Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with rootkit?


  • This topic is locked This topic is locked
27 replies to this topic

#1 Mike_Bates

Mike_Bates

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marietta, GA
  • Local time:04:30 AM

Posted 16 October 2012 - 03:39 PM

Mod Edit: Merged posts~~ boopme

A few days ago I started getting a popup in the bottom right corner of my Firefox browser with context ads and "sponsored ad" at the top. I've run the following without result:

- Malwarebytes deep scan
- SuperAntiSpyware
- Spybot Search and Destroy
- Combofix

I'm also seeing 'missing plugin' notifications in different web pages. Even some profile picture frames for Facebook display missing media/video plugin notices that invariably lead to a ilivid.com. I've searched for the ilivid virus markers in the registry etc, but I find nothing. IE so far surfs cleanly. I need some advice on how to remove this rootkit/virus.

My DDS and GMer logs follow.

Thank you in advance.

DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Mike at 15:47:48 on 2012-10-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1983.555 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Expat Shield\bin\openvpnas.exe
C:\Program Files\Expat Shield\HssWPR\hsssrv.exe
C:\Program Files\Expat Shield\bin\hsswd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Explorer.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Users\Mike\Downloads\aswMBR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - c:\program files\expat shield\hssie\ExpatIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - c:\program files\bittorrentbar\prxtbBitT.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{3940E2ED-B19E-4FDC-8D85-5CE2203F5008} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{3940E2ED-B19E-4FDC-8D85-5CE2203F5008}\140545321373 : DHCPNameServer = 192.168.17.1
TCP: Interfaces\{3940E2ED-B19E-4FDC-8D85-5CE2203F5008}\16074702321343 : DHCPNameServer = 192.168.14.1
TCP: Interfaces\{3940E2ED-B19E-4FDC-8D85-5CE2203F5008}\160747321363 : DHCPNameServer = 192.168.16.1
TCP: Interfaces\{3940E2ED-B19E-4FDC-8D85-5CE2203F5008}\2375942554936373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{3940E2ED-B19E-4FDC-8D85-5CE2203F5008}\24F696E676F60284F6473707F647 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{A0F9B1CC-172D-448A-8521-32C9D4351D72} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{A0F9B1CC-172D-448A-8521-32C9D4351D72}\160747321363 : DHCPNameServer = 192.168.16.1
TCP: Interfaces\{A0F9B1CC-172D-448A-8521-32C9D4351D72}\E4F6020596767697261636B637 : DHCPNameServer = 10.0.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\k1wc3jwk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\mike\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-08-26 13:59; afurladvisor@anchorfree.com; c:\program files\mozilla firefox\extensions\afurladvisor@anchorfree.com
FF - ExtSQL: 2012-09-15 14:52; C7yFVpIP@WeolS3acxgS.com; c:\users\mike\appdata\roaming\mozilla\firefox\profiles\k1wc3jwk.default\extensions\C7yFVpIP@WeolS3acxgS.com.xpi
FF - ExtSQL: 2012-10-13 11:28; {27182e60-b5f3-411c-b545-b44205977502}; c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\SearchHelperExtension
FF - ExtSQL: 2012-10-13 11:29; {3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}; c:\program files\microsoft\search enhancement pack\default manager\DMExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2011-6-17 48640]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-9-18 913792]
R2 ExpatShieldService;Expat Shield Service;c:\program files\expat shield\bin\openvpnas.exe [2012-1-17 331608]
R2 ExpatSrv;Expat Shield Routing Service;c:\program files\expat shield\hsswpr\hsssrv.exe [2012-1-4 363336]
R2 ExpatWd;Expat Shield Monitoring Service;c:\program files\expat shield\bin\hsswd.exe -product expat --> c:\program files\expat shield\bin\hsswd.exe -product Expat [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-14 399432]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-2-8 198136]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-10-16 1153368]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2012-3-12 227896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-11 22856]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2011-5-16 603240]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-5-16 37504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-14 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250808]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2011-5-16 100328]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2011-5-16 309224]
S3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2011-5-16 76840]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2011-5-16 129640]
S3 BFNVis32;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\XenoVx86.sys [2011-5-16 129640]
S3 BXOIS;BXOIS;c:\windows\system32\drivers\bxois.sys [2011-5-16 431144]
S3 cbaf;UWB Cable Based Association Framework Driver;c:\windows\system32\drivers\cbaf.sys [2011-5-16 11008]
S3 dfuuwb;Intel Wireless UWB Link 1480M Device Firmware Utility;c:\windows\system32\drivers\DfuUWB.sys [2011-5-16 500736]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2011-5-16 109448]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [2011-5-16 33152]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [2011-5-16 52992]
S3 ExpatTrayService;Expat Shield Tray Service;c:\program files\expat shield\bin\EXPATTrayService.exe [2012-1-17 77520]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-3-18 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 HWA;Intel® Wireless USB Host Adapter;c:\windows\system32\drivers\HWA.sys [2011-5-16 53376]
S3 IFCoEMP;IFCoEMP;c:\windows\system32\drivers\ifM60x32.sys [2011-5-16 269584]
S3 IFCoEVB;IFCoEVB;c:\windows\system32\drivers\ifP60x32.sys [2011-5-16 61712]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-5-16 132480]
S3 ioatdma1;ioatdma1;c:\windows\system32\drivers\qd16032.sys [2011-5-16 36552]
S3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\system32\drivers\qd26032.sys [2011-5-16 37576]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-10-15 40776]
