Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI computer Locked - MoneyPak Ransom


  • This topic is locked This topic is locked
26 replies to this topic

#1 kunalthechamp

kunalthechamp

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:32 PM

Posted 04 October 2012 - 01:10 AM

I have NO idea how this virus came in. I have not visited any malicious sites, I have anti-virus in realtime protection. I was browsing with Firefox and suddenly this screen came on. I am in safe mode currently and am running a MBAM scan. I ran a quick scan in MBAM the first time and it removed 9 detections. I ran in normal mode and the virus came up again, so now I am running a full MBAM scan.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Kunal at 1:53:29 on 2012-10-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2934.1559 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;<local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [GoogleChromeAutoLaunch_1FEB80EB15587393F785CCD94AFBEA45] "C:\Users\Kunal\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [sdiagnhost] C:\Users\Kunal\AppData\Local\Microsoft\Windows\4690\sdiagnhost.exe
uRun: [opasp] rundll32.exe "C:\Users\Kunal\AppData\Roaming\opasp.dll",get_user_chunk_ptr
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Kunal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\Tudou Downloader\TudouDownloader(xmlbar).exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://johnhopkinsuniversity-baltimore.remotemanager.co.uk/common/activex/MJPEGRender.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sslconnect.johnshopkins.edu/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74D1471D-5059-4B1C-81E8-5BC41E3B1F5F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74D1471D-5059-4B1C-81E8-5BC41E3B1F5F}\35D6162747027596D26496020402350534 : DhcpNameServer = 205.215.252.10 205.215.247.140
TCP: Interfaces\{74D1471D-5059-4B1C-81E8-5BC41E3B1F5F}\86F607B696E637 : DhcpNameServer = 162.129.20.10 128.220.127.215
TCP: Interfaces\{74D1471D-5059-4B1C-81E8-5BC41E3B1F5F}\A4847457563747E65647 : DhcpNameServer = 128.220.1.75 162.129.253.134
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe"
mRun-x64: [EaseUs Tray] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {612F6E5C-B314-4bab-93D1-D266AAFBE700} - C:\Program Files (x86)\Xmlbar\Tudou Downloader\TudouDownloader(xmlbar).exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kunal\AppData\Roaming\Mozilla\Firefox\Profiles\jjgyf69c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Kunal\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;C:\Windows\system32\drivers\dlkmdldr.sys --> C:\Windows\system32\drivers\dlkmdldr.sys [?]
R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]
R0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMON.sys --> C:\Windows\system32\drivers\EUBKMON.sys [?]
R0 EUFS;EUFS;C:\Windows\system32\drivers\eufs.sys --> C:\Windows\system32\drivers\eufs.sys [?]
R1 cnnctfy2;Connectify LightWeight Filter;C:\Windows\system32\DRIVERS\cnnctfy2.sys --> C:\Windows\system32\DRIVERS\cnnctfy2.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R3 EUDISK;EASEUS Disk Enumerator;\??\C:\Windows\system32\drivers\eudisk.sys --> C:\Windows\system32\drivers\eudisk.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
S1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-7-20 98208]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-11-8 86224]
S2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-11-8 110032]
S2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Connectify;Connectify;C:\Program Files (x86)\Connectify\ConnectifyService.exe [2012-2-24 69632]
S2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2010-1-27 8610664]
S2 EASEUS Agent;EASEUS Agent;C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [2011-5-16 56200]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-10 136176]
S2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
S2 MSSQL$INFLOWSQL;SQL Server (INFLOWSQL);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-9-13 229392]
S2 ReflectService;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2011-7-1 301720]
S2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-1 206120]
S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-16 2673064]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-1 185640]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-20 2320920]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-17 253088]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
S3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys --> C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys [?]
S3 DLCopyFilter;DLCopyFilter;C:\Windows\system32\Drivers\wsr_tbf.sys --> C:\Windows\system32\Drivers\wsr_tbf.sys [?]
S3 dlkmd;dlkmd;C:\Windows\system32\drivers\dlkmd.sys --> C:\Windows\system32\drivers\dlkmd.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-10 136176]
S3 hwa;Wireless USB Host Adapter;C:\Windows\system32\DRIVERS\WSR_HWA.SYS --> C:\Windows\system32\DRIVERS\WSR_HWA.SYS [?]
S3 HWARadio;Wireless USB Host Radio;C:\Windows\system32\DRIVERS\WSR_RCI.SYS --> C:\Windows\system32\DRIVERS\WSR_RCI.SYS [?]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 114144]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PSMounter;Macrium Reflect Image Explorer Service;\??\C:\Windows\system32\drivers\psmounter.sys --> C:\Windows\system32\drivers\psmounter.sys [?]
S3 PSVolAcc;PSVolAcc;C:\Windows\system32\drivers\PSVolAcc.sys --> C:\Windows\system32\drivers\PSVolAcc.sys [?]
S3 rcmirror;rcmirror;C:\Windows\system32\DRIVERS\rcmirror.sys --> C:\Windows\system32\DRIVERS\rcmirror.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-7-20 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-04 04:24:38 -------- d-----w- C:\Users\Kunal\AppData\Local\{62AA1784-0DDB-11E2-8271-B8AC6F996F26}
2012-10-04 04:24:20 479744 ----a-w- C:\Users\Kunal\AppData\Roaming\opasp.dll
2012-10-03 03:42:45 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C39E7690-4ADC-4EF8-A5B6-C9FBE9680760}\gapaengine.dll
2012-10-03 03:42:07 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC645270-8A94-418F-ABD6-7291B6373C30}\mpengine.dll
2012-10-02 03:04:05 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-26 15:28:50 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-20 01:47:44 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-20 01:46:18 -------- d-----w- C:\Program Files\iPod
2012-09-20 01:46:06 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-20 01:46:06 -------- d-----w- C:\Program Files\iTunes
2012-09-20 01:46:06 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-19 03:54:51 -------- d-----w- C:\Program Files\Common Files\Nitro PDF
2012-09-19 03:53:47 -------- d-----w- C:\Program Files (x86)\Nitro PDF
2012-09-19 03:53:45 -------- d-----w- C:\Program Files (x86)\Common Files\Nitro PDF
2012-09-18 01:34:43 -------- d-----w- C:\Users\Kunal\AppData\Local\{435903B3-8469-498B-88BA-606C66FF4F49}
2012-09-12 13:03:28 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 13:03:27 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 13:03:14 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 13:03:13 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 13:03:04 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 13:03:04 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-12 13:03:03 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
==================== Find3M ====================
.
2012-09-13 05:44:32 17936 ----a-w- C:\Windows\System32\nitrolocalui2.dll
2012-08-31 02:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 02:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-27 00:32:17 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-15 02:24:58 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-15 02:24:58 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-15 02:23:12 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-07-15 02:23:12 839152 ----a-w- C:\Windows\System32\deployJava1.dll
2012-07-09 17:42:56 4547984 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-07-09 17:42:54 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
.
============= FINISH: 1:56:52.43 ===============

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:02 AM

Posted 04 October 2012 - 02:04 PM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:32 PM

Posted 04 October 2012 - 05:10 PM

I got a BSOD when I plugged int a flash drive in safe mode. It said something about EUBKMON.SYS having a problem. Restarted and was fine.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2012 01
Ran by SYSTEM at 04-10-2012 17:54:08
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6489704 2011-01-25] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1680976 2010-10-28] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot [384232 2012-07-12] (BillP Studios)
HKLM\...\Run: [opasp] "C:\Windows\System32\rundll32.exe" "C:\Users\Kunal\AppData\Roaming\opasp.dll",get_user_chunk_ptr [479744 2012-10-03] (Andrew Zhezherun)
HKLM\...\Run: [piget] rundll32.exe "C:\Users\Kunal\AppData\Roaming\piget.dll",PrepareUpdate [x]
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [EaseUs Watch] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe" [69000 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] "C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe" [733576 2011-04-25] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348624 2012-05-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM [206120 2011-12-01] (SupportSoft, Inc.)
HKLM-x32\...\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot [384232 2012-07-12] (BillP Studios)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Kunal\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1715768 2010-09-28] (Hewlett-Packard)
HKU\Kunal\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\Kunal\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-08-29] (Apple Inc.)
HKU\Kunal\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5663616 2012-09-19] (SUPERAntiSpyware.com)
HKU\Kunal\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\Kunal\...\Run: [Connectify] C:\Program Files (x86)\Connectify\Connectify.exe [3941192 2012-02-24] (Connectify)
HKU\Kunal\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [15668432 2012-09-06] (Google)
HKU\Kunal\...\Run: [GoogleChromeAutoLaunch_1FEB80EB15587393F785CCD94AFBEA45] "C:\Users\Kunal\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window [1239064 2012-09-25] (Google Inc.)
HKU\Kunal\...\Run: [sdiagnhost] C:\Users\Kunal\AppData\Local\Microsoft\Windows\4690\sdiagnhost.exe [99840 2012-10-03] ()
HKU\Kunal\...\Run: [opasp] rundll32.exe "C:\Users\Kunal\AppData\Roaming\opasp.dll",get_user_chunk_ptr [479744 2012-10-03] (Andrew Zhezherun)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\Kunal\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-09-19] (SUPERAntiSpyware.com)
2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [69632 2012-02-24] ()
2 DisplayLinkService; "C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe" [8610664 2010-01-27] (DisplayLink Corp.)
2 EASEUS Agent; C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [56200 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
2 MSSQL$INFLOWSQL; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sINFLOWSQL [29293408 2010-12-10] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 NitroReaderDriverReadSpool2; "C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe" [229392 2012-09-12] (Nitro PDF Software)
2 Pharos Systems ComTaskMaster; "C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe" [345600 2010-01-14] (Pharos Systems International)
2 ReflectService; "C:\Program Files\Macrium\Reflect\ReflectService.exe" [301720 2011-07-01] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe /p verizondm [185640 2011-12-01] (SupportSoft, Inc.)

