Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nasty Redirect and More


  • This topic is locked This topic is locked
23 replies to this topic

#1 union410

union410

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 31 August 2012 - 05:08 PM

Hello,
I ran SuperAntiSpyware and immedietely after I started receiving google redirects and popups for a couple days. Then today I turned my PC on and everything was gone. The only thing on my desktop was Firefox. I booted in safe mode and tried Firefox and it told me that it was already running, it was not. Luckily I was able to system restore to 8/29, but this is after I ran the superspyware program and I am already having redirects so I'm afraid that the same thing will happen. Please help. Now I cannot run Firefox cause it tells me that it's already running.

When I run HiJack this it gives me this popup

For some reason your system denied write access to Hosts file.

Here is the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:07:24 PM, on 8/31/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12223 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 31 August 2012 - 11:49 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

The next thing I would like you to do is run this for me - http://download.bleepingcomputer.com/grinler/unhide.exe after it is complete restart the computer and continue with these steps

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.




Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in

    %TEMP%\smtmp\*.* /s

  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.


information and logs:

  • In your next post I need the following

  • .logs from OTL
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 union410

union410
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 01 September 2012 - 02:02 AM

Thank you!

Results of screen317's Security Check version 0.99.49
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.3.300.271 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

OTL logfile created on: 8/31/2012 11:57:43 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Tarpleys\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.87 Gb Total Physical Memory | 4.24 Gb Available Physical Memory | 72.29% Memory free
11.73 Gb Paging File | 9.46 Gb Available in Paging File | 80.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.23 Gb Total Space | 322.39 Gb Free Space | 55.09% Space Free | Partition Type: NTFS
Drive D: | 10.85 Gb Total Space | 1.58 Gb Free Space | 14.59% Space Free | Partition Type: NTFS

Computer Name: TARPLEYS-PC | User Name: Tarpleys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tarpleys\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\e2073751227120ce228e00e26dfe5fca\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - \\?\globalroot\systemroot\syswow64\mswsock.DLL ()
MOD - \\.\globalroot\systemroot\syswow64\mswsock.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (HPBtnSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3C227BD9-D940-47B9-81C6-652B3BA4188D}
IE:64bit: - HKLM\..\SearchScopes\{3C227BD9-D940-47B9-81C6-652B3BA4188D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{C6AA74E8-60BF-4F5B-A5F5-DE73CFCE09CD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {3C227BD9-D940-47B9-81C6-652B3BA4188D}
IE - HKLM\..\SearchScopes\{3C227BD9-D940-47B9-81C6-652B3BA4188D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{C6AA74E8-60BF-4F5B-A5F5-DE73CFCE09CD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1553932959-182929459-1838539615-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1553932959-182929459-1838539615-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1553932959-182929459-1838539615-1000\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKU\S-1-5-21-1553932959-182929459-1838539615-1000\..\SearchScopes\{3C227BD9-D940-47B9-81C6-652B3BA4188D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1553932959-182929459-1838539615-1000\..\SearchScopes\{C6AA74E8-60BF-4F5B-A5F5-DE73CFCE09CD}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-1553932959-182929459-1838539615-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://findgala.com/?&uid=8028&q={searchTerms}
IE - HKU\S-1-5-21-1553932959-182929459-1838539615-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1553932959-182929459-1838539615-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tarpleys\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Tarpleys\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/06 18:19:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files (x86)\fbphotozoom\fbphotozoom13.xpi [2012/03/12 20:23:55 | 000,102,233 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/10 07:22:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/16 11:08:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/06 18:19:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{606A3126-7C49-11E1-826D-B8AC6F996F26}: C:\Users\Tarpleys\AppData\Local\{606A3126-7C49-11E1-826D-B8AC6F996F26}\ [2012/08/31 14:55:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/10 07:22:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/16 11:08:41 | 000,000,000 | ---D | M]

[2012/07/15 12:47:55 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Tarpleys\AppData\Roaming\Mozilla\Extensions
[2012/07/16 17:22:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Tarpleys\AppData\Roaming\Mozilla\Firefox\Profiles\tahqdovs.default\extensions
[2012/07/15 12:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/10 07:22:53 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 15:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 15:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/10 23:15:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1553932959-182929459-1838539615-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1553932959-182929459-1838539615-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1553932959-182929459-1838539615-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1553932959-182929459-1838539615-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - %SystemRoot%\System32\winrnr.dll File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.35.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0656B49B-F5C9-4BB4-B477-8F1481F35845}: DhcpNameServer = 172.27.35.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/31 23:56:01 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Tarpleys\Desktop\OTL.exe
[2012/08/31 21:21:13 | 000,000,000 | ---D | C] -- C:\Users\Tarpleys\AppData\Roaming\HPAppData
[2012/08/31 07:32:28 | 000,354,304 | ---- | C] (IOI) -- C:\ProgramData\JmPLtYueNQUfDI.exe
[2012/08/29 18:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/29 18:09:23 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2012/08/27 19:24:26 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/08/27 19:13:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/08/27 19:13:37 | 000,000,000 | ---D | C] -- C:\Users\Tarpleys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/08/27 19:04:27 | 000,000,000 | -H-D | C] -- C:\Users\Tarpleys\AppData\Local\Macromedia
[2012/08/27 18:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/27 18:29:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/27 18:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/27 18:08:33 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/18 22:25:36 | 000,000,000 | -H-D | C] -- C:\Users\Tarpleys\Desktop\New folder (2)
[2012/08/15 21:48:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 21:48:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/15 21:48:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 21:48:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 21:48:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 21:48:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 21:48:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 21:48:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 21:47:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 21:47:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 21:47:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 21:47:59 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 21:47:59 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/15 21:19:31 | 000,000,000 | -H-D | C] -- C:\Users\Tarpleys\AppData\Roaming\Unity
[2012/08/15 21:18:24 | 000,000,000 | ---D | C] -- C:\Users\Tarpleys\AppData\Local\Unity
[2012/08/15 17:14:05 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/15 17:14:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/15 17:14:03 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/15 17:14:03 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/15 17:14:02 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/15 17:14:02 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/15 17:14:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/15 17:14:01 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/06 17:40:12 | 000,000,000 | -H-D | C] -- C:\Users\Tarpleys\Desktop\Shoes
[2012/07/11 07:13:21 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Tarpleys\gotomypc_626.exe
[1 C:\Users\Tarpleys\Desktop\*.tmp files -> C:\Users\Tarpleys\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/31 23:56:01 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Tarpleys\Desktop\OTL.exe
[2012/08/31 23:54:41 | 000,854,124 | ---- | M] () -- C:\Users\Tarpleys\Desktop\SecurityCheck.exe
[2012/08/31 23:53:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/31 21:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/31 18:00:23 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/31 18:00:23 | 000,015,984 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/31 17:57:20 | 000,726,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/31 17:57:20 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/31 17:57:20 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/31 17:53:01 | 429,191,167 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/31 07:30:13 | 000,354,304 | ---- | M] (IOI) -- C:\ProgramData\JmPLtYueNQUfDI.exe
[2012/08/27 19:20:53 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTarpleys.job
[2012/08/27 19:13:37 | 000,002,991 | ---- | M] () -- C:\Users\Tarpleys\Desktop\HiJackThis.lnk
[2012/08/27 19:12:43 | 000,000,512 | -H-- | M] () -- C:\Users\Tarpleys\Desktop\MBR.dat
[2012/08/27 18:37:06 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/27 18:37:06 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/27 18:29:32 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/16 17:22:00 | 000,436,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/07 08:02:15 | 000,223,937 | -H-- | M] () -- C:\Users\Tarpleys\Desktop\Crockpot Mac & Cheese.pdf
[1 C:\Users\Tarpleys\Desktop\*.tmp files -> C:\Users\Tarpleys\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/31 23:54:41 | 000,854,124 | ---- | C] () -- C:\Users\Tarpleys\Desktop\SecurityCheck.exe
[2012/08/27 19:13:37 | 000,002,991 | ---- | C] () -- C:\Users\Tarpleys\Desktop\HiJackThis.lnk
[2012/08/27 18:29:32 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/27 18:08:34 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/07 08:02:10 | 000,223,937 | -H-- | C] () -- C:\Users\Tarpleys\Desktop\Crockpot Mac & Cheese.pdf
[2012/07/01 17:22:57 | 000,000,000 | -H-- | C] () -- C:\Users\Tarpleys\defogger_reenable
[2011/12/24 09:35:47 | 000,000,112 | ---- | C] () -- C:\ProgramData\w5808F.dat
[2011/12/23 19:36:37 | 000,010,306 | -HS- | C] () -- C:\Users\Tarpleys\AppData\Local\s50kf7lf6a1e
[2011/12/23 19:36:37 | 000,010,306 | -HS- | C] () -- C:\ProgramData\s50kf7lf6a1e
[2011/12/14 23:41:11 | 000,010,418 | -HS- | C] () -- C:\Users\Tarpleys\AppData\Local\k1ou52a3nn3nse
[2011/12/14 23:41:11 | 000,010,418 | -HS- | C] () -- C:\ProgramData\k1ou52a3nn3nse
[2011/06/30 18:42:15 | 000,000,000 | -H-- | C] () -- C:\Users\Tarpleys\AppData\Local\{C576DB58-9C73-42C1-800A-BEDD0B5472C0}
[2011/04/01 20:49:30 | 000,000,017 | -H-- | C] () -- C:\Users\Tarpleys\AppData\Local\resmon.resmoncfg
[2011/03/24 21:56:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/24 21:56:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/24 21:56:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/24 21:56:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/24 21:56:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/09/06 18:17:04 | 000,208,125 | ---- | C] () -- C:\Windows\hpoins40.dat
[2010/09/06 18:17:04 | 000,000,918 | ---- | C] () -- C:\Windows\hpomdl40.dat
[2010/07/09 11:31:43 | 000,577,948 | -H-- | C] () -- C:\Users\Tarpleys\AppData\Local\tmpDSC06258.JPG
[2010/07/09 10:58:37 | 000,000,116 | -H-- | C] () -- C:\Users\Tarpleys\AppData\Roaming\wklnhst.dat

========== Custom Scans ==========

< %TEMP%\smtmp\*.* /s >
[2010/06/24 18:46:02 | 000,000,183 | ---- | M] () -- C:\Users\Tarpleys\AppData\Local\Temp\smtmp\1\Programs\Pandora Internet Radio.url

< End of report >

#4 union410

union410
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 01 September 2012 - 02:03 AM

I had no problems with any of the logs.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 01 September 2012 - 02:20 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 union410

union410
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 01 September 2012 - 02:52 AM

I ran the combofix and the computer restarted and wouldn't let me open anything. It gave me the "Illegal operation attempted on a registery key that has been marked for deletion" error. I still cannot open Firefox. Now when I use IE, everytime I go to a page it gives me a security alert "You are about to view pages over a secure connection." Other than those two issues everything seems to be running fine, although I've only been online for 3 minutes.

