Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

farbar fix list needed


  • This topic is locked This topic is locked
20 replies to this topic

#1 Fairholme

Fairholme

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 08 September 2012 - 12:02 PM

hi can you please help me and provide a fix list for this situation. I believe i have the no access virus.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) (x86) Version: 08-09-2012
Ran by SYSTEM at 08-09-2012 09:58:19
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [] [x]
HKU\IUSR_NMPR\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\IUSR_NMPR\...\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent [x]
HKLM\...\Runonce: [Launcher] %WINDIR%\SMINST\launcher.exe [x]
Tcpip\Parameters: [DhcpNameServer] 172.16.1.254

==================== Services ================================

2 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
3 AlertService; "C:\Program Files\Intel\IntelDH\CCU\AlertService.exe" [188416 2006-09-11] (Intel® Corporation)
2 DQLWinService; "C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [208896 2006-09-03] ()
2 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [73728 2007-06-29] ()
2 IntelDHSvcConf; "C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [29696 2006-05-10] (Intel® Corporation)
3 ISSM; "C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe" [75264 2006-09-11] (Intel® Corporation)
3 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [26624 2006-08-31] ()
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 MCLServiceATL; "C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe" [167936 2006-09-11] (Intel® Corporation)
4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [66872 2008-09-10] ()
2 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [111928 2008-09-09] ()
3 Remote UI Service; "C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe" [544256 2006-09-11] (Intel® Corporation)
4 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)
2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-12-14] (Logitech Inc.)
3 Golf Server; c:\golf\server\golf_srv.exe [x]
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
3 IDriverT; "c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [x]
2 LightScribeService; "c:\Program Files\Common Files\LightScribe\LSSrvc.exe" [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
3 RoxMediaDB9; "c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe" [x]
4 stllssvr; "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [x]

==================== Drivers =================================

0 DasBoot; C:\Windows\system32\drivers\DasBoot.SYS [20744 2012-01-17] ()
0 DasBootF; C:\Windows\system32\drivers\DasBootF.SYS [59272 2012-01-17] ()
3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [8320 2007-03-08] (GARMIN Corp.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 PdiPorts; C:\Windows\System32\Drivers\PdiPorts.sys [15920 2006-11-16] (Portrait Displays, Inc.)
0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [45648 2010-03-19] (Sonic Solutions)
3 QCMerced; C:\Windows\System32\DRIVERS\LVCM.sys [472332 2003-06-26] (Logitech Inc.)
2 regi; \??\C:\Windows\system32\drivers\regi.sys [11032 2007-04-17] (InterVideo)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [715248 2008-01-20] (Duplex Secure Ltd.)
3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16128 2012-01-04] (Windows ® Win 7 DDK provider)
3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [10144 2005-04-12] (Logitech Inc.)
3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [22240 2005-04-12] (Logitech Inc.)
3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [5600 2005-04-12] (Logitech Inc.)
3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [45504 2005-04-12] (Logitech Inc.)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 SirefefRemover; \??\C:\Users\Duke\AppData\Local\Temp\a0678d27.tmp [x]

==================== NetSvcs (Whitelisted) =================


============ One Month Created Files and Folders ==============

2012-09-08 09:58 - 2012-09-08 09:58 - 00000000 ____D C:\FRST
2012-09-08 06:56 - 2012-09-08 06:56 - 00137096 ____A (ESET) C:\Users\Duke\Downloads\ESETSirefefRemover.exe
2012-09-08 06:28 - 2012-09-08 06:28 - 00220358 ____A C:\Windows\System32\PHOOKSmf2.TXT
2012-09-08 06:26 - 2012-09-08 07:54 - 00321376 ____A C:\Windows\System32\PHOOKSmf.txt
2012-09-08 06:23 - 2012-09-08 07:54 - 00000000 ____D C:\Windows\System32\DBBK
2012-09-08 06:23 - 2012-09-08 06:28 - 00009101 ____A C:\Users\Duke\Desktop\yorkyt.exe.log
2012-09-08 06:23 - 2012-03-22 08:17 - 00225664 ____A C:\Windows\System32\Drivers\DasBootS.SYS
2012-09-08 06:23 - 2012-01-17 12:55 - 00059272 ____A C:\Windows\System32\Drivers\DasBootF.SYS
2012-09-08 06:23 - 2012-01-17 12:55 - 00027528 ____A C:\Windows\System32\Drivers\DasBootK.SYS
2012-09-08 06:23 - 2012-01-17 12:55 - 00020744 ____A C:\Windows\System32\Drivers\DasBoot.SYS
2012-09-08 06:23 - 2012-01-17 12:55 - 00009096 ____A C:\Windows\System32\Drivers\DasBootI.SYS
2012-09-08 06:23 - 2012-01-17 12:55 - 00009096 ____A C:\Windows\System32\Drivers\DasBootE.SYS
2012-09-08 06:23 - 2010-05-03 17:37 - 00003072 ____A C:\Windows\System32\Drivers\DasBootD.SYS
2012-09-08 06:21 - 2012-09-08 06:21 - 01415784 ____A C:\Users\Duke\Desktop\yorkyt.exe
2012-09-08 05:32 - 2012-09-08 05:32 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-09-08 05:23 - 2012-09-08 05:24 - 10288512 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\mseinstall.exe
2012-09-08 05:22 - 2012-09-08 05:22 - 01528184 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\GenuineCheck.exe
2012-09-08 05:05 - 2012-09-08 05:05 - 00347424 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\MicrosoftFixit.wu.LB.135270540298601334.1.1.Run.exe
2012-09-08 04:52 - 2012-09-08 04:52 - 01010176 ____A C:\Users\Duke\Downloads\MicrosoftFixit50884(2).msi
2012-09-08 04:49 - 2012-09-08 04:49 - 00677376 ____A C:\Users\Duke\Downloads\MicrosoftFixit50687(1).msi
2012-09-08 04:46 - 2012-09-08 04:46 - 00347424 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\MicrosoftFixit.wu.Run(1).exe
2012-09-08 04:43 - 2012-09-08 04:43 - 00176940 ____A C:\Users\Duke\Downloads\BFE(1).reg
2012-09-08 04:43 - 2012-09-08 04:43 - 00006396 ____A C:\Users\Duke\Downloads\MpsSvc(1).reg
2012-09-07 20:36 - 2012-09-07 20:38 - 00000000 ____D C:\10c6ee0dd54afaeda4
2012-09-07 20:36 - 2012-09-07 20:36 - 06776168 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\windowsupdateagent30-x86.exe
2012-09-07 20:32 - 2012-09-07 20:32 - 00347424 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\MicrosoftFixit.wu.LB.136270509176502915.4.1.Run.exe
2012-09-07 20:22 - 2012-09-07 20:23 - 00347424 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\MicrosoftFixit.wu.RNP.107270508980497992.1.1.Run.exe
2012-09-07 20:19 - 2012-09-07 20:19 - 00347424 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\MicrosoftFixit.wu.LB.136270508417498241.5.1.Run.exe
2012-09-07 20:17 - 2012-09-07 20:17 - 01010176 ____A C:\Users\Duke\Downloads\MicrosoftFixit50884(1).msi
2012-09-07 20:13 - 2012-09-07 20:13 - 00677376 ____A C:\Users\Duke\Downloads\MicrosoftFixit50687.msi
2012-09-07 19:59 - 2012-09-07 19:59 - 00347424 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\MicrosoftFixit.wu.Run.exe
2012-09-07 19:57 - 2012-09-07 20:04 - 71494200 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\msert.exe
2012-09-07 19:50 - 2012-09-07 19:50 - 01010176 ____A C:\Users\Duke\Downloads\MicrosoftFixit50884.msi
2012-09-07 19:35 - 2012-09-07 19:35 - 00007586 ____A C:\Users\Duke\Downloads\WinDefend.reg
2012-09-07 19:35 - 2012-09-07 19:35 - 00005256 ____A C:\Users\Duke\Downloads\wscsvc.reg
2012-09-07 19:28 - 2012-09-07 19:28 - 00176940 ____A C:\Users\Duke\Downloads\BFE.reg
2012-09-07 19:28 - 2012-09-07 19:28 - 00006396 ____A C:\Users\Duke\Downloads\MpsSvc.reg
2012-09-07 17:47 - 2012-09-07 17:51 - 29898208 ____A (GridinSoft LLC) C:\Users\Duke\Downloads\gtk2130-setup.exe
2012-09-07 03:59 - 2012-09-07 03:59 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-08-30 02:46 - 2012-09-07 18:21 - 00000000 ____D C:\Users\Duke\Application Data\Ifebo
2012-08-30 02:46 - 2012-09-07 18:21 - 00000000 ____D C:\Users\Duke\Application Data\Cuin
2012-08-30 02:46 - 2012-09-07 18:21 - 00000000 ____D C:\Users\Duke\AppData\Roaming\Ifebo
2012-08-30 02:46 - 2012-09-07 18:21 - 00000000 ____D C:\Users\Duke\AppData\Roaming\Cuin
2012-08-30 02:46 - 2012-08-30 02:46 - 00000000 ____D C:\Users\Duke\Application Data\Lazol
2012-08-30 02:46 - 2012-08-30 02:46 - 00000000 ____D C:\Users\Duke\AppData\Roaming\Lazol
2012-08-17 17:24 - 2012-09-07 18:21 - 00000000 ____D C:\Users\Duke\Application Data\Fuhide
2012-08-17 17:24 - 2012-09-07 18:21 - 00000000 ____D C:\Users\Duke\AppData\Roaming\Fuhide
2012-08-17 17:24 - 2012-09-07 17:35 - 00000000 ____D C:\Users\Duke\Application Data\Alykd
2012-08-17 17:24 - 2012-09-07 17:35 - 00000000 ____D C:\Users\Duke\AppData\Roaming\Alykd
2012-08-17 17:24 - 2012-08-17 17:24 - 00000000 ____D C:\Users\Duke\Application Data\Qico
2012-08-17 17:24 - 2012-08-17 17:24 - 00000000 ____D C:\Users\Duke\AppData\Roaming\Qico
2012-08-16 15:43 - 2012-08-30 15:44 - 00000052 ____A C:\Windows\System32\DOErrors.log
2012-08-12 18:07 - 2012-08-12 18:07 - 00000000 ____D C:\Users\All Users\Premium
2012-08-12 18:07 - 2012-08-12 18:07 - 00000000 ____D C:\Users\All Users\Application Data\Premium
2012-08-12 18:06 - 2012-08-12 18:07 - 00000000 ____D C:\Users\All Users\InstallMate
2012-08-12 18:06 - 2012-08-12 18:07 - 00000000 ____D C:\Users\All Users\Application Data\InstallMate