==================== Drivers (Whitelisted) =====================

2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-05-08] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2011-10-19] (Avira GmbH)
1 cnnctfy2; C:\Windows\System32\Drivers\cnnctfy2.sys [31344 2012-04-01] (Connectify)
3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys [17408 2010-12-22] (http://libusb-win32.sourceforge.net)
3 DLCopyFilter; C:\Windows\System32\Drivers\wsr_tbf.sys [51712 2010-02-21] ()
0 EUBKMON; C:\Windows\System32\Drivers\EUBKMON.sys [42888 2011-04-22] ()
3 EUDISK; C:\Windows\System32\Drivers\EUDISK.sys [193928 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
0 EUFS; C:\Windows\System32\Drivers\EUFS.sys [26504 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
3 hwa; C:\Windows\System32\DRIVERS\WSR_HWA.SYS [911360 2010-03-16] ()
3 HWARadio; C:\Windows\System32\DRIVERS\WSR_RCI.SYS [159232 2010-03-16] ()
3 PSMounter; C:\Windows\System32\Drivers\PSMounter.sys [40600 2011-07-01] (Macrium Software)
3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [13464 2011-07-01] (Paramount Software UK Ltd)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-04 13:43 - 2012-10-04 13:43 - 01456405 ____A C:\Users\Kunal\Downloads\FRST64.exe
2012-10-03 22:03 - 2012-10-03 22:03 - 00029157 ____A C:\Users\Kunal\Desktop\Attach.txt
2012-10-03 22:03 - 2012-10-03 22:03 - 00028677 ____A C:\Users\Kunal\Desktop\DDS.txt
2012-10-03 21:52 - 2012-10-03 21:52 - 00607260 ____R (Swearware) C:\Users\Kunal\Desktop\dds.com
2012-10-03 21:50 - 2012-10-03 21:50 - 00000472 ____A C:\Users\Kunal\Desktop\defogger_disable.log
2012-10-03 21:50 - 2012-10-03 21:50 - 00000000 ____A C:\Users\Kunal\defogger_reenable
2012-10-03 21:49 - 2012-10-03 21:49 - 00050477 ____A C:\Users\Kunal\Desktop\Defogger.exe
2012-10-03 21:33 - 2012-10-03 21:48 - 93654616 ____A C:\Users\Kunal\Downloads\avast_free_antivirus_setup.exe
2012-10-03 20:24 - 2012-10-03 20:24 - 00479744 ____A (Andrew Zhezherun) C:\Users\Kunal\AppData\Roaming\opasp.dll
2012-10-03 20:24 - 2012-10-03 20:24 - 00000000 ____D C:\Users\Kunal\AppData\Local\{62AA1784-0DDB-11E2-8271-B8AC6F996F26}
2012-09-29 06:21 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-29 06:21 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-29 06:21 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-29 06:21 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-29 06:21 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-29 06:21 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-29 06:21 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-29 06:21 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-29 06:21 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-29 06:20 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-29 06:20 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-29 06:20 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-29 06:20 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-29 06:20 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-29 06:20 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-29 06:20 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-29 06:20 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-29 06:20 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-29 06:20 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-29 06:20 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-29 06:20 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-29 06:20 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-29 06:20 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-29 06:20 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-29 06:20 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-29 06:20 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-29 06:20 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-29 06:20 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-29 06:20 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-29 06:20 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-29 06:20 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-29 06:20 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-26 07:28 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-19 17:47 - 2012-09-19 17:47 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-19 17:47 - 2012-08-21 09:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-19 17:46 - 2012-09-19 17:47 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-19 17:46 - 2012-09-19 17:47 - 00000000 ____D C:\Program Files\iTunes
2012-09-19 17:46 - 2012-09-19 17:47 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-09-19 17:46 - 2012-09-19 17:46 - 00000000 ____D C:\Program Files\iPod
2012-09-18 19:55 - 2012-09-18 19:55 - 00001979 ____A C:\Users\Public\Desktop\Nitro Reader.lnk
2012-09-18 19:54 - 2012-09-18 19:54 - 00000000 ____D C:\Program Files\Common Files\Nitro PDF
2012-09-18 19:53 - 2012-09-18 19:53 - 00000000 ____D C:\Program Files (x86)\Nitro PDF
2012-09-18 18:32 - 2012-09-18 19:46 - 80521624 ____A (Apple Inc.) C:\Users\Kunal\Downloads\iTunes64Setup.exe
2012-09-18 18:32 - 2012-09-18 18:33 - 01662032 ____A (Solid State Networks) C:\Users\Kunal\Downloads\nitro_pdf_reader_64_dlm.exe
2012-09-17 17:34 - 2012-09-17 17:34 - 00000000 ____D C:\Users\Kunal\AppData\Local\{435903B3-8469-498B-88BA-606C66FF4F49}
2012-09-12 05:03 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-09-12 05:03 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-09-12 05:03 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-09-12 05:03 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-09-12 05:03 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-09-12 05:03 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-09-12 05:03 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-09-11 19:52 - 2012-09-11 20:42 - 00005021 ____A C:\Users\Kunal\Desktop\Kunal Ajmera.txt
2012-09-09 09:34 - 2012-09-09 09:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== 3 Months Modified Files ==================

2012-10-04 13:43 - 2012-10-04 13:43 - 01456405 ____A C:\Users\Kunal\Downloads\FRST64.exe
2012-10-04 06:02 - 2010-07-20 00:17 - 01566311 ____A C:\Windows\WindowsUpdate.log
2012-10-03 22:03 - 2012-10-03 22:03 - 00029157 ____A C:\Users\Kunal\Desktop\Attach.txt
2012-10-03 22:03 - 2012-10-03 22:03 - 00028677 ____A C:\Users\Kunal\Desktop\DDS.txt
2012-10-03 21:52 - 2012-10-03 21:52 - 00607260 ____R (Swearware) C:\Users\Kunal\Desktop\dds.com
2012-10-03 21:50 - 2012-10-03 21:50 - 00000472 ____A C:\Users\Kunal\Desktop\defogger_disable.log
2012-10-03 21:50 - 2012-10-03 21:50 - 00000000 ____A C:\Users\Kunal\defogger_reenable
2012-10-03 21:49 - 2012-10-03 21:49 - 00050477 ____A C:\Users\Kunal\Desktop\Defogger.exe
2012-10-03 21:48 - 2012-10-03 21:33 - 93654616 ____A C:\Users\Kunal\Downloads\avast_free_antivirus_setup.exe
2012-10-03 21:07 - 2010-09-03 04:57 - 06888222 ____A C:\Windows\PFRO.log
2012-10-03 21:02 - 2010-09-09 22:18 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-03 21:02 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-03 21:02 - 2009-07-13 20:51 - 00157581 ____A C:\Windows\setupact.log
2012-10-03 20:47 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-03 20:47 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-03 20:31 - 2012-06-17 16:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-03 20:24 - 2012-10-03 20:24 - 00479744 ____A (Andrew Zhezherun) C:\Users\Kunal\AppData\Roaming\opasp.dll
2012-10-03 20:23 - 2010-09-19 11:04 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-674566640-1698649700-413755185-1001UA.job
2012-10-03 19:55 - 2010-09-09 22:18 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-03 19:23 - 2010-09-19 11:04 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-674566640-1698649700-413755185-1001Core.job
2012-10-02 19:17 - 2012-01-26 11:01 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-29 18:47 - 2010-09-04 22:02 - 00007666 ____A C:\Users\Kunal\AppData\Local\Resmon.ResmonCfg
2012-09-29 17:58 - 2009-07-13 21:13 - 00800898 ____A C:\Windows\System32\PerfStringBackup.INI
2012-09-27 14:29 - 2011-06-16 18:22 - 00004081 ____A C:\Users\Kunal\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-09-27 14:29 - 2010-10-08 20:55 - 00010944 ____A C:\Users\Kunal\AppData\Roaming\Rim.Desktop.Exception.log
2012-09-19 17:47 - 2012-09-19 17:47 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-19 14:28 - 2010-09-07 19:22 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-18 19:55 - 2012-09-18 19:55 - 00001979 ____A C:\Users\Public\Desktop\Nitro Reader.lnk
2012-09-18 19:46 - 2012-09-18 18:32 - 80521624 ____A (Apple Inc.) C:\Users\Kunal\Downloads\iTunes64Setup.exe
2012-09-18 18:33 - 2012-09-18 18:32 - 01662032 ____A (Solid State Networks) C:\Users\Kunal\Downloads\nitro_pdf_reader_64_dlm.exe
2012-09-12 21:44 - 2011-06-27 14:46 - 00017936 ____A (Nitro PDF Software) C:\Windows\System32\nitrolocalui2.dll
2012-09-11 20:42 - 2012-09-11 19:52 - 00005021 ____A C:\Users\Kunal\Desktop\Kunal Ajmera.txt
2012-09-09 19:36 - 2011-01-18 13:41 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForKunal.job
2012-08-30 18:03 - 2012-08-30 18:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 18:03 - 2012-03-20 16:44 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-26 16:33 - 2010-11-29 00:43 - 00002425 ____A C:\Windows\LkmdfCoInst.log
2012-08-26 16:32 - 2010-11-29 00:43 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
2012-08-26 14:57 - 2009-07-13 20:45 - 00431568 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-24 03:15 - 2012-09-29 06:20 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-09-29 06:20 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-09-29 06:20 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-29 06:20 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-29 06:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-09-29 06:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-09-29 06:20 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-29 06:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-29 06:21 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:14 - 2012-09-29 06:20 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:13 - 2012-09-29 06:20 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-29 06:20 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-29 06:20 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-29 06:21 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-29 06:21 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-29 06:21 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-29 06:20 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-29 06:20 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-29 06:20 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-29 06:20 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-29 06:20 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-29 06:20 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-29 06:20 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-29 06:20 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-29 06:21 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-29 06:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:47 - 2012-09-29 06:20 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:45 - 2012-09-29 06:20 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-29 06:21 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:44 - 2012-09-29 06:20 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:43 - 2012-09-29 06:21 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-29 06:21 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 10:12 - 2012-09-12 05:03 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-12 05:03 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-12 05:03 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 05:03 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 13:01 - 2012-09-26 07:28 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-21 09:01 - 2012-09-19 17:47 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 09:01 - 2012-08-21 09:01 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-08-21 09:01 - 2012-08-21 09:01 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-08-08 16:36 - 2012-08-08 16:36 - 00947710 ____A C:\Users\Kunal\Desktop\Biotech Companies.xlsx
2012-08-02 09:58 - 2012-09-12 05:03 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-12 05:03 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-08-01 16:41 - 2012-05-20 21:15 - 00001657 ____A C:\Users\Kunal\Desktop\Google Drive.lnk
2012-07-28 05:53 - 2012-07-28 05:26 - 01603672 ____A (Avira Operations GmbH & Co. KG ) C:\Users\Kunal\Downloads\avira_cloud_tech_preview_setup.exe
2012-07-25 21:13 - 2012-07-25 21:13 - 02311743 ____A (Mena Step Innovative Solutions (Ashraf Awwad) ) C:\Users\Kunal\Downloads\MagicBerry.exe
2012-07-25 18:42 - 2010-09-08 22:30 - 00006079 ____A C:\Users\Kunal\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-07-25 18:41 - 2012-06-07 19:48 - 00002191 ____A C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2012-07-23 18:43 - 2012-07-23 18:43 - 04755448 ____A C:\Users\Kunal\Downloads\HPPSdr.exe
2012-07-23 18:04 - 2012-06-08 14:42 - 00000693 ____A C:\Users\Kunal\AppData\Roaming\Rim.Transcoder.Exception.log
2012-07-20 19:49 - 2010-11-03 21:37 - 00007680 ____A C:\Users\Kunal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-18 10:15 - 2012-08-15 06:31 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-15 12:07 - 2012-07-15 12:07 - 00885448 ____A (BillP Studios) C:\Users\Kunal\Downloads\wpsetup.exe
2012-07-14 18:27 - 2012-07-14 18:27 - 03889704 ____A (Piriform Ltd) C:\Users\Kunal\Downloads\ccsetup320.exe
2012-07-14 18:24 - 2012-07-14 18:25 - 00772592 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-14 18:24 - 2012-07-14 18:25 - 00227824 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-14 18:24 - 2012-07-14 18:25 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-14 18:24 - 2012-07-14 18:25 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-14 18:24 - 2010-09-03 02:18 - 00687600 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-07-14 18:23 - 2012-07-14 18:23 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-14 18:23 - 2012-07-14 18:23 - 00268784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-14 18:23 - 2012-07-14 18:23 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-14 18:23 - 2012-07-14 18:23 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-14 18:23 - 2011-02-24 22:41 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-14 18:22 - 2012-07-14 18:13 - 21869552 ____A (Oracle Corporation) C:\Users\Kunal\Downloads\jre-7u5-windows-x64.exe
2012-07-14 18:21 - 2012-07-14 18:13 - 21055472 ____A (Oracle Corporation) C:\Users\Kunal\Downloads\jre-7u5-windows-i586.exe
2012-07-14 18:08 - 2012-07-14 18:08 - 00001224 ____A C:\Users\Kunal\Desktop\Revo Uninstaller.lnk
2012-07-14 18:08 - 2012-07-14 18:07 - 02617648 ____A (VS Revo Group Ltd.) C:\Users\Kunal\Downloads\revosetup.exe
2012-07-13 19:33 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-07-11 18:58 - 2012-07-11 18:53 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Kunal\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-09 09:42 - 2012-07-09 09:42 - 04547984 ____A (Apple, Inc.) C:\Windows\System32\usbaaplrc.dll
2012-07-09 09:42 - 2012-07-09 09:42 - 00052736 ____A (Apple, Inc.) C:\Windows\System32\Drivers\usbaapl64.sys


ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-674566640-1698649700-413755185-1001\$32a5bb9aff9a4234a9c5dc83f3b52fe9

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-09-19 14:24:36
Restore point made on: 2012-09-19 17:42:02
Restore point made on: 2012-09-22 20:38:02
Restore point made on: 2012-09-26 14:15:08
Restore point made on: 2012-09-29 06:18:42
Restore point made on: 2012-10-02 19:15:11

==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 2933.86 MB
Available physical RAM: 2251.5 MB
Total Pagefile: 2932.01 MB
Available Pagefile: 2252.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:283.53 GB) (Free:65.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:14.27 GB) (Free:2.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (K - HNCR) (Removable) (Total:3.73 GB) (Free:3.7 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 283 GB 200 MB
Partition 3 Primary 14 GB 283 GB
Partition 4 Primary 103 MB 297 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 283 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H K - HNCR FAT32 Removable 3823 MB Healthy

=========================================================

Last Boot: 2012-09-29 15:57

==================== End Of Log =============================

Farbar Recovery Scan Tool (x64) Version: 02-10-2012 01
Ran by SYSTEM at 2012-10-04 17:57:24
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-07-12 22:45] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:02 AM

Posted 04 October 2012 - 08:26 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

HKLM\...\Run: [piget] rundll32.exe "C:\Users\Kunal\AppData\Roaming\piget.dll",PrepareUpdate [x]
HKU\Kunal\...\Run: [opasp] rundll32.exe "C:\Users\Kunal\AppData\Roaming\opasp.dll",get_user_chunk_ptr [479744 2012-10-03] (Andrew Zhezherun)
C:\$Recycle.Bin\S-1-5-21-674566640-1698649700-413755185-1001\$32a5bb9aff9a4234a9c5dc83f3b52fe9
C:\Users\Kunal\AppData\Roaming\piget.dll
C:\Users\Kunal\AppData\Roaming\opasp.dll

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:32 PM

Posted 04 October 2012 - 10:46 PM

Everytime I plug the flash drive with the Farbar tool, I get a BSOD with the same EUBKMON.SYS error

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2012 01
Ran by SYSTEM at 2012-10-04 23:40:43 Run:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\piget Value deleted successfully.
HKEY_USERS\Kunal\Software\Microsoft\Windows\CurrentVersion\Run\\opasp Value deleted successfully.
C:\$Recycle.Bin\S-1-5-21-674566640-1698649700-413755185-1001\$32a5bb9aff9a4234a9c5dc83f3b52fe9 moved successfully.
C:\Users\Kunal\AppData\Roaming\piget.dll not found.
C:\Users\Kunal\AppData\Roaming\opasp.dll moved successfully.

==== End of Fixlog ====

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:02 AM

Posted 04 October 2012 - 10:48 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:32 PM

Posted 04 October 2012 - 11:22 PM

So until now I was running all the tools in Safe Mode. I rebooted in normal mode to deactivate the antiviruses and the virus screen popped up again. Therefore i am unable to carry out anything in normal mode. Should I run ComboFix in safe mode?

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:02 AM

Posted 04 October 2012 - 11:26 PM

yes run in safe mode


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:32 PM

Posted 04 October 2012 - 11:49 PM

I am in safe mode. I have gone ahead and disabled all the antivirus programs (Avira and MSE) and I can confirm for a fact that they do not have realtime protection switched on. Yet combofix detects them as running. What should I do?

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:02 AM

Posted 04 October 2012 - 11:56 PM

go ahead and run combofix



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:32 PM

Posted 05 October 2012 - 12:24 AM

I havent tried running the computer in normal mode yet. Should I try it now?

ComboFix 12-10-04.02 - Kunal 10/05/2012 1:01.3.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2934.2247 [GMT -4:00]
Running from: c:\users\Kunal\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kunal\AppData\Local\Microsoft\Windows\4690\sdiagnhost.exe
c:\windows\SysWow64\FlashPlayerInstaller.exe
c:\windows\SysWow64\zip32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-05 to 2012-10-05 )))))))))))))))))))))))))))))))
.
.
2012-10-05 05:12 . 2012-10-05 05:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-05 05:12 . 2012-10-05 05:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-05 05:12 . 2012-10-05 05:12 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-05 04:12 . 2012-10-05 04:14 -------- d-----w- c:\users\Kunal\AppData\Roaming\hellomoto
2012-10-04 04:24 . 2012-10-04 04:24 -------- d-----w- c:\users\Kunal\AppData\Local\{62AA1784-0DDB-11E2-8271-B8AC6F996F26}
2012-10-03 03:42 . 2012-10-03 03:41 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C39E7690-4ADC-4EF8-A5B6-C9FBE9680760}\gapaengine.dll
2012-10-03 03:42 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC645270-8A94-418F-ABD6-7291B6373C30}\mpengine.dll
2012-10-02 03:04 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-29 14:20 . 2012-08-24 10:18 237056 ----a-w- c:\windows\system32\url.dll
2012-09-26 15:28 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-20 01:47 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-20 01:46 . 2012-09-20 01:46 -------- d-----w- c:\program files\iPod
2012-09-20 01:46 . 2012-09-20 01:47 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-20 01:46 . 2012-09-20 01:47 -------- d-----w- c:\program files\iTunes
2012-09-20 01:46 . 2012-09-20 01:47 -------- d-----w- c:\program files (x86)\iTunes
2012-09-19 03:54 . 2012-09-19 03:54 -------- d-----w- c:\program files\Common Files\Nitro PDF
2012-09-19 03:53 . 2012-09-19 03:53 -------- d-----w- c:\program files (x86)\Nitro PDF
2012-09-19 03:53 . 2012-09-19 03:53 -------- d-----w- c:\program files (x86)\Common Files\Nitro PDF
2012-09-12 13:03 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 13:03 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 13:03 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 13:03 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 13:03 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 13:03 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 13:03 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-19 22:28 . 2010-09-08 03:22 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-13 05:44 . 2011-06-27 22:46 17936 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2012-03-21 00:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-27 00:32 . 2010-11-29 08:43 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-08-21 17:01 . 2012-08-21 17:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-08-21 17:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-18 18:15 . 2012-08-15 14:31 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 02:24 . 2012-07-15 02:25 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-15 02:24 . 2010-09-03 10:18 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-15 02:23 . 2012-07-15 02:23 268784 ----a-w- c:\windows\system32\javaws.exe
2012-07-15 02:23 . 2012-07-15 02:23 189424 ----a-w- c:\windows\system32\javaw.exe
2012-07-15 02:23 . 2012-07-15 02:23 188912 ----a-w- c:\windows\system32\java.exe
2012-07-15 02:23 . 2012-07-15 02:23 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-15 02:23 . 2011-02-25 06:41 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-09 17:42 . 2012-07-09 17:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 17:42 . 2012-07-09 17:42 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-09-28 1715768]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-19 5663616]
"Connectify"="c:\program files (x86)\Connectify\Connectify.exe" [2012-02-24 3941192]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-09-06 15668432]
"GoogleChromeAutoLaunch_1FEB80EB15587393F785CCD94AFBEA45"="c:\users\Kunal\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-09-25 1239064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"EaseUs Watch"="c:\program files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe" [2011-04-22 69000]
"EaseUs Tray"="c:\program files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe" [2011-04-26 733576]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\Kunal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft SharePoint Workspace.lnk - c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-04-22 17800]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe [2012-02-24 69632]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2010-01-27 8610664]
R2 EASEUS Agent;EASEUS Agent;c:\program files (x86)\EASEUS\Todo Backup\bin\Agent.exe [2011-04-22 56200]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 136176]
R2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
R2 MSSQL$INFLOWSQL;SQL Server (INFLOWSQL);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-09-13 229392]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2011-07-01 301720]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-01 206120]
R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-01 185640]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 253088]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-08-02 32880]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys [2010-12-23 17408]
R3 DLCopyFilter;DLCopyFilter;c:\windows\system32\Drivers\wsr_tbf.sys [2010-02-21 51712]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2010-01-27 185968]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 136176]
R3 hwa;Wireless USB Host Adapter;c:\windows\system32\DRIVERS\WSR_HWA.SYS [2010-03-17 911360]
R3 HWARadio;Wireless USB Host Radio;c:\windows\system32\DRIVERS\WSR_RCI.SYS [2010-03-16 159232]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-09-29 158976]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-03-05 271872]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2011-07-01 40600]
R3 PSVolAcc;PSVolAcc; [x]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-07 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2010-01-27 13936]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-04-22 36232]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-04-22 42888]
S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-04-22 26504]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [2012-04-02 31344]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-19 140672]
S3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [2011-04-22 193928]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2010-08-24 74320]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2010-08-24 13392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-09-08 1225832]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 18:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 00:58]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 06:18]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 06:18]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-674566640-1698649700-413755185-1001Core.job
- c:\users\Kunal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 06:18]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-674566640-1698649700-413755185-1001UA.job
- c:\users\Kunal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 06:18]
.
2012-09-10 c:\windows\Tasks\HPCeeScheduleForKunal.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 19:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 19:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 19:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 19:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-25 6489704]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{612F6E5C-B314-4bab-93D1-D266AAFBE700} - c:\program files (x86)\Xmlbar\Tudou Downloader\TudouDownloader(xmlbar).exe
TCP: DhcpNameServer = 192.168.1.1
DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://johnhopkinsuniversity-baltimore.remotemanager.co.uk/common/activex/MJPEGRender.ocx
FF - ProfilePath - c:\users\Kunal\AppData\Roaming\Mozilla\Firefox\Profiles\jjgyf69c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-sdiagnhost - c:\users\Kunal\AppData\Local\Microsoft\Windows\4690\sdiagnhost.exe
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-opasp - c:\users\Kunal\AppData\Roaming\opasp.dll
AddRemove-BlueVoda_Website_Builder_1.0 - c:\windows\iun6002.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\06\01\00#\10g"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-05 01:16:02
ComboFix-quarantined-files.txt 2012-10-05 05:16
.
Pre-Run: 86,283,915,264 bytes free
Post-Run: 86,782,885,888 bytes free
.
- - End Of File - - 2EB0F948B95EFCCDC560EBB19A3914E3

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:02 AM

Posted 05 October 2012 - 07:26 AM

Greetings

yes try to run in normal mode3 now


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:32 PM

Posted 05 October 2012 - 10:18 PM

I ran it in normal mode and it seems fine - the FBI screen does not reapper. I got two errors:
1) On startup: There was a problem starting C:\Users\Kunal\AppData\roaming\opasp.dll. The specified module could not be found
2) A BSOD while running Avast for the first time: DRIVER_IQRL_NOT_LESS_OR_EQUAL