ComboFix 12-08-31.08 - Tarpleys 09/01/2012 0:23.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6007.4447 [GMT -7:00]
Running from: c:\users\Tarpleys\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\$recycle.bin\S-1-5-18\$bacb6e52ede1d0a028a2348746d80ee2\@
c:\$recycle.bin\S-1-5-18\$bacb6e52ede1d0a028a2348746d80ee2\L\00000004.@
c:\$recycle.bin\S-1-5-18\$bacb6e52ede1d0a028a2348746d80ee2\L\201d3dde
c:\$recycle.bin\S-1-5-18\$bacb6e52ede1d0a028a2348746d80ee2\n
c:\$recycle.bin\S-1-5-18\$bacb6e52ede1d0a028a2348746d80ee2\U\00000004.@
c:\$recycle.bin\S-1-5-18\$bacb6e52ede1d0a028a2348746d80ee2\U\00000008.@
c:\$recycle.bin\S-1-5-18\$bacb6e52ede1d0a028a2348746d80ee2\U\000000cb.@
c:\$recycle.bin\S-1-5-18\$bacb6e52ede1d0a028a2348746d80ee2\U\80000000.@
c:\$recycle.bin\S-1-5-18\$bacb6e52ede1d0a028a2348746d80ee2\U\80000032.@
c:\$recycle.bin\S-1-5-18\$bacb6e52ede1d0a028a2348746d80ee2\U\80000064.@
c:\$recycle.bin\S-1-5-21-1553932959-182929459-1838539615-1000\$bacb6e52ede1d0a028a2348746d80ee2\@
c:\$recycle.bin\S-1-5-21-1553932959-182929459-1838539615-1000\$bacb6e52ede1d0a028a2348746d80ee2\n
c:\programdata\JmPLtYueNQUfDI.exe
c:\users\Tarpleys\gotomypc_626.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
.
.
2012-09-01 07:27 . 2012-09-01 07:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-09-01 07:27 . 2012-09-01 07:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-01 07:27 . 2012-09-01 07:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-01 04:21 . 2012-09-01 04:21 -------- d-----w- c:\users\Tarpleys\AppData\Roaming\HPAppData
2012-08-30 01:12 . 2012-08-30 01:12 -------- d-----w- c:\program files (x86)\ESET
2012-08-28 02:13 . 2012-08-28 02:13 388096 ----a-r- c:\users\Tarpleys\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-28 02:13 . 2012-08-28 02:13 -------- d-----w- c:\program files (x86)\Trend Micro
2012-08-28 02:04 . 2012-08-28 02:04 -------- d--h--w- c:\users\Tarpleys\AppData\Local\Macromedia
2012-08-28 01:29 . 2012-08-28 01:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-28 01:29 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 01:08 . 2012-08-28 01:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-24 13:58 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0FC9113-8BD6-4A88-B142-9F88D31D681B}\mpengine.dll
2012-08-16 04:47 . 2012-06-29 03:56 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-16 04:19 . 2012-08-16 04:19 -------- d--h--w- c:\users\Tarpleys\AppData\Roaming\Unity
2012-08-16 04:18 . 2012-08-31 21:55 -------- d-----w- c:\users\Tarpleys\AppData\Local\Unity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 01:37 . 2011-08-23 20:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 04:45 . 2012-07-02 06:03 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-02 06:02 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-07-02 06:02 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-06-09 05:43 . 2012-07-11 15:30 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 15:49 . 2012-06-06 15:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 15:30 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 15:30 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 15:30 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 15:30 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 15:30 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 15:30 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-07-11_06.15.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-01-31 12:13 . 2011-11-17 05:28 96768 c:\windows\SysWOW64\sspicli.dll
+ 2012-07-11 15:30 . 2012-06-02 04:34 96768 c:\windows\SysWOW64\sspicli.dll
+ 2012-08-16 00:14 . 2012-05-05 07:46 43008 c:\windows\SysWOW64\srclient.dll
- 2009-07-13 23:23 . 2009-07-14 01:16 43008 c:\windows\SysWOW64\srclient.dll
- 2012-01-31 12:13 . 2011-11-17 05:34 22016 c:\windows\SysWOW64\secur32.dll
+ 2012-07-11 15:30 . 2012-06-02 04:40 22016 c:\windows\SysWOW64\secur32.dll
+ 2012-08-16 00:14 . 2012-07-04 21:16 57344 c:\windows\SysWOW64\netapi32.dll
- 2012-06-14 10:00 . 2012-05-17 22:25 73216 c:\windows\SysWOW64\mshtmled.dll
+ 2012-08-16 04:48 . 2012-06-29 00:01 73216 c:\windows\SysWOW64\mshtmled.dll
- 2012-06-14 10:00 . 2012-05-17 22:31 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-08-16 04:47 . 2012-06-29 00:06 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-08-16 04:47 . 2012-06-29 00:06 65024 c:\windows\SysWOW64\jsproxy.dll
- 2012-06-14 10:00 . 2012-05-17 22:31 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2011-12-15 06:52 . 2012-08-28 01:03 49120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2011-12-15 06:53 . 2012-09-01 07:12 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-08-16 00:14 . 2012-07-04 21:14 41984 c:\windows\SysWOW64\browcli.dll
- 2012-04-14 14:15 . 2010-11-20 12:18 41984 c:\windows\SysWOW64\browcli.dll
+ 2010-06-25 01:27 . 2012-09-01 00:54 57750 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-01 00:54 29878 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-25 02:45 . 2012-09-01 00:54 14644 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1553932959-182929459-1838539615-1000_UserData.bin
+ 2012-08-16 00:14 . 2012-07-04 22:16 73216 c:\windows\system32\netapi32.dll
- 2012-06-14 10:00 . 2012-05-18 01:51 96768 c:\windows\system32\mshtmled.dll
+ 2012-08-16 04:48 . 2012-06-29 03:40 96768 c:\windows\system32\mshtmled.dll
- 2012-06-14 10:00 . 2012-05-18 01:56 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-08-16 04:47 . 2012-06-29 03:46 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2012-06-14 10:00 . 2012-05-18 01:56 85504 c:\windows\system32\jsproxy.dll
+ 2012-08-16 04:47 . 2012-06-29 03:45 85504 c:\windows\system32\jsproxy.dll
+ 2009-07-14 05:30 . 2012-08-17 00:20 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-07-02 06:20 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-07-13 02:35 . 2011-04-28 03:54 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthenum.sys
- 2012-01-31 12:13 . 2011-11-17 06:49 95600 c:\windows\system32\drivers\ksecdd.sys
+ 2012-07-11 15:30 . 2012-06-02 05:48 95600 c:\windows\system32\drivers\ksecdd.sys
+ 2012-08-16 00:14 . 2012-07-04 22:13 59392 c:\windows\system32\browcli.dll
- 2012-04-14 14:16 . 2010-11-20 13:25 67072 c:\windows\splwow64.exe
+ 2012-08-16 00:14 . 2012-02-11 06:36 67072 c:\windows\splwow64.exe
- 2009-07-14 04:46 . 2012-07-05 14:55 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-08-19 22:02 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-06-25 02:40 . 2012-08-12 17:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-25 02:40 . 2012-03-29 10:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-16 04:49 . 2012-08-16 04:49 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2012-05-14 14:47 . 2012-05-14 14:47 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2010-07-23 04:10 . 2012-06-14 10:07 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-07-23 04:10 . 2012-08-16 04:48 34144 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-07-23 04:10 . 2012-08-16 04:48 43608 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\msouc.exe
+ 2010-07-23 04:10 . 2012-08-16 04:48 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-07-23 04:10 . 2012-06-14 10:07 19296 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2012-05-14 14:52 . 2012-05-14 14:52 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-08-16 04:49 . 2012-08-16 04:49 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2011-02-04 21:40 . 2011-02-04 21:40 49488 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\VBAJET32.DLL
+ 2010-12-21 08:48 . 2010-12-21 08:48 44992 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\ACERCLR.DLL
- 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\SysWOW64\msxml3r.dll
+ 2012-07-11 15:30 . 2010-06-26 03:24 2048 c:\windows\SysWOW64\msxml3r.dll
+ 2010-07-16 10:15 . 2012-08-31 15:54 3386 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2009-07-14 00:41 . 2009-07-14 01:30 2048 c:\windows\system32\msxml3r.dll
+ 2012-07-11 15:30 . 2010-06-26 03:55 2048 c:\windows\system32\msxml3r.dll
+ 2012-09-01 07:28 . 2012-09-01 07:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-11 06:05 . 2012-07-11 06:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-11 06:05 . 2012-07-11 06:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-01 07:28 . 2012-09-01 07:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-16 00:14 . 2012-02-11 05:43 492032 c:\windows\SysWOW64\win32spl.dll
- 2012-04-14 14:16 . 2010-11-20 12:21 492032 c:\windows\SysWOW64\win32spl.dll
- 2012-06-14 10:00 . 2012-05-17 22:33 231936 c:\windows\SysWOW64\url.dll
+ 2012-08-16 04:48 . 2012-06-29 00:07 231936 c:\windows\SysWOW64\url.dll
+ 2012-07-11 15:30 . 2012-06-02 04:40 225280 c:\windows\SysWOW64\schannel.dll
+ 2012-07-11 15:30 . 2012-06-02 04:39 219136 c:\windows\SysWOW64\ncrypt.dll
- 2009-07-13 23:33 . 2009-07-14 01:16 219136 c:\windows\SysWOW64\ncrypt.dll
+ 2012-08-28 01:08 . 2012-08-28 01:08 690888 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
+ 2012-08-28 01:08 . 2012-08-28 01:08 474824 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.dll
+ 2012-08-28 01:37 . 2012-08-28 01:37 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe
+ 2012-08-28 01:08 . 2012-08-28 01:37 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-08-16 04:47 . 2012-06-29 00:04 717824 c:\windows\SysWOW64\jscript.dll
- 2012-06-14 10:00 . 2012-05-17 22:29 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-08-16 04:48 . 2012-06-29 00:04 142848 c:\windows\SysWOW64\ieUnatt.exe
- 2012-06-14 10:00 . 2012-05-17 22:20 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-08-16 04:48 . 2012-06-28 23:57 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-04-17 10:01 . 2012-09-01 07:12 262144 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2011-04-17 10:01 . 2011-12-29 01:17 262144 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2012-04-14 14:16 . 2010-11-20 13:27 751104 c:\windows\system32\win32spl.dll
+ 2012-08-16 00:14 . 2012-02-11 06:43 751104 c:\windows\system32\win32spl.dll
+ 2010-06-25 08:04 . 2012-09-01 06:53 362238 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2012-08-16 04:48 . 2012-06-29 03:47 237056 c:\windows\system32\url.dll
- 2012-06-14 10:00 . 2012-05-18 01:58 237056 c:\windows\system32\url.dll
+ 2012-08-16 00:14 . 2012-05-05 08:36 503808 c:\windows\system32\srcore.dll
- 2012-04-14 14:16 . 2010-11-20 13:25 559104 c:\windows\system32\spoolsv.exe
+ 2012-08-16 00:14 . 2012-02-11 06:36 559104 c:\windows\system32\spoolsv.exe
+ 2012-07-11 15:30 . 2012-06-02 05:45 340992 c:\windows\system32\schannel.dll
- 2012-01-31 12:13 . 2011-11-17 06:35 340992 c:\windows\system32\schannel.dll
- 2009-07-14 02:36 . 2012-07-11 06:11 624162 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-01 00:57 624162 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-01 00:57 106538 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-11 06:11 106538 c:\windows\system32\perfc009.dat
- 2009-07-13 23:49 . 2009-07-14 01:41 307200 c:\windows\system32\ncrypt.dll
