCatalogCache__
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000030.db
Section \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x000000000000000d.db
Section \BaseNamedObjects\windows_shell_global_counters
Section \BaseNamedObjects\SqmData_FwtSqmSession101457921_S-1-5-18
Section \BaseNamedObjects\Wmi Provider Sub System Counters
Section \BaseNamedObjects\RotHintTable
Thread svchost.exe(1056): 1060
Thread svchost.exe(1056): 1064
Thread svchost.exe(1056): 1064
Thread svchost.exe(1056): 1460
Thread svchost.exe(1056): 1720
Thread svchost.exe(1056): 1400
Thread svchost.exe(1056): 1404
Thread svchost.exe(1056): 1488
Thread svchost.exe(1056): 1464
Thread svchost.exe(1056): 1904
Thread svchost.exe(1056): 1600
Thread svchost.exe(1056): 1704
Thread svchost.exe(1056): 1704
Thread svchost.exe(1056): 2344
Thread svchost.exe(1056): 1756
Thread svchost.exe(1056): 1756
Thread svchost.exe(1056): 1836
Thread svchost.exe(1056): 1840
Thread svchost.exe(1056): 1860
Thread svchost.exe(1056): 1884
Thread svchost.exe(1056): 1868
Thread svchost.exe(1056): 1464
Thread svchost.exe(1056): 1904
Thread svchost.exe(1056): 1720
Thread svchost.exe(1056): 3856
Thread svchost.exe(1056): 1988
Thread svchost.exe(1056): 1868
Thread explorer.exe(1924): 1396
Thread svchost.exe(1056): 1904
Thread svchost.exe(1056): 3772
Thread svchost.exe(1056): 2764
Thread svchost.exe(1056): 2088
Thread svchost.exe(1056): 1876
Thread svchost.exe(1056): 3924
Thread svchost.exe(1056): 3008
Thread svchost.exe(1056): 440
Thread svchost.exe(1056): 440
Thread svchost.exe(1056): 2848
Thread svchost.exe(1056): 2036
Thread svchost.exe(1056): 3772
Thread svchost.exe(1056): 1636
Thread svchost.exe(1056): 1636
Thread svchost.exe(1056): 3856
Thread svchost.exe(1056): 880
Thread svchost.exe(1056): 2904
Thread svchost.exe(1056): 2888
Thread svchost.exe(1056): 1464
Thread svchost.exe(1056): 3484
Thread svchost.exe(1056): 2880
Thread svchost.exe(1056): 1460
Thread svchost.exe(1056): 1788
Thread svchost.exe(1056): 1232
Thread svchost.exe(1056): 2428
Thread svchost.exe(1056): 1720
Thread svchost.exe(1056): 2112
Thread svchost.exe(1056): 1764
Thread svchost.exe(1056): 3876
Thread svchost.exe(1056): 3856
Thread svchost.exe(1056): 3876
Thread svchost.exe(1056): 1764
Thread svchost.exe(1056): 1788
Thread svchost.exe(1056): 2028
Thread svchost.exe(1056): 3772
Thread svchost.exe(1056): 2684
Thread svchost.exe(1056): 2028
Thread svchost.exe(1056): 2684
Thread svchost.exe(1056): 3484
Thread svchost.exe(1056): 3876
Thread svchost.exe(1056): 1708
Thread svchost.exe(1056): 608
Thread <Accès refusé.

>
Thread svchost.exe(1056): 1784
Thread svchost.exe(1056): 3484
Thread svchost.exe(1056): 1852
Thread svchost.exe(1056): 1720
Thread svchost.exe(1056): 1720
Thread svchost.exe(1056): 1784
Thread svchost.exe(1056): 1296
Thread svchost.exe(1056): 1296
Thread <Accès refusé.

>
Thread svchost.exe(1056): 1236
Thread svchost.exe(1056): 4072
Thread svchost.exe(1056): 1760
Thread svchost.exe(1056): 2872
Thread svchost.exe(1056): 2872
Thread svchost.exe(1056): 2912
Thread svchost.exe(1056): 1788
Thread svchost.exe(1056): 1296
Thread svchost.exe(1056): 3992
Thread svchost.exe(1056): 2112
Thread svchost.exe(1056): 3124
Thread svchost.exe(1056): 2112
Thread svchost.exe(1056): 2112
Thread svchost.exe(1056): 3992
Thread svchost.exe(1056): 3992
Thread svchost.exe(1056): 2344
Thread svchost.exe(1056): 1784
Thread svchost.exe(1056): 1740
Thread svchost.exe(1056): 1708
Thread svchost.exe(1056): 4072
Thread svchost.exe(1056): 1464
Thread svchost.exe(1056): 1824
Thread svchost.exe(1056): 2112
Thread svchost.exe(1056): 1824
Thread svchost.exe(1056): 1824
Token AUTORITE NT\Système:3e7
Token AUTORITE NT\Système:3e7
Token Montauban-PC\Emily:49482
Token AUTORITE NT\Système:3e7
Token Montauban-PC\Emily:49482
Token Montauban-PC\Emily:49482
Token Montauban-PC\Emily:49482
Token AUTORITE NT\ANONYMOUS LOGON:3e6
Token AUTORITE NT\Système:3e7
Token Montauban-PC\Emily:49482
Token AUTORITE NT\SERVICE LOCAL:3e5
Token AUTORITE NT\SERVICE LOCAL:3e5
Token AUTORITE NT\SERVICE LOCAL:3e5
Token AUTORITE NT\Système:3e7
Token AUTORITE NT\Système:3e7
Token Montauban-PC\Emily:49482
Token AUTORITE NT\SERVICE RÉSEAU:3e4
Token AUTORITE NT\SERVICE LOCAL:3e5
Token AUTORITE NT\SERVICE RÉSEAU:3e4
Token Montauban-PC\Emily:49482
WindowStation \Windows\WindowStations\Service-0x0-3e7$
WindowStation \Windows\WindowStations\Service-0x0-3e7$
Thread svchost.exe(1056): 4072

==========================================================================================

==========================================================================================
I hope it will help...
I will try to post the second svchost.exe process in the next post.

Best regards

#13 yargla

yargla
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 31 August 2012 - 12:45 PM

The following presents the second process : svchost.exe (NetworkService)

=======================================================================================================================
1) services
=======================================================================================================================
CryptSvc
Dnscache
LanmanWorkstation
NlaSvc
TapiSrv


=======================================================================================================================
2) DLLs
=======================================================================================================================