============ 3 Months Modified Files ========================

2012-09-08 07:54 - 2012-09-08 06:26 - 00321376 ____A C:\Windows\System32\PHOOKSmf.txt
2012-09-08 07:54 - 2012-04-02 16:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-09-08 07:53 - 2010-10-16 17:22 - 00000330 ____A C:\Windows\Tasks\RegistryBooster.job
2012-09-08 07:53 - 2009-09-16 23:09 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-09-08 07:51 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-09-08 07:51 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-09-08 07:51 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-09-08 07:36 - 2006-11-02 05:01 - 00032542 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-09-08 06:56 - 2012-09-08 06:56 - 00137096 ____A (ESET) C:\Users\Duke\Downloads\ESETSirefefRemover.exe
2012-09-08 06:28 - 2012-09-08 06:28 - 00220358 ____A C:\Windows\System32\PHOOKSmf2.TXT
2012-09-08 06:28 - 2012-09-08 06:23 - 00009101 ____A C:\Users\Duke\Desktop\yorkyt.exe.log
2012-09-08 06:21 - 2012-09-08 06:21 - 01415784 ____A C:\Users\Duke\Desktop\yorkyt.exe
2012-09-08 05:33 - 2007-11-14 23:25 - 01931458 ____A C:\Windows\WindowsUpdate.log
2012-09-08 05:32 - 2011-08-26 20:29 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-08 05:32 - 2006-11-02 02:33 - 00729056 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-08 05:24 - 2012-09-08 05:23 - 10288512 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\mseinstall.exe
2012-09-08 05:22 - 2012-09-08 05:22 - 01528184 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\GenuineCheck.exe
2012-09-08 05:15 - 2011-11-06 13:08 - 00000417 ____A C:\rkill.log
2012-09-08 05:05 - 2012-09-08 05:05 - 00347424 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\MicrosoftFixit.wu.LB.135270540298601334.1.1.Run.exe
2012-09-08 04:52 - 2012-09-08 04:52 - 01010176 ____A C:\Users\Duke\Downloads\MicrosoftFixit50884(2).msi
2012-09-08 04:49 - 2012-09-08 04:49 - 00677376 ____A C:\Users\Duke\Downloads\MicrosoftFixit50687(1).msi
2012-09-08 04:46 - 2012-09-08 04:46 - 00347424 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\MicrosoftFixit.wu.Run(1).exe
2012-09-08 04:43 - 2012-09-08 04:43 - 00176940 ____A C:\Users\Duke\Downloads\BFE(1).reg
2012-09-08 04:43 - 2012-09-08 04:43 - 00006396 ____A C:\Users\Duke\Downloads\MpsSvc(1).reg
2012-09-08 04:32 - 2010-02-21 13:50 - 00021562 ____A C:\Windows\PFRO.log
2012-09-07 20:57 - 2012-06-07 16:39 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-07 20:57 - 2012-06-07 16:39 - 00000908 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-07 20:36 - 2012-09-07 20:36 - 06776168 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\windowsupdateagent30-x86.exe
2012-09-07 20:32 - 2012-09-07 20:32 - 00347424 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\MicrosoftFixit.wu.LB.136270509176502915.4.1.Run.exe
2012-09-07 20:23 - 2012-09-07 20:22 - 00347424 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\MicrosoftFixit.wu.RNP.107270508980497992.1.1.Run.exe
2012-09-07 20:19 - 2012-09-07 20:19 - 00347424 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\MicrosoftFixit.wu.LB.136270508417498241.5.1.Run.exe
2012-09-07 20:17 - 2012-09-07 20:17 - 01010176 ____A C:\Users\Duke\Downloads\MicrosoftFixit50884(1).msi
2012-09-07 20:13 - 2012-09-07 20:13 - 00677376 ____A C:\Users\Duke\Downloads\MicrosoftFixit50687.msi
2012-09-07 20:04 - 2012-09-07 19:57 - 71494200 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\msert.exe
2012-09-07 19:59 - 2012-09-07 19:59 - 00347424 ____A (Microsoft Corporation) C:\Users\Duke\Downloads\MicrosoftFixit.wu.Run.exe
2012-09-07 19:50 - 2012-09-07 19:50 - 01010176 ____A C:\Users\Duke\Downloads\MicrosoftFixit50884.msi
2012-09-07 19:35 - 2012-09-07 19:35 - 00007586 ____A C:\Users\Duke\Downloads\WinDefend.reg
2012-09-07 19:35 - 2012-09-07 19:35 - 00005256 ____A C:\Users\Duke\Downloads\wscsvc.reg
2012-09-07 19:28 - 2012-09-07 19:28 - 00176940 ____A C:\Users\Duke\Downloads\BFE.reg
2012-09-07 19:28 - 2012-09-07 19:28 - 00006396 ____A C:\Users\Duke\Downloads\MpsSvc.reg
2012-09-07 17:52 - 2012-07-30 15:56 - 00000938 ____A C:\Users\Public\Desktop\Trojan Killer.lnk
2012-09-07 17:52 - 2012-07-30 15:56 - 00000938 ____A C:\Users\All Users\Desktop\Trojan Killer.lnk
2012-09-07 17:51 - 2012-09-07 17:47 - 29898208 ____A (GridinSoft LLC) C:\Users\Duke\Downloads\gtk2130-setup.exe
2012-09-06 20:31 - 2010-10-15 16:53 - 00002516 __ASH C:\Users\All Users\KGyGaAvL.sys
2012-09-06 20:31 - 2010-10-15 16:53 - 00002516 __ASH C:\Users\All Users\Application Data\KGyGaAvL.sys
2012-08-30 15:44 - 2012-08-16 15:43 - 00000052 ____A C:\Windows\System32\DOErrors.log
2012-08-26 01:19 - 2010-10-16 17:15 - 00000354 ____A C:\Windows\Tasks\Driver Robot.job
2012-08-25 08:43 - 2012-04-02 16:38 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-08-25 08:43 - 2011-05-23 18:56 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-08-09 05:18 - 2008-01-02 16:45 - 00076288 ____A C:\Users\Duke\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-09 05:18 - 2008-01-02 16:45 - 00076288 ____A C:\Users\Duke\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-09 05:18 - 2008-01-02 16:45 - 00076288 ____A C:\Users\Duke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-08 18:33 - 2012-03-26 10:51 - 00000420 ____A C:\Users\Duke\Application Data\wklnhst.dat
2012-08-08 18:33 - 2012-03-26 10:51 - 00000420 ____A C:\Users\Duke\AppData\Roaming\wklnhst.dat
2012-07-30 16:01 - 2012-07-30 15:56 - 28285912 ____A (GridinSoft LLC) C:\Users\Duke\Downloads\gtk2125-setup.exe
2012-07-30 15:56 - 2012-07-30 15:53 - 24835392 ____A (GridinSoft, Inc. ) C:\Users\Duke\Downloads\trojankiller-setup.exe
2012-07-30 15:43 - 2012-07-30 15:43 - 00000000 ____A C:\Users\Duke\Downloads\SoftonicDownloader_para_pkiller_exe.a71f1nk.partial
2012-07-30 15:43 - 2012-07-30 15:39 - 00407872 ____A C:\Users\Duke\Desktop\iexplorer.exe
2012-07-30 15:36 - 2012-07-30 15:37 - 00000000 ____A C:\Users\Duke\Downloads\iexplorer.exe.e1l9ha2.partial
2012-07-30 14:46 - 2012-07-30 14:46 - 302216543 ____A C:\Windows\MEMORY.DMP
2012-07-30 14:46 - 2012-07-30 14:46 - 00150280 ____A C:\Windows\Minidump\Mini073012-01.dmp
2012-07-30 14:18 - 2012-07-30 14:18 - 01144963 ____A C:\Users\Duke\Downloads\ProcessExplorer.zip
2012-07-11 02:24 - 2006-11-02 04:47 - 00553568 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 02:04 - 2006-11-02 02:23 - 00000254 ____A C:\Windows\win.ini
2012-07-11 01:03 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-03 11:46 - 2011-11-06 12:55 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 15:31 - 2012-07-02 15:31 - 00001666 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-02 15:31 - 2012-07-02 15:31 - 00001666 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-06-13 05:40 - 2012-07-11 02:05 - 02047488 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys


ZeroAccess:
C:\Windows\Installer\{17e1a5cc-f9ff-a6a8-08e6-60ee11a3ee5a}
C:\Windows\Installer\{17e1a5cc-f9ff-a6a8-08e6-60ee11a3ee5a}\L
C:\Windows\Installer\{17e1a5cc-f9ff-a6a8-08e6-60ee11a3ee5a}\U
C:\Windows\Installer\{17e1a5cc-f9ff-a6a8-08e6-60ee11a3ee5a}\U\00000001.@

ZeroAccess:
C:\Users\Duke\AppData\Local\{17e1a5cc-f9ff-a6a8-08e6-60ee11a3ee5a}
C:\Users\Duke\AppData\Local\{17e1a5cc-f9ff-a6a8-08e6-60ee11a3ee5a}\L
C:\Users\Duke\AppData\Local\{17e1a5cc-f9ff-a6a8-08e6-60ee11a3ee5a}\U

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4094.5 MB
Available physical RAM: 3512.65 MB
Total Pagefile: 3762.14 MB
Available Pagefile: 3600.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.55 MB

==================== Partitions ============================

1 Drive c: (HP) (Fixed) (Total:292.24 GB) (Free:121.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:5.84 GB) (Free:0.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 298 GB 1528 KB
Disk 1 Online 1928 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 292 GB 32 KB
Partition 2 Primary 5985 MB 292 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C HP NTFS Partition 292 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 D FACTORY_IMA NTFS Partition 5985 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1928 MB 32 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 F FAT Removable 1928 MB Healthy

==================================================================================

Last Boot: 2012-09-08 05:03

==================== End Of Log =============================

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:20 AM

Posted 08 September 2012 - 12:30 PM

Please do the following:

your machine may not boot until we can replace services.exe, we can fix somethings, then look for a services.exe replacement

Open notepad (Start =>All Programs => Accessories => Notepad).
Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it on the flashdrive as fixlist.txt

HKLM\...\Run: [] [x]
2012-08-30 02:46 - 2012-09-07 18:21 - 00000000 ____D C:\Users\Duke\Application Data\Ifebo
2012-08-30 02:46 - 2012-09-07 18:21 - 00000000 ____D C:\Users\Duke\Application Data\Cuin
2012-08-30 02:46 - 2012-09-07 18:21 - 00000000 ____D C:\Users\Duke\AppData\Roaming\Ifebo
2012-08-30 02:46 - 2012-09-07 18:21 - 00000000 ____D C:\Users\Duke\AppData\Roaming\Cuin
2012-08-30 02:46 - 2012-08-30 02:46 - 00000000 ____D C:\Users\Duke\Application Data\Lazol
2012-08-30 02:46 - 2012-08-30 02:46 - 00000000 ____D C:\Users\Duke\AppData\Roaming\Lazol
2012-08-17 17:24 - 2012-09-07 18:21 - 00000000 ____D C:\Users\Duke\Application Data\Fuhide
2012-08-17 17:24 - 2012-09-07 18:21 - 00000000 ____D C:\Users\Duke\AppData\Roaming\Fuhide
2012-08-17 17:24 - 2012-09-07 17:35 - 00000000 ____D C:\Users\Duke\Application Data\Alykd
2012-08-17 17:24 - 2012-09-07 17:35 - 00000000 ____D C:\Users\Duke\AppData\Roaming\Alykd
2012-08-17 17:24 - 2012-08-17 17:24 - 00000000 ____D C:\Users\Duke\Application Data\Qico
2012-08-17 17:24 - 2012-08-17 17:24 - 00000000 ____D C:\Users\Duke\AppData\Roaming\Qico
C:\Windows\Installer\{17e1a5cc-f9ff-a6a8-08e6-60ee11a3ee5a}
C:\Users\Duke\AppData\Local\{17e1a5cc-f9ff-a6a8-08e6-60ee11a3ee5a}
end
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command PromptRun FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt)
please post it to your reply.

  • While you are still booted into System Recovery Options run FRST.

    Type the following in the edit box after "Search:" so it looks like this:

    Search: services.exe

    Click Search button and post the log it makes to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Fairholme

Fairholme
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 08 September 2012 - 12:50 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-09-2012
Ran by SYSTEM at 2012-09-08 11:39:41 Run:1
Running from J:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Users\Duke\Application Data\Ifebo moved successfully.
C:\Users\Duke\Application Data\Cuin moved successfully.
C:\Users\Duke\AppData\Roaming\Ifebo not found.
C:\Users\Duke\AppData\Roaming\Cuin not found.
C:\Users\Duke\Application Data\Lazol moved successfully.
C:\Users\Duke\AppData\Roaming\Lazol not found.
C:\Users\Duke\Application Data\Fuhide moved successfully.
C:\Users\Duke\AppData\Roaming\Fuhide not found.
C:\Users\Duke\Application Data\Alykd moved successfully.
C:\Users\Duke\AppData\Roaming\Alykd not found.
C:\Users\Duke\Application Data\Qico moved successfully.
C:\Users\Duke\AppData\Roaming\Qico not found.
C:\Windows\Installer\{17e1a5cc-f9ff-a6a8-08e6-60ee11a3ee5a} moved successfully.
C:\Users\Duke\AppData\Local\{17e1a5cc-f9ff-a6a8-08e6-60ee11a3ee5a} moved successfully.

