Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Infection, MSSE won’t run and Windows Security Centre cannot be started.


  • This topic is locked This topic is locked
28 replies to this topic

#1 Drakeplace

Drakeplace

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 16 October 2012 - 06:02 AM

Can you help please. I think that all three problems are related.
I am running a 7 month old 64bit Windows 7 machine. Before going on holiday (early Sept), I uninstalled the trial version of Norton which was due to expire and replaced it with Microsoft Essentials. It seems that I didn’t notice that MSSE didn’t install properly. MSSE reports “installed successfully” but crashes after a few seconds.
The Google Redirect Virus brings up several sites such as “livingsocial”, “dressup enjoygames”, “bts.scour” and “coolsearchnow”, etc, when I click on a search result.
Windows Security Centre reports that it “cannot be started”.
I sometimes receive the following panel when trying to access a legitimate search result:-

Reported Attack Page
Thie web page at 109.206.160.232 has been reported as an attack page and has
been blocked based on your security preferences.
etc

I have tried several malware kill programs on the suggestion of various people before finding this site (TDSSKiller, spybot, SuperantiSpyware, CombFix and Malwarebytes, etc).
IE and Firefox are able to prevent redirects except from Google results links.
Any help would be appreciated.


DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Jeff at 11:17:16 on 2012-10-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6092.4198 [GMT 1:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\ISCTHidMonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\ISCTHidMonitor.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_4_402_287_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = Preserve
mWinlogon: Userinit = C:\Windows\System32\userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Jeff\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{13BF1E52-38DB-45D3-A9DE-4BFF6714938F} : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\gkcfrrjs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2012-07-11 18:42; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-6-9 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-8-18 204288]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-1 1166848]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-10 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-4-25 197504]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-9 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-6-9 2375168]
R2 ISCTAgent;ISCT Always Updated Agent;C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2011-9-6 93696]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-9 2656280]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-8-18 9981952]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-8-18 310272]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2011-8-30 1050016]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-3-8 51712]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-8-9 12289472]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2011-9-6 44992]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-8-5 25496]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-20 56344]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2011-8-4 8604672]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-11 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-11 208896]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-6-9 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-9 539240]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
S2 0152411349967345mcinstcleanup;McAfee Application Installer Cleanup (0152411349967345);C:\Users\Jeff\AppData\Local\Temp\015241~1.EXE -cleanup -nolog --> C:\Users\Jeff\AppData\Local\Temp\015241~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-30 116648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-26 250808]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-30 116648]
S3 HP8107Fltr;HP-HP8107;C:\Windows\System32\drivers\HP8107.sys [2010-2-4 13824]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-8-5 34200]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-11 114144]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-28 340240]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-15 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-10-15 09:36:31 -------- d-----w- C:\Users\Jeff\AppData\Roaming\Malwarebytes
2012-10-15 09:36:19 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-14 17:11:33 -------- d-----w- C:\WINSSLog
2012-10-14 15:49:16 -------- d-----w- C:\Program Files\CCleaner
2012-10-13 21:46:23 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-10-13 21:18:01 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-10-13 21:18:01 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-10-13 21:15:11 -------- d-----w- C:\ProgramData\PC Tools
2012-10-13 21:15:10 -------- d-----w- C:\Users\Jeff\AppData\Roaming\TestApp
2012-10-12 07:18:11 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-12 07:02:00 -------- d-----w- C:\Users\Jeff\AppData\Local\NPE
2012-10-11 19:51:25 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-10-11 15:38:56 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-11 14:57:48 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2012-10-10 05:13:14 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-10 05:13:14 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-10 05:13:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 05:13:11 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 05:13:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 05:13:03 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 05:13:01 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 05:13:00 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 05:13:00 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 05:13:00 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 05:13:00 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 05:13:00 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-05 21:15:59 94208 --sha-r- C:\Windows\SysWow64\vaultclil.dll
2012-09-26 05:50:44 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-23 08:11:59 548864 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2012-09-22 11:36:29 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2012-09-20 20:58:40 -------- d-----r- C:\Program Files (x86)\Skype
2012-09-19 20:58:48 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-19 20:58:48 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-19 20:58:37 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-19 20:58:37 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-19 20:58:31 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-19 20:58:31 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-19 20:58:31 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2012-10-09 13:54:56 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 13:54:56 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-01 08:20:51 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-01 08:20:50 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-01 08:20:50 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 11:17:34.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:55 AM

Posted 16 October 2012 - 09:44 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Drakeplace

Drakeplace
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 17 October 2012 - 02:40 AM

Hi Gringo,
Security Check, AdwCleaner and Roguekiller run as instructed and results pasted below.
Redirects still occurring.


Checkup.txt:-

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 7 Update 7
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



AdwCleaner:-
# AdwCleaner v2.005 - Logfile created 10/17/2012 at 08:18:53
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jeff - JEFF-HP
# Boot Mode : Normal
# Running from : C:\Users\Jeff\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Tarma Installer

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DealScout.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-GB)

Profile name : default
File : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\gkcfrrjs.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4027 octets] - [17/10/2012 08:18:53]

########## EOF - C:\AdwCleaner[S1].txt - [4087 octets] ##########



RogueKiller:

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jeff [Admin rights]
Mode : Remove -- Date : 10/17/2012 08:28:24

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 +++++
--- User ---
[MBR] 57264f9a2e4a247166211c7cf3c66905
[BSP] 54a5c03186f1831040a4b36bc02e0138 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 693979 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1421678592 | Size: 17162 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1456826368 | Size: 4062 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:55 AM

Posted 17 October 2012 - 03:19 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Drakeplace

Drakeplace
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 17 October 2012 - 04:50 AM

Hi Gringo,

ComboFix log is pasted below.
All 50 stages ran without issue.
Redirects are still occuring.

ComboFix 12-10-16.02 - Jeff 17/10/2012 10:17:42.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6092.4461 [GMT 1:00]
Running from: c:\users\Jeff\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2012-09-17 to 2012-10-17 )))))))))))))))))))))))))))))))
.
.
2012-10-17 09:39 . 2012-10-17 09:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-15 09:36 . 2012-10-15 09:36 -------- d-----w- c:\users\Jeff\AppData\Roaming\Malwarebytes
2012-10-15 09:36 . 2012-10-15 09:36 -------- d-----w- c:\programdata\Malwarebytes
2012-10-14 17:11 . 2012-10-14 17:11 -------- d-----w- C:\WINSSLog
2012-10-14 15:49 . 2012-10-14 15:49 -------- d-----w- c:\program files\CCleaner
2012-10-13 21:46 . 2012-10-13 21:56 -------- d-----w- c:\program files (x86)\PC Tools
2012-10-13 21:18 . 2012-10-13 21:56 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-10-13 21:18 . 2012-06-22 14:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-10-13 21:15 . 2012-10-13 21:55 -------- d-----w- c:\programdata\PC Tools
2012-10-13 21:15 . 2012-10-13 21:15 -------- d-----w- c:\users\Jeff\AppData\Roaming\TestApp
2012-10-12 07:02 . 2012-10-12 13:14 -------- d-----w- c:\users\Jeff\AppData\Local\NPE
2012-10-11 19:51 . 2012-10-12 18:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-11 15:38 . 2012-10-11 15:38 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-10-11 14:57 . 2012-10-11 14:57 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-10-10 05:13 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 05:13 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 05:13 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 05:13 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 05:13 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 05:13 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 05:13 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 05:13 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 05:13 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 05:13 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 05:13 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 05:13 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-05 21:15 . 2012-10-05 21:15 94208 --sha-r- c:\windows\SysWow64\vaultclil.dll
2012-09-26 05:50 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-23 08:11 . 2012-08-24 10:17 548864 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-09-22 11:36 . 2012-09-22 11:36 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-09-20 20:58 . 2012-09-20 20:58 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-20 20:58 . 2012-09-20 20:58 -------- d-----r- c:\program files (x86)\Skype
2012-09-19 20:58 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-19 20:58 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-19 20:58 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-19 20:58 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-19 20:58 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-19 20:58 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-19 20:58 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 21:31 . 2012-07-15 16:44 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 13:54 . 2012-07-26 16:52 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 13:54 . 2011-10-15 00:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-01 08:20 . 2012-09-01 08:20 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-01 08:20 . 2012-07-26 16:40 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-01 08:20 . 2012-07-26 16:40 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-20 17:38 . 2012-10-10 05:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-15 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-18 343168]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-09-02 169528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 0152411349967345mcinstcleanup;McAfee Application Installer Cleanup (0152411349967345);c:\users\Jeff\AppData\Local\Temp\015241~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 116648]
R3 HP8107Fltr;HP-HP8107;c:\windows\system32\DRIVERS\HP8107.sys [2010-02-04 13824]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-08-05 34200]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-12 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-18 204288]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-01 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-08-26 260424]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-04-25 197504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-08-24 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2011-09-06 93696]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-08-18 9981952]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-08-18 310272]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2011-08-30 1050016]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-03-08 51712]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2011-09-06 44992]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-08-05 25496]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-04 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-06-11 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-06-11 208896]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 13:54]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 19:43]
.
2012-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-30 19:43]
.
2012-10-17 c:\windows\Tasks\HPCeeScheduleForJeff.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2012-10-17 c:\windows\Tasks\Osaugsn.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-08-16 1424896]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-19 44880]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\gkcfrrjs.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2012-07-11 18:42; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-78750324.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-17 10:40:43
ComboFix-quarantined-files.txt 2012-10-17 09:40
.
Pre-Run: 661,304,049,664 bytes free
Post-Run: 661,294,354,432 bytes free
.
- - End Of File - - D23787E8C4CFE35BA7AE5D9FDA631F0B