+ 2012-07-11 15:30 . 2012-06-02 05:44 307200 c:\windows\system32\ncrypt.dll
- 2010-06-25 03:02 . 2012-02-23 17:18 279656 c:\windows\system32\MpSigStub.exe
+ 2010-06-25 03:02 . 2012-05-31 19:25 279656 c:\windows\system32\MpSigStub.exe
+ 2012-08-28 01:08 . 2012-08-28 01:08 420552 c:\windows\system32\Macromed\Flash\FlashUtil64_11_4_402_265_ActiveX.exe
+ 2012-08-28 01:08 . 2012-08-28 01:08 522952 c:\windows\system32\Macromed\Flash\FlashUtil64_11_4_402_265_ActiveX.dll
+ 2012-08-28 01:37 . 2012-08-28 01:37 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_Plugin.exe
+ 2012-08-16 00:14 . 2012-05-14 05:26 956928 c:\windows\system32\localspl.dll
+ 2012-08-16 04:47 . 2012-06-29 03:44 816640 c:\windows\system32\jscript.dll
+ 2012-08-16 04:48 . 2012-06-29 03:43 173056 c:\windows\system32\ieUnatt.exe
- 2012-06-14 10:00 . 2012-05-18 01:55 173056 c:\windows\system32\ieUnatt.exe
+ 2012-08-16 04:48 . 2012-06-29 03:35 248320 c:\windows\system32\ieui.dll
- 2012-06-14 10:00 . 2012-05-18 01:47 248320 c:\windows\system32\ieui.dll
- 2009-07-14 04:45 . 2012-07-02 14:30 436624 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-08-17 00:22 436624 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:30 . 2012-08-17 00:20 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-07-02 06:20 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-08-17 00:20 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-07-02 06:20 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-04-14 14:14 . 2010-11-20 13:24 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\fsquirt.exe
+ 2012-08-16 04:48 . 2012-07-06 20:07 552960 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bthport.sys
+ 2009-07-14 05:31 . 2012-08-17 00:20 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:31 . 2012-07-02 06:16 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2012-07-11 15:30 . 2012-06-02 05:48 151920 c:\windows\system32\drivers\ksecpkg.sys
+ 2012-07-11 15:30 . 2012-06-02 05:50 458704 c:\windows\system32\drivers\cng.sys
+ 2012-08-16 00:14 . 2012-07-04 22:13 136704 c:\windows\system32\browser.dll
+ 2009-07-14 05:01 . 2012-09-01 07:27 400784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-04 14:59 . 2012-07-04 14:59 261120 c:\windows\Installer\102439f.msp
+ 2010-07-23 04:10 . 2012-08-16 04:48 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2010-07-23 04:10 . 2012-06-14 10:07 415584 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-07-23 04:10 . 2012-08-16 04:48 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2010-07-23 04:10 . 2012-06-14 10:07 303456 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-07-23 04:10 . 2012-08-16 04:48 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2010-07-23 04:10 . 2012-06-14 10:07 571232 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2010-07-23 04:10 . 2012-06-14 10:07 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-07-23 04:10 . 2012-08-16 04:48 326496 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-07-23 04:10 . 2012-08-16 04:48 470616 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2010-07-23 04:10 . 2012-06-14 10:07 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2010-07-23 04:10 . 2012-08-16 04:48 178528 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2011-02-05 07:52 . 2011-02-05 07:52 403320 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\OFFXML.DLL
+ 2011-01-07 18:38 . 2011-01-07 18:38 121208 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\MSCONV97.DLL
+ 2010-10-21 00:06 . 2010-10-21 00:06 169352 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\IPOLK.DLL
+ 2011-02-04 21:40 . 2011-02-04 21:40 452936 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\EXPSRV.DLL
+ 2010-12-28 08:49 . 2010-12-28 08:49 362904 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\ACEXBE.DLL
+ 2010-12-28 08:49 . 2010-12-28 08:49 220560 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\ACETXT.DLL
+ 2010-12-28 08:49 . 2010-12-28 08:49 527776 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\ACEREP.DLL
+ 2010-12-21 08:48 . 2010-12-21 08:48 329624 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\ACER3X.DLL
+ 2010-12-28 08:49 . 2010-12-28 08:49 383904 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\ACEOLEDB.DLL
+ 2010-12-21 08:48 . 2010-12-21 08:48 278448 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\ACEODBC.DLL
+ 2010-12-28 08:49 . 2010-12-28 08:49 644504 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\ACEEXCL.DLL
+ 2010-12-28 08:49 . 2010-12-28 08:49 334752 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\ACEEXCH.DLL
+ 2010-12-28 08:49 . 2010-12-28 08:49 686504 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\ACEES.DLL
+ 2010-12-28 08:49 . 2010-12-28 08:49 548792 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\ACEDAO.DLL
+ 2010-12-28 08:49 . 2010-12-28 08:49 548792 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\ACACEDAO.DLL
+ 2012-08-16 04:47 . 2012-06-29 00:09 1129472 c:\windows\SysWOW64\wininet.dll
- 2012-06-14 10:00 . 2012-05-17 22:35 1129472 c:\windows\SysWOW64\wininet.dll
- 2012-06-14 10:00 . 2012-05-17 22:36 1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-08-16 04:48 . 2012-06-29 00:09 1103872 c:\windows\SysWOW64\urlmon.dll
+ 2012-08-28 01:37 . 2012-08-28 01:37 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
+ 2012-08-28 01:37 . 2012-08-28 01:37 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
+ 2012-08-16 04:47 . 2012-06-29 00:16 1800704 c:\windows\SysWOW64\jscript9.dll
- 2012-06-14 10:00 . 2012-05-17 22:27 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-08-16 04:48 . 2012-06-29 00:01 1793024 c:\windows\SysWOW64\iertutil.dll
+ 2012-08-16 04:47 . 2012-06-29 00:27 9737728 c:\windows\SysWOW64\ieframe.dll
- 2012-06-14 10:00 . 2012-05-17 22:48 9737728 c:\windows\SysWOW64\ieframe.dll
+ 2012-08-16 04:47 . 2012-06-29 03:49 1392128 c:\windows\system32\wininet.dll
- 2012-06-14 10:00 . 2012-05-18 01:59 1392128 c:\windows\system32\wininet.dll
+ 2012-08-16 00:14 . 2012-07-18 18:15 3148800 c:\windows\system32\win32k.sys
- 2012-06-14 10:00 . 2012-05-18 01:59 1346048 c:\windows\system32\urlmon.dll
+ 2012-08-16 04:48 . 2012-06-29 03:49 1346048 c:\windows\system32\urlmon.dll
- 2012-06-14 10:00 . 2012-05-18 01:54 2144768 c:\windows\system32\iertutil.dll
+ 2012-08-16 04:48 . 2012-06-29 03:42 2144768 c:\windows\system32\iertutil.dll
+ 2009-07-14 04:45 . 2012-08-17 00:24 7114356 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-07-03 03:13 7114356 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-06-25 02:42 . 2012-09-01 07:27 1312992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-08-23 20:54 . 2012-08-28 02:20 1201544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1553932959-182929459-1838539615-1000-12288.dat
+ 2012-08-28 02:20 . 2012-09-01 07:27 7658948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-06-20 08:29 . 2012-06-20 08:29 5262848 c:\windows\Installer\466dc1b.msp
+ 2012-06-20 09:00 . 2012-06-20 09:00 3461120 c:\windows\Installer\466dc01.msp
+ 2012-04-05 08:56 . 2012-04-05 08:56 2820096 c:\windows\Installer\466dbea.msp
+ 2012-04-05 08:54 . 2012-04-05 08:54 8301056 c:\windows\Installer\466dbd3.msp
+ 2012-06-20 09:06 . 2012-06-20 09:06 1839104 c:\windows\Installer\466dbba.msp
+ 2011-12-25 08:01 . 2011-12-25 08:01 1402880 c:\windows\Installer\1192f584.msi
+ 2012-06-27 01:03 . 2012-06-27 01:03 3875840 c:\windows\Installer\102443f.msp
+ 2012-07-19 09:45 . 2012-07-19 09:45 3464704 c:\windows\Installer\1024436.msp
+ 2012-07-04 15:04 . 2012-07-04 15:04 1292288 c:\windows\Installer\102441f.msp
+ 2012-07-04 15:12 . 2012-07-04 15:12 4772352 c:\windows\Installer\1024415.msp
+ 2012-07-04 15:09 . 2012-07-04 15:09 1284096 c:\windows\Installer\10243fd.msp
+ 2012-07-04 15:01 . 2012-07-04 15:01 9082368 c:\windows\Installer\10243e6.msp
+ 2012-07-04 14:58 . 2012-07-04 14:58 6163456 c:\windows\Installer\10243c7.msp
+ 2010-07-23 04:10 . 2012-08-16 04:48 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-07-23 04:10 . 2012-06-14 10:07 1479520 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-07-23 04:10 . 2012-08-16 04:48 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-07-23 04:10 . 2012-06-14 10:07 1858400 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-07-23 04:10 . 2012-06-14 10:07 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-07-23 04:10 . 2012-08-16 04:48 3792736 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2010-07-23 04:10 . 2012-06-14 10:07 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-07-23 04:10 . 2012-08-16 04:48 1449312 c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-10-23 01:12 . 2010-10-23 01:12 5496688 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\IPEDITOR.DLL
+ 2011-01-13 04:33 . 2011-01-13 04:33 5867896 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\IPDESIGN.DLL
+ 2010-10-23 01:12 . 2010-10-23 01:12 1734000 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\INFOPATH.EXE
+ 2010-10-23 02:55 . 2010-10-23 02:55 3049376 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\ACEWDAT.DLL
+ 2011-03-12 01:46 . 2011-03-12 01:46 2194312 c:\windows\Installer\$PatchCache$\Managed\00004119110000000000000000F01FEC\14.0.6029\ACECORE.DLL
+ 2012-07-11 15:30 . 2012-06-09 04:41 12873728 c:\windows\SysWOW64\shell32.dll
+ 2012-08-16 04:47 . 2012-06-29 00:52 12317184 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2012-08-17 00:20 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-07-02 06:18 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-08-16 04:47 . 2012-06-29 04:55 17809920 c:\windows\system32\mshtml.dll
+ 2012-08-28 01:37 . 2012-08-28 01:37 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll
+ 2012-08-16 04:47 . 2012-06-29 04:09 10925568 c:\windows\system32\ieframe.dll
+ 2010-06-25 02:42 . 2012-09-01 07:27 17368268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1553932959-182929459-1838539615-1000-8192.dat
+ 2012-07-18 22:53 . 2012-07-18 22:53 10937344 c:\windows\Installer\10243a8.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 250056]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-10 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1255736]
S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 01:37]
.
2012-08-28 c:\windows\Tasks\HPCeeScheduleForTarpleys.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-07-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-08 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-08 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-08 408600]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 172.27.35.1
FF - ProfilePath - c:\users\Tarpleys\AppData\Roaming\Mozilla\Firefox\Profiles\tahqdovs.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-09-01 00:32:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-01 07:32
ComboFix2.txt 2012-07-11 06:16
ComboFix3.txt 2012-07-02 05:32
ComboFix4.txt 2011-12-29 01:53
ComboFix5.txt 2012-09-01 07:22
.
Pre-Run: 346,162,716,672 bytes free
Post-Run: 347,118,723,072 bytes free
.
- - End Of File - - F764F2D78844BDB7D0E109D4F9BD976A