Process: svchost.exe Pid: 3156

Name Description Company Name Path
advapi32.dll API avancées Windows 32 Microsoft Corporation C:\Windows\System32\advapi32.dll
apisetschema.dll ApiSet Schema DLL Microsoft Corporation C:\Windows\System32\apisetschema.dll
atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation C:\Windows\System32\atl.dll
bcrypt.dll Windows Cryptographic Primitives Library Microsoft Corporation C:\Windows\System32\bcrypt.dll
bcryptprimitives.dll Windows Cryptographic Primitives Library Microsoft Corporation C:\Windows\System32\bcryptprimitives.dll
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
catdb C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
cfgmgr32.dll Configuration Manager DLL Microsoft Corporation C:\Windows\System32\cfgmgr32.dll
clbcatq.dll COM+ Configuration Catalog Microsoft Corporation C:\Windows\System32\clbcatq.dll
credssp.dll Credential Delegation Security Package Microsoft Corporation C:\Windows\System32\credssp.dll
crypt32.dll Crypto API32 Microsoft Corporation C:\Windows\System32\crypt32.dll
cryptbase.dll Base cryptographic API DLL Microsoft Corporation C:\Windows\System32\cryptbase.dll
cryptnet.dll Crypto Network Related API Microsoft Corporation C:\Windows\System32\cryptnet.dll
cryptsp.dll Cryptographic Service Provider API Microsoft Corporation C:\Windows\System32\cryptsp.dll
cryptsvc.dll Services de chiffrement Microsoft Corporation C:\Windows\System32\cryptsvc.dll
dhcpcsvc.dll Service client DHCP Microsoft Corporation C:\Windows\System32\dhcpcsvc.dll
dhcpcsvc6.dll Client DHCPv6 Microsoft Corporation C:\Windows\System32\dhcpcsvc6.dll
dnsapi.dll DNS DLL de l’API Client Microsoft Corporation C:\Windows\System32\dnsapi.dll
dnsext.dll DNS extension DLL Microsoft Corporation C:\Windows\System32\dnsext.dll
dnsrslvr.dll Service de résolution du cache DNS Microsoft Corporation C:\Windows\System32\dnsrslvr.dll
es.dll COM+ Microsoft Corporation C:\Windows\System32\es.dll
esent.dll Moteur de stockage extensible pour Microsoft® Windows® Microsoft Corporation C:\Windows\System32\esent.dll
FWPUCLNT.DLL API en mode utilisateur FWP/IPsec Microsoft Corporation C:\Windows\System32\FWPUCLNT.DLL
gdi32.dll GDI Client DLL Microsoft Corporation C:\Windows\System32\gdi32.dll
gpapi.dll API client de stratégie de groupe Microsoft Corporation C:\Windows\System32\gpapi.dll
imm32.dll Multi-User Windows IMM32 API Client DLL Microsoft Corporation C:\Windows\System32\imm32.dll
IPHLPAPI.DLL API de l’application d’assistance IP Microsoft Corporation C:\Windows\System32\IPHLPAPI.DLL
kernel32.dll DLL du client API BASE Windows NT Microsoft Corporation C:\Windows\System32\kernel32.dll
KernelBase.dll DLL du client API BASE Windows NT Microsoft Corporation C:\Windows\System32\KernelBase.dll
KernelBase.dll.mui DLL du client API BASE Windows NT Microsoft Corporation C:\Windows\System32\fr-FR\KernelBase.dll.mui
locale.nls C:\Windows\System32\locale.nls
lpk.dll Language Pack Microsoft Corporation C:\Windows\System32\lpk.dll
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation C:\Windows\System32\msasn1.dll
msctf.dll DLL de MSCTF Server Microsoft Corporation C:\Windows\System32\msctf.dll
msvcrt.dll Windows NT CRT DLL Microsoft Corporation C:\Windows\System32\msvcrt.dll
mswsock.dll Fournisseur de service Sockets 2.0 de Microsoft Windows Microsoft Corporation C:\Windows\System32\mswsock.dll
ncsi.dll Indicateur d’état de la connectivité réseau Microsoft Corporation C:\Windows\System32\ncsi.dll
netjoin.dll Domain Join DLL Microsoft Corporation C:\Windows\System32\netjoin.dll
netutils.dll Net Win32 API Helpers DLL Microsoft Corporation C:\Windows\System32\netutils.dll
nlasvc.dll Connaissance des emplacements réseau 2 Microsoft Corporation C:\Windows\System32\nlasvc.dll
nsi.dll NSI User-mode interface DLL Microsoft Corporation C:\Windows\System32\nsi.dll
ntdll.dll DLL Couche NT Microsoft Corporation C:\Windows\System32\ntdll.dll
ole32.dll Microsoft OLE pour Windows Microsoft Corporation C:\Windows\System32\ole32.dll
oleaut32.dll Microsoft Corporation C:\Windows\System32\oleaut32.dll
profapi.dll User Profile Basic API Microsoft Corporation C:\Windows\System32\profapi.dll
propsys.dll Système de propriétés Microsoft Microsoft Corporation C:\Windows\System32\propsys.dll
psapi.dll Process Status Helper Microsoft Corporation C:\Windows\System32\psapi.dll
rpcrt4.dll Runtime d’appel de procédure distante Microsoft Corporation C:\Windows\System32\rpcrt4.dll
RpcRtRemote.dll Remote RPC Extension Microsoft Corporation C:\Windows\System32\RpcRtRemote.dll
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation C:\Windows\System32\rsaenh.dll
rtutils.dll Routing Utilities Microsoft Corporation C:\Windows\System32\rtutils.dll
samcli.dll Security Accounts Manager Client DLL Microsoft Corporation C:\Windows\System32\samcli.dll
samlib.dll SAM Library DLL Microsoft Corporation C:\Windows\System32\samlib.dll
sechost.dll Host for SCM/SDDL/LSA Lookup APIs Microsoft Corporation C:\Windows\System32\sechost.dll
secur32.dll Security Support Provider Interface Microsoft Corporation C:\Windows\System32\secur32.dll
shlwapi.dll Bibliothèque d’utilitaires légers du Shell Microsoft Corporation C:\Windows\System32\shlwapi.dll
SortDefault.nls C:\Windows\Globalization\Sorting\SortDefault.nls
ssdpapi.dll SSDP Client API DLL Microsoft Corporation C:\Windows\System32\ssdpapi.dll
sspicli.dll Security Support Provider Interface Microsoft Corporation C:\Windows\System32\sspicli.dll
svchost.exe Processus hôte pour les services Windows Microsoft Corporation C:\Windows\System32\svchost.exe
tapisrv.dll Serveur de téléphonie Microsoft® Windows™ Microsoft Corporation C:\Windows\System32\tapisrv.dll
user32.dll DLL client de l’API uilisateur de Windows multi-utilisateurs Microsoft Corporation C:\Windows\System32\user32.dll
userenv.dll Userenv Microsoft Corporation C:\Windows\System32\userenv.dll
usp10.dll Uniscribe Unicode script processor Microsoft Corporation C:\Windows\System32\usp10.dll
vssapi.dll Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL Microsoft Corporation C:\Windows\System32\vssapi.dll
vsstrace.dll Bibliothèque de suivi du service VSS Microsoft® Microsoft Corporation C:\Windows\System32\vsstrace.dll
webio.dll API des protocoles de transfert Web Microsoft Corporation C:\Windows\System32\webio.dll
wevtapi.dll API de configuration et de consommation d’événements Microsoft Corporation C:\Windows\System32\wevtapi.dll
winhttp.dll Services HTTP Windows Microsoft Corporation C:\Windows\System32\winhttp.dll
winnsi.dll Network Store Information RPC interface Microsoft Corporation C:\Windows\System32\winnsi.dll
winsta.dll Winstation Library Microsoft Corporation C:\Windows\System32\winsta.dll
wkscli.dll Workstation Service Client DLL Microsoft Corporation C:\Windows\System32\wkscli.dll
wkssvc.dll DLL du service Station de travail Microsoft Corporation C:\Windows\System32\wkssvc.dll
Wldap32.dll DLL API LDAP Win32 Microsoft Corporation C:\Windows\System32\Wldap32.dll
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation C:\Windows\System32\ws2_32.dll
wship6.dll DLL d’application d’assistance Winsock2 (TL/IPv6) Microsoft Corporation C:\Windows\System32\wship6.dll
WSHTCPIP.DLL DLL d’application d’assistance Winsock2 (TL/IPv4) Microsoft Corporation C:\Windows\System32\WSHTCPIP.DLL
wtsapi32.dll Windows Remote Desktop Session Host Server SDK APIs Microsoft Corporation C:\Windows\System32\wtsapi32.dll

=======================================================================================================================
3) Handles
=======================================================================================================================