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:55 AM

Posted 17 October 2012 - 12:53 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Drakeplace

Drakeplace
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 17 October 2012 - 01:29 PM

Hi Gringo,

TDSSKiller and aswMBR run with no issues. Logs are pasted below:-

19:02:55.0368 4360 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:02:55.0493 4360 ============================================================
19:02:55.0493 4360 Current date / time: 2012/10/17 19:02:55.0493
19:02:55.0493 4360 SystemInfo:
19:02:55.0493 4360
19:02:55.0493 4360 OS Version: 6.1.7601 ServicePack: 1.0
19:02:55.0493 4360 Product type: Workstation
19:02:55.0493 4360 ComputerName: JEFF-HP
19:02:55.0493 4360 UserName: Jeff
19:02:55.0493 4360 Windows directory: C:\Windows
19:02:55.0493 4360 System windows directory: C:\Windows
19:02:55.0493 4360 Running under WOW64
19:02:55.0493 4360 Processor architecture: Intel x64
19:02:55.0493 4360 Number of processors: 4
19:02:55.0493 4360 Page size: 0x1000
19:02:55.0493 4360 Boot type: Normal boot
19:02:55.0493 4360 ============================================================
19:02:55.0836 4360 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:02:55.0836 4360 ============================================================
19:02:55.0836 4360 \Device\Harddisk0\DR0:
19:02:55.0836 4360 MBR partitions:
19:02:55.0836 4360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
19:02:55.0836 4360 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x54B6D800
19:02:55.0836 4360 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x54BD1800, BlocksNum 0x2185000
19:02:55.0836 4360 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x56D56800, BlocksNum 0x7EF000
19:02:55.0836 4360 ============================================================
19:02:55.0867 4360 C: <-> \Device\Harddisk0\DR0\Partition2
19:02:55.0914 4360 D: <-> \Device\Harddisk0\DR0\Partition3
19:02:55.0930 4360 E: <-> \Device\Harddisk0\DR0\Partition4
19:02:55.0930 4360 ============================================================
19:02:55.0930 4360 Initialize success
19:02:55.0930 4360 ============================================================
19:03:04.0931 4176 ============================================================
19:03:04.0931 4176 Scan started
19:03:04.0931 4176 Mode: Manual;
19:03:04.0931 4176 ============================================================
19:03:05.0399 4176 ================ Scan system memory ========================
19:03:05.0399 4176 System memory - ok
19:03:05.0399 4176 ================ Scan services =============================
19:03:05.0586 4176 0152411349967345mcinstcleanup - ok
19:03:05.0851 4176 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:03:05.0867 4176 1394ohci - ok
19:03:05.0929 4176 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
19:03:05.0929 4176 Accelerometer - ok
19:03:05.0945 4176 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:03:05.0960 4176 ACPI - ok
19:03:06.0007 4176 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:03:06.0007 4176 AcpiPmi - ok
19:03:06.0101 4176 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:03:06.0101 4176 AdobeARMservice - ok
19:03:06.0210 4176 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:03:06.0210 4176 AdobeFlashPlayerUpdateSvc - ok
19:03:06.0272 4176 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:03:06.0272 4176 adp94xx - ok
19:03:06.0304 4176 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:03:06.0319 4176 adpahci - ok
19:03:06.0350 4176 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:03:06.0350 4176 adpu320 - ok
19:03:06.0397 4176 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:03:06.0397 4176 AeLookupSvc - ok
19:03:06.0475 4176 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
19:03:06.0475 4176 AESTFilters - ok
19:03:06.0538 4176 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:03:06.0538 4176 AFD - ok
19:03:06.0569 4176 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:03:06.0569 4176 agp440 - ok
19:03:06.0616 4176 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:03:06.0616 4176 ALG - ok
19:03:06.0647 4176 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:03:06.0647 4176 aliide - ok
19:03:06.0678 4176 [ 6807D94E8148771263308521E8CADE5E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:03:06.0678 4176 AMD External Events Utility - ok
19:03:06.0709 4176 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:03:06.0709 4176 amdide - ok
19:03:06.0740 4176 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:03:06.0740 4176 AmdK8 - ok
19:03:06.0959 4176 [ F784F9BF32E708C71A63220E89A58496 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:03:07.0006 4176 amdkmdag - ok
19:03:07.0037 4176 [ 43FD45C0DFE0A0FF2B8BE0D4AC165E18 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:03:07.0037 4176 amdkmdap - ok
19:03:07.0052 4176 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:03:07.0052 4176 AmdPPM - ok
19:03:07.0084 4176 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:03:07.0084 4176 amdsata - ok
19:03:07.0099 4176 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:03:07.0099 4176 amdsbs - ok
19:03:07.0130 4176 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:03:07.0130 4176 amdxata - ok
19:03:07.0177 4176 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
19:03:07.0177 4176 AMPPAL - ok
19:03:07.0193 4176 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
19:03:07.0193 4176 AMPPALP - ok
19:03:07.0271 4176 [ 576134E43169810B560F0BB6FDEE13F5 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
19:03:07.0286 4176 AMPPALR3 - ok
19:03:07.0318 4176 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:03:07.0318 4176 AppID - ok
19:03:07.0333 4176 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:03:07.0349 4176 AppIDSvc - ok
19:03:07.0349 4176 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:03:07.0349 4176 Appinfo - ok
19:03:07.0396 4176 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:03:07.0396 4176 arc - ok
19:03:07.0427 4176 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:03:07.0427 4176 arcsas - ok
19:03:07.0458 4176 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:03:07.0458 4176 AsyncMac - ok
19:03:07.0474 4176 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:03:07.0474 4176 atapi - ok
19:03:07.0536 4176 [ 0C9039EC45E6C4631BE31DDEC370D341 ] ATSwpWDF C:\Windows\system32\DRIVERS\ATSwpWDF.sys
19:03:07.0536 4176 ATSwpWDF - ok
19:03:07.0583 4176 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:03:07.0598 4176 AudioEndpointBuilder - ok
19:03:07.0630 4176 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:03:07.0630 4176 AudioSrv - ok
19:03:07.0661 4176 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:03:07.0661 4176 AxInstSV - ok
19:03:07.0708 4176 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:03:07.0708 4176 b06bdrv - ok
19:03:07.0723 4176 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:03:07.0723 4176 b57nd60a - ok
19:03:07.0801 4176 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
19:03:07.0801 4176 BCM43XX - ok
19:03:07.0832 4176 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:03:07.0832 4176 BDESVC - ok
19:03:07.0848 4176 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:03:07.0848 4176 Beep - ok
19:03:07.0910 4176 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:03:07.0910 4176 BFE - ok
19:03:07.0957 4176 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
19:03:07.0957 4176 BITS - ok
19:03:07.0988 4176 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:03:07.0988 4176 blbdrive - ok
19:03:08.0082 4176 [ 55B0C8441DE7D91A819A39D0351154A2 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
19:03:08.0098 4176 Bluetooth Device Monitor - ok
19:03:08.0160 4176 [ 7E262330DF0C4BE4ECE853B59B9CBE4C ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
19:03:08.0176 4176 Bluetooth Media Service - ok
19:03:08.0207 4176 [ 8BF4B9956E13871A88A3810074E2E110 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
19:03:08.0222 4176 Bluetooth OBEX Service - ok
19:03:08.0238 4176 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:03:08.0238 4176 bowser - ok
19:03:08.0254 4176 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:03:08.0254 4176 BrFiltLo - ok
19:03:08.0269 4176 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:03:08.0269 4176 BrFiltUp - ok
19:03:08.0332 4176 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:03:08.0332 4176 BridgeMP - ok
19:03:08.0378 4176 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:03:08.0378 4176 Browser - ok
19:03:08.0410 4176 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:03:08.0425 4176 Brserid - ok
19:03:08.0441 4176 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:03:08.0441 4176 BrSerWdm - ok
19:03:08.0456 4176 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:03:08.0456 4176 BrUsbMdm - ok