S3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2011-5-16 40832]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-10 115168]
S3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-7-24 9472]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-5-16 63872]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-5-16 141952]
S3 nvamacpi;nvamacpi;c:\windows\system32\drivers\nvamacpi.sys [2011-5-16 24608]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 SRS_AE_Service;SRS Audio;c:\windows\system32\drivers\SRS_AE_i386.sys [2012-6-21 407368]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2011-6-17 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 TTP7;Flash Update for TerraTec PHASE 26 USB;c:\windows\system32\drivers\ttp7up.sys [2011-5-16 12928]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2011-5-18 11596]
S3 uwbusb;UWB Bus Control USB-Miniport Driver;c:\windows\system32\drivers\usbuwbmini.sys [2011-5-16 9600]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-24 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-10-16 11:58:12 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-16 11:55:51 -------- d-----w- c:\windows\system32\??????
2012-10-16 11:55:51 -------- d-----w- C:\microsoft
2012-10-16 11:55:10 -------- d-----w- c:\users\mike\appdata\local\temp
2012-10-16 11:44:27 98816 ----a-w- c:\windows\sed.exe
2012-10-16 11:44:27 256000 ----a-w- c:\windows\PEV.exe
2012-10-16 11:44:27 208896 ----a-w- c:\windows\MBR.exe
2012-10-16 11:18:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-16 11:18:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-16 10:54:26 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-10-16 10:48:51 -------- d-----w- c:\programdata\HitmanPro
2012-10-16 10:42:48 -------- d-----w- c:\program files\FileASSASSIN
2012-10-16 10:29:05 357 ----a-w- C:\check.bat
2012-10-16 08:38:53 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ac0ac972-707c-4a78-bd7c-1ceb1c8a1fcb}\offreg.dll
2012-10-15 19:20:28 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-10-14 15:38:27 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-14 15:37:31 -------- d-----w- c:\program files\iPod
2012-10-14 15:37:30 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-10-14 15:37:30 -------- d-----w- c:\program files\iTunes
2012-10-13 15:28:51 -------- d-----w- c:\program files\MSN Toolbar
2012-10-13 15:28:45 -------- d-----w- c:\program files\Bing Bar Installer
2012-10-13 15:28:43 -------- d-----w- c:\programdata\HP Photo Creations
2012-10-13 15:28:43 -------- d-----w- c:\program files\HP Photo Creations
2012-10-13 15:28:15 527208 ------w- c:\windows\system32\HPDiscoPM8e11.dll
2012-10-09 23:38:18 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ac0ac972-707c-4a78-bd7c-1ceb1c8a1fcb}\mpengine.dll
2012-09-23 14:38:49 -------- d-----w- c:\users\mike\appdata\local\{7B14753F-661E-47E1-8033-3BEA5AD44197}
2012-09-21 15:47:49 -------- d-----w- c:\program files\WildPackets
2012-09-21 15:22:21 -------- d-----w- C:\Training stuff
2012-09-20 12:03:34 -------- d-----w- c:\users\mike\appdata\roaming\SUPERAntiSpyware.com
2012-09-20 12:03:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-20 12:03:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-20 11:55:26 -------- d-----w- c:\users\mike\Pavark
2012-09-20 09:36:08 -------- d-----w- c:\program files\common files\Symantec Shared
2012-09-19 04:21:49 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-19 04:21:26 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-19 04:21:26 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-19 04:21:26 1306992 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-19 04:21:11 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-19 04:21:11 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-19 04:20:23 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-09-19 04:17:40 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-09-19 03:58:09 -------- d-----w- c:\programdata\IObit
2012-09-19 03:57:42 -------- d-----w- c:\users\mike\appdata\roaming\IObit
2012-09-19 03:57:28 -------- d-----w- c:\program files\IObit
2012-09-18 17:39:48 -------- d-----w- c:\programdata\Symantec
2012-09-18 17:39:39 -------- d-----w- c:\programdata\Norton
2012-09-18 17:39:37 -------- d-----w- c:\programdata\NortonInstaller
2012-09-18 15:30:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-10-09 12:55:57 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 12:55:56 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-18 15:30:27 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-18 15:30:27 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-11 14:35:54 10077 ----a-w- c:\windows\bcm310E.tmp
2012-09-11 14:35:28 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-09-07 12:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 17:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
============= FINISH: 15:48:20.05 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-16 16:24:33
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000007a TOSHIBA_ rev.GS00
Running: gmer.exe; Driver: C:\Users\Mike\AppData\Local\Temp\kwliipow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackComplete + 1415 82C933A9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CCCC72 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EE32340, 0x3EE217, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[4732] ntdll.dll!LdrGetProcedureAddress + 26 77192239 7 Bytes JMP 6218A650 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4732] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 75BD93D6 7 Bytes JMP 623C7DF7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4732] kernel32.dll!QueryPerformanceCounter + 13 75BDC415 7 Bytes JMP 623C7E1A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4732] kernel32.dll!LoadAppInitDlls + 355 75BDF4D6 7 Bytes JMP 6218EDB3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4732] GDI32.dll!GetViewportOrgEx + 26C 75B4884B 7 Bytes JMP 623C7D78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Kernel_0_0_cab_16f3696c
Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LiveKernelReports\WATCHDOG
Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LiveKernelReports\WATCHDOG\WD-20121016-1609-01.dmp
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@NewClientID 173