Process: svchost.exe Pid: 3156

Type Name
ALPC Port \RPC Control\nlaplg
ALPC Port \RPC Control\nlaapi
ALPC Port \RPC Control\keysvc
ALPC Port \RPC Control\keysvc2
ALPC Port \RPC Control\OLE67AF5C0FD50446E5B7F278647C04
ALPC Port \RPC Control\tapsrvlpc
ALPC Port \RPC Control\DNSResolver
Desktop \Default
Directory \KnownDlls
Directory \BaseNamedObjects
Event \BaseNamedObjects\NlaPrivatePort3
Event \BaseNamedObjects\NlaPrivatePort
Event \BaseNamedObjects\TermSrvReadyEvent
Event \BaseNamedObjects\WkssvcToAgentStartEvent
Event \BaseNamedObjects\WkssvcToAgentStopEvent
Event \BaseNamedObjects\AgentToWkssvcEvent
Event \BaseNamedObjects\wkssvc: MUP finished initializing event
Event \KernelObjects\MaximumCommitCondition
Event \BaseNamedObjects\SC_AutoStartComplete
File C:\Windows\System32
File \Device\KsecDD
File \Device\Nsi
File \Device\WMIDataDevice
File \Device\WMIDataDevice
File \Device\KsecDD
File \Device\NamedPipe\wkssvc
File C:\Windows\System32\fr-FR\KernelBase.dll.mui
File \Device\NamedPipe\wkssvc
File \Device\Mup
File \Device\LanmanDatagramReceiver
File \Device\NamedPipe\keysvc
File \Device\NamedPipe\keysvc
File \Device\NamedPipe\keysvc
File \Device\NamedPipe\wkssvc
File \Device\NamedPipe\wkssvc
File C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
File C:\Windows\System32\catroot2\edb.log
File C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
File C:\Windows\System32\drivers\etc
File \Device\NamedPipe\tapsrv
File \Device\NamedPipe\tapsrv
File \Device\NamedPipe\tapsrv
File \Device\Afd\Endpoint
File \Device\Afd
File \Device\Afd\Endpoint
File \Device\NamedPipe\wkssvc
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
Key HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER
Key HKU\S-1-5-20\Control Panel\International
Key HKLM\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9
Key HKLM\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5
Key HKLM\SYSTEM\ControlSet001\services\NlaSvc\Parameters
Key HKLM\SYSTEM\ControlSet001\services\NlaSvc\Parameters\Internet
Key HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator
Key HKLM\SOFTWARE\Microsoft\Tracing\tapisrv
Key HKLM\SYSTEM\ControlSet001\services\VSS\Diag\System Writer
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts
Key HKLM\SYSTEM\ControlSet001\Control\Nls\Language Groups
Key HKCR
Key HKLM\SYSTEM\ControlSet001\services\LanmanWorkstation\Parameters
Key HKLM\SYSTEM\ControlSet001\services\Dnscache\Parameters
Key HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\DNSRegisteredAdapters
Process svchost.exe(3156)
Section \BaseNamedObjects\__ComCatalogCache__
Section \BaseNamedObjects\__ComCatalogCache__
Thread svchost.exe(3156): 3084
Thread svchost.exe(3156): 3580
Thread svchost.exe(3156): 3580
Thread svchost.exe(3156): 3828
Thread svchost.exe(3156): 4064
Thread <Accès refusé.

>
Thread svchost.exe(3156): 3832
Thread svchost.exe(3156): 3832
Thread svchost.exe(3156): 3204
Thread svchost.exe(3156): 3588
Thread svchost.exe(3156): 3772
Thread svchost.exe(3156): 1792
Thread svchost.exe(3156): 1080
Thread svchost.exe(3156): 2900
Thread svchost.exe(3156): 3204
Thread svchost.exe(3156): 3120
Thread svchost.exe(3156): 2900
Thread svchost.exe(3156): 2308
Thread svchost.exe(3156): 3508
Thread svchost.exe(3156): 2308
Thread svchost.exe(3156): 3336
Thread svchost.exe(3156): 2940
Thread svchost.exe(3156): 156
Thread svchost.exe(3156): 156
Thread svchost.exe(3156): 156
Thread svchost.exe(3156): 2940
Thread svchost.exe(3156): 4028
Thread svchost.exe(3156): 2584
Thread svchost.exe(3156): 3336
Thread svchost.exe(3156): 4028
Thread svchost.exe(3156): 3772
Thread svchost.exe(3156): 612
Thread svchost.exe(3156): 3828
Thread svchost.exe(3156): 3828
Thread svchost.exe(3156): 1108
Thread svchost.exe(3156): 3508
Thread svchost.exe(3156): 4040
Token AUTORITE NT\SERVICE RÉSEAU:3e4
WindowStation \Windows\WindowStations\Service-0x0-3e4$
WindowStation \Windows\WindowStations\Service-0x0-3e4$

===================================================================================================

I hope it will help...

Best regards

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:51 PM

Posted 31 August 2012 - 12:49 PM

All the services on your previous logs are good.

Post the second log if not too much trouble.

I want to check if there is or not some hidden ZeroAccess infection.

Please run this tool.

Download this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#15 yargla

yargla
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:51 PM

Posted 31 August 2012 - 01:25 PM

Hi Nasdaq,

Thanks for your answer.

The following presents the log file.

Best regards.

Scan result of Farbar Recovery Scan Tool Version: 31-08-2012 01
Ran by SYSTEM at 31-08-2012 20:20:19
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-23] (IDT, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Emily\...\Policies\system: [LogonHoursAction] 2
HKU\Emily\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\genevieve\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\genevieve\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)
HKU\genevieve\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-05-17] (Google Inc.)
HKU\genevieve\...\Policies\system: [DisableLockWorkstation] 0
HKU\genevieve\...\Policies\system: [DisableChangePassword] 0
HKU\genevieve\...\Policies\system: [LogonHoursAction] 2
HKU\genevieve\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Lulu Castagnette\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\Lulu Castagnette\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\Lulu Castagnette\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Lulu Castagnette\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-05-17] (Google Inc.)
HKU\Lulu Castagnette\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)
HKU\Lulu Castagnette\...\Policies\system: [LogonHoursAction] 2
HKU\Lulu Castagnette\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\Runonce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3E7732DB-6223-4D3E-9F1A-60036F0060EE}: [NameServer]212.27.40.240,212.27.40.241

==================== Services (Whitelisted) ======

2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1112240 2010-11-22] (Acronis)
3 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2012-08-23] (Acronis)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)

==================== Drivers (Whitelisted) ===================

3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3678720 2012-06-19] (Qualcomm Atheros Communications, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
4 eabfiltr; [x]
3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfdx64.sys [x]
3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [x]