18:11:53.0585 3456 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:11:54.0194 3456 ============================================================
18:11:54.0194 3456 Current date / time: 2012/10/05 18:11:54.0194
18:11:54.0194 3456 SystemInfo:
18:11:54.0194 3456
18:11:54.0194 3456 OS Version: 6.1.7601 ServicePack: 1.0
18:11:54.0194 3456 Product type: Workstation
18:11:54.0194 3456 ComputerName: KUNAL-HP
18:11:54.0195 3456 UserName: Kunal
18:11:54.0195 3456 Windows directory: C:\Windows
18:11:54.0195 3456 System windows directory: C:\Windows
18:11:54.0195 3456 Running under WOW64
18:11:54.0195 3456 Processor architecture: Intel x64
18:11:54.0195 3456 Number of processors: 2
18:11:54.0195 3456 Page size: 0x1000
18:11:54.0195 3456 Boot type: Normal boot
18:11:54.0195 3456 ============================================================
18:11:55.0160 3456 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:11:55.0190 3456 ============================================================
18:11:55.0190 3456 \Device\Harddisk0\DR0:
18:11:55.0192 3456 MBR partitions:
18:11:55.0192 3456 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:11:55.0192 3456 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x2370E800
18:11:55.0192 3456 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23772800, BlocksNum 0x1C88000
18:11:55.0192 3456 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
18:11:55.0192 3456 ============================================================
18:11:55.0257 3456 C: <-> \Device\Harddisk0\DR0\Partition2
18:11:55.0312 3456 D: <-> \Device\Harddisk0\DR0\Partition3
18:11:55.0720 3456 E: <-> \Device\Harddisk0\DR0\Partition4
18:11:55.0720 3456 ============================================================
18:11:55.0721 3456 Initialize success
18:11:55.0721 3456 ============================================================
18:12:08.0817 4432 ============================================================
18:12:08.0817 4432 Scan started
18:12:08.0817 4432 Mode: Manual;
18:12:08.0817 4432 ============================================================
18:12:11.0806 4432 ================ Scan system memory ========================
18:12:11.0806 4432 System memory - ok
18:12:11.0811 4432 ================ Scan services =============================
18:12:11.0938 4432 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:12:11.0941 4432 !SASCORE - ok
18:12:12.0135 4432 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:12:12.0140 4432 1394ohci - ok
18:12:12.0176 4432 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:12:12.0182 4432 ACPI - ok
18:12:12.0201 4432 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:12:12.0203 4432 AcpiPmi - ok
18:12:12.0363 4432 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:12:12.0365 4432 AdobeARMservice - ok
18:12:12.0554 4432 [ 459AC130C6AB892B1CD5D7544626EFC5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:12:12.0559 4432 AdobeFlashPlayerUpdateSvc - ok
18:12:12.0646 4432 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:12:12.0656 4432 adp94xx - ok
18:12:12.0684 4432 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:12:12.0691 4432 adpahci - ok
18:12:12.0722 4432 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:12:12.0726 4432 adpu320 - ok
18:12:12.0762 4432 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:12:12.0764 4432 AeLookupSvc - ok
18:12:12.0803 4432 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:12:12.0806 4432 AERTFilters - ok
18:12:12.0847 4432 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:12:12.0856 4432 AFD - ok
18:12:12.0918 4432 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
18:12:12.0935 4432 AgereSoftModem - ok
18:12:12.0977 4432 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:12:12.0979 4432 agp440 - ok
18:12:13.0018 4432 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:12:13.0020 4432 ALG - ok
18:12:13.0063 4432 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:12:13.0064 4432 aliide - ok
18:12:13.0070 4432 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:12:13.0071 4432 amdide - ok
18:12:13.0100 4432 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:12:13.0102 4432 AmdK8 - ok
18:12:13.0141 4432 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:12:13.0143 4432 AmdPPM - ok
18:12:13.0175 4432 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:12:13.0178 4432 amdsata - ok
18:12:13.0215 4432 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:12:13.0219 4432 amdsbs - ok
18:12:13.0255 4432 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:12:13.0257 4432 amdxata - ok
18:12:13.0355 4432 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:12:13.0360 4432 AntiVirSchedulerService - ok
18:12:13.0408 4432 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:12:13.0411 4432 AntiVirService - ok
18:12:13.0453 4432 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:12:13.0456 4432 AppID - ok
18:12:13.0477 4432 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:12:13.0479 4432 AppIDSvc - ok
18:12:13.0519 4432 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:12:13.0522 4432 Appinfo - ok
18:12:13.0615 4432 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:12:13.0617 4432 Apple Mobile Device - ok
18:12:13.0673 4432 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:12:13.0676 4432 arc - ok
18:12:13.0712 4432 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:12:13.0715 4432 arcsas - ok
18:12:13.0741 4432 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:12:13.0743 4432 AsyncMac - ok
18:12:13.0796 4432 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:12:13.0797 4432 atapi - ok
18:12:13.0846 4432 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:12:13.0854 4432 AudioEndpointBuilder - ok
18:12:13.0866 4432 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:12:13.0871 4432 AudioSrv - ok
18:12:13.0942 4432 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:12:13.0944 4432 avgntflt - ok
18:12:14.0014 4432 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:12:14.0018 4432 avipbb - ok
18:12:14.0059 4432 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:12:14.0060 4432 avkmgr - ok
18:12:14.0114 4432 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:12:14.0116 4432 AxInstSV - ok
18:12:14.0157 4432 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:12:14.0163 4432 b06bdrv - ok
18:12:14.0197 4432 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:12:14.0201 4432 b57nd60a - ok
18:12:14.0244 4432 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:12:14.0246 4432 BDESVC - ok
18:12:14.0264 4432 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:12:14.0265 4432 Beep - ok
18:12:14.0342 4432 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:12:14.0353 4432 BFE - ok
18:12:14.0398 4432 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:12:14.0413 4432 BITS - ok
18:12:14.0444 4432 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:12:14.0445 4432 blbdrive - ok
18:12:14.0506 4432 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:12:14.0513 4432 Bonjour Service - ok
18:12:14.0556 4432 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:12:14.0559 4432 bowser - ok
18:12:14.0583 4432 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:12:14.0594 4432 BrFiltLo - ok
18:12:14.0620 4432 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:12:14.0636 4432 BrFiltUp - ok
18:12:14.0691 4432 [ 5C2F352A4E961D72518261257AAE204B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
18:12:14.0693 4432 Bridge - ok
18:12:14.0724 4432 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:12:14.0725 4432 BridgeMP - ok
18:12:14.0783 4432 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:12:14.0786 4432 Browser - ok
18:12:14.0809 4432 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:12:14.0837 4432 Brserid - ok
18:12:14.0885 4432 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:12:14.0887 4432 BrSerWdm - ok
18:12:14.0914 4432 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:12:14.0922 4432 BrUsbMdm - ok
18:12:14.0947 4432 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:12:14.0949 4432 BrUsbSer - ok
18:12:14.0967 4432 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:12:14.0979 4432 BTHMODEM - ok
18:12:15.0017 4432 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:12:15.0020 4432 bthserv - ok
18:12:15.0044 4432 catchme - ok
18:12:15.0076 4432 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:12:15.0078 4432 cdfs - ok
18:12:15.0126 4432 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:12:15.0129 4432 cdrom - ok
18:12:15.0177 4432 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:12:15.0180 4432 CertPropSvc - ok
18:12:15.0203 4432 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:12:15.0205 4432 circlass - ok
18:12:15.0238 4432 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:12:15.0245 4432 CLFS - ok
18:12:15.0322 4432 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:12:15.0325 4432 clr_optimization_v2.0.50727_32 - ok
18:12:15.0392 4432 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:12:15.0396 4432 clr_optimization_v2.0.50727_64 - ok
18:12:16.0311 4432 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:12:16.0400 4432 clr_optimization_v4.0.30319_32 - ok
18:12:16.0442 4432 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:12:16.0444 4432 clr_optimization_v4.0.30319_64 - ok
18:12:16.0478 4432 [ 45379507ECC5E406237BFF32C7390675 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
18:12:16.0500 4432 clwvd - ok
18:12:16.0526 4432 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:12:16.0527 4432 CmBatt - ok
18:12:16.0557 4432 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:12:16.0558 4432 cmdide - ok
18:12:16.0604 4432 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:12:16.0609 4432 CNG - ok
18:12:16.0656 4432 [ 040FF3B09F26926A3792E047DB0F47DD ] cnnctfy2 C:\Windows\system32\DRIVERS\cnnctfy2.sys
18:12:16.0664 4432 cnnctfy2 - ok
18:12:16.0696 4432 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:12:16.0708 4432 Compbatt - ok
18:12:16.0743 4432 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:12:16.0744 4432 CompositeBus - ok
18:12:16.0749 4432 COMSysApp - ok
18:12:16.0914 4432 [ 5A64518FD2339D4FDA7A419A9FD89F78 ] Connectify C:\Program Files (x86)\Connectify\ConnectifyService.exe
18:12:16.0917 4432 Connectify - ok
18:12:16.0948 4432 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:12:16.0950 4432 crcdisk - ok
18:12:17.0044 4432 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:12:17.0048 4432 CryptSvc - ok
18:12:17.0145 4432 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:12:17.0152 4432 DcomLaunch - ok
18:12:17.0192 4432 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:12:17.0196 4432 defragsvc - ok
18:12:17.0238 4432 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:12:17.0240 4432 DfsC - ok
18:12:17.0289 4432 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:12:17.0293 4432 Dhcp - ok
18:12:17.0372 4432 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:12:17.0373 4432 discache - ok
18:12:17.0410 4432 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:12:17.0412 4432 Disk - ok
18:12:17.0890 4432 [ ECDA7D5B479F6C38C9D3D74868CB6401 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
18:12:18.0132 4432 DisplayLinkService - ok
18:12:18.0196 4432 [ 64FF7EAA324702E824AFFD24D4B33412 ] DisplayLinkUsbPort C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys
18:12:18.0198 4432 DisplayLinkUsbPort - ok
18:12:18.0247 4432 [ B32C082B4BD254BFA2441F357636BC3A ] DLCopyFilter C:\Windows\system32\Drivers\wsr_tbf.sys
18:12:18.0249 4432 DLCopyFilter - ok
18:12:18.0282 4432 [ B77DE8ECE8C423CC2DE0812FEB13BF5E ] dlkmd C:\Windows\system32\drivers\dlkmd.sys
18:12:18.0285 4432 dlkmd - ok
18:12:18.0304 4432 [ 389FB1D69A1B0E2403327590BF50084B ] dlkmdldr C:\Windows\system32\drivers\dlkmdldr.sys
18:12:18.0305 4432 dlkmdldr - ok
18:12:18.0338 4432 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:12:18.0341 4432 Dnscache - ok
18:12:18.0408 4432 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:12:18.0418 4432 dot3svc - ok
18:12:18.0460 4432 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
18:12:18.0464 4432 Dot4 - ok
18:12:18.0538 4432 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:12:18.0539 4432 Dot4Print - ok
18:12:18.0588 4432 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
18:12:18.0590 4432 dot4usb - ok
18:12:18.0651 4432 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:12:18.0670 4432 DPS - ok
18:12:18.0754 4432 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:12:18.0767 4432 drmkaud - ok
18:12:18.0812 4432 [ 0040A0132AAC1004E50055F8FBB14C08 ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
18:12:18.0813 4432 dsNcAdpt - ok
18:12:19.0198 4432 [ CE235D0AF501D4A622B0B8CFE7963B32 ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
18:12:19.0210 4432 dsNcService - ok
18:12:19.0300 4432 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:12:19.0317 4432 DXGKrnl - ok
18:12:19.0360 4432 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:12:19.0376 4432 EapHost - ok
18:12:19.0473 4432 [ EC7819B90EE202BDC5A5059CF6CB6FAA ] EASEUS Agent C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
18:12:19.0475 4432 EASEUS Agent - ok
18:12:19.0810 4432 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:12:19.0910 4432 ebdrv - ok
18:12:19.0961 4432 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:12:19.0972 4432 EFS - ok
18:12:20.0142 4432 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:12:20.0156 4432 ehRecvr - ok
18:12:20.0215 4432 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:12:20.0222 4432 ehSched - ok
18:12:20.0264 4432 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:12:20.0272 4432 elxstor - ok
18:12:20.0286 4432 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:12:20.0287 4432 ErrDev - ok
18:12:20.0361 4432 [ 09A6390583C629532407CA7AF026FF91 ] EUBAKUP C:\Windows\system32\drivers\eubakup.sys
18:12:20.0362 4432 EUBAKUP - ok
18:12:20.0406 4432 [ 29F22C20748E3696AF0D57DC71CC6A10 ] EUBKMON C:\Windows\system32\drivers\EUBKMON.sys