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 01 September 2012 - 03:00 AM

Greetings

restart the computer and put a checkmark in don't show me this again

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 union410

union410
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 01 September 2012 - 03:04 AM

01:03:11.0198 2896 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
01:03:11.0572 2896 ============================================================
01:03:11.0572 2896 Current date / time: 2012/09/01 01:03:11.0572
01:03:11.0572 2896 SystemInfo:
01:03:11.0572 2896
01:03:11.0572 2896 OS Version: 6.1.7601 ServicePack: 1.0
01:03:11.0572 2896 Product type: Workstation
01:03:11.0572 2896 ComputerName: TARPLEYS-PC
01:03:11.0572 2896 UserName: Tarpleys
01:03:11.0572 2896 Windows directory: C:\Windows
01:03:11.0572 2896 System windows directory: C:\Windows
01:03:11.0572 2896 Running under WOW64
01:03:11.0572 2896 Processor architecture: Intel x64
01:03:11.0572 2896 Number of processors: 4
01:03:11.0572 2896 Page size: 0x1000
01:03:11.0572 2896 Boot type: Normal boot
01:03:11.0572 2896 ============================================================
01:03:11.0853 2896 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:03:11.0853 2896 ============================================================
01:03:11.0853 2896 \Device\Harddisk0\DR0:
01:03:11.0853 2896 MBR partitions:
01:03:11.0853 2896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:03:11.0853 2896 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3283F, BlocksNum 0x492737C1
01:03:11.0853 2896 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x492A6000, BlocksNum 0x15B1800
01:03:11.0853 2896 ============================================================
01:03:11.0884 2896 C: <-> \Device\Harddisk0\DR0\Partition2
01:03:11.0931 2896 D: <-> \Device\Harddisk0\DR0\Partition3
01:03:11.0931 2896 ============================================================
01:03:11.0931 2896 Initialize success
01:03:11.0931 2896 ============================================================
01:03:29.0075 3156 ============================================================
01:03:29.0075 3156 Scan started
01:03:29.0075 3156 Mode: Manual;
01:03:29.0075 3156 ============================================================
01:03:29.0325 3156 ================ Scan system memory ========================
01:03:29.0325 3156 System memory - ok
01:03:29.0325 3156 ================ Scan services =============================
01:03:29.0465 3156 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
01:03:29.0481 3156 1394ohci - ok
01:03:29.0512 3156 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:03:29.0512 3156 ACPI - ok
01:03:29.0559 3156 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
01:03:29.0559 3156 AcpiPmi - ok
01:03:29.0653 3156 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:03:29.0653 3156 AdobeFlashPlayerUpdateSvc - ok
01:03:29.0699 3156 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
01:03:29.0715 3156 adp94xx - ok
01:03:29.0746 3156 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
01:03:29.0746 3156 adpahci - ok
01:03:29.0762 3156 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
01:03:29.0762 3156 adpu320 - ok
01:03:29.0793 3156 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:03:29.0793 3156 AeLookupSvc - ok
01:03:29.0840 3156 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
01:03:29.0855 3156 AFD - ok
01:03:29.0902 3156 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:03:29.0902 3156 agp440 - ok
01:03:29.0918 3156 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
01:03:29.0918 3156 ALG - ok
01:03:29.0933 3156 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
01:03:29.0933 3156 aliide - ok
01:03:29.0949 3156 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
01:03:29.0949 3156 amdide - ok
01:03:29.0949 3156 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
01:03:29.0965 3156 AmdK8 - ok
01:03:29.0965 3156 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
01:03:29.0965 3156 AmdPPM - ok
01:03:30.0011 3156 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:03:30.0011 3156 amdsata - ok
01:03:30.0027 3156 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
01:03:30.0027 3156 amdsbs - ok
01:03:30.0043 3156 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:03:30.0043 3156 amdxata - ok
01:03:30.0089 3156 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
01:03:30.0089 3156 AppID - ok
01:03:30.0105 3156 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:03:30.0105 3156 AppIDSvc - ok
01:03:30.0152 3156 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
01:03:30.0152 3156 Appinfo - ok
01:03:30.0245 3156 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:03:30.0245 3156 Apple Mobile Device - ok
01:03:30.0277 3156 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
01:03:30.0277 3156 arc - ok
01:03:30.0292 3156 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
01:03:30.0292 3156 arcsas - ok
01:03:30.0308 3156 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:03:30.0308 3156 AsyncMac - ok
01:03:30.0370 3156 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
01:03:30.0370 3156 atapi - ok
01:03:30.0417 3156 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:03:30.0433 3156 AudioEndpointBuilder - ok
01:03:30.0448 3156 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:03:30.0448 3156 AudioSrv - ok
01:03:30.0495 3156 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:03:30.0495 3156 AxInstSV - ok
01:03:30.0526 3156 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
01:03:30.0542 3156 b06bdrv - ok
01:03:30.0557 3156 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
01:03:30.0557 3156 b57nd60a - ok
01:03:30.0589 3156 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
01:03:30.0589 3156 BDESVC - ok
01:03:30.0589 3156 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
01:03:30.0604 3156 Beep - ok
01:03:30.0651 3156 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
01:03:30.0667 3156 BFE - ok
01:03:30.0713 3156 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:03:30.0713 3156 blbdrive - ok
01:03:30.0776 3156 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:03:30.0791 3156 Bonjour Service - ok
01:03:30.0838 3156 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:03:30.0838 3156 bowser - ok
01:03:30.0869 3156 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:03:30.0869 3156 BrFiltLo - ok
01:03:30.0885 3156 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:03:30.0885 3156 BrFiltUp - ok
01:03:30.0901 3156 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
01:03:30.0901 3156 BridgeMP - ok
01:03:30.0947 3156 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
01:03:30.0947 3156 Browser - ok
01:03:30.0947 3156 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:03:30.0963 3156 Brserid - ok
01:03:30.0979 3156 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:03:30.0979 3156 BrSerWdm - ok
01:03:30.0994 3156 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:03:30.0994 3156 BrUsbMdm - ok
01:03:31.0010 3156 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:03:31.0010 3156 BrUsbSer - ok
01:03:31.0025 3156 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
01:03:31.0025 3156 BTHMODEM - ok
01:03:31.0057 3156 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
01:03:31.0057 3156 bthserv - ok
01:03:31.0072 3156 catchme - ok
01:03:31.0103 3156 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:03:31.0103 3156 cdfs - ok
01:03:31.0135 3156 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
01:03:31.0150 3156 cdrom - ok
01:03:31.0181 3156 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
01:03:31.0181 3156 CertPropSvc - ok
01:03:31.0197 3156 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
01:03:31.0197 3156 circlass - ok
01:03:31.0213 3156 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
01:03:31.0213 3156 CLFS - ok
01:03:31.0275 3156 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:03:31.0291 3156 clr_optimization_v2.0.50727_32 - ok
01:03:31.0322 3156 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:03:31.0322 3156 clr_optimization_v2.0.50727_64 - ok
01:03:31.0369 3156 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:03:31.0369 3156 clr_optimization_v4.0.30319_32 - ok
01:03:31.0400 3156 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:03:31.0400 3156 clr_optimization_v4.0.30319_64 - ok
01:03:31.0431 3156 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:03:31.0431 3156 CmBatt - ok
01:03:31.0431 3156 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:03:31.0431 3156 cmdide - ok
01:03:31.0478 3156 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
01:03:31.0478 3156 CNG - ok
01:03:31.0493 3156 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:03:31.0493 3156 Compbatt - ok
01:03:31.0525 3156 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
01:03:31.0525 3156 CompositeBus - ok
01:03:31.0540 3156 COMSysApp - ok
01:03:31.0556 3156 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
01:03:31.0556 3156 crcdisk - ok
01:03:31.0587 3156 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:03:31.0587 3156 CryptSvc - ok
01:03:31.0634 3156 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
01:03:31.0649 3156 DcomLaunch - ok
01:03:31.0681 3156 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
01:03:31.0696 3156 defragsvc - ok
01:03:31.0727 3156 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:03:31.0727 3156 DfsC - ok
01:03:31.0774 3156 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
01:03:31.0774 3156 Dhcp - ok
01:03:31.0805 3156 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
01:03:31.0805 3156 discache - ok
01:03:31.0805 3156 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
01:03:31.0821 3156 Disk - ok
01:03:31.0852 3156 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:03:31.0852 3156 Dnscache - ok
01:03:31.0899 3156 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
01:03:31.0915 3156 dot3svc - ok
01:03:31.0946 3156 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
01:03:31.0946 3156 Dot4 - ok
01:03:31.0993 3156 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
01:03:31.0993 3156 Dot4Print - ok
01:03:32.0039 3156 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
01:03:32.0039 3156 dot4usb - ok
01:03:32.0071 3156 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
01:03:32.0071 3156 DPS - ok
01:03:32.0102 3156 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:03:32.0102 3156 drmkaud - ok
01:03:32.0149 3156 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:03:32.0164 3156 DXGKrnl - ok
01:03:32.0180 3156 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
01:03:32.0180 3156 EapHost - ok
01:03:32.0258 3156 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
01:03:32.0351 3156 ebdrv - ok
01:03:32.0398 3156 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
01:03:32.0398 3156 EFS - ok
01:03:32.0429 3156 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:03:32.0445 3156 ehRecvr - ok
01:03:32.0507 3156 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
01:03:32.0507 3156 ehSched - ok
01:03:32.0523 3156 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
01:03:32.0539 3156 elxstor - ok
01:03:32.0585 3156 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
01:03:32.0585 3156 ErrDev - ok
01:03:32.0648 3156 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
01:03:32.0663 3156 EventSystem - ok