==================== NetSvcs (Whitelisted) =================


==================== One Month Created Files and Folders ======================

2012-08-31 20:20 - 2012-08-31 20:20 - 00000000 ____D C:\FRST
2012-08-31 09:41 - 2012-08-31 09:41 - 00017858 ____A C:\Users\Emily\Desktop\tmp.txt
2012-08-31 06:36 - 2012-08-31 06:36 - 00509264 ____A (Microsoft Corporation) C:\Users\Emily\Downloads\winsdk_web (1).exe
2012-08-31 06:14 - 2012-08-31 06:14 - 00889416 ____A (Microsoft Corporation) C:\Users\Emily\Downloads\dotNetFx40_Full_setup.exe
2012-08-31 06:10 - 2012-08-31 06:11 - 00509264 ____A (Microsoft Corporation) C:\Users\Emily\Downloads\winsdk_web.exe
2012-08-31 05:54 - 2012-08-31 09:44 - 00007631 ____A C:\Users\Emily\AppData\Local\Resmon.ResmonCfg
2012-08-31 01:34 - 2012-08-31 01:33 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-08-31 01:33 - 2012-08-31 01:33 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-08-31 01:33 - 2012-08-31 01:33 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-08-31 01:33 - 2012-08-31 01:33 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-08-30 10:37 - 2012-08-30 10:38 - 00693235 ____A (Farbar) C:\Users\Emily\Downloads\FSS.exe
2012-08-30 10:14 - 2012-08-30 10:14 - 00040538 ____A C:\Users\Emily\Downloads\Svchost Viewer Ver 0.5.0.1 (2).zip
2012-08-30 10:08 - 2012-08-30 10:08 - 00040538 ____A C:\Users\Emily\Downloads\Svchost Viewer Ver 0.5.0.1.zip
2012-08-30 10:08 - 2012-08-30 10:08 - 00040538 ____A C:\Users\Emily\Downloads\Svchost Viewer Ver 0.5.0.1 (1).zip
2012-08-30 08:27 - 2012-08-30 08:27 - 01479536 ____A (Sysinternals - www.sysinternals.com) C:\Users\Emily\Desktop\procexp64.exe
2012-08-30 08:14 - 2012-07-11 07:38 - 02691192 ____A (Sysinternals - www.sysinternals.com) C:\Users\Emily\Desktop\procexp.exe
2012-08-30 08:12 - 2012-08-30 08:12 - 01144963 ____A C:\Users\Emily\Downloads\ProcessExplorer.zip
2012-08-30 07:43 - 2012-08-30 09:50 - 00000000 ____D C:\Windows\System32\SPReview
2012-08-30 03:10 - 2012-08-30 03:33 - 93654616 ____A C:\Users\Emily\Downloads\avast_free_antivirus_setup.exe
2012-08-30 02:49 - 2012-08-30 02:49 - 40622920 ____A (Microsoft Corporation) C:\Users\Emily\Downloads\BOIE9_ENUS_BO0084_WIN764(1).EXE
2012-08-30 02:48 - 2012-08-30 02:48 - 00000000 ____D C:\Users\Emily\AppData\Local\Macromedia
2012-08-30 02:35 - 2012-08-30 02:52 - 27304108 ____A C:\Users\Emily\Downloads\Non confirmé 961100.crdownload
2012-08-30 02:33 - 2012-08-30 02:33 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-30 02:33 - 2012-08-30 02:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-08-30 02:23 - 2012-08-30 02:23 - 00002090 ____A C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2012-08-30 02:22 - 2012-08-30 02:22 - 18673240 ____A (Mozilla) C:\Users\Emily\Downloads\Thunderbird Setup 15.0.exe
2012-08-30 01:23 - 2012-08-30 02:23 - 00000000 ____D C:\Users\Emily\AppData\Local\Thunderbird
2012-08-30 01:23 - 2012-08-30 01:23 - 00000000 ____D C:\Users\Emily\AppData\Roaming\Thunderbird
2012-08-30 00:56 - 2012-08-30 00:56 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-08-30 00:52 - 2012-08-31 09:54 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-30 00:52 - 2012-08-30 01:19 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-30 00:51 - 2012-08-30 00:51 - 08769696 ____A (Adobe Systems Incorporated) C:\Users\Emily\Downloads\install_flash_player_11_active_x_64bit.exe
2012-08-30 00:42 - 2012-08-30 00:42 - 00000000 ____D C:\Users\All Users\Mozilla
2012-08-30 00:42 - 2012-08-30 00:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-08-30 00:40 - 2012-08-30 00:40 - 17953232 ____A (Mozilla) C:\Users\Emily\Downloads\Firefox Setup 15.0.exe
2012-08-30 00:35 - 2012-08-31 01:33 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-08-30 00:30 - 2012-08-30 00:30 - 00894952 ____A (Oracle Corporation) C:\Users\Emily\Downloads\chromeinstall-7u6.exe
2012-08-30 00:26 - 2012-08-30 00:26 - 03927560 ____A (Piriform Ltd) C:\Users\Emily\Downloads\ccsetup322.exe
2012-08-29 08:17 - 2012-08-29 08:17 - 00020197 ____A C:\ComboFix.txt
2012-08-29 07:44 - 2012-08-29 08:17 - 00000000 ____D C:\ComboFix
2012-08-29 07:42 - 2012-08-29 07:42 - 00000994 ____A C:\Users\Emily\Desktop\ComboFix.exe - Raccourci.lnk
2012-08-29 07:42 - 2012-08-29 07:42 - 00000656 ____A C:\Users\Emily\Desktop\SecurityCheck.exe - Raccourci.lnk
2012-08-29 07:01 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-29 07:01 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-29 07:01 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-29 07:01 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-29 07:01 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-29 07:01 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-29 07:01 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-29 07:01 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-29 06:43 - 2012-08-29 06:43 - 00020724 ____A C:\AdwCleaner[S1].txt
2012-08-29 00:35 - 2012-08-29 00:35 - 00022058 ____A C:\AdwCleaner[R1].txt
2012-08-24 09:33 - 2012-08-31 02:08 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-08-24 09:33 - 2012-08-30 03:42 - 00000000 ____D C:\Program Files\AVAST Software
2012-08-23 15:13 - 2012-08-23 16:35 - 00000000 ____D C:\1cb1653c7ed05809e09536303d
2012-08-23 13:04 - 2012-08-23 13:04 - 00285280 ____A (Acronis) C:\Windows\System32\Drivers\afcdp.sys
2012-08-23 13:03 - 2012-08-23 13:10 - 00000000 ____D C:\Program Files (x86)\Acronis
2012-08-23 13:03 - 2012-08-23 13:03 - 01263200 ____A (Acronis) C:\Windows\System32\Drivers\tdrpm273.sys
2012-08-23 13:03 - 2012-08-23 13:03 - 00970336 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
2012-08-23 13:03 - 2012-08-23 13:03 - 00277088 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
2012-08-23 13:03 - 2012-08-23 13:03 - 00001513 ____A C:\Users\Public\Desktop\Acronis Online Backup.lnk
2012-08-23 13:03 - 2012-08-23 13:03 - 00001139 ____A C:\Users\Public\Desktop\Acronis True Image Home 2011.lnk
2012-08-23 13:00 - 2012-08-23 14:15 - 00000000 ____D C:\Users\All Users\Acronis
2012-08-23 13:00 - 2012-08-23 13:27 - 00000000 ____D C:\Users\Emily\AppData\Roaming\Acronis
2012-08-23 04:47 - 2010-09-13 22:45 - 00367104 ____A (Microsoft Corporation) C:\Windows\System32\wcncsvc.dll
2012-08-23 04:47 - 2010-09-13 22:07 - 00276992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2012-08-23 03:55 - 2012-08-23 03:56 - 40622920 ____A (Microsoft Corporation) C:\Users\Emily\Downloads\BOIE9_ENUS_BO0084_WIN764.EXE
2012-08-23 03:54 - 2012-08-23 03:54 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-08-23 03:54 - 2012-08-23 03:54 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-08-23 03:54 - 2012-08-23 03:54 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 03:54 - 2012-08-23 03:54 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-23 03:54 - 2012-08-23 03:54 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-23 03:54 - 2012-08-23 03:54 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 03:54 - 2012-08-23 03:54 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-08-23 03:54 - 2012-08-23 03:54 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-08-23 03:54 - 2012-08-23 03:54 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-08-23 03:54 - 2012-08-23 03:54 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-08-23 03:54 - 2012-08-23 03:54 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-08-23 03:51 - 2012-08-30 02:33 - 00001912 ____A C:\Windows\epplauncher.mif
2012-08-23 03:47 - 2010-04-09 03:06 - 00374664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-23 03:46 - 2009-10-09 19:17 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sffp_sd.sys
2012-08-23 03:46 - 2009-10-09 18:41 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys
2012-08-23 03:45 - 2012-08-23 03:45 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2012-08-23 03:41 - 2010-03-03 20:40 - 00184832 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2012-08-23 03:41 - 2010-03-03 20:32 - 00243712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ks.sys