19:03:08.0472 4176 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:03:08.0472 4176 BrUsbSer - ok
19:03:08.0519 4176 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
19:03:08.0519 4176 BthEnum - ok
19:03:08.0550 4176 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:03:08.0550 4176 BTHMODEM - ok
19:03:08.0581 4176 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:03:08.0597 4176 BthPan - ok
19:03:08.0644 4176 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
19:03:08.0644 4176 BTHPORT - ok
19:03:08.0675 4176 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:03:08.0675 4176 bthserv - ok
19:03:08.0722 4176 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
19:03:08.0722 4176 BTHSSecurityMgr - ok
19:03:08.0753 4176 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
19:03:08.0753 4176 BTHUSB - ok
19:03:08.0784 4176 [ 270FBA230E78E25726D065A924589A72 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
19:03:08.0784 4176 btmaux - ok
19:03:08.0831 4176 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
19:03:08.0831 4176 btmhsf - ok
19:03:08.0862 4176 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:03:08.0862 4176 cdfs - ok
19:03:08.0909 4176 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:03:08.0909 4176 cdrom - ok
19:03:08.0940 4176 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:03:08.0940 4176 CertPropSvc - ok
19:03:08.0971 4176 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:03:08.0971 4176 circlass - ok
19:03:08.0987 4176 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:03:09.0002 4176 CLFS - ok
19:03:09.0049 4176 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:03:09.0049 4176 clr_optimization_v2.0.50727_32 - ok
19:03:09.0112 4176 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:03:09.0112 4176 clr_optimization_v2.0.50727_64 - ok
19:03:09.0174 4176 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:03:09.0190 4176 clr_optimization_v4.0.30319_32 - ok
19:03:09.0221 4176 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:03:09.0221 4176 clr_optimization_v4.0.30319_64 - ok
19:03:09.0252 4176 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
19:03:09.0252 4176 clwvd - ok
19:03:09.0283 4176 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:03:09.0283 4176 CmBatt - ok
19:03:09.0314 4176 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:03:09.0314 4176 cmdide - ok
19:03:09.0361 4176 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:03:09.0361 4176 CNG - ok
19:03:09.0392 4176 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:03:09.0392 4176 Compbatt - ok
19:03:09.0424 4176 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:03:09.0424 4176 CompositeBus - ok
19:03:09.0439 4176 COMSysApp - ok
19:03:09.0470 4176 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:03:09.0470 4176 crcdisk - ok
19:03:09.0517 4176 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:03:09.0517 4176 CryptSvc - ok
19:03:09.0564 4176 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:03:09.0564 4176 DcomLaunch - ok
19:03:09.0595 4176 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:03:09.0611 4176 defragsvc - ok
19:03:09.0642 4176 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:03:09.0642 4176 DfsC - ok
19:03:09.0673 4176 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:03:09.0673 4176 Dhcp - ok
19:03:09.0689 4176 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:03:09.0689 4176 discache - ok
19:03:09.0751 4176 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:03:09.0751 4176 Disk - ok
19:03:09.0767 4176 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:03:09.0782 4176 Dnscache - ok
19:03:09.0798 4176 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:03:09.0798 4176 dot3svc - ok
19:03:09.0814 4176 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:03:09.0829 4176 DPS - ok
19:03:09.0845 4176 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:03:09.0845 4176 drmkaud - ok
19:03:09.0892 4176 [ A4F408AD1065C7AD2ED332C68025B435 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:03:09.0892 4176 DXGKrnl - ok
19:03:09.0923 4176 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:03:09.0923 4176 EapHost - ok
19:03:10.0001 4176 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:03:10.0016 4176 ebdrv - ok
19:03:10.0032 4176 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:03:10.0032 4176 EFS - ok
19:03:10.0094 4176 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:03:10.0110 4176 ehRecvr - ok
19:03:10.0126 4176 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:03:10.0126 4176 ehSched - ok
19:03:10.0172 4176 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:03:10.0172 4176 elxstor - ok
19:03:10.0204 4176 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:03:10.0204 4176 ErrDev - ok
19:03:10.0235 4176 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:03:10.0250 4176 EventSystem - ok
19:03:10.0328 4176 [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:03:10.0344 4176 EvtEng - ok
19:03:10.0375 4176 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:03:10.0375 4176 exfat - ok
19:03:10.0406 4176 ezSharedSvc - ok
19:03:10.0453 4176 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:03:10.0453 4176 fastfat - ok
19:03:10.0500 4176 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:03:10.0516 4176 Fax - ok
19:03:10.0547 4176 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:03:10.0547 4176 fdc - ok
19:03:10.0578 4176 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:03:10.0578 4176 fdPHost - ok
19:03:10.0594 4176 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:03:10.0594 4176 FDResPub - ok
19:03:10.0609 4176 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:03:10.0609 4176 FileInfo - ok
19:03:10.0609 4176 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:03:10.0609 4176 Filetrace - ok
19:03:10.0656 4176 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:03:10.0656 4176 flpydisk - ok
19:03:10.0672 4176 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:03:10.0672 4176 FltMgr - ok
19:03:10.0718 4176 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:03:10.0734 4176 FontCache - ok
19:03:10.0750 4176 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:03:10.0750 4176 FontCache3.0.0.0 - ok
19:03:10.0796 4176 [ F80BDC0D9E7B9595E74B434446AD3781 ] FPLService C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
19:03:10.0812 4176 FPLService - ok
19:03:10.0843 4176 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:03:10.0843 4176 FsDepends - ok
19:03:10.0859 4176 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:03:10.0859 4176 Fs_Rec - ok
19:03:10.0906 4176 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:03:10.0906 4176 fvevol - ok
19:03:10.0921 4176 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:03:10.0921 4176 gagp30kx - ok
19:03:11.0015 4176 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:03:11.0015 4176 GamesAppService - ok
19:03:11.0062 4176 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:03:11.0062 4176 gpsvc - ok
19:03:11.0124 4176 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:03:11.0124 4176 gupdate - ok
19:03:11.0140 4176 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:03:11.0140 4176 gupdatem - ok
19:03:11.0171 4176 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:03:11.0171 4176 hcw85cir - ok
19:03:11.0202 4176 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:03:11.0202 4176 HdAudAddService - ok
19:03:11.0249 4176 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:03:11.0249 4176 HDAudBus - ok
19:03:11.0264 4176 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:03:11.0264 4176 HidBatt - ok
19:03:11.0280 4176 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:03:11.0280 4176 HidBth - ok
19:03:11.0296 4176 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:03:11.0296 4176 HidIr - ok
19:03:11.0311 4176 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:03:11.0327 4176 hidserv - ok
19:03:11.0374 4176 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:03:11.0374 4176 HidUsb - ok
19:03:11.0420 4176 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:03:11.0420 4176 hkmsvc - ok
19:03:11.0436 4176 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:03:11.0452 4176 HomeGroupListener - ok
19:03:11.0483 4176 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:03:11.0483 4176 HomeGroupProvider - ok
19:03:11.0561 4176 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
19:03:11.0561 4176 HP Support Assistant Service - ok
19:03:11.0608 4176 [ 43A7573A319761ACF57A3825D8402D41 ] HP8107Fltr C:\Windows\system32\DRIVERS\HP8107.sys
19:03:11.0608 4176 HP8107Fltr - ok
19:03:11.0654 4176 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
19:03:11.0654 4176 HPClientSvc - ok
19:03:11.0748 4176 [ 8EB0813B7760BBE161BACF8043322186 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
19:03:11.0748 4176 HPDrvMntSvc.exe - ok
19:03:11.0764 4176 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