18:12:20.0407 4432 EUBKMON - ok
18:12:20.0470 4432 [ 97CD68DB973DE9C17BE205DD2DE21563 ] EUDISK C:\Windows\system32\drivers\eudisk.sys
18:12:20.0484 4432 EUDISK - ok
18:12:20.0505 4432 [ 449070112444B188CF755ADD0627CD00 ] EUDSKACS C:\Windows\system32\drivers\eudskacs.sys
18:12:20.0506 4432 EUDSKACS - ok
18:12:20.0514 4432 [ 6791502D2E6CB3CA67E43FE003E29E0A ] EUFS C:\Windows\system32\drivers\eufs.sys
18:12:20.0515 4432 EUFS - ok
18:12:20.0553 4432 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:12:20.0558 4432 EventSystem - ok
18:12:20.0610 4432 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:12:20.0613 4432 exfat - ok
18:12:20.0640 4432 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:12:20.0643 4432 fastfat - ok
18:12:20.0854 4432 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:12:20.0865 4432 Fax - ok
18:12:20.0902 4432 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:12:20.0903 4432 fdc - ok
18:12:20.0922 4432 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:12:20.0923 4432 fdPHost - ok
18:12:20.0963 4432 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:12:20.0972 4432 FDResPub - ok
18:12:21.0010 4432 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:12:21.0013 4432 FileInfo - ok
18:12:21.0031 4432 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:12:21.0033 4432 Filetrace - ok
18:12:21.0077 4432 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:12:21.0095 4432 flpydisk - ok
18:12:21.0141 4432 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:12:21.0145 4432 FltMgr - ok
18:12:21.0392 4432 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:12:21.0434 4432 FontCache - ok
18:12:21.0520 4432 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:12:21.0523 4432 FontCache3.0.0.0 - ok
18:12:21.0554 4432 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:12:21.0566 4432 FsDepends - ok
18:12:21.0603 4432 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
18:12:21.0604 4432 fssfltr - ok
18:12:21.0845 4432 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:12:21.0887 4432 fsssvc - ok
18:12:21.0911 4432 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:12:21.0912 4432 Fs_Rec - ok
18:12:21.0955 4432 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:12:21.0958 4432 fvevol - ok
18:12:21.0986 4432 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:12:21.0987 4432 gagp30kx - ok
18:12:22.0089 4432 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:12:22.0094 4432 GamesAppService - ok
18:12:22.0166 4432 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:12:22.0168 4432 GEARAspiWDM - ok
18:12:22.0242 4432 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:12:22.0255 4432 gpsvc - ok
18:12:22.0311 4432 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:12:22.0312 4432 gupdate - ok
18:12:22.0345 4432 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:12:22.0347 4432 gupdatem - ok
18:12:22.0407 4432 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:12:22.0410 4432 gusvc - ok
18:12:22.0447 4432 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:12:22.0458 4432 hcw85cir - ok
18:12:22.0506 4432 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:12:22.0512 4432 HdAudAddService - ok
18:12:22.0546 4432 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:12:22.0548 4432 HDAudBus - ok
18:12:22.0575 4432 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:12:22.0583 4432 HECIx64 - ok
18:12:22.0616 4432 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:12:22.0627 4432 HidBatt - ok
18:12:22.0642 4432 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:12:22.0646 4432 HidBth - ok
18:12:22.0703 4432 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:12:22.0705 4432 HidIr - ok
18:12:22.0773 4432 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:12:22.0779 4432 hidserv - ok
18:12:22.0841 4432 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:12:22.0842 4432 HidUsb - ok
18:12:22.0887 4432 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:12:22.0902 4432 hkmsvc - ok
18:12:22.0923 4432 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:12:22.0927 4432 HomeGroupListener - ok
18:12:22.0985 4432 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:12:22.0990 4432 HomeGroupProvider - ok
18:12:23.0170 4432 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:12:23.0190 4432 hpqcxs08 - ok
18:12:23.0261 4432 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:12:23.0277 4432 hpqddsvc - ok
18:12:23.0402 4432 [ CC518F83732860997C3FAF56D15627A7 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
18:12:23.0417 4432 hpqwmiex - ok
18:12:23.0463 4432 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:12:23.0466 4432 HpSAMD - ok
18:12:23.0558 4432 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
18:12:23.0601 4432 HPSLPSVC - ok
18:12:23.0670 4432 [ B6492D01712A22FF3FEA25A999DBD321 ] HPWMISVC C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
18:12:23.0706 4432 HPWMISVC - ok
18:12:23.0765 4432 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:12:23.0774 4432 HTTP - ok
18:12:23.0818 4432 [ 8F2F54B751E3B1774F16DB8F4BA236E5 ] hwa C:\Windows\system32\DRIVERS\WSR_HWA.SYS
18:12:23.0829 4432 hwa - ok
18:12:23.0871 4432 [ A93DE149E77EAC1B9649F0B3B35787FD ] HWARadio C:\Windows\system32\DRIVERS\WSR_RCI.SYS
18:12:23.0894 4432 HWARadio - ok
18:12:23.0933 4432 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:12:23.0934 4432 hwpolicy - ok
18:12:24.0018 4432 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:12:24.0021 4432 i8042prt - ok
18:12:24.0079 4432 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:12:24.0082 4432 iaStor - ok
18:12:24.0147 4432 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:12:24.0152 4432 iaStorV - ok
18:12:24.0273 4432 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:12:24.0289 4432 idsvc - ok
18:12:24.0914 4432 [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:12:25.0348 4432 igfx - ok
18:12:25.0380 4432 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:12:25.0399 4432 iirsp - ok
18:12:25.0445 4432 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:12:25.0466 4432 IKEEXT - ok
18:12:25.0507 4432 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
18:12:25.0510 4432 Impcd - ok
18:12:25.0793 4432 [ D311E2DD59A34079D89C249B2A4D9FDB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:12:25.0822 4432 IntcAzAudAddService - ok
18:12:25.0893 4432 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
18:12:25.0897 4432 IntcDAud - ok
18:12:25.0915 4432 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:12:25.0918 4432 intelide - ok
18:12:26.0039 4432 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:12:26.0058 4432 intelppm - ok
18:12:26.0091 4432 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:12:26.0094 4432 IPBusEnum - ok
18:12:26.0149 4432 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:12:26.0158 4432 IpFilterDriver - ok
18:12:26.0209 4432 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:12:26.0220 4432 iphlpsvc - ok
18:12:26.0239 4432 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:12:26.0241 4432 IPMIDRV - ok
18:12:26.0271 4432 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:12:26.0288 4432 IPNAT - ok
18:12:26.0519 4432 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:12:26.0536 4432 iPod Service - ok
18:12:26.0558 4432 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:12:26.0560 4432 IRENUM - ok
18:12:26.0600 4432 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:12:26.0617 4432 isapnp - ok
18:12:26.0664 4432 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:12:26.0667 4432 iScsiPrt - ok
18:12:26.0713 4432 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:12:26.0714 4432 kbdclass - ok
18:12:26.0734 4432 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:12:26.0743 4432 kbdhid - ok
18:12:26.0794 4432 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:12:26.0797 4432 KeyIso - ok
18:12:26.0859 4432 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:12:26.0874 4432 KSecDD - ok
18:12:26.0951 4432 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:12:26.0971 4432 KSecPkg - ok
18:12:27.0019 4432 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:12:27.0020 4432 ksthunk - ok
18:12:27.0092 4432 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:12:27.0117 4432 KtmRm - ok
18:12:27.0241 4432 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:12:27.0249 4432 LanmanServer - ok
18:12:27.0305 4432 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:12:27.0311 4432 LanmanWorkstation - ok
18:12:27.0488 4432 [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:12:27.0515 4432 LBTServ - ok
18:12:27.0627 4432 [ 00BA093A3F316D43A4C3E098A96AE912 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
18:12:27.0629 4432 LEqdUsb - ok
18:12:27.0690 4432 [ 3067CFAD2BAA4A208130CD0AFB130BC9 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
18:12:27.0699 4432 LHidEqd - ok
18:12:27.0792 4432 [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:12:27.0800 4432 LHidFilt - ok
18:12:27.0995 4432 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
18:12:28.0002 4432 LightScribeService - ok
18:12:28.0062 4432 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:12:28.0076 4432 lltdio - ok
18:12:28.0176 4432 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:12:28.0189 4432 lltdsvc - ok
18:12:28.0237 4432 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:12:28.0251 4432 lmhosts - ok
18:12:28.0314 4432 [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:12:28.0333 4432 LMouFilt - ok
18:12:28.0729 4432 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:12:28.0732 4432 LMS - ok
18:12:28.0883 4432 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:12:28.0885 4432 LSI_FC - ok
18:12:28.0925 4432 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:12:28.0927 4432 LSI_SAS - ok
18:12:28.0956 4432 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:12:28.0965 4432 LSI_SAS2 - ok
18:12:29.0072 4432 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:12:29.0123 4432 LSI_SCSI - ok
18:12:29.0181 4432 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:12:29.0237 4432 luafv - ok
18:12:29.0346 4432 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
18:12:29.0421 4432 mcdbus - ok
18:12:29.0500 4432 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:12:29.0512 4432 Mcx2Svc - ok
18:12:29.0549 4432 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:12:29.0587 4432 megasas - ok
18:12:29.0704 4432 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:12:29.0775 4432 MegaSR - ok
18:12:30.0096 4432 Microsoft SharePoint Workspace Audit Service - ok
18:12:30.0162 4432 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:12:30.0177 4432 MMCSS - ok
18:12:30.0266 4432 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:12:30.0279 4432 Modem - ok
18:12:30.0425 4432 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:12:30.0426 4432 monitor - ok
18:12:30.0518 4432 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:12:30.0520 4432 mouclass - ok
18:12:30.0612 4432 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:12:30.0645 4432 mouhid - ok
18:12:30.0791 4432 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:12:30.0820 4432 mountmgr - ok
18:12:30.0956 4432 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:12:30.0958 4432 MozillaMaintenance - ok
18:12:31.0105 4432 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:12:31.0108 4432 MpFilter - ok
18:12:31.0190 4432 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:12:31.0193 4432 mpio - ok
18:12:31.0272 4432 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:12:31.0274 4432 mpsdrv - ok
18:12:31.0344 4432 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:12:31.0355 4432 MpsSvc - ok
18:12:31.0454 4432 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:12:31.0464 4432 MRxDAV - ok
18:12:31.0613 4432 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:12:31.0865 4432 mrxsmb - ok
18:12:32.0076 4432 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:12:32.0080 4432 mrxsmb10 - ok
18:12:32.0129 4432 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:12:32.0141 4432 mrxsmb20 - ok
18:12:32.0179 4432 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:12:32.0214 4432 msahci - ok
18:12:32.0251 4432 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:12:32.0270 4432 msdsm - ok
18:12:32.0348 4432 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:12:32.0369 4432 MSDTC - ok
18:12:32.0443 4432 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:12:32.0476 4432 Msfs - ok
18:12:32.0548 4432 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:12:32.0559 4432 mshidkmdf - ok
18:12:32.0610 4432 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:12:32.0624 4432 msisadrv - ok
18:12:32.0741 4432 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:12:32.0745 4432 MSiSCSI - ok
18:12:32.0749 4432 msiserver - ok
18:12:32.0782 4432 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:12:32.0794 4432 MSKSSRV - ok
18:12:32.0893 4432 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:12:32.0894 4432 MsMpSvc - ok
18:12:32.0938 4432 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:12:32.0939 4432 MSPCLOCK - ok
18:12:32.0974 4432 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:12:32.0975 4432 MSPQM - ok
18:12:33.0075 4432 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:12:33.0080 4432 MsRPC - ok
18:12:33.0147 4432 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:12:33.0153 4432 mssmbios - ok
18:12:33.0354 4432 MSSQL$INFLOWSQL - ok
18:12:33.0463 4432 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
18:12:33.0464 4432 MSSQLServerADHelper - ok
18:12:33.0526 4432 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:12:33.0552 4432 MSTEE - ok
18:12:33.0580 4432 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:12:33.0584 4432 MTConfig - ok
18:12:33.0619 4432 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:12:33.0640 4432 Mup - ok