2012-08-23 03:40 - 2012-05-05 00:30 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-08-23 03:40 - 2012-04-07 04:18 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-08-23 03:40 - 2012-04-07 03:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-08-23 03:40 - 2012-02-10 22:36 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-08-23 03:40 - 2012-02-10 22:29 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-08-23 03:40 - 2012-02-10 22:29 - 00067584 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-08-23 03:40 - 2012-02-10 21:44 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-08-23 03:40 - 2012-01-04 01:58 - 00509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-08-23 03:40 - 2012-01-04 01:03 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-08-23 03:40 - 2012-01-02 22:24 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-08-23 03:40 - 2012-01-02 21:44 - 00478208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-08-23 03:40 - 2011-05-03 21:30 - 02326016 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2012-08-23 03:40 - 2011-05-03 21:28 - 02228224 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2012-08-23 03:40 - 2011-05-03 21:28 - 00779264 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2012-08-23 03:40 - 2011-05-03 21:28 - 00491520 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2012-08-23 03:40 - 2011-05-03 21:28 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2012-08-23 03:40 - 2011-05-03 21:28 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2012-08-23 03:40 - 2011-05-03 21:24 - 00593408 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2012-08-23 03:40 - 2011-05-03 21:24 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2012-08-23 03:40 - 2011-05-03 21:24 - 00113664 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2012-08-23 03:40 - 2011-05-03 20:53 - 01553920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2012-08-23 03:40 - 2011-05-03 20:52 - 01401856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2012-08-23 03:40 - 2011-05-03 20:52 - 00666624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2012-08-23 03:40 - 2011-05-03 20:52 - 00428032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2012-08-23 03:40 - 2011-05-03 20:52 - 00337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2012-08-23 03:40 - 2011-05-03 20:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2012-08-23 03:40 - 2011-05-03 20:52 - 00164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2012-08-23 03:40 - 2011-05-03 20:52 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2012-08-23 03:40 - 2011-05-03 20:52 - 00059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2012-08-23 03:40 - 2011-04-22 12:18 - 00027008 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2012-08-23 03:40 - 2011-03-12 04:03 - 00662528 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-08-23 03:40 - 2011-03-12 03:31 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-08-23 03:40 - 2011-02-25 22:23 - 02870272 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2012-08-23 03:40 - 2011-02-25 21:33 - 02614784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2012-08-23 03:40 - 2011-02-23 22:30 - 00476160 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-08-23 03:40 - 2011-02-23 21:32 - 00288256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-08-23 03:40 - 2011-02-18 22:37 - 01135104 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-08-23 03:40 - 2011-01-25 22:53 - 00982912 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2012-08-23 03:40 - 2011-01-25 22:53 - 00265088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2012-08-23 03:40 - 2011-01-25 22:31 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2012-08-23 03:40 - 2010-12-20 22:16 - 00442880 ____A (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2012-08-23 03:40 - 2010-12-20 22:16 - 00258048 ____A (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2012-08-23 03:40 - 2010-12-20 22:16 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\wscsvc.dll
2012-08-23 03:40 - 2010-12-20 22:16 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\wscapi.dll
2012-08-23 03:40 - 2010-12-20 22:15 - 00264192 ____A (Microsoft Corporation) C:\Windows\System32\upnp.dll
2012-08-23 03:40 - 2010-12-20 22:15 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\slwga.dll
2012-08-23 03:40 - 2010-12-20 22:10 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2012-08-23 03:40 - 2010-12-20 21:38 - 00350720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2012-08-23 03:40 - 2010-12-20 21:38 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2012-08-23 03:40 - 2010-12-20 21:38 - 00204288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\upnp.dll
2012-08-23 03:40 - 2010-12-20 21:38 - 00051200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2012-08-23 03:40 - 2010-12-20 21:38 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2012-08-23 03:40 - 2010-12-20 21:34 - 00080384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2012-08-23 03:40 - 2010-11-01 21:18 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\XpsRasterService.dll
2012-08-23 03:40 - 2010-11-01 20:41 - 00135168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsRasterService.dll
2012-08-23 03:40 - 2010-08-03 23:07 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\msdri.dll
2012-08-23 03:40 - 2010-06-25 21:31 - 01863680 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-08-23 03:40 - 2010-06-25 21:14 - 01495040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2012-08-23 03:40 - 2010-01-19 01:05 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\secproc.dll
2012-08-23 03:40 - 2010-01-19 01:05 - 00422912 ____A (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2012-08-23 03:40 - 2010-01-19 01:05 - 00121856 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
2012-08-23 03:40 - 2010-01-19 01:05 - 00121856 ____A (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
2012-08-23 03:40 - 2010-01-19 01:00 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2012-08-23 03:40 - 2010-01-19 01:00 - 00356352 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2012-08-23 03:40 - 2010-01-19 01:00 - 00306688 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
2012-08-23 03:40 - 2010-01-19 01:00 - 00305152 ____A (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
2012-08-23 03:40 - 2010-01-18 15:29 - 00369152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2012-08-23 03:40 - 2010-01-18 15:29 - 00365568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2012-08-23 03:40 - 2010-01-18 15:29 - 00085504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2012-08-23 03:40 - 2010-01-18 15:29 - 00085504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2012-08-23 03:40 - 2010-01-18 15:28 - 00324608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2012-08-23 03:40 - 2010-01-18 15:28 - 00320512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2012-08-23 03:40 - 2010-01-18 15:28 - 00280064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2012-08-23 03:40 - 2010-01-18 15:28 - 00277504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2012-08-23 03:39 - 2012-05-04 23:44 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-08-23 03:39 - 2012-05-01 21:32 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-08-23 03:39 - 2011-06-15 21:31 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2012-08-23 03:39 - 2011-06-15 20:35 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2012-08-23 03:39 - 2009-09-25 22:20 - 00223448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2012-08-23 03:31 - 2011-03-24 19:23 - 00343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2012-08-23 03:31 - 2011-03-24 19:23 - 00324608 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2012-08-23 03:31 - 2011-03-24 19:23 - 00098816 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2012-08-23 03:31 - 2011-03-24 19:22 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2012-08-23 03:31 - 2011-03-24 19:22 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2012-08-23 03:31 - 2011-03-24 19:22 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2012-08-23 03:31 - 2011-03-24 19:22 - 00007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2012-08-23 03:31 - 2011-03-10 22:23 - 01657216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-23 03:31 - 2011-03-10 22:23 - 00410496 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2012-08-23 03:31 - 2011-03-10 22:23 - 00187264 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2012-08-23 03:31 - 2011-03-10 22:23 - 00166272 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2012-08-23 03:31 - 2011-03-10 22:23 - 00148352 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2012-08-23 03:31 - 2011-03-10 22:22 - 00107904 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2012-08-23 03:31 - 2011-03-10 22:22 - 00027008 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2012-08-23 03:31 - 2011-03-10 22:18 - 02566144 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2012-08-23 03:31 - 2011-03-10 22:15 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2012-08-23 03:31 - 2011-03-10 21:39 - 01686016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2012-08-23 03:31 - 2011-03-10 21:37 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2012-08-23 03:31 - 2011-03-10 20:31 - 00091136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2012-08-23 03:30 - 2011-02-17 22:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2012-08-23 03:30 - 2011-02-17 21:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2012-08-22 14:56 - 2012-08-30 02:50 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-08-22 14:29 - 2012-08-22 14:29 - 00000000 ____D C:\Users\Emily\AppData\Local\Microsoft Help