---- EOF - GMER 1.0.15 ----

Edited by boopme, 16 October 2012 - 04:17 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 17 October 2012 - 09:21 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Mike_Bates

Mike_Bates
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marietta, GA
  • Local time:04:30 AM

Posted 18 October 2012 - 05:43 AM

Security Check Log

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
JavaFX 2.1.1
Java 7 Update 7
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


AdwCleaner Log

# AdwCleaner v2.005 - Logfile created 10/18/2012 at 06:25:54
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Mike - MIKE-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Mike\Desktop\Bleeping Computer\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\BitTorrentBar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Deleted : C:\Users\Mike\AppData\Local\Conduit
Folder Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Folder Deleted : C:\Users\Mike\AppData\LocalLow\BitTorrentBar
Folder Deleted : C:\Users\Mike\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Mike\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Mike\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Mike\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32804100-B238-45F4-B15E-C5A2F2F7400B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\BitTorrentBar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32804100-B238-45F4-B15E-C5A2F2F7400B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DC10568-75CF-4295-A66C-760501FBD4F9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{962EDD74-A33C-466E-A66C-32AA0F0FE204}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{32804100-B238-45F4-B15E-C5A2F2F7400B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\k1wc3jwk.default\prefs.js

C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\k1wc3jwk.default\user.js ... Deleted !

[OK] File is clean.