01:03:32.0726 3156 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
01:03:32.0726 3156 exfat - ok
01:03:32.0741 3156 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:03:32.0741 3156 fastfat - ok
01:03:32.0788 3156 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
01:03:32.0804 3156 Fax - ok
01:03:32.0866 3156 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:03:32.0866 3156 fdc - ok
01:03:32.0897 3156 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
01:03:32.0897 3156 fdPHost - ok
01:03:32.0913 3156 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
01:03:32.0913 3156 FDResPub - ok
01:03:32.0913 3156 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:03:32.0929 3156 FileInfo - ok
01:03:32.0929 3156 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:03:32.0929 3156 Filetrace - ok
01:03:32.0960 3156 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:03:32.0960 3156 flpydisk - ok
01:03:32.0991 3156 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:03:32.0991 3156 FltMgr - ok
01:03:33.0053 3156 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
01:03:33.0069 3156 FontCache - ok
01:03:33.0116 3156 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:03:33.0116 3156 FontCache3.0.0.0 - ok
01:03:33.0131 3156 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:03:33.0131 3156 FsDepends - ok
01:03:33.0163 3156 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:03:33.0163 3156 Fs_Rec - ok
01:03:33.0209 3156 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:03:33.0209 3156 fvevol - ok
01:03:33.0225 3156 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
01:03:33.0225 3156 gagp30kx - ok
01:03:33.0272 3156 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
01:03:33.0272 3156 GameConsoleService - ok
01:03:33.0319 3156 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:03:33.0319 3156 GEARAspiWDM - ok
01:03:33.0365 3156 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
01:03:33.0381 3156 gpsvc - ok
01:03:33.0397 3156 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:03:33.0397 3156 hcw85cir - ok
01:03:33.0412 3156 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
01:03:33.0412 3156 HDAudBus - ok
01:03:33.0443 3156 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
01:03:33.0443 3156 HECIx64 - ok
01:03:33.0459 3156 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
01:03:33.0459 3156 HidBatt - ok
01:03:33.0475 3156 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
01:03:33.0475 3156 HidBth - ok
01:03:33.0475 3156 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
01:03:33.0475 3156 HidIr - ok
01:03:33.0506 3156 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
01:03:33.0506 3156 hidserv - ok
01:03:33.0553 3156 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
01:03:33.0568 3156 HidUsb - ok
01:03:33.0599 3156 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:03:33.0599 3156 hkmsvc - ok
01:03:33.0631 3156 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:03:33.0646 3156 HomeGroupListener - ok
01:03:33.0677 3156 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:03:33.0677 3156 HomeGroupProvider - ok
01:03:33.0771 3156 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
01:03:33.0771 3156 HP Support Assistant Service - ok
01:03:33.0802 3156 [ DEAB3BF5AEFBDC3F9AC0E020926EC81D ] HPBtnSrv C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
01:03:33.0818 3156 HPBtnSrv - ok
01:03:33.0865 3156 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
01:03:33.0865 3156 HPDrvMntSvc.exe - ok
01:03:34.0005 3156 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
01:03:34.0005 3156 hpqcxs08 - ok
01:03:34.0021 3156 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
01:03:34.0021 3156 hpqddsvc - ok
01:03:34.0067 3156 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
01:03:34.0083 3156 hpqwmiex - ok
01:03:34.0114 3156 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:03:34.0114 3156 HpSAMD - ok
01:03:34.0177 3156 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
01:03:34.0208 3156 HPSLPSVC - ok
01:03:34.0255 3156 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:03:34.0270 3156 HTTP - ok
01:03:34.0317 3156 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:03:34.0317 3156 hwpolicy - ok
01:03:34.0364 3156 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
01:03:34.0364 3156 i8042prt - ok
01:03:34.0395 3156 [ 631FA8935163B01FC0C02966CB3ADB92 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
01:03:34.0411 3156 iaStor - ok
01:03:34.0442 3156 [ 7493EA4DE41348F7D3EDBF9DB298F56A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
01:03:34.0442 3156 IAStorDataMgrSvc - ok
01:03:34.0473 3156 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:03:34.0473 3156 iaStorV - ok
01:03:34.0535 3156 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:03:34.0535 3156 idsvc - ok
01:03:34.0676 3156 [ 404548917ACAAA314165C2882B045C94 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
01:03:34.0801 3156 igfx - ok
01:03:34.0832 3156 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
01:03:34.0832 3156 iirsp - ok
01:03:34.0879 3156 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
01:03:34.0910 3156 IKEEXT - ok
01:03:34.0925 3156 [ 4FF8A2082D78255D2EB169F986BCC981 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
01:03:34.0941 3156 Impcd - ok
01:03:34.0988 3156 [ EF75C94792187A143871FBB87611B0B7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:03:35.0003 3156 IntcAzAudAddService - ok
01:03:35.0050 3156 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
01:03:35.0050 3156 intelide - ok
01:03:35.0066 3156 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:03:35.0081 3156 intelppm - ok
01:03:35.0097 3156 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:03:35.0097 3156 IPBusEnum - ok
01:03:35.0128 3156 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:03:35.0144 3156 IpFilterDriver - ok
01:03:35.0191 3156 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:03:35.0206 3156 iphlpsvc - ok
01:03:35.0237 3156 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
01:03:35.0237 3156 IPMIDRV - ok
01:03:35.0253 3156 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:03:35.0253 3156 IPNAT - ok
01:03:35.0315 3156 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:03:35.0315 3156 iPod Service - ok
01:03:35.0347 3156 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:03:35.0347 3156 IRENUM - ok
01:03:35.0378 3156 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:03:35.0378 3156 isapnp - ok
01:03:35.0409 3156 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
01:03:35.0425 3156 iScsiPrt - ok
01:03:35.0440 3156 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
01:03:35.0440 3156 kbdclass - ok
01:03:35.0487 3156 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
01:03:35.0487 3156 kbdhid - ok
01:03:35.0518 3156 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
01:03:35.0518 3156 KeyIso - ok
01:03:35.0549 3156 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:03:35.0549 3156 KSecDD - ok
01:03:35.0596 3156 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:03:35.0596 3156 KSecPkg - ok
01:03:35.0612 3156 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:03:35.0612 3156 ksthunk - ok
01:03:35.0643 3156 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
01:03:35.0659 3156 KtmRm - ok
01:03:35.0705 3156 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
01:03:35.0705 3156 LanmanServer - ok
01:03:35.0737 3156 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:03:35.0752 3156 LanmanWorkstation - ok
01:03:35.0768 3156 [ 0EE66BDF485C6828AA65C0EF5D591133 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
01:03:35.0768 3156 LightScribeService - ok
01:03:35.0799 3156 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:03:35.0799 3156 lltdio - ok
01:03:35.0830 3156 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:03:35.0846 3156 lltdsvc - ok
01:03:35.0861 3156 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:03:35.0861 3156 lmhosts - ok
01:03:35.0877 3156 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
01:03:35.0877 3156 LSI_FC - ok
01:03:35.0893 3156 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
01:03:35.0908 3156 LSI_SAS - ok
01:03:35.0908 3156 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:03:35.0924 3156 LSI_SAS2 - ok
01:03:35.0924 3156 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:03:35.0924 3156 LSI_SCSI - ok
01:03:35.0939 3156 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
01:03:35.0939 3156 luafv - ok
01:03:35.0986 3156 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
01:03:35.0986 3156 MBAMProtector - ok
01:03:36.0033 3156 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:03:36.0049 3156 MBAMService - ok
01:03:36.0095 3156 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:03:36.0095 3156 Mcx2Svc - ok
01:03:36.0111 3156 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
01:03:36.0111 3156 megasas - ok
01:03:36.0127 3156 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
01:03:36.0127 3156 MegaSR - ok
01:03:36.0205 3156 Microsoft SharePoint Workspace Audit Service - ok
01:03:36.0236 3156 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
01:03:36.0236 3156 MMCSS - ok
01:03:36.0251 3156 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
01:03:36.0251 3156 Modem - ok
01:03:36.0283 3156 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:03:36.0283 3156 monitor - ok
01:03:36.0329 3156 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
01:03:36.0329 3156 mouclass - ok
01:03:36.0345 3156 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:03:36.0345 3156 mouhid - ok
01:03:36.0392 3156 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:03:36.0392 3156 mountmgr - ok
01:03:36.0439 3156 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:03:36.0439 3156 MozillaMaintenance - ok
01:03:36.0454 3156 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
01:03:36.0454 3156 mpio - ok
01:03:36.0470 3156 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:03:36.0470 3156 mpsdrv - ok
01:03:36.0548 3156 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:03:36.0563 3156 MpsSvc - ok
01:03:36.0595 3156 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:03:36.0610 3156 MRxDAV - ok
01:03:36.0641 3156 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:03:36.0641 3156 mrxsmb - ok
01:03:36.0688 3156 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:03:36.0688 3156 mrxsmb10 - ok
01:03:36.0704 3156 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:03:36.0704 3156 mrxsmb20 - ok
01:03:36.0719 3156 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
01:03:36.0719 3156 msahci - ok
01:03:36.0751 3156 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:03:36.0751 3156 msdsm - ok
01:03:36.0766 3156 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
01:03:36.0782 3156 MSDTC - ok
01:03:36.0797 3156 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:03:36.0797 3156 Msfs - ok
01:03:36.0829 3156 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:03:36.0829 3156 mshidkmdf - ok
01:03:36.0860 3156 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:03:36.0860 3156 msisadrv - ok
01:03:36.0875 3156 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:03:36.0875 3156 MSiSCSI - ok
01:03:36.0891 3156 msiserver - ok
01:03:36.0907 3156 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:03:36.0907 3156 MSKSSRV - ok
01:03:36.0922 3156 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:03:36.0922 3156 MSPCLOCK - ok