2012-08-22 13:07 - 2012-08-22 13:19 - 357148272 ____A C:\Users\Emily\Downloads\Windows6.1-KB947821-v22-x64.msu
2012-08-22 12:52 - 2012-08-22 13:00 - 127016610 ____A C:\Users\Emily\Downloads\Windows6.1-KB947821-v22-x86.msu
2012-08-22 10:45 - 2012-08-23 02:53 - 00000000 ____D C:\d8113540223dc2c881
2012-08-21 23:02 - 2012-08-22 03:27 - 00000000 ____D C:\Users\Emily\DoctorWeb
2012-08-21 22:58 - 2012-08-21 23:01 - 92002280 ____A C:\Users\Emily\Downloads\drweb-cureit.exe
2012-08-21 11:55 - 2012-08-21 11:55 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-08-21 11:54 - 2012-08-21 11:57 - 134374104 ____A C:\Users\Emily\Downloads\setup_11.0.0.1245.x01_2012_08_21_22_53 (1).exe
2012-08-21 11:52 - 2012-08-21 11:54 - 134374104 ____A C:\Users\Emily\Downloads\setup_11.0.0.1245.x01_2012_08_21_22_53.exe
2012-08-16 18:04 - 2012-08-29 08:17 - 00000000 ____D C:\Qoobox
2012-08-16 18:04 - 2012-08-16 18:47 - 00000000 ____D C:\Windows\erdnt
2012-08-16 18:03 - 2012-08-16 18:03 - 04731953 ____R (Swearware) C:\Users\Emily\Downloads\ComboFix.exe
2012-08-16 17:56 - 2012-08-16 17:57 - 04731392 ____A (AVAST Software) C:\Users\Emily\Downloads\aswMBR.exe
2012-08-16 17:42 - 2012-08-16 17:42 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-08-16 17:35 - 2012-08-16 17:35 - 02208856 ____A (Kaspersky Lab ZAO) C:\Users\Emily\Downloads\tdsskiller.exe
2012-08-16 17:28 - 2012-08-16 17:28 - 00596992 ____A (OldTimer Tools) C:\Users\Emily\Downloads\OTL (1).exe
2012-08-16 17:27 - 2012-08-16 17:28 - 00596992 ____A (OldTimer Tools) C:\Users\Emily\Downloads\OTL.exe
2012-08-16 16:56 - 2012-08-16 16:56 - 00000000 ____D C:\Windows\pss
2012-08-16 16:36 - 2012-08-16 16:37 - 00000000 ____D C:\Users\Emily\AppData\Local\{17A7C2A4-F61A-4971-B318-165320376587}
2012-08-16 16:34 - 2012-08-16 16:36 - 00000000 ____D C:\Users\Emily\AppData\Local\{E1D255EA-B97B-44C3-917E-7A9E8158AC9B}
2012-08-16 16:10 - 2012-08-16 16:11 - 00000000 ____D C:\Users\Emily\AppData\Local\{EEACDA2A-2C7C-4A0E-9264-C12584720142}
2012-08-16 16:09 - 2012-08-16 16:10 - 00000000 ____D C:\Users\Emily\AppData\Local\{5738A2A6-F56F-4A62-8287-0916E59DDF3C}
2012-08-16 16:00 - 2012-08-16 16:00 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-16 15:18 - 2012-08-16 15:47 - 00000000 ____D C:\Windows\B3CB613C58D34692B2DA8F3EAC6288D4.TMP
2012-08-16 15:13 - 2012-08-16 15:13 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2012-08-16 15:02 - 2012-08-16 15:03 - 04261368 ____A (ParetoLogic Inc.) C:\Users\Emily\Downloads\XoftSpySE_Setup_RW.exe
2012-08-16 14:58 - 2012-08-16 15:02 - 00000000 ____D C:\Windows\7289B0CCBC414C7EA2C7DB1259E8E47A.TMP
2012-08-16 14:53 - 2012-08-16 14:54 - 00000000 ____D C:\Users\Emily\AppData\Local\{F3F2931B-20C9-4E50-ABEF-23E71F06DB12}
2012-08-16 14:51 - 2012-08-16 14:52 - 00000000 ____D C:\Users\Emily\AppData\Local\{A147D4DD-FFA2-4368-B139-3160ADCE651A}
2012-08-16 14:29 - 2012-08-16 15:47 - 00000000 ____D C:\sh4ldr
2012-08-16 14:29 - 2012-08-16 14:29 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-08-16 14:27 - 2012-08-16 14:27 - 00725952 ____A (Enigma Software Group USA, LLC.) C:\Users\Emily\Downloads\SpyHunter-Installer.exe
2012-08-16 14:14 - 2012-08-16 14:55 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-08-16 14:14 - 2012-08-16 14:14 - 00000000 ____D C:\Users\Emily\AppData\Roaming\SpeedyPC Software
2012-08-16 14:14 - 2012-08-16 14:14 - 00000000 ____D C:\Users\Emily\AppData\Roaming\DriverCure
2012-08-16 14:12 - 2012-08-16 14:13 - 04983144 ____A (SpeedyPC Software) C:\Users\Emily\Downloads\SpeedyPC Pro Installer.exe
2012-08-16 14:11 - 2012-08-16 14:11 - 00001205 ____A C:\Users\Emily\Downloads\FixNCR.reg
2012-08-16 13:34 - 2012-08-16 13:34 - 00000000 ____D C:\Users\Emily\AppData\Local\{AC35E22B-A2AD-4A3A-A856-B0DFEEDA1B5A}
2012-08-16 13:17 - 2012-08-16 13:17 - 00000000 ____D C:\Users\Emily\AppData\Local\{F5F174B3-C3ED-4C21-B28F-240B2C0CD186}
2012-08-16 11:02 - 2012-08-30 00:27 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-16 11:02 - 2012-08-30 00:27 - 00000000 ____D C:\Program Files\CCleaner
2012-08-16 10:42 - 2012-08-16 10:43 - 00000000 ____D C:\Users\Emily\AppData\Local\{3D5546A6-4137-4FBA-9320-04BAC12FD8DE}
2012-08-16 10:39 - 2012-08-16 10:43 - 00000000 ____D C:\Program Files (x86)\WinRAR
2012-08-16 10:39 - 2012-08-16 10:41 - 00000000 ____D C:\Users\Emily\AppData\Local\{0B2B3A18-D5F4-440D-81EE-BC9E23130C58}
2012-08-16 10:30 - 2012-06-08 21:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-08-16 10:30 - 2012-06-08 20:46 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-08-16 10:30 - 2012-06-05 21:50 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-08-16 10:30 - 2012-06-05 21:50 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-08-16 10:30 - 2012-06-05 21:09 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-08-16 10:30 - 2012-06-05 21:09 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-08-16 10:30 - 2012-06-01 21:38 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-08-16 10:30 - 2012-06-01 21:38 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-08-16 10:30 - 2012-06-01 21:37 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-08-16 10:30 - 2012-06-01 21:27 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-08-16 10:30 - 2012-06-01 21:27 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-08-16 10:30 - 2012-06-01 20:48 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-08-16 10:30 - 2012-06-01 20:48 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-08-16 10:30 - 2012-06-01 20:47 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-08-16 10:30 - 2012-06-01 20:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-08-16 10:29 - 2012-07-04 14:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-08-16 10:29 - 2012-07-04 14:01 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-08-16 10:29 - 2012-07-04 14:01 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-08-16 10:29 - 2012-07-04 13:26 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-08-16 10:29 - 2012-07-04 13:23 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-08-16 10:29 - 2012-04-23 21:59 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-08-16 10:29 - 2012-04-23 21:59 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-08-16 10:29 - 2012-04-23 21:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-08-16 10:29 - 2012-04-23 20:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-08-16 10:29 - 2012-04-23 20:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-08-16 10:29 - 2012-04-23 20:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-08-16 10:28 - 2012-07-18 09:31 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-16 10:28 - 2012-05-13 21:20 - 00956416 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-08-16 09:59 - 2012-08-16 09:59 - 00000000 ____D C:\Users\Emily\AppData\Local\{C8930C81-906B-4B69-AB6F-419B4EBF209D}
2012-08-16 09:15 - 2012-08-16 09:15 - 00001290 ____A C:\Users\Emily\Desktop\dfrgui.lnk
2012-08-16 09:15 - 2012-08-16 09:15 - 00001252 ____A C:\Users\Emily\Desktop\Disk Cleanup.lnk
2012-08-16 02:52 - 2012-08-16 02:52 - 00000000 ____D C:\Users\Emily\AppData\Local\{256B5543-349E-4DB5-9D8A-E3CC9DE08C8F}
2012-08-16 02:41 - 2012-08-16 02:41 - 00274744 ____A C:\Windows\Minidump\081612-24055-01.dmp
2012-08-16 01:15 - 2012-08-16 01:15 - 00000000 ____D C:\Users\Emily\AppData\Local\{38214E84-30CB-4520-A252-38BFA42C528C}