==== End of Fixlog ====

Farbar Recovery Scan Tool (x86) Version: 08-09-2012
Ran by SYSTEM at 2012-09-08 11:40:34
Running from J:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-09-16 23:09] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-06-17 16:24] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\System32\services.exe
[2009-09-16 23:09] - [2012-09-08 07:53] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

=== End Of Search ===

Thanks for your help.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:20 AM

Posted 08 September 2012 - 01:20 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Fairholme

Fairholme
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 08 September 2012 - 03:08 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-09-2012
Ran by SYSTEM at 2012-09-08 13:29:29 Run:2
Running from J:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

ComboFix 12-09-08.02 - Duke 08/09/2012 13:39:58.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3326.2268 [GMT -6:00]
Running from: c:\users\Duke\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\HCTEBF.tmp
C:\HCTEC0.tmp
C:\HCTEC1.tmp
C:\HCTEC2.tmp
C:\HCTEC3.tmp
C:\HCTEC4.tmp
C:\HCTEC5.tmp
C:\HCTEC6.tmp
C:\install.exe
c:\programdata\43FCA4695F.sys
c:\windows\system32\jucheck.exe
c:\windows\system32\jusched.exe
c:\windows\system32\SET4148.tmp
c:\windows\system32\SET7524.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-08 to 2012-09-08 )))))))))))))))))))))))))))))))
.
.
2012-09-08 19:53 . 2012-09-08 19:55 -------- d-----w- c:\users\Duke\AppData\Local\temp
2012-09-08 19:53 . 2012-09-08 19:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-08 17:58 . 2012-09-08 17:58 -------- d-----w- C:\FRST
2012-09-08 14:23 . 2012-09-08 19:55 -------- d-----w- c:\windows\system32\DBBK
2012-09-08 14:23 . 2012-03-22 16:17 225664 ----a-w- c:\windows\system32\drivers\DasBootS.SYS
2012-09-08 14:23 . 2012-01-17 20:55 9096 ----a-w- c:\windows\system32\drivers\DasBootI.SYS
2012-09-08 14:23 . 2012-01-17 20:55 27528 ----a-w- c:\windows\system32\drivers\DasBootK.SYS
2012-09-08 14:23 . 2012-01-17 20:55 9096 ----a-w- c:\windows\system32\drivers\DasBootE.SYS
2012-09-08 14:23 . 2012-01-17 20:55 59272 ----a-w- c:\windows\system32\drivers\DasBootF.SYS
2012-09-08 14:23 . 2012-01-17 20:55 20744 ----a-w- c:\windows\system32\drivers\DasBoot.SYS
2012-09-08 14:23 . 2010-05-04 01:37 3072 ----a-w- c:\windows\system32\drivers\DasBootD.SYS
2012-09-08 13:40 . 2012-02-09 20:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F76FBFB-350F-4265-8EFC-53824F894D92}\gapaengine.dll
2012-09-08 13:39 . 2012-08-28 07:50 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{481FEB12-1E28-4CC5-96B5-02B1B2935599}\mpengine.dll
2012-09-08 13:32 . 2012-09-08 13:32 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-08 04:36 . 2012-09-08 04:38 -------- d-----w- C:\10c6ee0dd54afaeda4
2012-09-08 04:02 . 2012-09-08 04:02 -------- d-----w- c:\users\Duke\AppData\Local\ElevatedDiagnostics
2012-08-13 02:07 . 2012-08-13 02:07 -------- d-----w- c:\programdata\Premium
2012-08-13 02:06 . 2012-08-13 02:07 -------- d-----w- c:\programdata\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-08 19:58 . 2012-09-08 19:58 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{481FEB12-1E28-4CC5-96B5-02B1B2935599}\offreg.dll
2012-09-07 04:31 . 2010-10-16 00:53 2516 --sha-w- c:\programdata\KGyGaAvL.sys
2012-08-25 16:43 . 2012-04-03 00:38 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-25 16:43 . 2011-05-24 02:56 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 19:46 . 2011-11-06 20:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:40 . 2012-07-11 10:05 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-09-07 11:59 . 2012-09-07 11:59 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-29 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-29 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-29 138008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SirefefRemover]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Duke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Duke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Duke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Duke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Duke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\users\Duke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-06-16 22:43 499608 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-01-21 00:51 4608 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 02:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
2007-06-29 23:56 278528 ----a-w- c:\program files\Portrait Displays\HP My Display\dthtml.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 14:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 08:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 01:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 20:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 19:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-07-03 19:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 23:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 02:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
2011-07-04 13:29 67456 ----a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-10-25 11:52 4702208 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2008-06-10 10:27 54672 ----a-w- c:\windows\System32\jureg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 20:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:43]
.
2012-09-08 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-07-27 13:29]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.1.254
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\TurboTax 2011\ic2011pp.dll
DPF: Contains
DPF: DownloadInformation -
DPF: InstalledVersion
FF - ProfilePath - c:\users\Duke\AppData\Roaming\Mozilla\Firefox\Profiles\c74y2zu2.default\
FF - prefs.js: browser.startup.homepage - hxxp://ca.msn.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-ALUAlert - c:\program files\Symantec\LiveUpdate\ALuNotify.exe
MSConfigStartUp-caclsass - c:\users\Duke\AppData\Local\Temp\choiPING.dll
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
MSConfigStartUp-Kaazc - c:\users\Duke\AppData\Roaming\Fuhide\kuqoi.exe
MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
MSConfigStartUp-LogitechCommunicationsManager - c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam\Quickcam.exe
MSConfigStartUp-Odekteuc - c:\users\Duke\AppData\Roaming\Ifebo\ynute.exe
MSConfigStartUp-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe
AddRemove-{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1 - c:\program files\GridinSoft Trojan Killer\unins000.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SirefefRemover]
"ImagePath"="\??\c:\users\Duke\AppData\Local\Temp\a0678d27.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3672857582-3476048060-904075781-1001\Software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_USERS\S-1-5-21-3672857582-3476048060-904075781-1001\Software\SecuROM\License information*]
"datasecu"=hex:ed,9e,58,15,f1,d6,8e,cf,1a,e7,90,6e,26,29,03,04,5a,7c,86,8c,c8,
62,ac,f8,0c,a1,98,b9,51,df,96,8a,a3,1d,13,7e,a4,ec,a0,d1,da,be,19,4b,87,38,\
"rkeysecu"=hex:75,2a,ee,29,51,fe,78,b3,7a,6f,9f,14,17,9c,51,92
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\Default_Monitor\4&33c8985e&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\Default_Monitor\4&33c8985e&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\Default_Monitor\5&3aeefc89&0&12345678&02&00\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\Default_Monitor\5&3aeefc89&0&12345678&02&00\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&0&UID2097425\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&0&UID2097425\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&0&UID273\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&0&UID273\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&0&UID33554705\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&0&UID33554705\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&1&UID2097424\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&1&UID2097424\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&1&UID2097425\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&1&UID2097425\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&1&UID33554705\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&1&UID33554705\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP282B\5&3aeefc89&1&UID2097425\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP282B\5&3aeefc89&1&UID2097425\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-09-08 14:04:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-08 20:03
.
Pre-Run: 127,597,764,608 bytes free
Post-Run: 127,646,994,432 bytes free
.
- - End Of File - - 8B973648BA26A90138AF4331686E9719

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:20 AM

Posted 08 September 2012 - 03:15 PM

please run the following:


  • Download RogueKiller and save it to your desktop.
  • Quit all other programs
  • Start RogueKiller.exe
  • Wait until the Prescan has finished ...
  • Click on Scan
    Posted Image
  • Wait for the end of the scan
  • A report will be created on your desktop.
  • Click on the Delete button
    Posted Image
  • Next click on the ShortcutsFix
    Posted Image
  • another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Fairholme

Fairholme
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 08 September 2012 - 03:53 PM

RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Duke [Admin rights]
Mode : Scan -- Date : 09/08/2012 14:43:51

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
IRP[IRP_MJ_CREATE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x867C81F8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x867C81F8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x867C81F8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x867C81F8)
IRP[IRP_MJ_POWER] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x867C81F8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x867C81F8)
IRP[IRP_MJ_PNP] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x867C81F8)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAJS-65VWA0 ATA Device +++++
--- User ---
[MBR] 7a3e248b96cc584584985292c312a6fd
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 299257 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 612879750 | Size: 5985 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Duke [Admin rights]
Mode : Remove -- Date : 09/08/2012 14:45:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
IRP[IRP_MJ_CREATE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x867C81F8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x867C81F8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x867C81F8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x867C81F8)
IRP[IRP_MJ_POWER] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x867C81F8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x867C81F8)
IRP[IRP_MJ_PNP] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x867C81F8)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAJS-65VWA0 ATA Device +++++
--- User ---
[MBR] 7a3e248b96cc584584985292c312a6fd
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 299257 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 612879750 | Size: 5985 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V8.0.2 [08/31/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Duke [Admin rights]
Mode : Shortcuts HJfix -- Date : 09/08/2012 14:49:51

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 174 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 25 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 196 / Fail 0
My documents: Success 364 / Fail 364
My favorites: Success 0 / Fail 0
My pictures: Success 4 / Fail 0
My music: Success 2 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 138 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[J:] \Device\CdRom1 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:20 AM

Posted 08 September 2012 - 04:11 PM

Please do the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Fairholme

Fairholme
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 08 September 2012 - 05:18 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-08 15:18:46
-----------------------------
15:18:46.789 OS Version: Windows 6.0.6002 Service Pack 2
15:18:46.789 Number of processors: 4 586 0xF0B
15:18:46.789 ComputerName: DUKE-PC UserName: Duke
15:19:30.609 Initialize success
15:25:43.161 AVAST engine defs: 12090801
15:25:52.661 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:25:52.677 Disk 0 Vendor: WDC_WD3200AAJS-65VWA0 12.01B02 Size: 305245MB BusType: 3
15:25:52.677 Disk 0 MBR read successfully
15:25:52.677 Disk 0 MBR scan
15:25:52.739 Disk 0 unknown MBR code
15:25:52.739 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 299257 MB offset 63
15:25:52.786 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 5985 MB offset 612879750
15:25:52.802 Disk 0 scanning sectors +625137345
15:25:52.880 Disk 0 scanning C:\Windows\system32\drivers
15:26:15.032 Service scanning
15:26:29.930 Service MpKslef629c36 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{481FEB12-1E28-4CC5-96B5-02B1B2935599}\MpKslef629c36.sys **LOCKED** 32
15:26:49.336 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:27:00.225 Modules scanning
15:27:00.521 Module: C:\Windows\system32\drivers\DasBootD.SYS **SUSPICIOUS**
15:27:05.014 Disk 0 trace - called modules:
15:27:05.045 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x867a81f8]<<
15:27:05.061 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867d77e8]
15:27:05.061 3 CLASSPNP.SYS[8b5ab8b3] -> nt!IofCallDriver -> [0x867fb408]
15:27:05.061 5 acpi.sys[8ae106bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x867f98a0]
15:27:05.076 \Driver\atapi[0x867ee340] -> IRP_MJ_CREATE -> 0x867a81f8
15:27:07.276 AVAST engine scan C:\Windows
15:27:17.915 AVAST engine scan C:\Windows\system32
15:33:06.856 AVAST engine scan C:\Windows\system32\drivers
15:33:28.602 AVAST engine scan C:\Users\Duke
15:54:29.333 AVAST engine scan C:\ProgramData
16:10:15.801 Scan finished successfully
16:14:08.740 Disk 0 MBR has been saved successfully to "C:\Users\Duke\Desktop\MBR.dat"
16:14:08.818 The log file has been saved successfully to "C:\Users\Duke\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   581bytes   1 downloads


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:20 AM

Posted 08 September 2012 - 05:37 PM

Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Fairholme

Fairholme
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 08 September 2012 - 05:59 PM