Profile name : default
File : C:\Users\patric\AppData\Roaming\Mozilla\Firefox\Profiles\ljnqnxhz.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4082 octets] - [18/10/2012 06:24:44]
AdwCleaner[S1].txt - [4027 octets] - [18/10/2012 06:25:54]

########## EOF - C:\AdwCleaner[S1].txt - [4087 octets] ##########

RogueKiller Log

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Mike [Admin rights]
Mode : Remove -- Date : 10/18/2012 06:22:09

Bad processes : 1
[SUSP PATH] SecurityCheck (1).exe -- C:\Users\Mike\Desktop\Bleeping Computer\SecurityCheck (1).exe -> KILLED [TermProc]

Registry Entries : 6
[TASK][BLPATH] HPCustParticipation HP Photosmart Plus B210 series : "C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe" /UA 9.1 /DDV 0x0805 -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: TOSHIBA MK3276GSX SCSI Disk Device +++++
--- User ---
[MBR] d16b79f16bfb2ff9c47cd2430c6e3ae5
[BSP] a4ab8364e4a889ef19059fc03d9ca378 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: SD Memory Card +++++
--- User ---
[MBR] 0c07866cb81a99247b567de254a5f4d5
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 243 | Size: 1963 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 18 October 2012 - 07:35 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Mike_Bates

Mike_Bates
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marietta, GA
  • Local time:04:30 AM

Posted 19 October 2012 - 05:49 AM

Gringo,

There was no reboot at the end of the cleaning. There were no problems during the process. The log follows:


ComboFix 12-10-18.03 - Mike 10/19/2012 6:33.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1983.1219 [GMT -4:00]
Running from: c:\users\Mike\Desktop\Bleeping Computer\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
.
.
((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
.
.
2012-10-19 10:42 . 2012-10-19 10:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-16 11:18 . 2012-10-16 13:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-16 11:18 . 2012-10-16 11:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-16 10:54 . 2012-10-16 10:54 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-10-16 10:48 . 2012-10-16 10:54 -------- d-----w- c:\programdata\HitmanPro
2012-10-16 10:42 . 2012-10-16 10:42 -------- d-----w- c:\program files\FileASSASSIN
2012-10-16 10:29 . 2012-10-16 10:29 357 ----a-w- C:\check.bat
2012-10-15 19:20 . 2012-10-15 19:20 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-10-15 15:39 . 2012-10-15 15:39 -------- d-----w- c:\users\patric
2012-10-14 15:38 . 2012-08-21 17:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-14 15:37 . 2012-10-14 15:37 -------- d-----w- c:\program files\iPod
2012-10-14 15:37 . 2012-10-14 15:38 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-10-14 15:37 . 2012-10-14 15:38 -------- d-----w- c:\program files\iTunes
2012-10-13 15:28 . 2012-10-13 15:28 -------- d-----w- c:\program files\MSN Toolbar
2012-10-13 15:28 . 2012-10-13 15:29 -------- d-----w- c:\program files\Bing Bar Installer
2012-10-13 15:28 . 2012-10-13 15:30 -------- d-----w- c:\programdata\HP Photo Creations
2012-10-13 15:28 . 2012-10-13 15:28 -------- d-----w- c:\program files\HP Photo Creations
2012-10-13 15:28 . 2010-11-16 18:10 527208 ------w- c:\windows\system32\HPDiscoPM8e11.dll
2012-10-09 23:38 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC0AC972-707C-4A78-BD7C-1CEB1C8A1FCB}\mpengine.dll
2012-09-21 15:47 . 2012-09-21 15:47 -------- d-----w- c:\program files\WildPackets
2012-09-21 15:22 . 2012-09-21 15:57 -------- d-----w- C:\Training stuff
2012-09-20 12:03 . 2012-09-20 12:03 -------- d-----w- c:\users\Mike\AppData\Roaming\SUPERAntiSpyware.com
2012-09-20 12:03 . 2012-09-26 10:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-20 12:03 . 2012-09-20 12:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-20 11:55 . 2012-09-20 11:55 -------- d-----w- c:\users\Mike\Pavark
2012-09-20 09:36 . 2012-09-20 09:36 -------- d-----w- c:\program files\Common Files\Symantec Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 12:55 . 2012-04-03 12:59 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 12:55 . 2012-03-12 08:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-19 04:21 . 2012-09-19 04:21 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-19 04:21 . 2012-09-19 04:21 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-19 04:21 . 2012-09-19 04:21 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-19 04:21 . 2012-09-19 04:21 1306992 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-19 04:21 . 2012-09-19 04:21 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-19 04:21 . 2012-09-19 04:21 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-19 04:20 . 2012-09-19 04:20 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-09-18 15:30 . 2012-09-18 15:30 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-18 15:30 . 2012-07-29 09:51 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-18 15:30 . 2012-07-29 09:51 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-11 14:35 . 2012-09-11 14:35 10077 ----a-w- c:\windows\bcm310E.tmp
2012-09-11 14:35 . 2012-09-11 14:35 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-09-07 12:04 . 2012-04-11 16:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 17:01 . 2012-03-12 09:53 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-23 10:59 . 2012-09-19 04:17 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-10-14 11:47 . 2012-10-14 11:47 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02 233288 ----a-w- c:\program files\Expat Shield\HssIE\ExpatIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 4780928]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 05:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [x]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [x]
R3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [x]
R3 BFNVis32;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\XenoVx86.sys [x]
R3 BXOIS;BXOIS;c:\windows\system32\drivers\bxois.sys [x]
R3 cbaf;UWB Cable Based Association Framework Driver;c:\windows\System32\Drivers\cbaf.sys [x]
R3 dfuuwb;Intel Wireless UWB Link 1480M Device Firmware Utility;c:\windows\System32\Drivers\DfuUWB.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [x]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [x]
R3 ExpatTrayService;Expat Shield Tray Service;c:\program files\Expat Shield\bin\ExpatTrayService.EXE [x]
R3 HWA;Intel® Wireless USB Host Adapter;c:\windows\System32\Drivers\HWA.sys [x]
R3 IFCoEMP;IFCoEMP;c:\windows\system32\drivers\ifM60x32.sys [x]
R3 IFCoEVB;IFCoEVB;c:\windows\system32\drivers\ifP60X32.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd16032.sys [x]
R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd26032.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
R3 nvamacpi;nvamacpi;c:\windows\system32\drivers\NVAMACPI.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SRS_AE_Service;SRS Audio;c:\windows\system32\drivers\SRS_AE_i386.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TTP7;Flash Update for TerraTec PHASE 26 USB;c:\windows\system32\drivers\ttp7up.sys [x]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [x]
R3 uwbusb;UWB Bus Control USB-Miniport Driver;c:\windows\System32\Drivers\usbuwbmini.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 ExpatShieldService;Expat Shield Service;c:\program files\Expat Shield\bin\openvpnas.exe [x]
S2 ExpatSrv;Expat Shield Routing Service;c:\program files\Expat Shield\HssWPR\hsssrv.exe [x]
S2 ExpatWd;Expat Shield Monitoring Service;c:\program files\Expat Shield\bin\hsswd.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 12:56]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2480504058-1309294343-3151129647-1000Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 10:25]
.
2012-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2480504058-1309294343-3151129647-1000UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 10:25]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\k1wc3jwk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2012-09-15 14:52; C7yFVpIP@WeolS3acxgS.com; c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\k1wc3jwk.default\extensions\C7yFVpIP@WeolS3acxgS.com.xpi
FF - ExtSQL: 2012-10-13 11:28; {27182e60-b5f3-411c-b545-b44205977502}; c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF - ExtSQL: 2012-10-13 11:29; {3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}; c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-19 06:44:08
ComboFix-quarantined-files.txt 2012-10-19 10:44
ComboFix2.txt 2012-10-16 12:01
.
Pre-Run: 37,231,947,776 bytes free
Post-Run: 37,385,605,120 bytes free
.
- - End Of File - - D5A9844A9D725A67F79248AFE00050B1

#6 Mike_Bates

Mike_Bates
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marietta, GA
  • Local time:04:30 AM

Posted 19 October 2012 - 05:59 AM

Gringo,

I forgot to mention, I'm still getting redirects, embedded 'pluggin missing' ads and audio ads suddenly broadcasting on unrelated pages.