==================== 3 Months Modified Files ================================

2012-08-31 10:09 - 2010-03-19 06:08 - 00000439 ____A C:\Windows\System32\Drivers\etc\hosts.ics
2012-08-31 10:07 - 2010-05-17 07:26 - 00001062 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-31 10:04 - 2011-08-01 04:13 - 00120072 ____A C:\Windows\setupact.log
2012-08-31 10:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-31 09:59 - 2009-12-16 16:26 - 01537060 ____A C:\Windows\WindowsUpdate.log
2012-08-31 09:54 - 2012-08-30 00:52 - 00001002 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-31 09:44 - 2012-08-31 05:54 - 00007631 ____A C:\Users\Emily\AppData\Local\Resmon.ResmonCfg
2012-08-31 09:41 - 2012-08-31 09:41 - 00017858 ____A C:\Users\Emily\Desktop\tmp.txt
2012-08-31 09:21 - 2010-05-17 07:26 - 00001066 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-31 08:48 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-31 08:48 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-31 06:36 - 2012-08-31 06:36 - 00509264 ____A (Microsoft Corporation) C:\Users\Emily\Downloads\winsdk_web (1).exe
2012-08-31 06:28 - 2010-04-28 03:18 - 01653416 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-31 06:28 - 2009-11-13 15:28 - 00749810 ____A C:\Windows\System32\perfh00C.dat
2012-08-31 06:28 - 2009-11-13 15:28 - 00150136 ____A C:\Windows\System32\perfc00C.dat
2012-08-31 06:27 - 2009-07-13 21:13 - 01653416 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-31 06:14 - 2012-08-31 06:14 - 00889416 ____A (Microsoft Corporation) C:\Users\Emily\Downloads\dotNetFx40_Full_setup.exe
2012-08-31 06:11 - 2012-08-31 06:10 - 00509264 ____A (Microsoft Corporation) C:\Users\Emily\Downloads\winsdk_web.exe
2012-08-31 02:08 - 2011-09-27 07:13 - 00043272 ____A C:\Windows\PFRO.log
2012-08-31 01:33 - 2012-08-31 01:34 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-08-31 01:33 - 2012-08-31 01:33 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-08-31 01:33 - 2012-08-31 01:33 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-08-31 01:33 - 2012-08-31 01:33 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-08-31 01:33 - 2012-08-30 00:35 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-08-31 01:33 - 2010-05-17 07:25 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-08-30 10:38 - 2012-08-30 10:37 - 00693235 ____A (Farbar) C:\Users\Emily\Downloads\FSS.exe
2012-08-30 10:18 - 2009-07-13 21:08 - 00032496 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-30 10:14 - 2012-08-30 10:14 - 00040538 ____A C:\Users\Emily\Downloads\Svchost Viewer Ver 0.5.0.1 (2).zip
2012-08-30 10:08 - 2012-08-30 10:08 - 00040538 ____A C:\Users\Emily\Downloads\Svchost Viewer Ver 0.5.0.1.zip
2012-08-30 10:08 - 2012-08-30 10:08 - 00040538 ____A C:\Users\Emily\Downloads\Svchost Viewer Ver 0.5.0.1 (1).zip
2012-08-30 08:27 - 2012-08-30 08:27 - 01479536 ____A (Sysinternals - www.sysinternals.com) C:\Users\Emily\Desktop\procexp64.exe
2012-08-30 08:12 - 2012-08-30 08:12 - 01144963 ____A C:\Users\Emily\Downloads\ProcessExplorer.zip
2012-08-30 03:43 - 2010-03-03 09:01 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-08-30 03:33 - 2012-08-30 03:10 - 93654616 ____A C:\Users\Emily\Downloads\avast_free_antivirus_setup.exe
2012-08-30 02:52 - 2012-08-30 02:35 - 27304108 ____A C:\Users\Emily\Downloads\Non confirmé 961100.crdownload
2012-08-30 02:51 - 2011-09-26 07:46 - 00030541 ____A C:\Windows\IE9_main.log
2012-08-30 02:49 - 2012-08-30 02:49 - 40622920 ____A (Microsoft Corporation) C:\Users\Emily\Downloads\BOIE9_ENUS_BO0084_WIN764(1).EXE
2012-08-30 02:33 - 2012-08-23 03:51 - 00001912 ____A C:\Windows\epplauncher.mif
2012-08-30 02:23 - 2012-08-30 02:23 - 00002090 ____A C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2012-08-30 02:22 - 2012-08-30 02:22 - 18673240 ____A (Mozilla) C:\Users\Emily\Downloads\Thunderbird Setup 15.0.exe
2012-08-30 01:19 - 2012-08-30 00:52 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-30 01:19 - 2012-01-16 08:07 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-30 00:56 - 2012-08-30 00:56 - 00002019 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-08-30 00:51 - 2012-08-30 00:51 - 08769696 ____A (Adobe Systems Incorporated) C:\Users\Emily\Downloads\install_flash_player_11_active_x_64bit.exe
2012-08-30 00:42 - 2010-06-01 07:53 - 00001134 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-08-30 00:40 - 2012-08-30 00:40 - 17953232 ____A (Mozilla) C:\Users\Emily\Downloads\Firefox Setup 15.0.exe
2012-08-30 00:30 - 2012-08-30 00:30 - 00894952 ____A (Oracle Corporation) C:\Users\Emily\Downloads\chromeinstall-7u6.exe
2012-08-30 00:27 - 2012-08-16 11:02 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-30 00:26 - 2012-08-30 00:26 - 03927560 ____A (Piriform Ltd) C:\Users\Emily\Downloads\ccsetup322.exe
2012-08-29 08:17 - 2012-08-29 08:17 - 00020197 ____A C:\ComboFix.txt
2012-08-29 08:01 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-08-29 07:42 - 2012-08-29 07:42 - 00000994 ____A C:\Users\Emily\Desktop\ComboFix.exe - Raccourci.lnk
2012-08-29 07:42 - 2012-08-29 07:42 - 00000656 ____A C:\Users\Emily\Desktop\SecurityCheck.exe - Raccourci.lnk
2012-08-29 06:43 - 2012-08-29 06:43 - 00020724 ____A C:\AdwCleaner[S1].txt
2012-08-29 00:35 - 2012-08-29 00:35 - 00022058 ____A C:\AdwCleaner[R1].txt
2012-08-23 13:04 - 2012-08-23 13:04 - 00285280 ____A (Acronis) C:\Windows\System32\Drivers\afcdp.sys
2012-08-23 13:03 - 2012-08-23 13:03 - 01263200 ____A (Acronis) C:\Windows\System32\Drivers\tdrpm273.sys
2012-08-23 13:03 - 2012-08-23 13:03 - 00970336 ____A (Acronis) C:\Windows\System32\Drivers\timntr.sys
2012-08-23 13:03 - 2012-08-23 13:03 - 00277088 ____A (Acronis) C:\Windows\System32\Drivers\snapman.sys
2012-08-23 13:03 - 2012-08-23 13:03 - 00001513 ____A C:\Users\Public\Desktop\Acronis Online Backup.lnk
2012-08-23 13:03 - 2012-08-23 13:03 - 00001139 ____A C:\Users\Public\Desktop\Acronis True Image Home 2011.lnk
2012-08-23 04:14 - 2009-07-13 20:45 - 00430544 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-23 03:56 - 2012-08-23 03:55 - 40622920 ____A (Microsoft Corporation) C:\Users\Emily\Downloads\BOIE9_ENUS_BO0084_WIN764.EXE
2012-08-23 03:54 - 2012-08-23 03:54 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-08-23 03:54 - 2012-08-23 03:54 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-08-23 03:54 - 2012-08-23 03:54 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 03:54 - 2012-08-23 03:54 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-23 03:54 - 2012-08-23 03:54 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-23 03:54 - 2012-08-23 03:54 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 03:54 - 2012-08-23 03:54 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-08-23 03:54 - 2012-08-23 03:54 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-08-23 03:54 - 2012-08-23 03:54 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-08-23 03:54 - 2012-08-23 03:54 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-08-23 03:54 - 2012-08-23 03:54 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-08-23 03:54 - 2012-08-23 03:54 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-08-23 03:54 - 2012-08-23 03:54 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-08-23 03:45 - 2012-08-23 03:45 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2012-08-22 13:19 - 2012-08-22 13:07 - 357148272 ____A C:\Users\Emily\Downloads\Windows6.1-KB947821-v22-x64.msu