16:54:50.0696 2876 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:54:51.0133 2876 ============================================================
16:54:51.0133 2876 Current date / time: 2012/09/08 16:54:51.0133
16:54:51.0133 2876 SystemInfo:
16:54:51.0133 2876
16:54:51.0133 2876 OS Version: 6.0.6002 ServicePack: 2.0
16:54:51.0133 2876 Product type: Workstation
16:54:51.0133 2876 ComputerName: DUKE-PC
16:54:51.0133 2876 UserName: Duke
16:54:51.0133 2876 Windows directory: C:\Windows
16:54:51.0133 2876 System windows directory: C:\Windows
16:54:51.0133 2876 Processor architecture: Intel x86
16:54:51.0133 2876 Number of processors: 4
16:54:51.0133 2876 Page size: 0x1000
16:54:51.0133 2876 Boot type: Normal boot
16:54:51.0133 2876 ============================================================
16:54:52.0927 2876 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:54:53.0036 2876 Drive \Device\Harddisk1\DR3 - Size: 0x787FFE00 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:54:53.0036 2876 ============================================================
16:54:53.0036 2876 \Device\Harddisk0\DR0:
16:54:53.0052 2876 MBR partitions:
16:54:53.0052 2876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2487CD47
16:54:53.0052 2876 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2487CD86, BlocksNum 0xBB093B
16:54:53.0052 2876 \Device\Harddisk1\DR3:
16:54:53.0052 2876 MBR partitions:
16:54:53.0052 2876 \Device\Harddisk1\DR3\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3C3FC0
16:54:53.0052 2876 ============================================================
16:54:53.0083 2876 C: <-> \Device\Harddisk0\DR0\Partition1
16:54:53.0130 2876 D: <-> \Device\Harddisk0\DR0\Partition2
16:54:53.0130 2876 ============================================================
16:54:53.0130 2876 Initialize success
16:54:53.0130 2876 ============================================================
16:55:09.0557 3048 ============================================================
16:55:09.0557 3048 Scan started
16:55:09.0557 3048 Mode: Manual; TDLFS;
16:55:09.0557 3048 ============================================================
16:55:10.0274 3048 ================ Scan system memory ========================
16:55:10.0274 3048 System memory - ok
16:55:10.0274 3048 ================ Scan services =============================
16:55:10.0430 3048 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:55:10.0430 3048 ACPI - ok
16:55:10.0571 3048 [ 047BD1EB681453A7FE492A71802AC9F3 ] AdobeActiveFileMonitor10.0 C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
16:55:10.0571 3048 AdobeActiveFileMonitor10.0 - ok
16:55:10.0664 3048 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:55:10.0695 3048 AdobeARMservice - ok
16:55:10.0758 3048 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:55:10.0758 3048 AdobeFlashPlayerUpdateSvc - ok
16:55:10.0867 3048 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:55:10.0914 3048 adp94xx - ok
16:55:10.0992 3048 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:55:11.0054 3048 adpahci - ok
16:55:11.0070 3048 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:55:11.0070 3048 adpu160m - ok
16:55:11.0085 3048 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:55:11.0085 3048 adpu320 - ok
16:55:11.0117 3048 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:55:11.0117 3048 AeLookupSvc - ok
16:55:11.0195 3048 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
16:55:11.0195 3048 AFD - ok
16:55:11.0226 3048 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:55:11.0226 3048 agp440 - ok
16:55:11.0241 3048 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:55:11.0241 3048 aic78xx - ok
16:55:11.0351 3048 [ C86D177967D27C80E466D4ED95C26DB9 ] AlertService C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
16:55:11.0429 3048 AlertService - ok
16:55:11.0444 3048 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
16:55:11.0444 3048 ALG - ok
16:55:11.0460 3048 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
16:55:11.0475 3048 aliide - ok
16:55:11.0507 3048 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:55:11.0522 3048 amdagp - ok
16:55:11.0553 3048 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
16:55:11.0553 3048 amdide - ok
16:55:11.0569 3048 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:55:11.0569 3048 AmdK7 - ok
16:55:11.0600 3048 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:55:11.0600 3048 AmdK8 - ok
16:55:11.0647 3048 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
16:55:11.0647 3048 Appinfo - ok
16:55:11.0741 3048 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:55:11.0756 3048 Apple Mobile Device - ok
16:55:11.0787 3048 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
16:55:11.0819 3048 arc - ok
16:55:11.0850 3048 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:55:11.0865 3048 arcsas - ok
16:55:11.0897 3048 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:55:11.0912 3048 AsyncMac - ok
16:55:11.0959 3048 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
16:55:11.0959 3048 atapi - ok
16:55:12.0006 3048 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:55:12.0021 3048 AudioEndpointBuilder - ok
16:55:12.0037 3048 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:55:12.0037 3048 Audiosrv - ok
16:55:12.0099 3048 [ EA2D28BBE98256654397CD1F6EAEBDD8 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
16:55:12.0209 3048 Autodesk Licensing Service - ok
16:55:12.0302 3048 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
16:55:12.0302 3048 BBSvc - ok
16:55:12.0318 3048 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
16:55:12.0318 3048 BBUpdate - ok
16:55:12.0349 3048 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
16:55:12.0349 3048 Beep - ok
16:55:12.0380 3048 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
16:55:12.0396 3048 BFE - ok
16:55:12.0411 3048 blbdrive - ok
16:55:12.0474 3048 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:55:12.0489 3048 Bonjour Service - ok
16:55:12.0552 3048 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:55:12.0552 3048 bowser - ok
16:55:12.0567 3048 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:55:12.0567 3048 BrFiltLo - ok
16:55:12.0583 3048 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:55:12.0583 3048 BrFiltUp - ok
16:55:12.0614 3048 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
16:55:12.0614 3048 Browser - ok
16:55:12.0630 3048 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:55:12.0630 3048 Brserid - ok
16:55:12.0645 3048 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:55:12.0645 3048 BrSerWdm - ok
16:55:12.0677 3048 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:55:12.0677 3048 BrUsbMdm - ok
16:55:12.0677 3048 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:55:12.0677 3048 BrUsbSer - ok
16:55:12.0692 3048 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:55:12.0708 3048 BTHMODEM - ok
16:55:12.0786 3048 catchme - ok
16:55:12.0801 3048 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:55:12.0801 3048 cdfs - ok
16:55:12.0833 3048 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:55:12.0833 3048 cdrom - ok
16:55:12.0864 3048 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
16:55:12.0864 3048 CertPropSvc - ok
16:55:12.0926 3048 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
16:55:12.0926 3048 circlass - ok
16:55:12.0973 3048 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
16:55:12.0973 3048 CLFS - ok
16:55:13.0113 3048 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:55:13.0176 3048 clr_optimization_v2.0.50727_32 - ok
16:55:13.0223 3048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:55:13.0223 3048 clr_optimization_v4.0.30319_32 - ok
16:55:13.0238 3048 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:55:13.0254 3048 cmdide - ok
16:55:13.0285 3048 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:55:13.0285 3048 Compbatt - ok
16:55:13.0285 3048 COMSysApp - ok
16:55:13.0301 3048 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:55:13.0301 3048 crcdisk - ok
16:55:13.0316 3048 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:55:13.0316 3048 Crusoe - ok
16:55:13.0363 3048 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:55:13.0363 3048 CryptSvc - ok
16:55:13.0410 3048 [ B41CB3AA2E0AAE024B4FB316FE440BE4 ] DasBoot C:\Windows\system32\drivers\DasBoot.SYS
16:55:13.0410 3048 DasBoot - ok
16:55:13.0441 3048 [ 998242A4EDE6992396A90585CC121F2C ] DasBootF C:\Windows\system32\drivers\DasBootF.SYS
16:55:13.0457 3048 DasBootF - ok
16:55:13.0488 3048 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:55:13.0503 3048 DcomLaunch - ok
16:55:13.0566 3048 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:55:13.0566 3048 DfsC - ok
16:55:13.0628 3048 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
16:55:13.0644 3048 DFSR - ok
16:55:13.0769 3048 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:55:13.0784 3048 Dhcp - ok
16:55:13.0831 3048 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
16:55:13.0831 3048 disk - ok
16:55:13.0893 3048 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:55:13.0893 3048 Dnscache - ok
16:55:14.0003 3048 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:55:14.0003 3048 dot3svc - ok
16:55:14.0081 3048 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
16:55:14.0081 3048 Dot4 - ok
16:55:14.0112 3048 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:55:14.0112 3048 Dot4Print - ok
16:55:14.0127 3048 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
16:55:14.0127 3048 dot4usb - ok
16:55:14.0174 3048 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
16:55:14.0174 3048 DPS - ok
16:55:14.0361 3048 [ A0B584C33F55545D56F9E71FB4E203AC ] DQLWinService C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
16:55:14.0408 3048 DQLWinService - ok
16:55:14.0439 3048 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:55:14.0439 3048 drmkaud - ok
16:55:14.0471 3048 [ 2291E476E6F80E8287E6C7372B793C17 ] DTSRVC C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
16:55:14.0861 3048 DTSRVC - ok
16:55:14.0923 3048 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:55:14.0923 3048 DXGKrnl - ok
16:55:14.0970 3048 [ 88B16142B40CC080A2D86AE769A30396 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
16:55:14.0970 3048 e1express - ok
16:55:15.0001 3048 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:55:15.0001 3048 E1G60 - ok
16:55:15.0063 3048 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
16:55:15.0063 3048 EapHost - ok
16:55:15.0079 3048 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
16:55:15.0095 3048 Ecache - ok
16:55:15.0141 3048 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:55:15.0141 3048 ehRecvr - ok
16:55:15.0173 3048 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
16:55:15.0173 3048 ehSched - ok
16:55:15.0188 3048 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
16:55:15.0188 3048 ehstart - ok
16:55:15.0219 3048 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:55:15.0219 3048 elxstor - ok
16:55:15.0266 3048 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:55:15.0282 3048 EMDMgmt - ok
16:55:15.0313 3048 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
16:55:15.0313 3048 EventSystem - ok
16:55:15.0344 3048 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
16:55:15.0344 3048 exfat - ok
16:55:15.0375 3048 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:55:15.0375 3048 fastfat - ok
16:55:15.0391 3048 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:55:15.0391 3048 fdc - ok
16:55:15.0407 3048 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
16:55:15.0407 3048 fdPHost - ok
16:55:15.0438 3048 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
16:55:15.0438 3048 FDResPub - ok
16:55:15.0485 3048 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:55:15.0500 3048 FileInfo - ok
16:55:15.0531 3048 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:55:15.0531 3048 Filetrace - ok
16:55:15.0547 3048 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:55:15.0563 3048 flpydisk - ok
16:55:15.0687 3048 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:55:15.0687 3048 FltMgr - ok
16:55:15.0797 3048 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
16:55:15.0797 3048 FontCache - ok
16:55:15.0937 3048 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:55:15.0937 3048 FontCache3.0.0.0 - ok
16:55:15.0984 3048 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:55:15.0984 3048 Fs_Rec - ok
16:55:15.0999 3048 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:55:15.0999 3048 gagp30kx - ok
16:55:16.0031 3048 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
16:55:16.0031 3048 GEARAspiWDM - ok
16:55:16.0077 3048 [ 8C1C9637CE899404C6D0D761F67CEF9B ] Golf Server c:\golf\server\golf_srv.exe
16:55:16.0077 3048 Golf Server - ok
16:55:16.0187 3048 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
16:55:16.0187 3048 gpsvc - ok
16:55:16.0265 3048 [ D956358054E99E6FFAC69CD87E893A89 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
16:55:16.0296 3048 grmnusb - ok
16:55:16.0358 3048 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:55:16.0358 3048 HdAudAddService - ok
16:55:16.0405 3048 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:55:16.0421 3048 HDAudBus - ok
16:55:16.0436 3048 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:55:16.0436 3048 HidBth - ok
16:55:16.0452 3048 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:55:16.0452 3048 HidIr - ok
16:55:16.0483 3048 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
16:55:16.0483 3048 hidserv - ok
16:55:16.0514 3048 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:55:16.0514 3048 HidUsb - ok
16:55:16.0561 3048 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:55:16.0561 3048 hkmsvc - ok
16:55:16.0639 3048 [ 89F9E1984C1CD9E5F4FE39642D886E11 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
16:55:16.0639 3048 HP Health Check Service - ok
16:55:16.0655 3048 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:55:16.0655 3048 HpCISSs - ok
16:55:16.0811 3048 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:55:16.0811 3048 hpqcxs08 - ok
16:55:16.0826 3048 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:55:16.0935 3048 hpqddsvc - ok
16:55:16.0998 3048 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
16:55:17.0013 3048 HPSLPSVC - ok
16:55:17.0060 3048 [ 88749FBF8BEB18C90E7D6626C8C1910B ] HSF_DP C:\Windows\system32\DRIVERS\HSX_DP.sys
16:55:17.0076 3048 HSF_DP - ok
16:55:17.0091 3048 [ FE440536BD98AF772130DC3A6FE1915F ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys
16:55:17.0107 3048 HSXHWBS2 - ok
16:55:17.0138 3048 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:55:17.0138 3048 HTTP - ok
16:55:17.0169 3048 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:55:17.0169 3048 i2omp - ok
16:55:17.0201 3048 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:55:17.0201 3048 i8042prt - ok
16:55:17.0216 3048 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:55:17.0232 3048 iaStorV - ok
16:55:17.0294 3048 [ 6F95324909B502E2651442C1548AB12F ] IDriverT c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:55:17.0325 3048 IDriverT - ok
16:55:17.0419 3048 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:55:17.0450 3048 idsvc - ok
16:55:17.0497 3048 [ 074C20F1BD3170CE34FF02C1E2424805 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:55:17.0544 3048 igfx - ok
16:55:17.0591 3048 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:55:17.0591 3048 iirsp - ok
16:55:17.0622 3048 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
16:55:17.0622 3048 IKEEXT - ok
16:55:17.0700 3048 [ 3914EA9111DBEFFAF1C68200817768AD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:55:17.0762 3048 IntcAzAudAddService - ok
16:55:17.0809 3048 [ CE5AF42679DD85947D2D287594F22CE0 ] IntelDHSvcConf C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
16:55:17.0809 3048 IntelDHSvcConf - ok
16:55:17.0840 3048 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
16:55:17.0840 3048 intelide - ok
16:55:17.0856 3048 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:55:17.0856 3048 intelppm - ok
16:55:17.0887 3048 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:55:17.0887 3048 IPBusEnum - ok
16:55:17.0918 3048 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:55:17.0918 3048 IpFilterDriver - ok
16:55:17.0965 3048 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:55:17.0965 3048 iphlpsvc - ok