19:03:11.0764 4176 hpdskflt - ok
19:03:11.0842 4176 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
19:03:11.0842 4176 hpqcxs08 - ok
19:03:11.0857 4176 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
19:03:11.0873 4176 hpqddsvc - ok
19:03:11.0920 4176 [ 5298E3B4844328A11C9EB6C001CF0529 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
19:03:11.0920 4176 hpqwmiex - ok
19:03:11.0935 4176 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:03:11.0935 4176 HpSAMD - ok
19:03:11.0998 4176 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
19:03:12.0013 4176 HPSLPSVC - ok
19:03:12.0044 4176 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
19:03:12.0044 4176 hpsrv - ok
19:03:12.0107 4176 [ 2BEC76BDCD1BC080210325E7B5094834 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
19:03:12.0107 4176 HPWMISVC - ok
19:03:12.0138 4176 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:03:12.0138 4176 HTTP - ok
19:03:12.0185 4176 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:03:12.0185 4176 hwpolicy - ok
19:03:12.0200 4176 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:03:12.0200 4176 i8042prt - ok
19:03:12.0232 4176 [ F981817D0BD03EAC4FA60D0B2551A310 ] iaStor C:\Windows\system32\drivers\iaStor.sys
19:03:12.0247 4176 iaStor - ok
19:03:12.0278 4176 [ B1CC71046A714E6A6AF0A09EB7E05299 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
19:03:12.0278 4176 IAStorDataMgrSvc - ok
19:03:12.0310 4176 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:03:12.0310 4176 iaStorV - ok
19:03:12.0325 4176 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
19:03:12.0325 4176 iBtFltCoex - ok
19:03:12.0403 4176 [ 3A0FF117B4ADC5ABE4D968E26A337158 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
19:03:12.0419 4176 IconMan_R - ok
19:03:12.0481 4176 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:03:12.0497 4176 idsvc - ok
19:03:12.0512 4176 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:03:12.0512 4176 iirsp - ok
19:03:12.0544 4176 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:03:12.0559 4176 IKEEXT - ok
19:03:12.0606 4176 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
19:03:12.0606 4176 intaud_WaveExtensible - ok
19:03:12.0637 4176 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:03:12.0637 4176 IntcDAud - ok
19:03:12.0653 4176 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:03:12.0653 4176 intelide - ok
19:03:12.0918 4176 [ 33FAA40B288002C89529DBD14F3AB72C ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
19:03:12.0980 4176 intelkmd - ok
19:03:12.0996 4176 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:03:12.0996 4176 intelppm - ok
19:03:13.0043 4176 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:03:13.0043 4176 IPBusEnum - ok
19:03:13.0058 4176 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:03:13.0058 4176 IpFilterDriver - ok
19:03:13.0090 4176 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:03:13.0105 4176 iphlpsvc - ok
19:03:13.0136 4176 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:03:13.0136 4176 IPMIDRV - ok
19:03:13.0152 4176 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:03:13.0152 4176 IPNAT - ok
19:03:13.0183 4176 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:03:13.0183 4176 IRENUM - ok
19:03:13.0199 4176 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:03:13.0199 4176 isapnp - ok
19:03:13.0214 4176 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:03:13.0214 4176 iScsiPrt - ok
19:03:13.0246 4176 [ 970995B7C36F4408ED31C3BF204FE1F5 ] ISCT C:\Windows\system32\DRIVERS\ISCTD64.sys
19:03:13.0246 4176 ISCT - ok
19:03:13.0292 4176 [ 24D261738C2AFB8A8D10821440C49EAA ] ISCTAgent C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
19:03:13.0292 4176 ISCTAgent - ok
19:03:13.0339 4176 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
19:03:13.0339 4176 iwdbus - ok
19:03:13.0355 4176 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
19:03:13.0355 4176 jhi_service - ok
19:03:13.0386 4176 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:03:13.0386 4176 kbdclass - ok
19:03:13.0402 4176 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:03:13.0402 4176 kbdhid - ok
19:03:13.0433 4176 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:03:13.0433 4176 KeyIso - ok
19:03:13.0464 4176 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:03:13.0464 4176 KSecDD - ok
19:03:13.0480 4176 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:03:13.0480 4176 KSecPkg - ok
19:03:13.0511 4176 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:03:13.0511 4176 ksthunk - ok
19:03:13.0526 4176 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:03:13.0542 4176 KtmRm - ok
19:03:13.0573 4176 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:03:13.0589 4176 LanmanServer - ok
19:03:13.0620 4176 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:03:13.0620 4176 LanmanWorkstation - ok
19:03:13.0651 4176 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:03:13.0651 4176 lltdio - ok
19:03:13.0682 4176 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:03:13.0682 4176 lltdsvc - ok
19:03:13.0714 4176 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:03:13.0714 4176 lmhosts - ok
19:03:13.0745 4176 [ 50C7CE53EF461870410355F1F2E7D515 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:03:13.0745 4176 LMS - ok
19:03:13.0792 4176 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:03:13.0792 4176 LSI_FC - ok
19:03:13.0807 4176 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:03:13.0807 4176 LSI_SAS - ok
19:03:13.0823 4176 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:03:13.0823 4176 LSI_SAS2 - ok
19:03:13.0854 4176 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:03:13.0854 4176 LSI_SCSI - ok
19:03:13.0870 4176 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:03:13.0870 4176 luafv - ok
19:03:13.0901 4176 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:03:13.0901 4176 Mcx2Svc - ok
19:03:13.0916 4176 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:03:13.0932 4176 megasas - ok
19:03:13.0948 4176 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:03:13.0963 4176 MegaSR - ok
19:03:13.0994 4176 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:03:13.0994 4176 MEIx64 - ok
19:03:14.0057 4176 Microsoft SharePoint Workspace Audit Service - ok
19:03:14.0104 4176 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:03:14.0104 4176 MMCSS - ok
19:03:14.0135 4176 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:03:14.0135 4176 Modem - ok
19:03:14.0166 4176 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:03:14.0166 4176 monitor - ok
19:03:14.0197 4176 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:03:14.0197 4176 mouclass - ok
19:03:14.0228 4176 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:03:14.0228 4176 mouhid - ok
19:03:14.0260 4176 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:03:14.0260 4176 mountmgr - ok
19:03:14.0322 4176 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:03:14.0322 4176 MozillaMaintenance - ok
19:03:14.0338 4176 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:03:14.0338 4176 mpio - ok
19:03:14.0353 4176 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:03:14.0353 4176 mpsdrv - ok
19:03:14.0400 4176 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:03:14.0400 4176 MpsSvc - ok
19:03:14.0416 4176 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:03:14.0416 4176 MRxDAV - ok
19:03:14.0447 4176 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:03:14.0447 4176 mrxsmb - ok
19:03:14.0462 4176 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:03:14.0462 4176 mrxsmb10 - ok
19:03:14.0478 4176 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:03:14.0478 4176 mrxsmb20 - ok
19:03:14.0494 4176 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:03:14.0494 4176 msahci - ok
19:03:14.0509 4176 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:03:14.0509 4176 msdsm - ok
19:03:14.0540 4176 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:03:14.0540 4176 MSDTC - ok
19:03:14.0556 4176 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:03:14.0556 4176 Msfs - ok
19:03:14.0572 4176 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:03:14.0572 4176 mshidkmdf - ok
19:03:14.0587 4176 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:03:14.0587 4176 msisadrv - ok
19:03:14.0603 4176 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:03:14.0603 4176 MSiSCSI - ok
19:03:14.0603 4176 msiserver - ok
19:03:14.0634 4176 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:03:14.0634 4176 MSKSSRV - ok
19:03:14.0650 4176 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:03:14.0650 4176 MSPCLOCK - ok
19:03:14.0681 4176 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:03:14.0681 4176 MSPQM - ok
19:03:14.0696 4176 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:03:14.0712 4176 MsRPC - ok