18:12:33.0756 4432 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:12:33.0781 4432 napagent - ok
18:12:33.0865 4432 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:12:33.0873 4432 NativeWifiP - ok
18:12:34.0032 4432 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:12:34.0043 4432 NDIS - ok
18:12:34.0106 4432 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:12:34.0119 4432 NdisCap - ok
18:12:34.0165 4432 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:12:34.0175 4432 NdisTapi - ok
18:12:34.0232 4432 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:12:34.0252 4432 Ndisuio - ok
18:12:34.0306 4432 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:12:34.0315 4432 NdisWan - ok
18:12:34.0366 4432 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:12:34.0368 4432 NDProxy - ok
18:12:34.0428 4432 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:12:34.0429 4432 Net Driver HPZ12 - ok
18:12:34.0483 4432 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:12:34.0488 4432 NetBIOS - ok
18:12:34.0546 4432 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:12:34.0555 4432 NetBT - ok
18:12:34.0586 4432 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:12:34.0595 4432 Netlogon - ok
18:12:34.0694 4432 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:12:34.0710 4432 Netman - ok
18:12:34.0803 4432 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:12:34.0822 4432 netprofm - ok
18:12:34.0875 4432 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:12:34.0883 4432 NetTcpPortSharing - ok
18:12:35.0227 4432 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
18:12:35.0927 4432 netw5v64 - ok
18:12:35.0968 4432 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:12:35.0970 4432 nfrd960 - ok
18:12:36.0047 4432 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:12:36.0057 4432 NisDrv - ok
18:12:36.0090 4432 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
18:12:36.0094 4432 NisSrv - ok
18:12:36.0155 4432 [ 3FF685CB7185D613D8317A7F17C97BA8 ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
18:12:36.0158 4432 NitroReaderDriverReadSpool2 - ok
18:12:36.0201 4432 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:12:36.0208 4432 NlaSvc - ok
18:12:36.0230 4432 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:12:36.0231 4432 Npfs - ok
18:12:36.0258 4432 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:12:36.0260 4432 nsi - ok
18:12:36.0267 4432 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:12:36.0267 4432 nsiproxy - ok
18:12:36.0416 4432 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:12:36.0435 4432 Ntfs - ok
18:12:36.0444 4432 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:12:36.0445 4432 Null - ok
18:12:36.0483 4432 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:12:36.0493 4432 nvraid - ok
18:12:36.0511 4432 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:12:36.0513 4432 nvstor - ok
18:12:36.0529 4432 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:12:36.0531 4432 nv_agp - ok
18:12:36.0546 4432 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:12:36.0547 4432 ohci1394 - ok
18:12:36.0593 4432 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:12:36.0596 4432 ose - ok
18:12:36.0761 4432 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:12:36.0942 4432 osppsvc - ok
18:12:37.0044 4432 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:12:37.0057 4432 p2pimsvc - ok
18:12:37.0125 4432 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:12:37.0135 4432 p2psvc - ok
18:12:37.0161 4432 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:12:37.0175 4432 Parport - ok
18:12:37.0203 4432 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:12:37.0215 4432 partmgr - ok
18:12:37.0267 4432 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:12:37.0271 4432 PcaSvc - ok
18:12:37.0359 4432 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:12:37.0362 4432 pci - ok
18:12:37.0390 4432 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:12:37.0403 4432 pciide - ok
18:12:37.0469 4432 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:12:37.0511 4432 pcmcia - ok
18:12:37.0541 4432 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:12:37.0556 4432 pcw - ok
18:12:37.0634 4432 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:12:37.0647 4432 PEAUTH - ok
18:12:37.0850 4432 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:12:37.0861 4432 PerfHost - ok
18:12:37.0941 4432 [ BD24E98E6546ADF6A31A41485483EB6C ] Pharos Systems ComTaskMaster C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
18:12:37.0945 4432 Pharos Systems ComTaskMaster - ok
18:12:38.0889 4432 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:12:38.0962 4432 pla - ok
18:12:39.0038 4432 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:12:39.0047 4432 PlugPlay - ok
18:12:39.0536 4432 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:12:39.0599 4432 Pml Driver HPZ12 - ok
18:12:39.0740 4432 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:12:39.0743 4432 PNRPAutoReg - ok
18:12:39.0811 4432 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:12:39.0817 4432 PNRPsvc - ok
18:12:39.0977 4432 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:12:39.0984 4432 PolicyAgent - ok
18:12:40.0109 4432 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:12:40.0117 4432 Power - ok
18:12:40.0201 4432 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:12:40.0204 4432 PptpMiniport - ok
18:12:40.0280 4432 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:12:40.0282 4432 Processor - ok
18:12:40.0387 4432 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:12:40.0391 4432 ProfSvc - ok
18:12:40.0412 4432 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:12:40.0413 4432 ProtectedStorage - ok
18:12:40.0483 4432 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:12:40.0484 4432 Psched - ok
18:12:40.0961 4432 [ 838E03C9DA764467EDD9B99D1EFB809C ] PSMounter C:\Windows\system32\drivers\psmounter.sys
18:12:41.0110 4432 PSMounter - ok
18:12:41.0260 4432 [ F428CB5ECB3F2CC77E13764B34A0871A ] PSVolAcc C:\Windows\system32\drivers\PSVolAcc.sys
18:12:41.0262 4432 PSVolAcc - ok
18:12:41.0577 4432 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:12:41.0614 4432 ql2300 - ok
18:12:41.0647 4432 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:12:41.0650 4432 ql40xx - ok
18:12:41.0725 4432 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:12:41.0732 4432 QWAVE - ok
18:12:41.0766 4432 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:12:41.0768 4432 QWAVEdrv - ok
18:12:41.0821 4432 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:12:41.0828 4432 RasAcd - ok
18:12:41.0853 4432 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:12:41.0855 4432 RasAgileVpn - ok
18:12:41.0863 4432 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:12:41.0866 4432 RasAuto - ok
18:12:41.0892 4432 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:12:41.0895 4432 Rasl2tp - ok
18:12:41.0929 4432 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:12:41.0935 4432 RasMan - ok
18:12:41.0948 4432 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:12:41.0950 4432 RasPppoe - ok
18:12:41.0966 4432 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:12:41.0974 4432 RasSstp - ok
18:12:42.0116 4432 [ 96597C96D5ACF4A3EF0B24D396853879 ] rcmirror C:\Windows\system32\DRIVERS\rcmirror.sys
18:12:42.0117 4432 rcmirror - ok
18:12:42.0177 4432 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:12:42.0181 4432 rdbss - ok
18:12:42.0197 4432 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:12:42.0198 4432 rdpbus - ok
18:12:42.0233 4432 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:12:42.0243 4432 RDPCDD - ok
18:12:42.0258 4432 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:12:42.0258 4432 RDPENCDD - ok
18:12:42.0276 4432 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:12:42.0277 4432 RDPREFMP - ok
18:12:42.0355 4432 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:12:42.0358 4432 RDPWD - ok
18:12:42.0449 4432 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:12:42.0454 4432 rdyboost - ok
18:12:42.0547 4432 [ BE9861E1A18E01C38338FEACD75C5EAD ] ReflectService C:\Program Files\Macrium\Reflect\ReflectService.exe
18:12:42.0553 4432 ReflectService - ok
18:12:42.0607 4432 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:12:42.0613 4432 RemoteAccess - ok
18:12:42.0836 4432 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:12:42.0856 4432 RemoteRegistry - ok
18:12:43.0054 4432 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:12:43.0058 4432 RichVideo - ok
18:12:43.0154 4432 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
18:12:43.0188 4432 RimUsb - ok
18:12:43.0246 4432 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
18:12:43.0247 4432 RimVSerPort - ok
18:12:43.0304 4432 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
18:12:43.0327 4432 ROOTMODEM - ok
18:12:43.0380 4432 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:12:43.0383 4432 RpcEptMapper - ok
18:12:43.0409 4432 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:12:43.0420 4432 RpcLocator - ok
18:12:43.0554 4432 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:12:43.0558 4432 RpcSs - ok
18:12:43.0586 4432 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:12:43.0588 4432 rspndr - ok
18:12:43.0719 4432 [ 483DF0B58CA532E5240E59DC41F30AA2 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
18:12:43.0722 4432 RSUSBSTOR - ok
18:12:43.0772 4432 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:12:43.0779 4432 RTL8167 - ok
18:12:43.0873 4432 [ CE594045B2969F5FC3F77B824629AC7F ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
18:12:43.0887 4432 rtl8192se - ok
18:12:43.0931 4432 [ 4EA7E5DF0CB237156176FA0349E6E87F ] RtVOsdService C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
18:12:43.0934 4432 RtVOsdService - ok
18:12:43.0945 4432 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:12:43.0947 4432 SamSs - ok
18:12:44.0020 4432 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:12:44.0026 4432 SASDIFSV - ok
18:12:44.0056 4432 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:12:44.0057 4432 SASKUTIL - ok
18:12:44.0087 4432 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:12:44.0091 4432 sbp2port - ok
18:12:44.0120 4432 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:12:44.0124 4432 SCardSvr - ok
18:12:44.0156 4432 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:12:44.0158 4432 scfilter - ok
18:12:44.0273 4432 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:12:44.0292 4432 Schedule - ok
18:12:44.0320 4432 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:12:44.0321 4432 SCPolicySvc - ok
18:12:44.0390 4432 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
18:12:44.0412 4432 sdbus - ok
18:12:44.0748 4432 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:12:44.0781 4432 SDRSVC - ok
18:12:44.0826 4432 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:12:44.0836 4432 secdrv - ok
18:12:44.0869 4432 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:12:44.0879 4432 seclogon - ok
18:12:44.0948 4432 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:12:44.0950 4432 SENS - ok
18:12:44.0966 4432 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:12:44.0968 4432 SensrSvc - ok
18:12:44.0984 4432 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:12:44.0985 4432 Serenum - ok
18:12:45.0005 4432 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:12:45.0007 4432 Serial - ok
18:12:45.0046 4432 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:12:45.0049 4432 sermouse - ok
18:12:45.0104 4432 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:12:45.0119 4432 SessionEnv - ok
18:12:45.0142 4432 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:12:45.0163 4432 sffdisk - ok
18:12:45.0199 4432 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:12:45.0227 4432 sffp_mmc - ok
18:12:45.0253 4432 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:12:45.0267 4432 sffp_sd - ok
18:12:45.0298 4432 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:12:45.0300 4432 sfloppy - ok
18:12:45.0569 4432 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:12:45.0591 4432 SharedAccess - ok
18:12:45.0665 4432 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:12:45.0685 4432 ShellHWDetection - ok
18:12:45.0717 4432 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:12:45.0719 4432 SiSRaid2 - ok
18:12:45.0778 4432 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:12:45.0780 4432 SiSRaid4 - ok
18:12:45.0974 4432 Skype C2C Service - ok
18:12:46.0052 4432 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:12:46.0074 4432 SkypeUpdate - ok
18:12:46.0116 4432 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:12:46.0119 4432 Smb - ok
18:12:46.0160 4432 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:12:46.0164 4432 SNMPTRAP - ok
18:12:46.0181 4432 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:12:46.0183 4432 spldr - ok
18:12:46.0419 4432 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:12:46.0445 4432 Spooler - ok
18:12:46.0862 4432 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:12:46.0934 4432 sppsvc - ok
18:12:46.0985 4432 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:12:46.0990 4432 sppuinotify - ok
18:12:47.0050 4432 sprtsvc_verizondm - ok
18:12:47.0374 4432 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
18:12:47.0384 4432 SQLBrowser - ok
18:12:47.0448 4432 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:12:47.0474 4432 SQLWriter - ok
18:12:47.0585 4432 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:12:47.0608 4432 srv - ok
18:12:47.0640 4432 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:12:47.0648 4432 srv2 - ok
18:12:47.0837 4432 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:12:47.0844 4432 SrvHsfHDA - ok
18:12:47.0933 4432 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:12:47.0956 4432 SrvHsfV92 - ok
18:12:48.0038 4432 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:12:48.0070 4432 SrvHsfWinac - ok