16:55:17.0965 3048 IpInIp - ok
16:55:17.0996 3048 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:55:17.0996 3048 IPMIDRV - ok
16:55:18.0027 3048 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:55:18.0043 3048 IPNAT - ok
16:55:18.0090 3048 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:55:18.0090 3048 iPod Service - ok
16:55:18.0121 3048 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:55:18.0121 3048 IRENUM - ok
16:55:18.0137 3048 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:55:18.0137 3048 isapnp - ok
16:55:18.0168 3048 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:55:18.0168 3048 iScsiPrt - ok
16:55:18.0199 3048 [ E29BA28F76C5A703E7F30F74CF36DF22 ] ISSM C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
16:55:18.0199 3048 ISSM - ok
16:55:18.0215 3048 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:55:18.0215 3048 iteatapi - ok
16:55:18.0230 3048 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:55:18.0230 3048 iteraid - ok
16:55:18.0261 3048 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:55:18.0261 3048 kbdclass - ok
16:55:18.0293 3048 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:55:18.0293 3048 kbdhid - ok
16:55:18.0308 3048 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
16:55:18.0308 3048 KeyIso - ok
16:55:18.0355 3048 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:55:18.0371 3048 KSecDD - ok
16:55:18.0402 3048 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:55:18.0402 3048 KtmRm - ok
16:55:18.0417 3048 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
16:55:18.0417 3048 LanmanServer - ok
16:55:18.0464 3048 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:55:18.0464 3048 LanmanWorkstation - ok
16:55:18.0511 3048 [ F34B35F6F74E28A460749DA11D1117F8 ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:55:18.0511 3048 LightScribeService - ok
16:55:18.0542 3048 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:55:18.0542 3048 lltdio - ok
16:55:18.0589 3048 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:55:18.0589 3048 lltdsvc - ok
16:55:18.0636 3048 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:55:18.0636 3048 lmhosts - ok
16:55:18.0667 3048 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:55:18.0667 3048 LSI_FC - ok
16:55:18.0683 3048 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:55:18.0683 3048 LSI_SAS - ok
16:55:18.0698 3048 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:55:18.0698 3048 LSI_SCSI - ok
16:55:18.0745 3048 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
16:55:18.0745 3048 luafv - ok
16:55:18.0776 3048 [ 0FBFD5FEE67D7C1851770F07F439012A ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
16:55:18.0776 3048 LVRS - ok
16:55:18.0932 3048 [ D286215F0BBBE75F726B49261C63152D ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
16:55:19.0026 3048 LVUVC - ok
16:55:19.0073 3048 [ 7B073FD0133346D0E555353F164057D7 ] M1 Server C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
16:55:19.0088 3048 M1 Server - ok
16:55:19.0166 3048 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:55:19.0166 3048 MBAMProtector - ok
16:55:19.0260 3048 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:55:19.0260 3048 MBAMService - ok
16:55:19.0322 3048 [ 7BBA15CA5A2AA4E50C7CBFB78D11DB25 ] MCLServiceATL C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
16:55:19.0400 3048 MCLServiceATL - ok
16:55:19.0416 3048 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:55:19.0416 3048 Mcx2Svc - ok
16:55:19.0463 3048 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:55:19.0463 3048 mdmxsdk - ok
16:55:19.0478 3048 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
16:55:19.0478 3048 megasas - ok
16:55:19.0572 3048 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:55:19.0572 3048 Microsoft Office Groove Audit Service - ok
16:55:19.0587 3048 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
16:55:19.0587 3048 MMCSS - ok
16:55:19.0619 3048 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
16:55:19.0619 3048 Modem - ok
16:55:19.0634 3048 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:55:19.0634 3048 monitor - ok
16:55:19.0650 3048 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:55:19.0650 3048 mouclass - ok
16:55:19.0665 3048 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:55:19.0665 3048 mouhid - ok
16:55:19.0697 3048 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:55:19.0697 3048 MountMgr - ok
16:55:19.0743 3048 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:55:19.0743 3048 MozillaMaintenance - ok
16:55:19.0775 3048 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:55:19.0790 3048 MpFilter - ok
16:55:19.0821 3048 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
16:55:19.0821 3048 mpio - ok
16:55:19.0993 3048 [ A69630D039C38018689190234F866D77 ] MpKslef629c36 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{481FEB12-1E28-4CC5-96B5-02B1B2935599}\MpKslef629c36.sys
16:55:19.0993 3048 MpKslef629c36 - ok
16:55:20.0024 3048 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:55:20.0024 3048 mpsdrv - ok
16:55:20.0087 3048 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
16:55:20.0087 3048 MpsSvc - ok
16:55:20.0102 3048 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:55:20.0118 3048 Mraid35x - ok
16:55:20.0133 3048 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:55:20.0133 3048 MRxDAV - ok
16:55:20.0196 3048 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:55:20.0196 3048 mrxsmb - ok
16:55:20.0258 3048 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:55:20.0258 3048 mrxsmb10 - ok
16:55:20.0274 3048 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:55:20.0274 3048 mrxsmb20 - ok
16:55:20.0289 3048 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
16:55:20.0289 3048 msahci - ok
16:55:20.0305 3048 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:55:20.0305 3048 msdsm - ok
16:55:20.0352 3048 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
16:55:20.0352 3048 MSDTC - ok
16:55:20.0383 3048 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:55:20.0383 3048 Msfs - ok
16:55:20.0399 3048 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:55:20.0414 3048 msisadrv - ok
16:55:20.0430 3048 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:55:20.0430 3048 MSiSCSI - ok
16:55:20.0430 3048 msiserver - ok
16:55:20.0461 3048 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:55:20.0461 3048 MSKSSRV - ok
16:55:20.0539 3048 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:55:20.0539 3048 MsMpSvc - ok
16:55:20.0570 3048 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:55:20.0570 3048 MSPCLOCK - ok
16:55:20.0586 3048 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:55:20.0586 3048 MSPQM - ok
16:55:20.0617 3048 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:55:20.0617 3048 MsRPC - ok
16:55:20.0617 3048 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:55:20.0617 3048 mssmbios - ok
16:55:20.0648 3048 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:55:20.0648 3048 MSTEE - ok
16:55:20.0664 3048 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
16:55:20.0664 3048 Mup - ok
16:55:20.0695 3048 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
16:55:20.0695 3048 napagent - ok
16:55:20.0757 3048 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:55:20.0757 3048 NativeWifiP - ok
16:55:20.0804 3048 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:55:20.0804 3048 NDIS - ok
16:55:20.0835 3048 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:55:20.0835 3048 NdisTapi - ok
16:55:20.0867 3048 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:55:20.0867 3048 Ndisuio - ok
16:55:20.0882 3048 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:55:20.0898 3048 NdisWan - ok
16:55:20.0929 3048 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:55:20.0929 3048 NDProxy - ok
16:55:20.0976 3048 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:55:20.0976 3048 Net Driver HPZ12 - ok
16:55:20.0991 3048 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:55:20.0991 3048 NetBIOS - ok
16:55:21.0023 3048 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:55:21.0023 3048 netbt - ok
16:55:21.0023 3048 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
16:55:21.0023 3048 Netlogon - ok
16:55:21.0069 3048 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
16:55:21.0085 3048 Netman - ok
16:55:21.0116 3048 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
16:55:21.0116 3048 netprofm - ok
16:55:21.0163 3048 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:55:21.0163 3048 NetTcpPortSharing - ok
16:55:21.0194 3048 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:55:21.0194 3048 nfrd960 - ok
16:55:21.0225 3048 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:55:21.0225 3048 NisDrv - ok
16:55:21.0257 3048 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
16:55:21.0257 3048 NisSrv - ok
16:55:21.0288 3048 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:55:21.0288 3048 NlaSvc - ok
16:55:21.0319 3048 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:55:21.0319 3048 Npfs - ok
16:55:21.0397 3048 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
16:55:21.0397 3048 nsi - ok
16:55:21.0428 3048 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:55:21.0428 3048 nsiproxy - ok
16:55:21.0475 3048 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:55:21.0506 3048 Ntfs - ok
16:55:21.0537 3048 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:55:21.0537 3048 ntrigdigi - ok
16:55:21.0569 3048 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
16:55:21.0569 3048 Null - ok
16:55:21.0849 3048 [ AFB33A823AABC112FC7BD62AFBCDB0CD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:55:22.0052 3048 nvlddmkm - ok
16:55:22.0099 3048 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:55:22.0099 3048 nvraid - ok
16:55:22.0115 3048 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:55:22.0115 3048 nvstor - ok
16:55:22.0161 3048 [ 782945716AD010AC3D41758E8E52C735 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:55:22.0177 3048 nvsvc - ok
16:55:22.0224 3048 [ A974E5C310B9B00894070CEB055D467F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:55:22.0239 3048 nvUpdatusService - ok
16:55:22.0271 3048 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:55:22.0271 3048 nv_agp - ok
16:55:22.0271 3048 NwlnkFlt - ok
16:55:22.0286 3048 NwlnkFwd - ok
16:55:22.0349 3048 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:55:22.0349 3048 odserv - ok
16:55:22.0380 3048 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:55:22.0380 3048 ohci1394 - ok
16:55:22.0411 3048 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:55:22.0411 3048 ose - ok
16:55:22.0442 3048 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:55:22.0442 3048 p2pimsvc - ok
16:55:22.0458 3048 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
16:55:22.0473 3048 p2psvc - ok
16:55:22.0489 3048 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
16:55:22.0489 3048 Parport - ok
16:55:22.0536 3048 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:55:22.0536 3048 partmgr - ok
16:55:22.0567 3048 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:55:22.0567 3048 Parvdm - ok
16:55:22.0614 3048 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
16:55:22.0614 3048 PcaSvc - ok
16:55:22.0645 3048 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
16:55:22.0645 3048 pci - ok
16:55:22.0661 3048 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
16:55:22.0661 3048 pciide - ok
16:55:22.0707 3048 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:55:22.0707 3048 pcmcia - ok
16:55:22.0739 3048 [ 18ED1D71FEF6F71D38C24263500BBD01 ] PdiPorts C:\Windows\system32\Drivers\PdiPorts.sys
16:55:22.0739 3048 PdiPorts - ok
16:55:22.0770 3048 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:55:22.0785 3048 PEAUTH - ok
16:55:22.0863 3048 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
16:55:22.0879 3048 pla - ok
16:55:22.0910 3048 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:55:22.0910 3048 PlugPlay - ok
16:55:22.0973 3048 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:55:22.0973 3048 Pml Driver HPZ12 - ok
16:55:23.0004 3048 [ 19E83B09AB8EE1D837665DA941E2AC44 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
16:55:23.0004 3048 PnkBstrA - ok
16:55:23.0019 3048 [ F6EC173DB2F348F5379BE8E7E980697A ] PnkBstrB C:\Windows\system32\PnkBstrB.exe
16:55:23.0019 3048 PnkBstrB - ok
16:55:23.0051 3048 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:55:23.0051 3048 PNRPAutoReg - ok
16:55:23.0066 3048 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:55:23.0082 3048 PNRPsvc - ok
16:55:23.0097 3048 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:55:23.0097 3048 PolicyAgent - ok
16:55:23.0129 3048 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:55:23.0129 3048 PptpMiniport - ok
16:55:23.0160 3048 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
16:55:23.0160 3048 Processor - ok
16:55:23.0191 3048 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
16:55:23.0191 3048 ProfSvc - ok
16:55:23.0191 3048 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:55:23.0207 3048 ProtectedStorage - ok
16:55:23.0222 3048 [ 390C204CED3785609AB24E9C52054A84 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
16:55:23.0222 3048 Ps2 - ok
16:55:23.0253 3048 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:55:23.0269 3048 PSched - ok
16:55:23.0285 3048 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
16:55:23.0331 3048 PSI_SVC_2 - ok
16:55:23.0378 3048 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
16:55:23.0378 3048 PxHelp20 - ok
16:55:23.0409 3048 [ B607F201293E884F36F9A2AC2C960853 ] QCMerced C:\Windows\system32\DRIVERS\LVCM.sys
16:55:23.0409 3048 QCMerced - ok
16:55:23.0456 3048 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:55:23.0487 3048 ql2300 - ok
16:55:23.0503 3048 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:55:23.0503 3048 ql40xx - ok
16:55:23.0550 3048 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
16:55:23.0550 3048 QWAVE - ok
16:55:23.0581 3048 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:55:23.0581 3048 QWAVEdrv - ok
16:55:23.0612 3048 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:55:23.0612 3048 RasAcd - ok
16:55:23.0643 3048 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
16:55:23.0643 3048 RasAuto - ok
16:55:23.0675 3048 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:55:23.0675 3048 Rasl2tp - ok
16:55:23.0706 3048 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
16:55:23.0706 3048 RasMan - ok
16:55:23.0737 3048 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:55:23.0737 3048 RasPppoe - ok
16:55:23.0768 3048 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:55:23.0768 3048 RasSstp - ok
16:55:23.0815 3048 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:55:23.0815 3048 rdbss - ok
16:55:23.0846 3048 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:55:23.0846 3048 RDPCDD - ok
16:55:23.0893 3048 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:55:23.0893 3048 rdpdr - ok
16:55:23.0893 3048 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:55:23.0893 3048 RDPENCDD - ok
16:55:23.0940 3048 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:55:23.0940 3048 RDPWD - ok
16:55:23.0971 3048 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
16:55:23.0971 3048 regi - ok
16:55:24.0018 3048 [ 752402F6BD5FA012805813C329F88DD3 ] Remote UI Service C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
16:55:24.0080 3048 Remote UI Service - ok
16:55:24.0127 3048 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:55:24.0127 3048 RemoteAccess - ok
16:55:24.0158 3048 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:55:24.0158 3048 RemoteRegistry - ok
16:55:24.0252 3048 [ 2DAC86F10C42B55F2511F14CBCEE7284 ] RoxMediaDB9 c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
16:55:24.0267 3048 RoxMediaDB9 - ok
16:55:24.0299 3048 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
16:55:24.0299 3048 RpcLocator - ok
16:55:24.0345 3048 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
16:55:24.0345 3048 RpcSs - ok
16:55:24.0377 3048 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:55:24.0377 3048 rspndr - ok
16:55:24.0392 3048 [ 52532A4CA8B251775DECC87C4813ABFB ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