19:03:14.0712 4176 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:03:14.0712 4176 mssmbios - ok
19:03:14.0743 4176 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:03:14.0743 4176 MSTEE - ok
19:03:14.0774 4176 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:03:14.0774 4176 MTConfig - ok
19:03:14.0790 4176 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:03:14.0790 4176 Mup - ok
19:03:14.0837 4176 [ 8F57DB74BF5407A4CDA6C8B005DC8DD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:03:14.0837 4176 MyWiFiDHCPDNS - ok
19:03:14.0852 4176 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:03:14.0868 4176 napagent - ok
19:03:14.0899 4176 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:03:14.0915 4176 NativeWifiP - ok
19:03:14.0977 4176 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:03:14.0993 4176 NDIS - ok
19:03:15.0024 4176 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:03:15.0024 4176 NdisCap - ok
19:03:15.0055 4176 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:03:15.0055 4176 NdisTapi - ok
19:03:15.0071 4176 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:03:15.0071 4176 Ndisuio - ok
19:03:15.0087 4176 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:03:15.0087 4176 NdisWan - ok
19:03:15.0102 4176 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:03:15.0102 4176 NDProxy - ok
19:03:15.0165 4176 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:03:15.0165 4176 Net Driver HPZ12 - ok
19:03:15.0196 4176 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:03:15.0196 4176 NetBIOS - ok
19:03:15.0211 4176 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:03:15.0211 4176 NetBT - ok
19:03:15.0243 4176 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:03:15.0243 4176 Netlogon - ok
19:03:15.0289 4176 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:03:15.0289 4176 Netman - ok
19:03:15.0321 4176 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:03:15.0336 4176 netprofm - ok
19:03:15.0367 4176 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:03:15.0367 4176 NetTcpPortSharing - ok
19:03:15.0586 4176 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
19:03:15.0633 4176 NETwNs64 - ok
19:03:15.0648 4176 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:03:15.0648 4176 nfrd960 - ok
19:03:15.0695 4176 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:03:15.0695 4176 NlaSvc - ok
19:03:15.0726 4176 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:03:15.0726 4176 Npfs - ok
19:03:15.0726 4176 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:03:15.0742 4176 nsi - ok
19:03:15.0742 4176 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:03:15.0742 4176 nsiproxy - ok
19:03:15.0804 4176 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:03:15.0804 4176 Ntfs - ok
19:03:15.0820 4176 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:03:15.0820 4176 Null - ok
19:03:15.0851 4176 [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
19:03:15.0851 4176 nusb3hub - ok
19:03:15.0882 4176 [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:03:15.0882 4176 nusb3xhc - ok
19:03:15.0929 4176 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
19:03:15.0929 4176 NVENETFD - ok
19:03:15.0960 4176 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:03:15.0960 4176 nvraid - ok
19:03:15.0976 4176 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:03:15.0991 4176 nvstor - ok
19:03:16.0007 4176 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:03:16.0007 4176 nv_agp - ok
19:03:16.0023 4176 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:03:16.0023 4176 ohci1394 - ok
19:03:16.0116 4176 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:03:16.0116 4176 ose - ok
19:03:16.0257 4176 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:03:16.0272 4176 osppsvc - ok
19:03:16.0303 4176 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:03:16.0303 4176 p2pimsvc - ok
19:03:16.0335 4176 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:03:16.0335 4176 p2psvc - ok
19:03:16.0350 4176 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:03:16.0350 4176 Parport - ok
19:03:16.0366 4176 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:03:16.0366 4176 partmgr - ok
19:03:16.0381 4176 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:03:16.0381 4176 PcaSvc - ok
19:03:16.0413 4176 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:03:16.0413 4176 pci - ok
19:03:16.0428 4176 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:03:16.0428 4176 pciide - ok
19:03:16.0444 4176 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:03:16.0444 4176 pcmcia - ok
19:03:16.0459 4176 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:03:16.0459 4176 pcw - ok
19:03:16.0475 4176 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:03:16.0475 4176 PEAUTH - ok
19:03:16.0553 4176 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:03:16.0553 4176 PerfHost - ok
19:03:16.0615 4176 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:03:16.0631 4176 pla - ok
19:03:16.0678 4176 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:03:16.0678 4176 PlugPlay - ok
19:03:16.0725 4176 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:03:16.0725 4176 Pml Driver HPZ12 - ok
19:03:16.0756 4176 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:03:16.0756 4176 PNRPAutoReg - ok
19:03:16.0771 4176 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:03:16.0771 4176 PNRPsvc - ok
19:03:16.0803 4176 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
19:03:16.0803 4176 Point64 - ok
19:03:16.0834 4176 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:03:16.0834 4176 PolicyAgent - ok
19:03:16.0865 4176 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:03:16.0865 4176 Power - ok
19:03:16.0896 4176 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:03:16.0896 4176 PptpMiniport - ok
19:03:16.0912 4176 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:03:16.0927 4176 Processor - ok
19:03:16.0959 4176 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:03:16.0959 4176 ProfSvc - ok
19:03:16.0974 4176 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:03:16.0974 4176 ProtectedStorage - ok
19:03:17.0005 4176 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:03:17.0005 4176 Psched - ok
19:03:17.0052 4176 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:03:17.0083 4176 ql2300 - ok
19:03:17.0083 4176 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:03:17.0099 4176 ql40xx - ok
19:03:17.0115 4176 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:03:17.0115 4176 QWAVE - ok
19:03:17.0130 4176 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:03:17.0130 4176 QWAVEdrv - ok
19:03:17.0146 4176 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:03:17.0146 4176 RasAcd - ok
19:03:17.0193 4176 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:03:17.0193 4176 RasAgileVpn - ok
19:03:17.0224 4176 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:03:17.0224 4176 RasAuto - ok
19:03:17.0239 4176 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:03:17.0239 4176 Rasl2tp - ok
19:03:17.0271 4176 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:03:17.0271 4176 RasMan - ok
19:03:17.0302 4176 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:03:17.0302 4176 RasPppoe - ok
19:03:17.0333 4176 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:03:17.0333 4176 RasSstp - ok
19:03:17.0349 4176 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:03:17.0349 4176 rdbss - ok
19:03:17.0380 4176 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:03:17.0380 4176 rdpbus - ok
19:03:17.0380 4176 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:03:17.0395 4176 RDPCDD - ok
19:03:17.0427 4176 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:03:17.0427 4176 RDPENCDD - ok
19:03:17.0442 4176 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:03:17.0442 4176 RDPREFMP - ok
19:03:17.0473 4176 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:03:17.0473 4176 RDPWD - ok
19:03:17.0489 4176 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:03:17.0489 4176 rdyboost - ok
19:03:17.0583 4176 [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:03:17.0583 4176 RegSrvc - ok
19:03:17.0614 4176 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:03:17.0629 4176 RemoteAccess - ok
19:03:17.0661 4176 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:03:17.0661 4176 RemoteRegistry - ok
19:03:17.0692 4176 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:03:17.0692 4176 RFCOMM - ok
19:03:17.0707 4176 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:03:17.0707 4176 RpcEptMapper - ok
19:03:17.0723 4176 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:03:17.0723 4176 RpcLocator - ok
19:03:17.0754 4176 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:03:17.0754 4176 RpcSs - ok
19:03:17.0785 4176 [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
19:03:17.0801 4176 RSPCIESTOR - ok