01:03:36.0938 3156 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:03:36.0938 3156 MSPQM - ok
01:03:36.0969 3156 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:03:36.0969 3156 MsRPC - ok
01:03:36.0985 3156 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
01:03:36.0985 3156 mssmbios - ok
01:03:36.0985 3156 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:03:36.0985 3156 MSTEE - ok
01:03:37.0000 3156 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
01:03:37.0000 3156 MTConfig - ok
01:03:37.0016 3156 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
01:03:37.0016 3156 Mup - ok
01:03:37.0047 3156 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
01:03:37.0063 3156 napagent - ok
01:03:37.0094 3156 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:03:37.0094 3156 NativeWifiP - ok
01:03:37.0125 3156 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
01:03:37.0141 3156 NDIS - ok
01:03:37.0156 3156 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:03:37.0156 3156 NdisCap - ok
01:03:37.0172 3156 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:03:37.0172 3156 NdisTapi - ok
01:03:37.0203 3156 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:03:37.0203 3156 Ndisuio - ok
01:03:37.0250 3156 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:03:37.0250 3156 NdisWan - ok
01:03:37.0297 3156 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:03:37.0297 3156 NDProxy - ok
01:03:37.0328 3156 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
01:03:37.0328 3156 Net Driver HPZ12 - ok
01:03:37.0343 3156 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:03:37.0343 3156 NetBIOS - ok
01:03:37.0375 3156 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:03:37.0375 3156 NetBT - ok
01:03:37.0390 3156 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
01:03:37.0390 3156 Netlogon - ok
01:03:37.0421 3156 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
01:03:37.0437 3156 Netman - ok
01:03:37.0468 3156 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
01:03:37.0468 3156 netprofm - ok
01:03:37.0499 3156 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:03:37.0499 3156 NetTcpPortSharing - ok
01:03:37.0515 3156 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
01:03:37.0515 3156 nfrd960 - ok
01:03:37.0577 3156 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:03:37.0577 3156 NlaSvc - ok
01:03:37.0609 3156 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:03:37.0609 3156 Npfs - ok
01:03:37.0624 3156 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
01:03:37.0624 3156 nsi - ok
01:03:37.0640 3156 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:03:37.0640 3156 nsiproxy - ok
01:03:37.0702 3156 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:03:37.0733 3156 Ntfs - ok
01:03:37.0749 3156 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
01:03:37.0749 3156 Null - ok
01:03:37.0796 3156 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:03:37.0796 3156 nvraid - ok
01:03:37.0811 3156 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:03:37.0811 3156 nvstor - ok
01:03:37.0843 3156 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:03:37.0858 3156 nv_agp - ok
01:03:37.0889 3156 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
01:03:37.0889 3156 ohci1394 - ok
01:03:37.0936 3156 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:03:37.0936 3156 ose - ok
01:03:38.0077 3156 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:03:38.0092 3156 osppsvc - ok
01:03:38.0123 3156 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:03:38.0123 3156 p2pimsvc - ok
01:03:38.0139 3156 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
01:03:38.0155 3156 p2psvc - ok
01:03:38.0155 3156 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
01:03:38.0155 3156 Parport - ok
01:03:38.0186 3156 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:03:38.0186 3156 partmgr - ok
01:03:38.0201 3156 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:03:38.0201 3156 PcaSvc - ok
01:03:38.0248 3156 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
01:03:38.0248 3156 pci - ok
01:03:38.0248 3156 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
01:03:38.0248 3156 pciide - ok
01:03:38.0279 3156 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
01:03:38.0279 3156 pcmcia - ok
01:03:38.0295 3156 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
01:03:38.0295 3156 pcw - ok
01:03:38.0311 3156 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:03:38.0326 3156 PEAUTH - ok
01:03:38.0404 3156 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:03:38.0404 3156 PerfHost - ok
01:03:38.0467 3156 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
01:03:38.0498 3156 pla - ok
01:03:38.0560 3156 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:03:38.0576 3156 PlugPlay - ok
01:03:38.0607 3156 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
01:03:38.0623 3156 Pml Driver HPZ12 - ok
01:03:38.0638 3156 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:03:38.0638 3156 PNRPAutoReg - ok
01:03:38.0654 3156 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:03:38.0654 3156 PNRPsvc - ok
01:03:38.0669 3156 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:03:38.0685 3156 PolicyAgent - ok
01:03:38.0701 3156 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
01:03:38.0716 3156 Power - ok
01:03:38.0747 3156 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:03:38.0747 3156 PptpMiniport - ok
01:03:38.0763 3156 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
01:03:38.0763 3156 Processor - ok
01:03:38.0794 3156 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
01:03:38.0810 3156 ProfSvc - ok
01:03:38.0810 3156 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
01:03:38.0825 3156 ProtectedStorage - ok
01:03:38.0857 3156 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:03:38.0857 3156 Psched - ok
01:03:38.0903 3156 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
01:03:38.0935 3156 ql2300 - ok
01:03:38.0950 3156 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
01:03:38.0950 3156 ql40xx - ok
01:03:38.0966 3156 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
01:03:38.0981 3156 QWAVE - ok
01:03:38.0981 3156 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:03:38.0981 3156 QWAVEdrv - ok
01:03:38.0997 3156 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:03:38.0997 3156 RasAcd - ok
01:03:39.0028 3156 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:03:39.0028 3156 RasAgileVpn - ok
01:03:39.0044 3156 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
01:03:39.0044 3156 RasAuto - ok
01:03:39.0075 3156 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:03:39.0091 3156 Rasl2tp - ok
01:03:39.0106 3156 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
01:03:39.0122 3156 RasMan - ok
01:03:39.0137 3156 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:03:39.0137 3156 RasPppoe - ok
01:03:39.0153 3156 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:03:39.0153 3156 RasSstp - ok
01:03:39.0200 3156 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:03:39.0200 3156 rdbss - ok
01:03:39.0215 3156 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
01:03:39.0215 3156 rdpbus - ok
01:03:39.0231 3156 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:03:39.0231 3156 RDPCDD - ok
01:03:39.0247 3156 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:03:39.0262 3156 RDPENCDD - ok
01:03:39.0262 3156 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
01:03:39.0278 3156 RDPREFMP - ok
01:03:39.0309 3156 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:03:39.0309 3156 RDPWD - ok
01:03:39.0340 3156 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:03:39.0340 3156 rdyboost - ok
01:03:39.0371 3156 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:03:39.0371 3156 RemoteAccess - ok
01:03:39.0371 3156 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:03:39.0387 3156 RemoteRegistry - ok
01:03:39.0387 3156 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:03:39.0403 3156 RpcEptMapper - ok
01:03:39.0418 3156 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
01:03:39.0434 3156 RpcLocator - ok
01:03:39.0465 3156 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
01:03:39.0481 3156 RpcSs - ok
01:03:39.0496 3156 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:03:39.0496 3156 rspndr - ok
01:03:39.0527 3156 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
01:03:39.0527 3156 RTL8167 - ok
01:03:39.0543 3156 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
01:03:39.0543 3156 SamSs - ok
01:03:39.0574 3156 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:03:39.0574 3156 sbp2port - ok
01:03:39.0590 3156 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:03:39.0590 3156 SCardSvr - ok
01:03:39.0637 3156 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:03:39.0637 3156 scfilter - ok
01:03:39.0699 3156 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
01:03:39.0715 3156 Schedule - ok
01:03:39.0746 3156 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
01:03:39.0746 3156 SCPolicySvc - ok
01:03:39.0793 3156 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:03:39.0793 3156 SDRSVC - ok
01:03:39.0824 3156 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:03:39.0824 3156 secdrv - ok
01:03:39.0855 3156 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
01:03:39.0871 3156 seclogon - ok
01:03:39.0871 3156 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
01:03:39.0871 3156 SENS - ok
01:03:39.0886 3156 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:03:39.0886 3156 SensrSvc - ok
01:03:39.0902 3156 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
01:03:39.0902 3156 Serenum - ok
01:03:39.0917 3156 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
01:03:39.0917 3156 Serial - ok
01:03:39.0964 3156 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
01:03:39.0964 3156 sermouse - ok
01:03:40.0011 3156 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
01:03:40.0011 3156 SessionEnv - ok
01:03:40.0042 3156 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
01:03:40.0042 3156 sffdisk - ok
01:03:40.0058 3156 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:03:40.0058 3156 sffp_mmc - ok
01:03:40.0058 3156 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
01:03:40.0058 3156 sffp_sd - ok
01:03:40.0073 3156 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
01:03:40.0073 3156 sfloppy - ok
01:03:40.0120 3156 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:03:40.0136 3156 SharedAccess - ok
01:03:40.0167 3156 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:03:40.0183 3156 ShellHWDetection - ok
01:03:40.0214 3156 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
01:03:40.0214 3156 SiSRaid2 - ok
01:03:40.0214 3156 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
01:03:40.0229 3156 SiSRaid4 - ok
01:03:40.0245 3156 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:03:40.0245 3156 Smb - ok
01:03:40.0276 3156 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:03:40.0276 3156 SNMPTRAP - ok
01:03:40.0292 3156 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
01:03:40.0292 3156 spldr - ok
01:03:40.0339 3156 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
01:03:40.0354 3156 Spooler - ok
01:03:40.0448 3156 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
01:03:40.0510 3156 sppsvc - ok
01:03:40.0526 3156 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