16:55:24.0392 3048 RTSTOR - ok
16:55:24.0392 3048 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
16:55:24.0392 3048 SamSs - ok
16:55:24.0439 3048 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:55:24.0439 3048 sbp2port - ok
16:55:24.0486 3048 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:55:24.0486 3048 SCardSvr - ok
16:55:24.0517 3048 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
16:55:24.0533 3048 Schedule - ok
16:55:24.0564 3048 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:55:24.0564 3048 SCPolicySvc - ok
16:55:24.0579 3048 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:55:24.0595 3048 SDRSVC - ok
16:55:24.0595 3048 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:55:24.0595 3048 secdrv - ok
16:55:24.0642 3048 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
16:55:24.0642 3048 seclogon - ok
16:55:24.0657 3048 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
16:55:24.0657 3048 SENS - ok
16:55:24.0689 3048 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:55:24.0689 3048 Serenum - ok
16:55:24.0689 3048 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
16:55:24.0704 3048 Serial - ok
16:55:24.0735 3048 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:55:24.0735 3048 sermouse - ok
16:55:24.0798 3048 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:55:24.0798 3048 SessionEnv - ok
16:55:24.0798 3048 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:55:24.0798 3048 sffdisk - ok
16:55:24.0813 3048 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:55:24.0813 3048 sffp_mmc - ok
16:55:24.0829 3048 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:55:24.0845 3048 sffp_sd - ok
16:55:24.0860 3048 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:55:24.0860 3048 sfloppy - ok
16:55:24.0923 3048 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:55:24.0923 3048 SharedAccess - ok
16:55:24.0969 3048 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:55:24.0985 3048 ShellHWDetection - ok
16:55:25.0079 3048 SirefefRemover - ok
16:55:25.0110 3048 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:55:25.0110 3048 sisagp - ok
16:55:25.0125 3048 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:55:25.0125 3048 SiSRaid2 - ok
16:55:25.0141 3048 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:55:25.0141 3048 SiSRaid4 - ok
16:55:25.0235 3048 [ C70AEBD3608ED9FCEA2A1BAE83567FFC ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:55:25.0235 3048 SkypeUpdate - ok
16:55:25.0328 3048 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
16:55:25.0437 3048 slsvc - ok
16:55:25.0469 3048 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:55:25.0469 3048 SLUINotify - ok
16:55:25.0500 3048 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:55:25.0500 3048 Smb - ok
16:55:25.0515 3048 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:55:25.0531 3048 SNMPTRAP - ok
16:55:25.0547 3048 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
16:55:25.0547 3048 spldr - ok
16:55:25.0578 3048 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
16:55:25.0578 3048 Spooler - ok
16:55:25.0625 3048 [ 0C1DAD75274CB6E31F053CE3E08BF9C3 ] sptd C:\Windows\system32\Drivers\sptd.sys
16:55:25.0625 3048 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 0C1DAD75274CB6E31F053CE3E08BF9C3
16:55:25.0640 3048 sptd ( LockedFile.Multi.Generic ) - warning
16:55:25.0640 3048 sptd - detected LockedFile.Multi.Generic (1)
16:55:25.0703 3048 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:55:25.0703 3048 srv - ok
16:55:25.0765 3048 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:55:25.0765 3048 srv2 - ok
16:55:25.0781 3048 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:55:25.0781 3048 srvnet - ok
16:55:25.0796 3048 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:55:25.0812 3048 SSDPSRV - ok
16:55:25.0827 3048 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:55:25.0827 3048 SstpSvc - ok
16:55:25.0905 3048 [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
16:55:25.0952 3048 StarWindServiceAE - ok
16:55:26.0061 3048 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:55:26.0061 3048 Stereo Service - ok
16:55:26.0108 3048 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
16:55:26.0108 3048 StillCam - ok
16:55:26.0139 3048 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
16:55:26.0155 3048 stisvc - ok
16:55:26.0186 3048 [ E5FF667E416DAC99BFF16B626234A379 ] stllssvr c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
16:55:26.0217 3048 stllssvr - ok
16:55:26.0217 3048 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:55:26.0217 3048 swenum - ok
16:55:26.0264 3048 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
16:55:26.0264 3048 swprv - ok
16:55:26.0295 3048 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:55:26.0295 3048 Symc8xx - ok
16:55:26.0311 3048 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:55:26.0311 3048 Sym_hi - ok
16:55:26.0327 3048 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:55:26.0342 3048 Sym_u3 - ok
16:55:26.0389 3048 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
16:55:26.0420 3048 SysMain - ok
16:55:26.0514 3048 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:55:26.0545 3048 TabletInputService - ok
16:55:26.0607 3048 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:55:26.0607 3048 TapiSrv - ok
16:55:26.0701 3048 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
16:55:26.0701 3048 TBS - ok
16:55:26.0779 3048 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:55:26.0779 3048 Tcpip - ok
16:55:26.0810 3048 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:55:26.0826 3048 Tcpip6 - ok
16:55:26.0888 3048 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:55:26.0888 3048 tcpipreg - ok
16:55:26.0935 3048 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:55:26.0935 3048 TDPIPE - ok
16:55:26.0982 3048 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:55:26.0982 3048 TDTCP - ok
16:55:27.0029 3048 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:55:27.0029 3048 tdx - ok
16:55:27.0044 3048 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:55:27.0044 3048 TermDD - ok
16:55:27.0075 3048 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
16:55:27.0075 3048 TermService - ok
16:55:27.0107 3048 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
16:55:27.0107 3048 Themes - ok
16:55:27.0107 3048 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:55:27.0107 3048 THREADORDER - ok
16:55:27.0138 3048 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
16:55:27.0138 3048 TrkWks - ok
16:55:27.0216 3048 [ 113384367C3999E084FE156B18C7625E ] TrojanKillerDriver C:\Windows\system32\DRIVERS\gtkdrv.sys
16:55:27.0216 3048 TrojanKillerDriver - ok
16:55:27.0247 3048 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:55:27.0263 3048 TrustedInstaller - ok
16:55:27.0278 3048 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:55:27.0278 3048 tssecsrv - ok
16:55:27.0309 3048 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:55:27.0325 3048 tunmp - ok
16:55:27.0356 3048 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:55:27.0356 3048 tunnel - ok
16:55:27.0403 3048 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:55:27.0403 3048 uagp35 - ok
16:55:27.0450 3048 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:55:27.0450 3048 udfs - ok
16:55:27.0481 3048 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:55:27.0481 3048 UI0Detect - ok
16:55:27.0512 3048 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:55:27.0512 3048 uliagpkx - ok
16:55:27.0543 3048 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:55:27.0543 3048 uliahci - ok
16:55:27.0559 3048 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:55:27.0559 3048 UlSata - ok
16:55:27.0590 3048 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:55:27.0590 3048 ulsata2 - ok
16:55:27.0621 3048 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:55:27.0621 3048 umbus - ok
16:55:27.0731 3048 [ AEBE8F338432F9DE5AE0CAE4D4BAED76 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
16:55:27.0731 3048 UMVPFSrv - ok
16:55:27.0762 3048 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
16:55:27.0762 3048 upnphost - ok
16:55:27.0809 3048 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
16:55:27.0809 3048 USBAAPL - ok
16:55:27.0855 3048 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:55:27.0855 3048 usbaudio - ok
16:55:27.0902 3048 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:55:27.0902 3048 usbccgp - ok
16:55:27.0933 3048 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:55:27.0933 3048 usbcir - ok
16:55:27.0949 3048 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:55:27.0949 3048 usbehci - ok
16:55:27.0980 3048 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:55:27.0980 3048 usbhub - ok
16:55:28.0011 3048 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:55:28.0011 3048 usbohci - ok
16:55:28.0058 3048 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:55:28.0058 3048 usbprint - ok
16:55:28.0089 3048 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:55:28.0089 3048 USBSTOR - ok
16:55:28.0121 3048 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:55:28.0121 3048 usbuhci - ok
16:55:28.0152 3048 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:55:28.0152 3048 usbvideo - ok
16:55:28.0183 3048 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
16:55:28.0199 3048 UxSms - ok
16:55:28.0261 3048 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
16:55:28.0277 3048 vds - ok
16:55:28.0277 3048 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:55:28.0277 3048 vga - ok
16:55:28.0308 3048 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
16:55:28.0308 3048 VgaSave - ok
16:55:28.0339 3048 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:55:28.0339 3048 viaagp - ok
16:55:28.0370 3048 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:55:28.0370 3048 ViaC7 - ok
16:55:28.0386 3048 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
16:55:28.0386 3048 viaide - ok
16:55:28.0417 3048 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:55:28.0417 3048 volmgr - ok
16:55:28.0433 3048 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:55:28.0433 3048 volmgrx - ok
16:55:28.0464 3048 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:55:28.0479 3048 volsnap - ok
16:55:28.0511 3048 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:55:28.0511 3048 vsmraid - ok
16:55:28.0573 3048 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
16:55:28.0573 3048 VSS - ok
16:55:28.0635 3048 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
16:55:28.0635 3048 W32Time - ok
16:55:28.0667 3048 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:55:28.0667 3048 WacomPen - ok
16:55:28.0713 3048 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:55:28.0713 3048 Wanarp - ok
16:55:28.0713 3048 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:55:28.0713 3048 Wanarpv6 - ok
16:55:28.0729 3048 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:55:28.0729 3048 wcncsvc - ok
16:55:28.0760 3048 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:55:28.0760 3048 WcsPlugInService - ok
16:55:28.0791 3048 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
16:55:28.0791 3048 Wd - ok
16:55:28.0838 3048 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:55:28.0838 3048 Wdf01000 - ok
16:55:28.0869 3048 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:55:28.0885 3048 WdiServiceHost - ok
16:55:28.0885 3048 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:55:28.0885 3048 WdiSystemHost - ok
16:55:28.0963 3048 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
16:55:28.0963 3048 WebClient - ok
16:55:28.0994 3048 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:55:28.0994 3048 Wecsvc - ok
16:55:29.0025 3048 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:55:29.0041 3048 wercplsupport - ok
16:55:29.0057 3048 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
16:55:29.0057 3048 WerSvc - ok
16:55:29.0088 3048 [ 72CC6A8CA7891031D6380DB5025C773C ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:55:29.0103 3048 winachsf - ok
16:55:29.0166 3048 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:55:29.0166 3048 WinDefend - ok
16:55:29.0166 3048 WinHttpAutoProxySvc - ok
16:55:29.0197 3048 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:55:29.0197 3048 Winmgmt - ok
16:55:29.0244 3048 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
16:55:29.0259 3048 WinRM - ok
16:55:29.0306 3048 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:55:29.0306 3048 Wlansvc - ok
16:55:29.0369 3048 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:55:29.0400 3048 wlidsvc - ok
16:55:29.0415 3048 [ 1ABFD1399436E81C9D857F5FC76EAF98 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
16:55:29.0415 3048 WmBEnum - ok
16:55:29.0447 3048 [ B3CFCBCC91FF61EF82FC693B8B57E7F0 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
16:55:29.0447 3048 WmFilter - ok
16:55:29.0478 3048 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:55:29.0493 3048 WmiAcpi - ok
16:55:29.0540 3048 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:55:29.0540 3048 wmiApSrv - ok
16:55:29.0587 3048 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:55:29.0603 3048 WMPNetworkSvc - ok
16:55:29.0649 3048 [ A40D2DD0F019423EF6C363F1295EB38D ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
16:55:29.0649 3048 WmVirHid - ok
16:55:29.0681 3048 [ 2BF505424F469155CD90D7B3301D7ADC ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
16:55:29.0681 3048 WmXlCore - ok
16:55:29.0696 3048 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:55:29.0696 3048 WPCSvc - ok
16:55:29.0743 3048 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:55:29.0743 3048 WPDBusEnum - ok
16:55:29.0774 3048 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:55:29.0774 3048 WpdUsb - ok
16:55:29.0883 3048 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:55:29.0883 3048 WPFFontCache_v0400 - ok
16:55:29.0915 3048 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:55:29.0915 3048 ws2ifsl - ok
16:55:29.0961 3048 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
16:55:29.0961 3048 wscsvc - ok
16:55:29.0993 3048 WSearch - ok
16:55:30.0086 3048 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:55:30.0102 3048 wuauserv - ok
16:55:30.0164 3048 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:55:30.0164 3048 WUDFRd - ok
16:55:30.0195 3048 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:55:30.0195 3048 wudfsvc - ok
16:55:30.0227 3048 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
16:55:30.0227 3048 XAudio - ok
16:55:30.0258 3048 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
16:55:30.0273 3048 XAudioService - ok
16:55:30.0273 3048 ================ Scan global ===============================
16:55:30.0351 3048 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:55:30.0414 3048 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:55:30.0429 3048 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:55:30.0507 3048 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:55:30.0507 3048 [Global] - ok
16:55:30.0507 3048 ================ Scan MBR ==================================
16:55:30.0554 3048 [ 8913823FF508CCF109DB74B636C301DA ] \Device\Harddisk0\DR0
16:55:31.0022 3048 \Device\Harddisk0\DR0 - ok
16:55:31.0038 3048 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR3
16:55:33.0596 3048 \Device\Harddisk1\DR3 - ok
16:55:33.0596 3048 ================ Scan VBR ==================================
16:55:33.0627 3048 [ 58FE173DC49F2EE0B8059601CD46FAB7 ] \Device\Harddisk0\DR0\Partition1
16:55:33.0627 3048 \Device\Harddisk0\DR0\Partition1 - ok
16:55:33.0627 3048 [ AAEDE257255A0DF750EC56D96C115F1A ] \Device\Harddisk0\DR0\Partition2
16:55:33.0627 3048 \Device\Harddisk0\DR0\Partition2 - ok
16:55:33.0627 3048 [ D3F0C3AFC9D3FDAF33761E41E89F1AD6 ] \Device\Harddisk1\DR3\Partition1
16:55:33.0627 3048 \Device\Harddisk1\DR3\Partition1 - ok
16:55:33.0643 3048 ============================================================
16:55:33.0643 3048 Scan finished
16:55:33.0643 3048 ============================================================
16:55:33.0674 2276 Detected object count: 1
16:55:33.0674 2276 Actual detected object count: 1
16:56:13.0704 2276 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:56:13.0704 2276 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:20 AM