19:03:17.0832 4176 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:03:17.0832 4176 rspndr - ok
19:03:17.0879 4176 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:03:17.0895 4176 RTL8167 - ok
19:03:17.0910 4176 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:03:17.0910 4176 SamSs - ok
19:03:17.0941 4176 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:03:17.0941 4176 sbp2port - ok
19:03:17.0957 4176 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:03:17.0957 4176 SCardSvr - ok
19:03:17.0973 4176 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:03:17.0973 4176 scfilter - ok
19:03:18.0004 4176 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:03:18.0004 4176 Schedule - ok
19:03:18.0035 4176 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:03:18.0035 4176 SCPolicySvc - ok
19:03:18.0066 4176 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
19:03:18.0066 4176 sdbus - ok
19:03:18.0097 4176 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:03:18.0097 4176 SDRSVC - ok
19:03:18.0129 4176 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:03:18.0129 4176 secdrv - ok
19:03:18.0129 4176 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:03:18.0144 4176 seclogon - ok
19:03:18.0160 4176 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
19:03:18.0160 4176 SENS - ok
19:03:18.0175 4176 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:03:18.0191 4176 SensrSvc - ok
19:03:18.0207 4176 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
19:03:18.0207 4176 Serenum - ok
19:03:18.0222 4176 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
19:03:18.0222 4176 Serial - ok
19:03:18.0238 4176 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:03:18.0238 4176 sermouse - ok
19:03:18.0269 4176 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:03:18.0285 4176 SessionEnv - ok
19:03:18.0316 4176 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:03:18.0316 4176 sffdisk - ok
19:03:18.0316 4176 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:03:18.0331 4176 sffp_mmc - ok
19:03:18.0331 4176 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:03:18.0331 4176 sffp_sd - ok
19:03:18.0347 4176 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:03:18.0347 4176 sfloppy - ok
19:03:18.0378 4176 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:03:18.0378 4176 SharedAccess - ok
19:03:18.0409 4176 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:03:18.0425 4176 ShellHWDetection - ok
19:03:18.0441 4176 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:03:18.0441 4176 SiSRaid2 - ok
19:03:18.0456 4176 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:03:18.0472 4176 SiSRaid4 - ok
19:03:18.0519 4176 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:03:18.0519 4176 SkypeUpdate - ok
19:03:18.0550 4176 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:03:18.0550 4176 Smb - ok
19:03:18.0597 4176 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:03:18.0597 4176 SNMPTRAP - ok
19:03:18.0628 4176 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:03:18.0628 4176 spldr - ok
19:03:18.0659 4176 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:03:18.0659 4176 Spooler - ok
19:03:18.0753 4176 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:03:18.0768 4176 sppsvc - ok
19:03:18.0784 4176 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:03:18.0784 4176 sppuinotify - ok
19:03:18.0815 4176 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:03:18.0815 4176 srv - ok
19:03:18.0831 4176 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:03:18.0831 4176 srv2 - ok
19:03:18.0862 4176 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:03:18.0862 4176 SrvHsfHDA - ok
19:03:18.0893 4176 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:03:18.0909 4176 SrvHsfV92 - ok
19:03:18.0924 4176 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:03:18.0924 4176 SrvHsfWinac - ok
19:03:18.0940 4176 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:03:18.0940 4176 srvnet - ok
19:03:18.0987 4176 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:03:18.0987 4176 SSDPSRV - ok
19:03:19.0002 4176 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:03:19.0002 4176 SstpSvc - ok
19:03:19.0033 4176 [ F58A52F3D99D60AEAB9E150BD31883E5 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
19:03:19.0033 4176 STacSV - ok
19:03:19.0049 4176 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:03:19.0049 4176 stexstor - ok
19:03:19.0111 4176 [ B842246B3DB41F3F061FFB979ABF5525 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
19:03:19.0111 4176 STHDA - ok
19:03:19.0143 4176 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
19:03:19.0143 4176 StillCam - ok
19:03:19.0189 4176 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:03:19.0189 4176 stisvc - ok
19:03:19.0205 4176 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:03:19.0221 4176 swenum - ok
19:03:19.0236 4176 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:03:19.0236 4176 swprv - ok
19:03:19.0299 4176 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:03:19.0299 4176 SynTP - ok
19:03:19.0345 4176 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:03:19.0361 4176 SysMain - ok
19:03:19.0377 4176 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:03:19.0377 4176 TabletInputService - ok
19:03:19.0392 4176 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:03:19.0408 4176 TapiSrv - ok
19:03:19.0423 4176 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:03:19.0423 4176 TBS - ok
19:03:19.0517 4176 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:03:19.0548 4176 Tcpip - ok
19:03:19.0595 4176 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:03:19.0611 4176 TCPIP6 - ok
19:03:19.0611 4176 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:03:19.0611 4176 tcpipreg - ok
19:03:19.0642 4176 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:03:19.0657 4176 TDPIPE - ok
19:03:19.0673 4176 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:03:19.0673 4176 TDTCP - ok
19:03:19.0689 4176 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:03:19.0689 4176 tdx - ok
19:03:19.0704 4176 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:03:19.0704 4176 TermDD - ok
19:03:19.0751 4176 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:03:19.0767 4176 TermService - ok
19:03:19.0782 4176 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:03:19.0782 4176 Themes - ok
19:03:19.0798 4176 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:03:19.0798 4176 THREADORDER - ok
19:03:19.0813 4176 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:03:19.0813 4176 TrkWks - ok
19:03:19.0876 4176 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:03:19.0891 4176 TrustedInstaller - ok
19:03:19.0907 4176 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:03:19.0907 4176 tssecsrv - ok
19:03:19.0938 4176 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:03:19.0938 4176 TsUsbFlt - ok
19:03:19.0954 4176 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:03:19.0954 4176 TsUsbGD - ok
19:03:19.0985 4176 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:03:19.0985 4176 tunnel - ok
19:03:20.0001 4176 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:03:20.0001 4176 uagp35 - ok
19:03:20.0032 4176 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:03:20.0032 4176 udfs - ok
19:03:20.0063 4176 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:03:20.0063 4176 UI0Detect - ok
19:03:20.0094 4176 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:03:20.0094 4176 uliagpkx - ok
19:03:20.0125 4176 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:03:20.0125 4176 umbus - ok
19:03:20.0157 4176 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
19:03:20.0157 4176 UmPass - ok
19:03:20.0250 4176 [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:03:20.0281 4176 UNS - ok
19:03:20.0297 4176 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:03:20.0297 4176 upnphost - ok
19:03:20.0313 4176 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:03:20.0313 4176 usbccgp - ok
19:03:20.0344 4176 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:03:20.0344 4176 usbcir - ok
19:03:20.0359 4176 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:03:20.0359 4176 usbehci - ok
19:03:20.0375 4176 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
19:03:20.0391 4176 usbhub - ok
19:03:20.0391 4176 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:03:20.0391 4176 usbohci - ok
19:03:20.0406 4176 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
19:03:20.0406 4176 usbprint - ok
19:03:20.0422 4176 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:03:20.0422 4176 USBSTOR - ok
19:03:20.0437 4176 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:03:20.0437 4176 usbuhci - ok
19:03:20.0453 4176 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:03:20.0453 4176 usbvideo - ok