01:03:40.0526 3156 sppuinotify - ok
01:03:40.0573 3156 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
01:03:40.0573 3156 srv - ok
01:03:40.0588 3156 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:03:40.0588 3156 srv2 - ok
01:03:40.0604 3156 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:03:40.0604 3156 srvnet - ok
01:03:40.0635 3156 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:03:40.0635 3156 SSDPSRV - ok
01:03:40.0651 3156 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:03:40.0651 3156 SstpSvc - ok
01:03:40.0651 3156 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
01:03:40.0651 3156 stexstor - ok
01:03:40.0697 3156 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
01:03:40.0729 3156 stisvc - ok
01:03:40.0760 3156 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
01:03:40.0760 3156 swenum - ok
01:03:40.0775 3156 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
01:03:40.0791 3156 swprv - ok
01:03:40.0853 3156 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
01:03:40.0900 3156 SysMain - ok
01:03:40.0916 3156 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:03:40.0916 3156 TabletInputService - ok
01:03:40.0931 3156 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:03:40.0947 3156 TapiSrv - ok
01:03:40.0963 3156 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
01:03:40.0963 3156 TBS - ok
01:03:41.0041 3156 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:03:41.0072 3156 Tcpip - ok
01:03:41.0119 3156 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:03:41.0134 3156 TCPIP6 - ok
01:03:41.0165 3156 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:03:41.0165 3156 tcpipreg - ok
01:03:41.0197 3156 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:03:41.0197 3156 TDPIPE - ok
01:03:41.0212 3156 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:03:41.0228 3156 TDTCP - ok
01:03:41.0259 3156 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:03:41.0259 3156 tdx - ok
01:03:41.0275 3156 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
01:03:41.0275 3156 TermDD - ok
01:03:41.0321 3156 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
01:03:41.0337 3156 TermService - ok
01:03:41.0337 3156 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
01:03:41.0353 3156 Themes - ok
01:03:41.0368 3156 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
01:03:41.0368 3156 THREADORDER - ok
01:03:41.0384 3156 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
01:03:41.0384 3156 TrkWks - ok
01:03:41.0446 3156 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:03:41.0446 3156 TrustedInstaller - ok
01:03:41.0477 3156 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:03:41.0477 3156 tssecsrv - ok
01:03:41.0524 3156 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:03:41.0524 3156 TsUsbFlt - ok
01:03:41.0555 3156 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:03:41.0571 3156 tunnel - ok
01:03:41.0602 3156 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
01:03:41.0602 3156 uagp35 - ok
01:03:41.0633 3156 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:03:41.0633 3156 udfs - ok
01:03:41.0649 3156 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:03:41.0649 3156 UI0Detect - ok
01:03:41.0665 3156 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:03:41.0665 3156 uliagpkx - ok
01:03:41.0711 3156 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
01:03:41.0711 3156 umbus - ok
01:03:41.0743 3156 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
01:03:41.0743 3156 UmPass - ok
01:03:41.0758 3156 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
01:03:41.0774 3156 upnphost - ok
01:03:41.0805 3156 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
01:03:41.0805 3156 USBAAPL64 - ok
01:03:41.0852 3156 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:03:41.0852 3156 usbccgp - ok
01:03:41.0883 3156 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:03:41.0883 3156 usbcir - ok
01:03:41.0914 3156 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
01:03:41.0914 3156 usbehci - ok
01:03:41.0945 3156 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:03:41.0945 3156 usbhub - ok
01:03:41.0961 3156 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
01:03:41.0961 3156 usbohci - ok
01:03:41.0992 3156 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:03:41.0992 3156 usbprint - ok
01:03:42.0023 3156 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
01:03:42.0023 3156 usbscan - ok
01:03:42.0039 3156 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
01:03:42.0039 3156 USBSTOR - ok
01:03:42.0055 3156 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
01:03:42.0055 3156 usbuhci - ok
01:03:42.0070 3156 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
01:03:42.0070 3156 UxSms - ok
01:03:42.0070 3156 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
01:03:42.0070 3156 VaultSvc - ok
01:03:42.0086 3156 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:03:42.0086 3156 vdrvroot - ok
01:03:42.0133 3156 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
01:03:42.0148 3156 vds - ok
01:03:42.0164 3156 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:03:42.0164 3156 vga - ok
01:03:42.0179 3156 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
01:03:42.0179 3156 VgaSave - ok
01:03:42.0195 3156 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
01:03:42.0195 3156 vhdmp - ok
01:03:42.0226 3156 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
01:03:42.0226 3156 viaide - ok
01:03:42.0242 3156 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:03:42.0242 3156 volmgr - ok
01:03:42.0289 3156 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:03:42.0289 3156 volmgrx - ok
01:03:42.0304 3156 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:03:42.0320 3156 volsnap - ok
01:03:42.0335 3156 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
01:03:42.0335 3156 vsmraid - ok
01:03:42.0398 3156 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
01:03:42.0429 3156 VSS - ok
01:03:42.0445 3156 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
01:03:42.0445 3156 vwifibus - ok
01:03:42.0476 3156 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
01:03:42.0491 3156 W32Time - ok
01:03:42.0507 3156 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
01:03:42.0507 3156 WacomPen - ok
01:03:42.0523 3156 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
01:03:42.0538 3156 WANARP - ok
01:03:42.0538 3156 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:03:42.0538 3156 Wanarpv6 - ok
01:03:42.0585 3156 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
01:03:42.0616 3156 WatAdminSvc - ok
01:03:42.0679 3156 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
01:03:42.0710 3156 wbengine - ok
01:03:42.0725 3156 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:03:42.0725 3156 WbioSrvc - ok
01:03:42.0772 3156 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:03:42.0788 3156 wcncsvc - ok
01:03:42.0803 3156 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:03:42.0803 3156 WcsPlugInService - ok
01:03:42.0819 3156 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
01:03:42.0819 3156 Wd - ok
01:03:42.0835 3156 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:03:42.0850 3156 Wdf01000 - ok
01:03:42.0866 3156 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:03:42.0866 3156 WdiServiceHost - ok
01:03:42.0881 3156 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:03:42.0881 3156 WdiSystemHost - ok
01:03:42.0928 3156 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
01:03:42.0928 3156 WebClient - ok
01:03:42.0959 3156 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:03:42.0959 3156 Wecsvc - ok
01:03:42.0975 3156 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:03:42.0975 3156 wercplsupport - ok
01:03:42.0991 3156 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
01:03:42.0991 3156 WerSvc - ok
01:03:43.0022 3156 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
01:03:43.0022 3156 WfpLwf - ok
01:03:43.0037 3156 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:03:43.0037 3156 WIMMount - ok
01:03:43.0037 3156 WinDefend - ok
01:03:43.0053 3156 WinHttpAutoProxySvc - ok
01:03:43.0100 3156 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:03:43.0100 3156 Winmgmt - ok
01:03:43.0162 3156 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
01:03:43.0209 3156 WinRM - ok
01:03:43.0256 3156 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
01:03:43.0256 3156 WinUsb - ok
01:03:43.0287 3156 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
01:03:43.0318 3156 Wlansvc - ok
01:03:43.0349 3156 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
01:03:43.0349 3156 WmiAcpi - ok
01:03:43.0349 3156 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:03:43.0365 3156 wmiApSrv - ok
01:03:43.0381 3156 WMPNetworkSvc - ok
01:03:43.0396 3156 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:03:43.0396 3156 WPCSvc - ok
01:03:43.0443 3156 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:03:43.0443 3156 WPDBusEnum - ok
01:03:43.0474 3156 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:03:43.0474 3156 ws2ifsl - ok
01:03:43.0474 3156 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
01:03:43.0474 3156 wscsvc - ok
01:03:43.0490 3156 WSearch - ok
01:03:43.0583 3156 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:03:43.0646 3156 wuauserv - ok
01:03:43.0661 3156 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:03:43.0661 3156 WudfPf - ok
01:03:43.0693 3156 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:03:43.0708 3156 WUDFRd - ok
01:03:43.0739 3156 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:03:43.0739 3156 wudfsvc - ok
01:03:43.0755 3156 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
01:03:43.0755 3156 WwanSvc - ok
01:03:43.0833 3156 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
01:03:43.0849 3156 YahooAUService - ok
01:03:43.0849 3156 ================ Scan global ===============================
01:03:43.0864 3156 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
01:03:43.0895 3156 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
01:03:43.0911 3156 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
01:03:43.0927 3156 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
01:03:43.0958 3156 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
01:03:43.0958 3156 [Global] - ok
01:03:43.0958 3156 ================ Scan MBR ==================================
01:03:43.0958 3156 [ 5EDFD2DCAD20D2FA29ABC02E2FE823BA ] \Device\Harddisk0\DR0
01:03:44.0145 3156 \Device\Harddisk0\DR0 - ok
01:03:44.0161 3156 ================ Scan VBR ==================================
01:03:44.0161 3156 [ 73B09B917B4A2076F4666B6245E9496B ] \Device\Harddisk0\DR0\Partition1
01:03:44.0161 3156 \Device\Harddisk0\DR0\Partition1 - ok
01:03:44.0176 3156 [ B1681FE292CCB0AF3DFA378285CEB3B6 ] \Device\Harddisk0\DR0\Partition2
01:03:44.0176 3156 \Device\Harddisk0\DR0\Partition2 - ok
01:03:44.0207 3156 [ 0B90CA76B88C287673DC5FF256FFE179 ] \Device\Harddisk0\DR0\Partition3
01:03:44.0207 3156 \Device\Harddisk0\DR0\Partition3 - ok
01:03:44.0207 3156 ============================================================
01:03:44.0207 3156 Scan finished
01:03:44.0207 3156 ============================================================
01:03:44.0207 3956 Detected object count: 0
01:03:44.0207 3956 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 01 September 2012 - 03:27 AM