2012-08-22 13:00 - 2012-08-22 12:52 - 127016610 ____A C:\Users\Emily\Downloads\Windows6.1-KB947821-v22-x86.msu
2012-08-21 23:01 - 2012-08-21 22:58 - 92002280 ____A C:\Users\Emily\Downloads\drweb-cureit.exe
2012-08-21 15:23 - 2012-01-03 08:24 - 00002344 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-08-21 11:57 - 2012-08-21 11:54 - 134374104 ____A C:\Users\Emily\Downloads\setup_11.0.0.1245.x01_2012_08_21_22_53 (1).exe
2012-08-21 11:54 - 2012-08-21 11:52 - 134374104 ____A C:\Users\Emily\Downloads\setup_11.0.0.1245.x01_2012_08_21_22_53.exe
2012-08-21 01:12 - 2011-01-13 07:46 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-16 18:03 - 2012-08-16 18:03 - 04731953 ____R (Swearware) C:\Users\Emily\Downloads\ComboFix.exe
2012-08-16 17:57 - 2012-08-16 17:56 - 04731392 ____A (AVAST Software) C:\Users\Emily\Downloads\aswMBR.exe
2012-08-16 17:38 - 2009-07-13 18:34 - 00000636 ____A C:\Windows\win.ini
2012-08-16 17:35 - 2012-08-16 17:35 - 02208856 ____A (Kaspersky Lab ZAO) C:\Users\Emily\Downloads\tdsskiller.exe
2012-08-16 17:28 - 2012-08-16 17:28 - 00596992 ____A (OldTimer Tools) C:\Users\Emily\Downloads\OTL (1).exe
2012-08-16 17:28 - 2012-08-16 17:27 - 00596992 ____A (OldTimer Tools) C:\Users\Emily\Downloads\OTL.exe
2012-08-16 16:00 - 2012-08-16 16:00 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-16 15:03 - 2012-08-16 15:02 - 04261368 ____A (ParetoLogic Inc.) C:\Users\Emily\Downloads\XoftSpySE_Setup_RW.exe
2012-08-16 14:27 - 2012-08-16 14:27 - 00725952 ____A (Enigma Software Group USA, LLC.) C:\Users\Emily\Downloads\SpyHunter-Installer.exe
2012-08-16 14:13 - 2012-08-16 14:12 - 04983144 ____A (SpeedyPC Software) C:\Users\Emily\Downloads\SpeedyPC Pro Installer.exe
2012-08-16 14:11 - 2012-08-16 14:11 - 00001205 ____A C:\Users\Emily\Downloads\FixNCR.reg
2012-08-16 09:15 - 2012-08-16 09:15 - 00001290 ____A C:\Users\Emily\Desktop\dfrgui.lnk
2012-08-16 09:15 - 2012-08-16 09:15 - 00001252 ____A C:\Users\Emily\Desktop\Disk Cleanup.lnk
2012-08-16 02:41 - 2012-08-16 02:41 - 00274744 ____A C:\Windows\Minidump\081612-24055-01.dmp
2012-08-16 02:41 - 2011-10-08 01:00 - 340318069 ____A C:\Windows\MEMORY.DMP
2012-08-02 18:27 - 2010-03-22 04:57 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-18 09:31 - 2012-08-16 10:28 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 07:38 - 2012-08-30 08:14 - 02691192 ____A (Sysinternals - www.sysinternals.com) C:\Users\Emily\Desktop\procexp.exe
2012-07-04 14:04 - 2012-08-16 10:29 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-07-04 14:01 - 2012-08-16 10:29 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-07-04 14:01 - 2012-08-16 10:29 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-07-04 13:26 - 2012-08-16 10:29 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-07-04 13:23 - 2012-08-16 10:29 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-07-03 03:46 - 2010-05-31 03:34 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-27 00:38 - 2010-05-16 10:23 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-06-27 00:37 - 2012-01-10 07:49 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-06-25 08:56 - 2012-06-25 08:56 - 00274744 ____A C:\Windows\Minidump\062512-25334-01.dmp
2012-06-22 06:57 - 2012-06-22 06:57 - 08973861 ____A C:\Users\Emily\Downloads\10 Telling the World.m4a
2012-06-22 06:57 - 2012-06-22 06:57 - 07830816 ____A C:\Users\Emily\Downloads\1-18 Troublemaker.m4a
2012-06-22 06:57 - 2012-06-22 06:57 - 05616407 ____A C:\Users\Emily\Downloads\05 Addicted to You.m4a
2012-06-22 06:57 - 2012-06-22 06:56 - 08530313 ____A C:\Users\Emily\Downloads\02 Where Have You Been.m4a
2012-06-22 06:55 - 2012-06-22 06:55 - 08200216 ____A C:\Users\Emily\Downloads\01 Rayos de Sol -Original Mix-.m4a
2012-06-22 06:55 - 2012-06-22 06:54 - 08365379 ____A C:\Users\Emily\Downloads\01 Dance Again -feat. Pitbull-.m4a
2012-06-22 06:54 - 2012-06-22 06:54 - 08419780 ____A C:\Users\Emily\Downloads\01 We Run the Night -feat. Pitbull-.m4a
2012-06-22 06:54 - 2012-06-22 06:53 - 08529223 ____A C:\Users\Emily\Downloads\01 Live My Life -feat. Justin Bieber.m4a
2012-06-20 05:25 - 2012-06-20 05:24 - 00274744 ____A C:\Windows\Minidump\062012-24819-01.dmp
2012-06-19 23:42 - 2012-06-19 23:42 - 03678720 ____A (Qualcomm Atheros Communications, Inc.) C:\Windows\System32\Drivers\athrx.sys
2012-06-19 02:05 - 2012-06-19 02:05 - 00147076 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-06-19 02:02 - 2012-06-19 02:02 - 00001145 ____A C:\Users\Emily\Desktop\Free Video Converter.lnk
2012-06-19 01:54 - 2012-06-19 01:54 - 00001153 ____A C:\Users\Emily\Desktop\Continue Video Converter Installation.lnk
2012-06-18 09:04 - 2012-06-18 09:04 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-18 08:56 - 2012-06-18 08:56 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-18 08:54 - 2011-03-15 09:09 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-06-08 21:30 - 2012-08-16 10:30 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-08-16 10:30 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 21:33 - 2010-03-24 08:52 - 00011264 ____A C:\Users\Emily\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-06 10:59 - 2012-06-06 10:59 - 01070152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-06-05 21:50 - 2012-08-16 10:30 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-08-16 10:30 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-08-16 10:30 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-08-16 10:30 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-30 07:43:06
Restore point made on: 2012-08-30 08:31:21
Restore point made on: 2012-08-31 01:29:35
Restore point made on: 2012-08-31 02:06:33

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 4092.2 MB
Available physical RAM: 3343 MB
Total Pagefile: 4090.35 MB
Available Pagefile: 3349.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:284.09 GB) (Free:214.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.71 GB) (Free:2.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (PKBACK# 001) (Removable) (Total:14.92 GB) (Free:14.92 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 284 GB 200 MB
Partition 3 Primary 13 GB 284 GB
Partition 4 Primary 103 MB 297 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 284 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 13 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 20 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H PKBACK# 001 FAT32 Removable 14 GB Healthy

==================================================================================

Last Boot: 2012-08-23 11:44

==================== End Of Log =============================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users