19:03:20.0484 4176 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:03:20.0484 4176 UxSms - ok
19:03:20.0500 4176 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:03:20.0500 4176 VaultSvc - ok
19:03:20.0531 4176 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:03:20.0531 4176 vdrvroot - ok
19:03:20.0547 4176 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:03:20.0562 4176 vds - ok
19:03:20.0593 4176 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:03:20.0593 4176 vga - ok
19:03:20.0609 4176 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:03:20.0609 4176 VgaSave - ok
19:03:20.0625 4176 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:03:20.0625 4176 vhdmp - ok
19:03:20.0656 4176 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:03:20.0656 4176 viaide - ok
19:03:20.0687 4176 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:03:20.0687 4176 volmgr - ok
19:03:20.0718 4176 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:03:20.0718 4176 volmgrx - ok
19:03:20.0734 4176 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:03:20.0734 4176 volsnap - ok
19:03:20.0765 4176 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:03:20.0765 4176 vsmraid - ok
19:03:20.0812 4176 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:03:20.0827 4176 VSS - ok
19:03:20.0843 4176 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:03:20.0843 4176 vwifibus - ok
19:03:20.0874 4176 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:03:20.0874 4176 vwififlt - ok
19:03:20.0890 4176 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:03:20.0890 4176 vwifimp - ok
19:03:20.0952 4176 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:03:20.0952 4176 W32Time - ok
19:03:20.0983 4176 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:03:20.0983 4176 WacomPen - ok
19:03:21.0015 4176 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:03:21.0015 4176 WANARP - ok
19:03:21.0030 4176 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:03:21.0030 4176 Wanarpv6 - ok
19:03:21.0108 4176 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:03:21.0124 4176 WatAdminSvc - ok
19:03:21.0171 4176 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:03:21.0202 4176 wbengine - ok
19:03:21.0217 4176 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:03:21.0233 4176 WbioSrvc - ok
19:03:21.0249 4176 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:03:21.0249 4176 wcncsvc - ok
19:03:21.0264 4176 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:03:21.0264 4176 WcsPlugInService - ok
19:03:21.0295 4176 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:03:21.0295 4176 Wd - ok
19:03:21.0327 4176 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:03:21.0327 4176 Wdf01000 - ok
19:03:21.0358 4176 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:03:21.0358 4176 WdiServiceHost - ok
19:03:21.0358 4176 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:03:21.0373 4176 WdiSystemHost - ok
19:03:21.0389 4176 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:03:21.0389 4176 WebClient - ok
19:03:21.0420 4176 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:03:21.0420 4176 Wecsvc - ok
19:03:21.0436 4176 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:03:21.0436 4176 wercplsupport - ok
19:03:21.0498 4176 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:03:21.0498 4176 WerSvc - ok
19:03:21.0529 4176 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:03:21.0529 4176 WfpLwf - ok
19:03:21.0561 4176 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:03:21.0561 4176 WIMMount - ok
19:03:21.0576 4176 WinDefend - ok
19:03:21.0576 4176 WinHttpAutoProxySvc - ok
19:03:21.0623 4176 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:03:21.0623 4176 Winmgmt - ok
19:03:21.0701 4176 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:03:21.0717 4176 WinRM - ok
19:03:21.0748 4176 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:03:21.0748 4176 WinUsb - ok
19:03:21.0779 4176 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:03:21.0795 4176 Wlansvc - ok
19:03:21.0857 4176 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:03:21.0857 4176 wlcrasvc - ok
19:03:21.0951 4176 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:03:21.0982 4176 wlidsvc - ok
19:03:21.0997 4176 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:03:21.0997 4176 WmiAcpi - ok
19:03:22.0029 4176 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:03:22.0029 4176 wmiApSrv - ok
19:03:22.0060 4176 WMPNetworkSvc - ok
19:03:22.0091 4176 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:03:22.0091 4176 WPCSvc - ok
19:03:22.0107 4176 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:03:22.0122 4176 WPDBusEnum - ok
19:03:22.0122 4176 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:03:22.0138 4176 ws2ifsl - ok
19:03:22.0153 4176 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:03:22.0153 4176 wscsvc - ok
19:03:22.0153 4176 WSearch - ok
19:03:22.0231 4176 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:03:22.0247 4176 wuauserv - ok
19:03:22.0278 4176 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:03:22.0278 4176 WudfPf - ok
19:03:22.0309 4176 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:03:22.0309 4176 WUDFRd - ok
19:03:22.0341 4176 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:03:22.0341 4176 wudfsvc - ok
19:03:22.0372 4176 [ CE8CF9DE9CBFDAA318BD04D8BE3FCADA ] WwanSvc C:\Windows\System32\wwansvc.dll
19:03:22.0372 4176 WwanSvc - ok
19:03:22.0403 4176 ================ Scan global ===============================
19:03:22.0434 4176 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:03:22.0465 4176 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:03:22.0481 4176 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:03:22.0497 4176 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:03:22.0528 4176 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:03:22.0543 4176 [Global] - ok
19:03:22.0543 4176 ================ Scan MBR ==================================
19:03:22.0543 4176 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:03:22.0746 4176 \Device\Harddisk0\DR0 - ok
19:03:22.0746 4176 ================ Scan VBR ==================================
19:03:22.0746 4176 [ 20017DFBE29CDD7B0A06CED92F733666 ] \Device\Harddisk0\DR0\Partition1
19:03:22.0746 4176 \Device\Harddisk0\DR0\Partition1 - ok
19:03:22.0762 4176 [ 45F0DD6F6516A204B18226B39CB7B4E9 ] \Device\Harddisk0\DR0\Partition2
19:03:22.0762 4176 \Device\Harddisk0\DR0\Partition2 - ok
19:03:22.0793 4176 [ 1C8E77602D83DA6B590AB051F8A0F277 ] \Device\Harddisk0\DR0\Partition3
19:03:22.0840 4176 \Device\Harddisk0\DR0\Partition3 - ok
19:03:22.0887 4176 [ AD4D4F7A99A4FEBCDEB76050D5A88882 ] \Device\Harddisk0\DR0\Partition4
19:03:22.0933 4176 \Device\Harddisk0\DR0\Partition4 - ok
19:03:22.0933 4176 ============================================================
19:03:22.0933 4176 Scan finished
19:03:22.0933 4176 ============================================================
19:03:22.0949 6300 Detected object count: 0
19:03:22.0949 6300 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-17 19:09:23
-----------------------------
19:09:23.424 OS Version: Windows x64 6.1.7601 Service Pack 1
19:09:23.424 Number of processors: 4 586 0x2A07
19:09:23.424 ComputerName: JEFF-HP UserName: Jeff
19:09:24.422 Initialize success
19:15:00.667 AVAST engine defs: 12101701
19:16:29.900 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:16:29.900 Disk 0 Vendor: TOSHIBA_ AX00 Size: 715404MB BusType: 8
19:16:29.915 Disk 0 MBR read successfully
19:16:29.915 Disk 0 MBR scan
19:16:29.931 Disk 0 Windows 7 default MBR code
19:16:29.946 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:16:29.962 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 693979 MB offset 409600
19:16:29.993 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17162 MB offset 1421678592
19:16:30.009 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4062 MB offset 1456826368
19:16:30.056 Disk 0 scanning C:\Windows\system32\drivers
19:16:37.871 Service scanning
19:17:20.054 Modules scanning
19:17:20.069 Disk 0 trace - called modules:
19:17:20.631 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
19:17:20.647 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008e59060]
19:17:20.662 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa8006a89b10]
19:17:20.662 5 hpdskflt.sys[fffff8800181d189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80066b8050]
19:17:21.692 AVAST engine scan C:\Windows
19:17:24.266 AVAST engine scan C:\Windows\system32
19:19:17.943 AVAST engine scan C:\Windows\system32\drivers
19:19:28.192 AVAST engine scan C:\Users\Jeff
19:21:44.349 AVAST engine scan C:\ProgramData
19:22:18.685 Scan finished successfully
19:23:10.321 Disk 0 MBR has been saved successfully to "C:\Users\Jeff\Desktop\MBR.dat"
19:23:10.321 The log file has been saved successfully to "C:\Users\Jeff\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:55 AM