18:12:48.0134 4432 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:12:48.0137 4432 srvnet - ok
18:12:48.0204 4432 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:12:48.0228 4432 SSDPSRV - ok
18:12:48.0252 4432 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:12:48.0254 4432 SstpSvc - ok
18:12:48.0323 4432 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:12:48.0342 4432 stexstor - ok
18:12:48.0429 4432 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
18:12:48.0446 4432 StillCam - ok
18:12:48.0510 4432 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:12:48.0519 4432 stisvc - ok
18:12:48.0560 4432 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:12:48.0561 4432 swenum - ok
18:12:48.0619 4432 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:12:48.0630 4432 swprv - ok
18:12:48.0868 4432 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:12:48.0876 4432 SynTP - ok
18:12:49.0332 4432 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:12:49.0403 4432 SysMain - ok
18:12:49.0457 4432 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:12:49.0468 4432 TabletInputService - ok
18:12:49.0511 4432 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:12:49.0519 4432 TapiSrv - ok
18:12:49.0544 4432 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:12:49.0548 4432 TBS - ok
18:12:49.0664 4432 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:12:49.0685 4432 Tcpip - ok
18:12:49.0712 4432 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:12:49.0724 4432 TCPIP6 - ok
18:12:49.0767 4432 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:12:49.0768 4432 tcpipreg - ok
18:12:49.0795 4432 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:12:49.0796 4432 TDPIPE - ok
18:12:49.0827 4432 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:12:49.0829 4432 TDTCP - ok
18:12:49.0860 4432 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:12:49.0862 4432 tdx - ok
18:12:50.0625 4432 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
18:12:50.0854 4432 TeamViewer7 - ok
18:12:50.0944 4432 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:12:50.0946 4432 TermDD - ok
18:12:51.0005 4432 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:12:51.0014 4432 TermService - ok
18:12:51.0030 4432 tgsrvc_verizondm - ok
18:12:51.0067 4432 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:12:51.0070 4432 Themes - ok
18:12:51.0146 4432 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:12:51.0161 4432 THREADORDER - ok
18:12:51.0184 4432 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:12:51.0187 4432 TrkWks - ok
18:12:51.0291 4432 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:12:51.0293 4432 TrustedInstaller - ok
18:12:51.0336 4432 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:12:51.0337 4432 tssecsrv - ok
18:12:51.0368 4432 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:12:51.0370 4432 TsUsbFlt - ok
18:12:51.0436 4432 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:12:51.0439 4432 tunnel - ok
18:12:51.0459 4432 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:12:51.0461 4432 uagp35 - ok
18:12:51.0511 4432 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:12:51.0516 4432 udfs - ok
18:12:51.0586 4432 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:12:51.0590 4432 UI0Detect - ok
18:12:51.0609 4432 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:12:51.0610 4432 uliagpkx - ok
18:12:51.0660 4432 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:12:51.0665 4432 umbus - ok
18:12:51.0699 4432 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:12:51.0700 4432 UmPass - ok
18:12:51.0894 4432 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:12:51.0919 4432 UNS - ok
18:12:51.0953 4432 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:12:51.0967 4432 upnphost - ok
18:12:51.0999 4432 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:12:52.0000 4432 USBAAPL64 - ok
18:12:52.0064 4432 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:12:52.0065 4432 usbaudio - ok
18:12:52.0091 4432 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:12:52.0093 4432 usbccgp - ok
18:12:52.0111 4432 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:12:52.0113 4432 usbcir - ok
18:12:52.0145 4432 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:12:52.0147 4432 usbehci - ok
18:12:52.0186 4432 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:12:52.0191 4432 usbhub - ok
18:12:52.0214 4432 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:12:52.0215 4432 usbohci - ok
18:12:52.0239 4432 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:12:52.0241 4432 usbprint - ok
18:12:52.0258 4432 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:12:52.0260 4432 usbscan - ok
18:12:52.0275 4432 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:12:52.0294 4432 USBSTOR - ok
18:12:52.0326 4432 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:12:52.0328 4432 usbuhci - ok
18:12:52.0358 4432 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
18:12:52.0362 4432 usbvideo - ok
18:12:52.0388 4432 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:12:52.0391 4432 UxSms - ok
18:12:52.0404 4432 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:12:52.0412 4432 VaultSvc - ok
18:12:52.0434 4432 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:12:52.0440 4432 vdrvroot - ok
18:12:52.0490 4432 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:12:52.0498 4432 vds - ok
18:12:52.0549 4432 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:12:52.0551 4432 vga - ok
18:12:52.0575 4432 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:12:52.0576 4432 VgaSave - ok
18:12:52.0634 4432 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:12:52.0657 4432 vhdmp - ok
18:12:52.0736 4432 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:12:52.0738 4432 viaide - ok
18:12:52.0766 4432 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:12:52.0769 4432 volmgr - ok
18:12:52.0916 4432 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:12:52.0937 4432 volmgrx - ok
18:12:53.0040 4432 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:12:53.0044 4432 volsnap - ok
18:12:53.0100 4432 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:12:53.0102 4432 vsmraid - ok
18:12:53.0231 4432 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:12:53.0251 4432 VSS - ok
18:12:53.0287 4432 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:12:53.0301 4432 vwifibus - ok
18:12:53.0326 4432 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:12:53.0328 4432 vwififlt - ok
18:12:53.0365 4432 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
18:12:53.0366 4432 vwifimp - ok
18:12:53.0407 4432 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:12:53.0413 4432 W32Time - ok
18:12:53.0475 4432 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:12:53.0476 4432 WacomPen - ok
18:12:53.0513 4432 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:12:53.0515 4432 WANARP - ok
18:12:53.0560 4432 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:12:53.0561 4432 Wanarpv6 - ok
18:12:53.0637 4432 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:12:53.0652 4432 WatAdminSvc - ok
18:12:53.0712 4432 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:12:53.0747 4432 wbengine - ok
18:12:53.0815 4432 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:12:53.0819 4432 WbioSrvc - ok
18:12:53.0858 4432 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:12:53.0865 4432 wcncsvc - ok
18:12:53.0892 4432 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:12:53.0902 4432 WcsPlugInService - ok
18:12:53.0951 4432 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:12:53.0965 4432 Wd - ok
18:12:54.0107 4432 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:12:54.0152 4432 Wdf01000 - ok
18:12:54.0168 4432 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:12:54.0171 4432 WdiServiceHost - ok
18:12:54.0178 4432 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:12:54.0181 4432 WdiSystemHost - ok
18:12:54.0221 4432 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:12:54.0241 4432 WebClient - ok
18:12:54.0273 4432 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:12:54.0282 4432 Wecsvc - ok
18:12:54.0301 4432 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:12:54.0304 4432 wercplsupport - ok
18:12:54.0331 4432 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:12:54.0334 4432 WerSvc - ok
18:12:54.0367 4432 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:12:54.0369 4432 WfpLwf - ok
18:12:54.0394 4432 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:12:54.0395 4432 WIMMount - ok
18:12:54.0439 4432 WinDefend - ok
18:12:54.0449 4432 WinHttpAutoProxySvc - ok
18:12:54.0557 4432 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:12:54.0560 4432 Winmgmt - ok
18:12:54.0753 4432 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:12:54.0784 4432 WinRM - ok
18:12:54.0852 4432 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:12:54.0854 4432 WinUsb - ok
18:12:54.0885 4432 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:12:54.0903 4432 Wlansvc - ok
18:12:54.0949 4432 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:12:54.0951 4432 wlcrasvc - ok
18:12:55.0102 4432 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:12:55.0128 4432 wlidsvc - ok
18:12:55.0200 4432 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:12:55.0202 4432 WmiAcpi - ok
18:12:55.0290 4432 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:12:55.0321 4432 wmiApSrv - ok
18:12:55.0401 4432 WMPNetworkSvc - ok
18:12:55.0428 4432 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:12:55.0433 4432 WPCSvc - ok
18:12:55.0471 4432 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:12:55.0475 4432 WPDBusEnum - ok
18:12:55.0499 4432 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:12:55.0500 4432 ws2ifsl - ok
18:12:55.0526 4432 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:12:55.0530 4432 wscsvc - ok
18:12:55.0571 4432 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
18:12:55.0573 4432 WSDPrintDevice - ok
18:12:55.0577 4432 WSearch - ok
18:12:55.0728 4432 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:12:55.0757 4432 wuauserv - ok
18:12:55.0789 4432 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:12:55.0791 4432 WudfPf - ok
18:12:55.0808 4432 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:12:55.0811 4432 WUDFRd - ok
18:12:55.0853 4432 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:12:55.0865 4432 wudfsvc - ok
18:12:55.0910 4432 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:12:55.0915 4432 WwanSvc - ok
18:12:55.0958 4432 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
18:12:55.0964 4432 yukonw7 - ok
18:12:56.0038 4432 ================ Scan global ===============================
18:12:56.0067 4432 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:12:56.0112 4432 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:12:56.0132 4432 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
18:12:56.0155 4432 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:12:56.0178 4432 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:12:56.0183 4432 [Global] - ok
18:12:56.0184 4432 ================ Scan MBR ==================================
18:12:56.0213 4432 [ 30A95EEC7834CCD84883CDD8251E35B3 ] \Device\Harddisk0\DR0
18:12:57.0521 4432 \Device\Harddisk0\DR0 - ok
18:12:57.0526 4432 ================ Scan VBR ==================================
18:12:57.0546 4432 [ 96B610EB9EA2613ACCC0CAF3023AA2C9 ] \Device\Harddisk0\DR0\Partition1
18:12:57.0586 4432 \Device\Harddisk0\DR0\Partition1 - ok
18:12:57.0600 4432 [ 1D2E443AEF181EBF946DF3A239D35FD1 ] \Device\Harddisk0\DR0\Partition2
18:12:57.0612 4432 \Device\Harddisk0\DR0\Partition2 - ok
18:12:57.0678 4432 [ 0C2AF7089DDDCE2DD7EC2C4FBE35FEBB ] \Device\Harddisk0\DR0\Partition3
18:12:57.0681 4432 \Device\Harddisk0\DR0\Partition3 - ok
18:12:57.0748 4432 [ DAA0C4143DD4D0A3CC9582B3BFF4C53F ] \Device\Harddisk0\DR0\Partition4
18:12:57.0782 4432 \Device\Harddisk0\DR0\Partition4 - ok
18:12:57.0783 4432 ============================================================
18:12:57.0783 4432 Scan finished
18:12:57.0783 4432 ============================================================
18:12:57.0800 5000 Detected object count: 0
18:12:57.0800 5000 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-05 18:44:34
-----------------------------
18:44:34.817 OS Version: Windows x64 6.1.7601 Service Pack 1
18:44:34.817 Number of processors: 2 586 0x2502
18:44:34.817 ComputerName: KUNAL-HP UserName: Kunal
18:44:36.970 Initialize success
18:44:49.841 AVAST engine defs: 12100502
18:47:30.631 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:47:30.631 Disk 0 Vendor: Hitachi_ PC3O Size: 305245MB BusType: 3
18:47:30.694 Disk 0 MBR read successfully
18:47:30.694 Disk 0 MBR scan
18:47:30.709 Disk 0 unknown MBR code
18:47:30.725 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:47:30.756 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 290333 MB offset 409600
18:47:30.787 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14608 MB offset 595011584
18:47:30.834 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
18:47:30.959 Disk 0 scanning C:\Windows\system32\drivers
18:47:44.079 Service scanning
18:48:20.427 Modules scanning
18:48:20.442 Disk 0 trace - called modules:
18:48:20.973 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:48:20.988 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003266060]
18:48:20.988 3 CLASSPNP.SYS[fffff8800101743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80030ea050]
18:48:22.158 AVAST engine scan C:\Windows
18:48:26.105 AVAST engine scan C:\Windows\system32
18:52:14.217 AVAST engine scan C:\Windows\system32\drivers
18:52:32.641 AVAST engine scan C:\Users\Kunal
19:26:02.470 AVAST engine scan C:\ProgramData
23:10:21.599 Scan finished successfully
23:13:55.802 Disk 0 MBR has been saved successfully to "C:\Users\Kunal\Desktop\MBR.dat"
23:13:55.812 The log file has been saved successfully to "C:\Users\Kunal\Desktop\aswMBR.txt"