Posted 08 September 2012 - 06:01 PM

Please run the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Fairholme

Fairholme
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 08 September 2012 - 10:59 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.08.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Duke :: DUKE-PC [administrator]

08/09/2012 5:21:28 PM
mbam-log-2012-09-08 (17-21-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256604
Time elapsed: 5 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe a variant of Win32/1AntiVirus application
C:\Program Files\Perfect Uninstaller\PU.exe a variant of Win32/PerfectUninstaller application
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\rb_ubm.exe Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
C:\Users\Duke\AppData\Local\{29993B2B-D477-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan
C:\Users\Duke\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe Win32/RegistryBooster application
C:\Users\Duke\Downloads\gtk2125-setup.exe a variant of Win32/1AntiVirus application
C:\Users\Duke\Downloads\gtk2130-setup.exe a variant of Win32/1AntiVirus application
C:\Users\Duke\Downloads\trojankiller-setup.exe a variant of Win32/1AntiVirus application
C:\Windows\System32\AscConTest.dll Win32/Adware.Ascentive application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\092NX4M9\firstload_com[1].htm HTML/ScrInject.B.Gen virus
C:\Windows\System32\DBBK\1049D48BD75DBA0BB9456B06CDB6FAD4 Win32/RegistryBooster application
C:\Windows\System32\DBBK\224E6A0A6DA49F06A98E1E4AD91646C8 a variant of Win32/1AntiVirus application
C:\Windows\System32\DBBK\482F15B80B67744BB0B35C2653BCF12E a variant of Win32/1AntiVirus application
C:\Windows\System32\DBBK\68BD15916EDFD537899CB6FFACB95C84 Win32/RegistryBooster application
C:\Windows\System32\DBBK\6DA023FB956F68F3D183358F3F514F03 a variant of Win32/1AntiVirus application
C:\Windows\System32\DBBK\70113922E50E91E288EC79EC24E0BEB6 a variant of Win32/PerfectUninstaller application
C:\Windows\System32\DBBK\E0AAEE2DFF03DD650292FE09BAA0CC33 a variant of Win32/1AntiVirus application
C:\Windows\System32\DBBK\EC7815D393C8021DBFAD69489971A2EC Win32/RegistryBooster application
Operating memory Win32/RegistryBooster application

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:20 AM

Posted 09 September 2012 - 07:37 AM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Users\Duke\AppData\Local\{29993B2B-D477-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul 
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\092NX4M9\firstload_com[1].htm 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Personally, I'd uninstall the Registry Booster, trojankiller and ascentive applications, those are not recommended to use.


NEXT


  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT


Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Fairholme

Fairholme
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 09 September 2012 - 08:51 AM