did you run the aswMBR report?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 union410

union410
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 01 September 2012 - 03:52 AM

The site was down for a minute. Here it is.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-01 01:20:36
-----------------------------
01:20:36.117 OS Version: Windows x64 6.1.7601 Service Pack 1
01:20:36.117 Number of processors: 4 586 0x2502
01:20:36.117 ComputerName: TARPLEYS-PC UserName: Tarpleys
01:20:37.147 Initialize success
01:20:44.167 AVAST engine defs: 12083102
01:21:03.511 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:21:03.511 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 8
01:21:03.527 Disk 0 MBR read successfully
01:21:03.527 Disk 0 MBR scan
01:21:03.542 Disk 0 unknown MBR code
01:21:03.542 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
01:21:03.558 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 599270 MB offset 206911
01:21:03.589 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11107 MB offset 1227513856
01:21:03.636 Disk 0 scanning C:\Windows\system32\drivers
01:21:12.653 Service scanning
01:21:34.493 Modules scanning
01:21:34.493 Disk 0 trace - called modules:
01:21:34.508 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
01:21:35.008 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80062e9060]
01:21:35.008 3 CLASSPNP.SYS[fffff88001b7d43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f95050]
01:21:36.334 AVAST engine scan C:\Windows
01:21:40.265 AVAST engine scan C:\Windows\system32
01:24:25.282 AVAST engine scan C:\Windows\system32\drivers
01:24:35.484 AVAST engine scan C:\Users\Tarpleys
01:26:05.483 File: C:\Users\Tarpleys\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\4030a78-10878438 **INFECTED** Win32:FakeSysdef-OX [Trj]
01:30:22.650 AVAST engine scan C:\ProgramData
01:32:31.241 Scan finished successfully
01:32:53.289 Disk 0 MBR has been saved successfully to "C:\Users\Tarpleys\Desktop\Downloads\MBR.dat"
01:32:53.304 The log file has been saved successfully to "C:\Users\Tarpleys\Desktop\Downloads\aswMBR111111111111111111111.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 01 September 2012 - 12:06 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
C:\Users\Tarpleys\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo




Code:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 union410

union410
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 01 September 2012 - 01:03 PM

Firefox still won't run. Should I just delete it and redownload it? Everything else seems fine thus far. Only been a couple minutes though. Here is the log. It ran fine with no restart.

ComboFix 12-08-31.08 - Tarpleys 09/01/2012 10:53:10.7.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6007.4724 [GMT -7:00]
Running from: c:\users\Tarpleys\Desktop\ComboFix.exe
Command switches used :: c:\users\Tarpleys\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
.
.
2012-09-01 17:56 . 2012-09-01 17:56 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-09-01 17:56 . 2012-09-01 17:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-01 17:56 . 2012-09-01 17:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-01 16:09 . 2012-09-01 16:09 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0FC9113-8BD6-4A88-B142-9F88D31D681B}\offreg.dll
2012-09-01 08:33 . 2012-09-01 08:33 -------- d-----w- c:\users\Tarpleys\AppData\Roaming\HPAppData
2012-08-30 01:12 . 2012-08-30 01:12 -------- d-----w- c:\program files (x86)\ESET
2012-08-28 02:13 . 2012-08-28 02:13 388096 ----a-r- c:\users\Tarpleys\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-28 02:13 . 2012-08-28 02:13 -------- d-----w- c:\program files (x86)\Trend Micro
2012-08-28 02:04 . 2012-08-28 02:04 -------- d--h--w- c:\users\Tarpleys\AppData\Local\Macromedia
2012-08-28 01:29 . 2012-08-28 01:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-28 01:29 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 01:08 . 2012-08-28 01:37 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-24 13:58 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0FC9113-8BD6-4A88-B142-9F88D31D681B}\mpengine.dll
2012-08-16 04:47 . 2012-06-29 03:56 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-16 04:19 . 2012-08-16 04:19 -------- d--h--w- c:\users\Tarpleys\AppData\Roaming\Unity
2012-08-16 04:18 . 2012-08-31 21:55 -------- d-----w- c:\users\Tarpleys\AppData\Local\Unity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 01:37 . 2011-08-23 20:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 04:45 . 2012-07-02 06:03 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-02 06:02 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-07-02 06:02 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-06-09 05:43 . 2012-07-11 15:30 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 15:49 . 2012-06-06 15:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 15:30 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 15:30 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 15:30 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 15:30 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 15:30 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 15:30 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-09-01_07.28.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-25 01:27 . 2012-09-01 08:20 57892 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-09-01 00:54 29878 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-01 08:20 29878 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-25 02:45 . 2012-09-01 08:20 14960 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1553932959-182929459-1838539615-1000_UserData.bin
+ 2010-07-16 10:15 . 2012-09-01 07:47 3386 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-07-16 10:15 . 2012-08-31 15:54 3386 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-09-01 07:28 . 2012-09-01 07:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-01 08:19 . 2012-09-01 08:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-01 08:19 . 2012-09-01 08:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-09-01 07:28 . 2012-09-01 07:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-25 08:04 . 2012-09-01 16:09 362254 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-09-01 00:57 624162 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-01 08:26 624162 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-09-01 00:57 106538 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-09-01 08:26 106538 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-09-01 07:27 400784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-01 08:18 400784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-06-25 02:42 . 2012-09-01 07:27 1312992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-06-25 02:42 . 2012-09-01 08:18 1312992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-06-25 02:42 . 2012-09-01 07:27 17368268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1553932959-182929459-1838539615-1000-8192.dat
+ 2010-06-25 02:42 . 2012-09-01 08:18 17368268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1553932959-182929459-1838539615-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 250056]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-10 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1255736]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-28 01:37]
.
2012-08-28 c:\windows\Tasks\HPCeeScheduleForTarpleys.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-07-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-08 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-08 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-08 408600]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 172.27.35.1
FF - ProfilePath - c:\users\Tarpleys\AppData\Roaming\Mozilla\Firefox\Profiles\tahqdovs.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-01 10:58:17
ComboFix-quarantined-files.txt 2012-09-01 17:58
ComboFix2.txt 2012-09-01 07:32
ComboFix3.txt 2012-07-11 06:16
ComboFix4.txt 2012-07-02 05:32
ComboFix5.txt 2012-09-01 17:52
.
Pre-Run: 347,034,669,056 bytes free
Post-Run: 347,141,148,672 bytes free
.
- - End Of File - - 6FE37318B721702BC182A3D0610DC3CF

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 01 September 2012 - 01:11 PM

uninstall it and if asked about user data or settings then remove that also

restart the computer and reinstall firefox



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 union410

union410
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 01 September 2012 - 01:41 PM

Did that and Firefox works! Thank you so much.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 01 September 2012 - 01:48 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users