Posted 17 October 2012 - 02:42 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Drakeplace

Drakeplace
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 17 October 2012 - 02:59 PM

Hi,

Results from OTL are pasted below:

OTL logfile created on: 17/10/2012 20:49:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jeff\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.95 Gb Total Physical Memory | 3.74 Gb Available Physical Memory | 62.82% Memory free
11.90 Gb Paging File | 9.45 Gb Available in Paging File | 79.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 677.71 Gb Total Space | 613.71 Gb Free Space | 90.56% Space Free | Partition Type: NTFS
Drive D: | 16.76 Gb Total Space | 1.84 Gb Free Space | 10.98% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.10 Gb Free Space | 27.70% Space Free | Partition Type: FAT32

Computer Name: JEFF-HP | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jeff\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTHIDMonitor.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Program Files (x86)\Java\jre7\bin\jp2native.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (ISCTAgent) -- C:\Program Files (x86)\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe ()
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe (HP)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ISCT) -- C:\Windows\SysNative\drivers\ISCTD64.sys ()
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (HP8107Fltr) -- C:\Windows\SysNative\drivers\HP8107.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{7B973CDA-7884-4EE8-B5D2-FBADBF65370F}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{7B973CDA-7884-4EE8-B5D2-FBADBF65370F}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3190357349-2755439434-2845531451-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-3190357349-2755439434-2845531451-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3190357349-2755439434-2845531451-1000\..\SearchScopes\{7B973CDA-7884-4EE8-B5D2-FBADBF65370F}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3190357349-2755439434-2845531451-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-3190357349-2755439434-2845531451-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3190357349-2755439434-2845531451-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-3190357349-2755439434-2845531451-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/11 18:42:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/14 12:03:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/11 18:42:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/14 12:03:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/12 20:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Extensions
[2012/10/12 18:38:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\gkcfrrjs.default\extensions
[2012/10/14 12:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/14 12:03:19 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
[2012/10/14 12:03:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/14 12:03:22 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/10/14 12:03:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/14 12:03:22 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/10/14 12:03:22 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/10/14 12:03:22 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/10/14 12:03:22 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Simple Pass 2012 (Enabled) = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\npwebsitelogon.dll
CHR - plugin: Wajam (Enabled) = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Website Logon = C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-3190357349-2755439434-2845531451-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3190357349-2755439434-2845531451-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3190357349-2755439434-2845531451-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13BF1E52-38DB-45D3-A9DE-4BFF6714938F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/17 20:47:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
[2012/10/17 19:00:13 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jeff\Desktop\aswMBR.exe
[2012/10/17 18:59:49 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jeff\Desktop\tdsskiller.exe
[2012/10/17 10:16:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/17 10:16:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/17 10:16:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/17 10:10:08 | 004,981,258 | R--- | C] (Swearware) -- C:\Users\Jeff\Desktop\ComboFix.exe
[2012/10/17 08:27:17 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Desktop\RK_Quarantine
[2012/10/16 11:16:15 | 000,706,431 | R--- | C] (Swearware) -- C:\Users\Jeff\Desktop\dds.scr
[2012/10/15 10:36:31 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\Malwarebytes
[2012/10/15 10:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/14 18:11:33 | 000,000,000 | ---D | C] -- C:\WINSSLog
[2012/10/14 16:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/10/14 16:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/10/14 12:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/13 22:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/10/13 22:18:01 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/10/13 22:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/10/13 22:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/10/13 22:15:10 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\TestApp
[2012/10/12 14:27:36 | 062,968,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/10/12 08:16:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/12 08:02:00 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\NPE
[2012/10/12 07:16:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/11 20:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/10/11 16:38:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/10/11 15:57:48 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2012/10/10 06:14:10 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/10 06:14:09 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/10 06:14:09 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/10 06:14:06 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/10 06:14:06 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/10 06:14:06 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/10 06:14:06 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/10 06:14:06 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/10 06:14:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/10 06:14:05 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/10 06:14:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/10 06:14:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/10 06:14:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/10 06:14:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/10 06:14:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 06:14:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/10 06:14:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 06:14:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 06:14:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 06:14:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 06:14:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 06:14:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 06:14:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 06:14:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 06:14:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 06:14:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 06:14:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 06:14:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 06:14:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 06:14:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 06:14:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 06:14:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 06:14:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 06:14:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 06:14:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 06:14:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 06:14:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 06:14:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 06:14:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 06:14:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 06:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 06:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 06:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 06:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 06:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 06:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 06:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 06:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 06:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 06:14:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 06:14:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/10 06:13:14 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/10 06:13:01 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/10 06:13:00 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/05 22:16:45 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Documents\goog1e_lynne_family
[2012/09/26 06:50:44 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/23 09:12:02 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/23 09:12:02 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/23 09:12:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/23 09:12:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/23 09:12:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/23 09:12:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/23 09:12:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/23 09:12:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/23 09:12:00 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/23 09:12:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/23 09:12:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/23 09:12:00 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/23 09:11:57 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/23 09:11:57 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/23 09:11:56 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/22 12:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/09/22 12:36:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/09/20 21:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/20 21:58:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/09/20 21:58:40 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/09/19 21:58:48 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/19 21:58:37 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/19 21:58:31 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/19 21:58:31 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

========== Files - Modified Within 30 Days ==========

[2012/10/17 20:47:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
[2012/10/17 19:54:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/17 19:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/17 19:23:10 | 000,000,512 | ---- | M] () -- C:\Users\Jeff\Desktop\MBR.dat
[2012/10/17 19:00:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jeff\Desktop\aswMBR.exe
[2012/10/17 18:59:57 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jeff\Desktop\tdsskiller.exe
[2012/10/17 10:11:46 | 004,981,258 | R--- | M] (Swearware) -- C:\Users\Jeff\Desktop\ComboFix.exe
[2012/10/17 10:06:05 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/17 10:06:05 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/17 10:06:05 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/17 10:02:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/17 08:54:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/17 08:27:00 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 08:27:00 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 08:25:09 | 001,425,920 | ---- | M] () -- C:\Users\Jeff\Desktop\RogueKiller.exe
[2012/10/17 08:19:39 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\Osaugsn.job
[2012/10/17 08:19:29 | 495,828,991 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/17 08:16:09 | 000,538,941 | ---- | M] () -- C:\Users\Jeff\Desktop\adwcleaner.exe
[2012/10/17 08:03:26 | 000,881,724 | ---- | M] () -- C:\Users\Jeff\Desktop\SecurityCheck.exe
[2012/10/17 07:34:56 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJeff.job
[2012/10/16 11:16:15 | 000,706,431 | R--- | M] (Swearware) -- C:\Users\Jeff\Desktop\dds.scr
[2012/10/16 11:10:32 | 000,000,000 | ---- | M] () -- C:\Users\Jeff\defogger_reenable
[2012/10/14 18:17:05 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/14 16:49:18 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/13 22:18:07 | 001,749,832 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/10/11 16:38:57 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/10 16:55:41 | 000,002,378 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/09 14:54:56 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/09 14:54:56 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/05 22:15:59 | 000,094,208 | RHS- | M] () -- C:\Windows\SysWow64\vaultclil.dll
[2012/09/28 00:32:12 | 062,968,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/09/23 09:15:44 | 000,417,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/22 12:36:40 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/09/21 19:44:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/09/20 21:58:43 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2012/10/17 19:23:10 | 000,000,512 | ---- | C] () -- C:\Users\Jeff\Desktop\MBR.dat
[2012/10/17 10:16:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/17 10:16:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/17 10:16:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/17 10:16:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/17 10:16:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/17 08:25:08 | 001,425,920 | ---- | C] () -- C:\Users\Jeff\Desktop\RogueKiller.exe
[2012/10/17 08:16:09 | 000,538,941 | ---- | C] () -- C:\Users\Jeff\Desktop\adwcleaner.exe
[2012/10/17 08:03:25 | 000,881,724 | ---- | C] () -- C:\Users\Jeff\Desktop\SecurityCheck.exe
[2012/10/16 11:10:32 | 000,000,000 | ---- | C] () -- C:\Users\Jeff\defogger_reenable
[2012/10/14 16:49:18 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/13 22:18:02 | 001,749,832 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/10/11 16:38:57 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/11 16:38:57 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/05 22:15:59 | 000,094,208 | RHS- | C] () -- C:\Windows\SysWow64\vaultclil.dll
[2012/10/05 22:15:59 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\Osaugsn.job
[2012/09/22 12:36:40 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/09/21 19:44:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/09/06 10:12:00 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/11 18:32:05 | 000,206,355 | ---- | C] () -- C:\Windows\hpoins49.dat
[2012/06/09 06:22:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/06/09 06:18:03 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012/06/09 06:12:42 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/10/15 01:59:24 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/08/18 06:43:18 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/08/09 17:30:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/08/09 17:30:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/08/09 17:30:02 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/09 17:23:26 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/08/09 16:58:38 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/05/13 15:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/03/17 22:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:55 AM

Posted 17 October 2012 - 03:18 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKU\S-1-5-21-3190357349-2755439434-2845531451-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2  
    [2012/10/17 08:19:39 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\Osaugsn.job
    [2012/10/05 22:15:59 | 000,094,208 | RHS- | C] () -- C:\Windows\SysWow64\vaultclil.dll
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Drakeplace

Drakeplace
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 17 October 2012 - 03:41 PM

Hi Gringo,

I'm sorry, I do not understand "Do not include the word CODE".
Did you mean - do not include the first line ":OTL"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:55 AM

Posted 17 October 2012 - 09:01 PM

on some forums the word code would be above the text box


the otl:: is needed
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Drakeplace

Drakeplace
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 18 October 2012 - 12:47 AM

Hi,

OTL run with custom script. Result log pasted below.
Redirects still occuring.

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3190357349-2755439434-2845531451-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
C:\Windows\Tasks\Osaugsn.job moved successfully.
C:\Windows\SysWOW64\vaultclil.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jeff\Desktop\cmd.bat deleted successfully.
C:\Users\Jeff\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jeff
->Java cache emptied: 115005 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jeff
->Flash cache emptied: 506 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10182012_063623

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:55 AM

Posted 18 October 2012 - 12:57 AM

in which browser does this happen in?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Drakeplace

Drakeplace
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 18 October 2012 - 01:16 AM

Hi,

Redirects happen in Firefox but not in IE.
In IE, after asking if I want to set IE as default browser, a panel appeared indicating "Security alert - you are about to view pages over a secure connection".
I've not seen this before. But IE know seems OK.
Windows security centre still indicates that it cannot be started.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users