ComboFix 12-09-09.02 - Duke 09/09/2012 7:08.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3326.2152 [GMT -6:00]
Running from: c:\users\Duke\Desktop\ComboFix.exe
Command switches used :: c:\users\Duke\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Duke\AppData\Local\{29993B2B-D477-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul"
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\092NX4M9\firstload_com[1].htm"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\43FCA4695F.sys
c:\users\Duke\AppData\Local\{29993B2B-D477-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul
c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\092NX4M9\firstload_com[1].htm
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-09 13:23 . 2012-09-09 13:23 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{481FEB12-1E28-4CC5-96B5-02B1B2935599}\offreg.dll
2012-09-09 13:19 . 2012-09-09 13:22 -------- d-----w- c:\users\Duke\AppData\Local\temp
2012-09-09 13:19 . 2012-09-09 13:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-09 13:19 . 2012-09-09 13:19 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2012-09-09 13:19 . 2012-09-09 13:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-08 23:31 . 2012-09-08 23:31 -------- d-----w- c:\program files\ESET
2012-09-08 17:58 . 2012-09-08 17:58 -------- d-----w- C:\FRST
2012-09-08 14:23 . 2012-09-09 13:19 -------- d-----w- c:\windows\system32\DBBK
2012-09-08 14:23 . 2012-03-22 16:17 225664 ----a-w- c:\windows\system32\drivers\DasBootS.SYS
2012-09-08 14:23 . 2012-01-17 20:55 9096 ----a-w- c:\windows\system32\drivers\DasBootI.SYS
2012-09-08 14:23 . 2012-01-17 20:55 27528 ----a-w- c:\windows\system32\drivers\DasBootK.SYS
2012-09-08 14:23 . 2012-01-17 20:55 9096 ----a-w- c:\windows\system32\drivers\DasBootE.SYS
2012-09-08 14:23 . 2012-01-17 20:55 59272 ----a-w- c:\windows\system32\drivers\DasBootF.SYS
2012-09-08 14:23 . 2012-01-17 20:55 20744 ----a-w- c:\windows\system32\drivers\DasBoot.SYS
2012-09-08 14:23 . 2010-05-04 01:37 3072 ----a-w- c:\windows\system32\drivers\DasBootD.SYS
2012-09-08 13:40 . 2012-02-09 20:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2F76FBFB-350F-4265-8EFC-53824F894D92}\gapaengine.dll
2012-09-08 13:39 . 2012-08-28 07:50 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{481FEB12-1E28-4CC5-96B5-02B1B2935599}\mpengine.dll
2012-09-08 13:32 . 2012-09-08 13:32 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-08 04:36 . 2012-09-08 04:38 -------- d-----w- C:\10c6ee0dd54afaeda4
2012-09-08 04:02 . 2012-09-08 04:02 -------- d-----w- c:\users\Duke\AppData\Local\ElevatedDiagnostics
2012-08-13 02:07 . 2012-08-13 02:07 -------- d-----w- c:\programdata\Premium
2012-08-13 02:06 . 2012-08-13 02:07 -------- d-----w- c:\programdata\InstallMate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-09 04:07 . 2010-10-16 00:53 2516 --s-a-w- c:\programdata\KGyGaAvL.sys
2012-08-25 16:43 . 2012-04-03 00:38 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-25 16:43 . 2011-05-24 02:56 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 19:46 . 2011-11-06 20:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:40 . 2012-07-11 10:05 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-09-07 11:59 . 2012-09-07 11:59 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-29 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-29 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-29 138008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SirefefRemover]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Duke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Duke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Duke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Duke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Duke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\users\Duke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-06-16 22:43 499608 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-01-21 00:51 4608 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 02:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
2007-06-29 23:56 278528 ----a-w- c:\program files\Portrait Displays\HP My Display\dthtml.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 14:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 08:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 01:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 20:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 19:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-07-03 19:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 23:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 02:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryBooster]
2011-07-04 13:29 67456 ----a-w- c:\program files\Uniblue\RegistryBooster\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-10-25 11:52 4702208 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07 2260480 --s-a-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2008-06-10 10:27 54672 ----a-w- c:\windows\System32\jureg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 20:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:43]
.
2012-09-09 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-07-27 13:29]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 172.16.1.254
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\TurboTax 2011\ic2011pp.dll
DPF: Contains
DPF: DownloadInformation -
DPF: InstalledVersion
FF - ProfilePath - c:\users\Duke\AppData\Roaming\Mozilla\Firefox\Profiles\c74y2zu2.default\
FF - prefs.js: browser.startup.homepage - hxxp://ca.msn.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SirefefRemover]
"ImagePath"="\??\c:\users\Duke\AppData\Local\Temp\a0678d27.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3672857582-3476048060-904075781-1001\Software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_USERS\S-1-5-21-3672857582-3476048060-904075781-1001\Software\SecuROM\License information*]
"datasecu"=hex:ed,9e,58,15,f1,d6,8e,cf,1a,e7,90,6e,26,29,03,04,5a,7c,86,8c,c8,
62,ac,f8,0c,a1,98,b9,51,df,96,8a,a3,1d,13,7e,a4,ec,a0,d1,da,be,19,4b,87,38,\
"rkeysecu"=hex:75,2a,ee,29,51,fe,78,b3,7a,6f,9f,14,17,9c,51,92
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\Default_Monitor\4&33c8985e&0&UID16843008\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\Default_Monitor\4&33c8985e&0&UID16843008\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\Default_Monitor\5&3aeefc89&0&12345678&02&00\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\Default_Monitor\5&3aeefc89&0&12345678&02&00\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&0&UID2097425\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&0&UID2097425\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&0&UID273\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&0&UID273\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&0&UID33554705\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&0&UID33554705\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&1&UID2097424\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&1&UID2097424\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&1&UID2097425\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&1&UID2097425\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&1&UID33554705\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP26A7\5&3aeefc89&1&UID33554705\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP282B\5&3aeefc89&1&UID2097425\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\DISPLAY\HWP282B\5&3aeefc89&1&UID2097425\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-09-09 07:30:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-09 13:30
ComboFix2.txt 2012-09-08 20:04
.
Pre-Run: 125,898,219,520 bytes free
Post-Run: 125,900,697,600 bytes free
.
- - End Of File - - DB8C764505A713018E59500F34F0731E


MiniToolBox by Farbar Version: 23-07-2012
Ran by Duke (administrator) on 09-09-2012 at 07:45:27
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 7.1.8)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe AIR (Version: 3.1.0.4880)
Adobe Community Help (Version: 3.5.23)
Adobe Digital Editions
Adobe Download Assistant (Version: 1.0.6)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.4.402.265)
Adobe Photoshop Elements 10 (Version: 10.0)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
AutoCAD 2008 - English (Version: 17.1.51.0)
Autodesk DWF Viewer 7 (Version: 7.2.0)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 140.0.212.000)
C310 (Version: 140.0.304.000)
calibre (Version: 0.7.37)
CameraHelperMsi (Version: 13.40.836.0)
Canon DIGITAL CAMERA Solution Disk Software Guide (Version: 1.0.1.2)
Canon MOV Decoder (Version: 1.3.2.15)
Canon MOV Encoder (Version: 1.1.0.18)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.2.0.34)
Canon Personal Printing Guide (Version: 1.0.0.1)
Canon Utilities CameraWindow (Version: 7.3.0.4)
Canon Utilities CameraWindow DC (Version: 7.4.1.10)
Canon Utilities CameraWindow DC 8 (Version: 8.0.0.19)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.5.0.3)
Canon Utilities Digital Photo Professional 3.7 (Version: 3.7.0.1)
Canon Utilities MyCamera (Version: 7.3.0.5)
Canon Utilities MyCamera DC (Version: 7.2.1.6)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.8.0.1)
Canon Utilities ZoomBrowser EX (Version: 6.4.0.7)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.2.11)
Corel WinDVD 2010 (Version: 10.0.5.544)
CSI-Hard Evidence (Version: 1.00.000)
CSI - Deadly Intent (Version: 1.0.0.0)
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
D3DX10 (Version: 15.4.2368.0902)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
DHTML Editing Component (Version: 6.02.0001)
Digital Editions Converter (Version: 1.4.1)
Elements 10 Organizer (Version: 10.0)
Enhanced Multimedia Keyboard Solution
ePub DRM Removal (Version: 1.4.1)
erLT (Version: 1.20.138.34)
ESET Online Scanner v3
ffdshow [rev 610] [2006-12-01] (Version: 1.0)
GameSpy Comrade (Version: 1.6.8.166)
Garmin MapSource (Version: 6.16.3)
Garmin MetroGuide Canada v5 (Version: 5.0.0.0)
Garmin Trip and Waypoint Manager v3 (Version: 3.0.0.0)
Garmin USB Drivers (Version: 2.3.0.0)
Golden Tee Golf
GPBaseService2 (Version: 140.0.211.000)
GPS Map Manager
Granite (Version: 1.0.0.3)
Granite2 (Version: 2.3.1)
Halite (Version: 0.3.3)
Hardware Diagnostic Tools (Version: 5.00.4558.05)
HP Active Support Library (Version: 3.1.6.1)
HP Active Support Library 32 bit components (Version: 2.1.0)
HP Customer Experience Enhancements (Version: 5.2.0.2296)
HP Customer Feedback (Version: 1.0.0)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Easy Setup - Frontend (Version: 5.2.0.2304)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP My Display (Version: 1.30.003)
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photo Creations (Version: 1.0.0.2024)
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (Version: 14.0)
HP Picasso Media Center Add-In (Version: 1.0.0)
HP Print Diagnostic Utility (Version: 1.11.0001)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Total Care Advisor (Version: 1.2.13)
HP Update (Version: 5.003.001.001)
HPAppStudio (Version: 140.0.95.000)
HPAsset component for HP Active Support Library (Version: 3.0.0.7)
HPDiagnosticAlert (Version: 1.00.0000)
HPPhotoGadget (Version: 140.0.524.000)
HPProductAssistant (Version: 140.0.212.000)
HPSSupply (Version: 140.0.211.000)
Img2gps v2.81
Intel® Graphics Media Accelerator Driver
Intel® Network Connections Drivers
Intel® Viiv™ Software (Version: 1.6.361.6)
IrfanView (remove only)
IsoBuster 2.3 (Version: 2.3)
iTunes (Version: 10.6.3.25)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Kobo (Version: 1.7.5)
LightScribe 1.8.15.1 (Version: 1.8.15.1)
Logitech Gaming Software (Version: 4.60)
Logitech Webcam Software (Version: 2.40)
LWS Facebook (Version: 13.31.1038.0)
LWS Gallery (Version: 13.40.835.0)
LWS Help_main (Version: 13.40.845.0)
LWS Launcher (Version: 13.40.836.0)
LWS Motion Detection (Version: 13.40.844.0)
LWS Pictures And Video (Version: 13.40.844.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarketResearch (Version: 140.0.212.000)
Medal of Honor Airborne (Version: 1.0.1.0)
Medal of Honor Allied Assault
Medal of Honor Allied Assault™ Breakthrough
Medal of Honor Allied Assault™ Breakthrough Patch v2.40
Medal of Honor Allied Assault™ Spearhead Patch 2.15
Medal of Honor Pacific Assault™ (Version: 1.0)
Medal of Honor Pacific Assault™ Patch2 (Version: 1.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel Viewer 2003 (Version: 11.0.8173.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0818)
Mozilla Firefox 15.0 (x86 en-US) (Version: 15.0)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 6.0 (Version: 6.00.050)
My HP Games (Version: HPCMPQ1804)
Network (Version: 140.0.215.000)
NHL® 09 (Version: 2.0.1.0)
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)
NVIDIA 3D Vision Driver 301.42 (Version: 301.42)
NVIDIA Control Panel 301.42 (Version: 301.42)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Graphics Driver 301.42 (Version: 301.42)
NVIDIA Install Application (Version: 2.1002.75.420)
NVIDIA PhysX (Version: 9.12.0213)
NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0142)
NVIDIA Update 1.8.15 (Version: 1.8.15)
NVIDIA Update Components (Version: 1.8.15)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Origin (Version: 8.3.1.9)
Perfect Uninstaller v6.3.3.7
PhotoImpact X3 (Version: 13.0)
PS_AIO_07_C310_SW_Min (Version: 140.0.304.000)
PSE10 STI Installer (Version: 10.0)
PVSonyDll (Version: 1.00.0001)
Python 2.5 (Version: 2.5.150)
QuickTax 2007 (Version: 1.00.0000)
QuickTax 2008 (Version: 1.00.0000)
QuickTax 2009 (Version: 1.00.0000)
QuickTime (Version: 7.72.80.56)
QuickTransfer (Version: 140.0.98.000)
Realtek High Definition Audio Driver (Version: 6.0.1.5910)
Rhapsody
Rhapsody Player Engine (Version: 1.0.604)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.4.0)
Roxio Creator Basic v9 (Version: 3.4.0)
Roxio Creator Copy (Version: 3.4.0)
Roxio Creator Data (Version: 3.4.0)
Roxio Creator EasyArchive (Version: 3.4.0)
Roxio Creator Tools (Version: 3.4.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio MyDVD Basic v9 (Version: 9.0.572)
Scan (Version: 140.0.80.000)
SDK (Version: 1.33.004)
Segoe UI (Version: 15.4.2271.0615)
Shop for HP Supplies (Version: 14.0)
Skype Toolbars (Version: 5.0.4137)
Skype™ 5.9 (Version: 5.9.123)
SmartWebPrinting (Version: 140.0.186.000)
Snapfish Picture Mover (Version: 1.9.0.16)
Soft Data Fax Modem with SmartCP (Version: 7.74.00)
SolutionCenter (Version: 140.0.214.000)
Sony Picture Utility (Version: 2.0.06.15122)
Sony USB Driver (Version: 2.00)
Spybot - Search & Destroy (Version: 1.6.2)
Status (Version: 140.0.256.000)
Tiger Woods PGA TOUR® 12: The Masters (Version: 1.0.0.0)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.212.000)
TurboTax 2010 (Version: 1.00.0000)
TurboTax 2011 (Version: 1.00.0000)
Unity Web Player (Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VBA (2627.01) (Version: 6.03.00.9402)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.1.4 (Version: 1.1.4)
WarRock (Version: 2.2)
WeatherBug Gadget (Version: 1.0.0.6)
WebReg (Version: 140.0.212.017)
Windows 7 Upgrade Advisor (Version: 2.0.5000.0)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
WinRAR archiver
Wondershare DVD to iPad Converter(Build 4.5.1.1)
xImage (Version: 2.3)
Yahoo! Detect
Yahoo! Search Protection
Yahoo! Toolbar

**** End of log ****

Farbar Service Scanner Version: 06-08-2012
Ran by Duke (administrator) on 09-09-2012 at 07:47:21
Running from "C:\Users\Duke\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

computer seems to be doing ok so far




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users