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:02 AM

Posted 05 October 2012 - 10:30 PM

Greetings kunalthechamp

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 kunalthechamp

kunalthechamp
  • Topic Starter

  • Members
  • 186 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:32 PM

Posted 05 October 2012 - 11:28 PM

On startup I still get the pop up: There was a problem starting C:\Users\Kunal\AppData\roaming\opasp.dll. The specified module could not be found
How do I remove this leftover from the virus?

ComboFix was stuck on Stage 4. Shut it and ran the script again. Ran fine and restarted on its own.

The computer seems to be running fine now except for the popup on startup

ComboFix 12-10-04.02 - Kunal 10/06/2012 0:00.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2934.1243 [GMT -4:00]
Running from: c:\users\Kunal\Desktop\ComboFix.exe
Command switches used :: c:\users\Kunal\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kunal\AppData\Local\Temp\_MEI35442\_ctypes.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\_elementtree.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\_hashlib.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\_socket.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\_ssl.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\pyexpat.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\pysqlite2._sqlite.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\python26.dll
c:\users\Kunal\AppData\Local\Temp\_MEI35442\pythoncom26.dll
c:\users\Kunal\AppData\Local\Temp\_MEI35442\pywintypes26.dll
c:\users\Kunal\AppData\Local\Temp\_MEI35442\select.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\unicodedata.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\win32api.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\win32com.shell.shell.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\win32crypt.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\win32event.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\win32file.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\win32inet.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\win32pdh.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\win32process.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\win32security.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\windows._cacheinvalidation.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\wx._controls_.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\wx._core_.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\wx._gdi_.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\wx._html2.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\wx._misc_.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\wx._windows_.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\wx._wizard.pyd
c:\users\Kunal\AppData\Local\Temp\_MEI35442\wxbase293u_net_vc.dll
c:\users\Kunal\AppData\Local\Temp\_MEI35442\wxbase293u_vc.dll
c:\users\Kunal\AppData\Local\Temp\_MEI35442\wxmsw293u_adv_vc.dll
c:\users\Kunal\AppData\Local\Temp\_MEI35442\wxmsw293u_core_vc.dll
c:\users\Kunal\AppData\Local\Temp\_MEI35442\wxmsw293u_html_vc.dll
c:\users\Kunal\AppData\Local\Temp\_MEI35442\wxmsw293u_webview_vc.dll
.
Infected copy of c:\windows\SysWow64\kernel32.dll was found and disinfected
Restored copy from - c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))
.
.
2012-10-06 04:10 . 2012-10-06 04:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-10-06 04:10 . 2012-10-06 04:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-06 04:10 . 2012-10-06 04:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-05 22:14 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3D8A6C66-459A-4558-B159-57D06FD49755}\mpengine.dll
2012-10-05 04:12 . 2012-10-05 04:14 -------- d-----w- c:\users\Kunal\AppData\Roaming\hellomoto
2012-10-04 04:24 . 2012-10-04 04:24 -------- d-----w- c:\users\Kunal\AppData\Local\{62AA1784-0DDB-11E2-8271-B8AC6F996F26}
2012-10-03 03:42 . 2012-10-03 03:41 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C39E7690-4ADC-4EF8-A5B6-C9FBE9680760}\gapaengine.dll
2012-10-03 03:42 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-29 14:21 . 2012-08-24 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-29 14:21 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-29 14:21 . 2012-08-24 10:10 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-29 14:21 . 2012-08-24 07:34 140936 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-09-29 14:21 . 2012-08-24 11:23 174216 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-09-29 14:21 . 2012-08-24 10:17 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-09-29 14:21 . 2012-08-24 06:48 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2012-09-29 14:21 . 2012-08-24 10:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-09-29 14:21 . 2012-08-24 10:04 248320 ----a-w- c:\windows\system32\ieui.dll
2012-09-29 14:21 . 2012-08-24 06:47 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-09-26 15:28 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-20 01:47 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-20 01:46 . 2012-09-20 01:46 -------- d-----w- c:\program files\iPod
2012-09-20 01:46 . 2012-09-20 01:47 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-20 01:46 . 2012-09-20 01:47 -------- d-----w- c:\program files\iTunes
2012-09-20 01:46 . 2012-09-20 01:47 -------- d-----w- c:\program files (x86)\iTunes
2012-09-19 03:54 . 2012-09-19 03:54 -------- d-----w- c:\program files\Common Files\Nitro PDF
2012-09-19 03:53 . 2012-09-19 03:53 -------- d-----w- c:\program files (x86)\Nitro PDF
2012-09-19 03:53 . 2012-09-19 03:53 -------- d-----w- c:\program files (x86)\Common Files\Nitro PDF
2012-09-12 13:03 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 13:03 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 13:03 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 13:03 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 13:03 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 13:03 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 13:03 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-19 22:28 . 2010-09-08 03:22 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-13 05:44 . 2011-06-27 22:46 17936 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-08-31 02:03 . 2012-08-31 02:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 02:03 . 2012-03-21 00:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-27 00:32 . 2010-11-29 08:43 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-08-24 06:51 . 2012-09-29 14:20 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:47 . 2012-09-29 14:21 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-21 17:01 . 2012-08-21 17:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-08-21 17:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-18 18:15 . 2012-08-15 14:31 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-15 02:24 . 2012-07-15 02:25 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-15 02:24 . 2010-09-03 10:18 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-15 02:23 . 2012-07-15 02:23 268784 ----a-w- c:\windows\system32\javaws.exe
2012-07-15 02:23 . 2012-07-15 02:23 189424 ----a-w- c:\windows\system32\javaw.exe
2012-07-15 02:23 . 2012-07-15 02:23 188912 ----a-w- c:\windows\system32\java.exe
2012-07-15 02:23 . 2012-07-15 02:23 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-15 02:23 . 2011-02-25 06:41 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-09 17:42 . 2012-07-09 17:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 17:42 . 2012-07-09 17:42 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-09-28 1715768]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-05 5664640]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-09-06 15668432]
"GoogleChromeAutoLaunch_1FEB80EB15587393F785CCD94AFBEA45"="c:\users\Kunal\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-09-25 1239064]
"Connectify"="c:\program files (x86)\Connectify\Connectify.exe" [2012-08-09 3985768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"EaseUs Watch"="c:\program files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe" [2011-04-22 69000]
"EaseUs Tray"="c:\program files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe" [2011-04-26 733576]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2011-12-01 206120]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\Kunal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft SharePoint Workspace.lnk - c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 136176]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 253088]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.2.23219.0.sys [2010-12-23 17408]
R3 DLCopyFilter;DLCopyFilter;c:\windows\system32\Drivers\wsr_tbf.sys [2010-02-21 51712]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 136176]
R3 hwa;Wireless USB Host Adapter;c:\windows\system32\DRIVERS\WSR_HWA.SYS [2010-03-17 911360]
R3 HWARadio;Wireless USB Host Radio;c:\windows\system32\DRIVERS\WSR_RCI.SYS [2010-03-16 159232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2011-07-01 40600]
R3 PSVolAcc;PSVolAcc; [x]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-07 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2010-01-27 13936]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-04-22 36232]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-04-22 42888]
S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-04-22 26504]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [2012-04-02 31344]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-04-22 17800]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-19 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe [2012-08-09 65536]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2010-01-27 8610664]
S2 EASEUS Agent;EASEUS Agent;c:\program files (x86)\EASEUS\Todo Backup\bin\Agent.exe [2011-04-22 56200]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 MSSQL$INFLOWSQL;SQL Server (INFLOWSQL);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-09-13 229392]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2011-07-01 301720]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-01 206120]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-01 185640]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-08-02 32880]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2010-01-27 185968]
S3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [2011-04-22 193928]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-09-29 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-03-05 271872]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2010-08-24 74320]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2010-08-24 13392]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-09-08 1225832]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 18:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-18 00:58]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 06:18]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 06:18]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-674566640-1698649700-413755185-1001Core.job
- c:\users\Kunal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 06:18]
.
2012-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-674566640-1698649700-413755185-1001UA.job
- c:\users\Kunal\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-19 06:18]
.
2012-09-10 c:\windows\Tasks\HPCeeScheduleForKunal.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-09-06 19:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-09-06 19:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-09-06 19:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-09-06 19:51 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-25 6489704]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"opasp"="c:\users\Kunal\AppData\Roaming\opasp.dll" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{612F6E5C-B314-4bab-93D1-D266AAFBE700} - c:\program files (x86)\Xmlbar\Tudou Downloader\TudouDownloader(xmlbar).exe
TCP: DhcpNameServer = 192.168.1.1
DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://johnhopkinsuniversity-baltimore.remotemanager.co.uk/common/activex/MJPEGRender.ocx
FF - ProfilePath - c:\users\Kunal\AppData\Roaming\Mozilla\Firefox\Profiles\jjgyf69c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-BlueVoda_Website_Builder_1.0 - c:\windows\iun6002.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\06\01\00#\10g"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Connectify\ConnectifyD.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\progra~2\PHAROS~1\Core\CTskMstr.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
**************************************************************************
.
Completion time: 2012-10-06 00:24:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-06 04:23
ComboFix2.txt 2012-10-05 05:16
.
Pre-Run: 89,685,098,496 bytes free
Post-Run: 89,722,134,528 bytes free
.
- - End Of File - - 47B36E7673C925A70466C511426347A8

If I am helping you with a problem and I have not responded within 48 hours please send me a PM.

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users