Edited by Mike_Bates, 19 October 2012 - 06:00 AM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 19 October 2012 - 07:40 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Mike_Bates

Mike_Bates
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marietta, GA
  • Local time:04:30 AM

Posted 19 October 2012 - 11:29 AM

I ran both utilities, Gringo but my laptop bluescreened on aswMBR. I ran it twice with the same result. The Event Viewer doesn't give much information except it might be related to my video driver:

Source
Windows

Summary
Shut down unexpectedly

Date
‎10/‎19/‎2012 12:05 PM

Status
Not reported

Problem signature
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033

Extra information about the problem
BCCode: d1
BCP1: 00000000
BCP2: 000000FF
BCP3: 00000008
BCP4: 00000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

TDSS scan result:

11:49:34.0576 5656 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
11:49:34.0988 5656 ============================================================
11:49:34.0988 5656 Current date / time: 2012/10/19 11:49:34.0988
11:49:34.0988 5656 SystemInfo:
11:49:34.0988 5656
11:49:34.0988 5656 OS Version: 6.1.7601 ServicePack: 1.0
11:49:34.0988 5656 Product type: Workstation
11:49:34.0988 5656 ComputerName: MIKE-LAPTOP
11:49:34.0988 5656 UserName: Mike
11:49:34.0988 5656 Windows directory: C:\Windows
11:49:34.0989 5656 System windows directory: C:\Windows
11:49:34.0989 5656 Processor architecture: Intel x86
11:49:34.0989 5656 Number of processors: 2
11:49:34.0989 5656 Page size: 0x1000
11:49:34.0989 5656 Boot type: Normal boot
11:49:34.0989 5656 ============================================================
11:49:36.0247 5656 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:49:36.0250 5656 ============================================================
11:49:36.0250 5656 \Device\Harddisk0\DR0:
11:49:36.0250 5656 MBR partitions:
11:49:36.0250 5656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
11:49:36.0250 5656 ============================================================
11:49:36.0276 5656 C: <-> \Device\Harddisk0\DR0\Partition1
11:49:36.0277 5656 ============================================================
11:49:36.0277 5656 Initialize success
11:49:36.0277 5656 ============================================================
11:49:38.0023 5124 ============================================================
11:49:38.0023 5124 Scan started
11:49:38.0024 5124 Mode: Manual;
11:49:38.0024 5124 ============================================================
11:49:38.0885 5124 ================ Scan system memory ========================
11:49:38.0885 5124 System memory - ok
11:49:38.0886 5124 ================ Scan services =============================
11:49:38.0951 5124 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
11:49:38.0953 5124 !SASCORE - ok
11:49:39.0125 5124 [ 411C39EE2498232ACAF102668117109B ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
11:49:39.0127 5124 1394ohci - ok
11:49:39.0147 5124 [ 97E93A2D8C9D0F72F1C1A34D764A6C63 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:49:39.0152 5124 ACPI - ok
11:49:39.0174 5124 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:49:39.0175 5124 AcpiPmi - ok
11:49:39.0247 5124 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:49:39.0248 5124 AdobeARMservice - ok
11:49:39.0277 5124 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:49:39.0280 5124 AdobeFlashPlayerUpdateSvc - ok
11:49:39.0311 5124 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
11:49:39.0318 5124 adp94xx - ok
11:49:39.0363 5124 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
11:49:39.0368 5124 adpahci - ok
11:49:39.0389 5124 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
11:49:39.0392 5124 adpu320 - ok
11:49:39.0474 5124 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
11:49:39.0485 5124 AdvancedSystemCareService5 - ok
11:49:39.0518 5124 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:49:39.0520 5124 AeLookupSvc - ok
11:49:39.0541 5124 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
11:49:39.0547 5124 AFD - ok
11:49:39.0573 5124 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
11:49:39.0575 5124 agp440 - ok
11:49:39.0591 5124 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
11:49:39.0594 5124 aic78xx - ok
11:49:39.0613 5124 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
11:49:39.0615 5124 ALG - ok
11:49:39.0639 5124 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
11:49:39.0640 5124 aliide - ok
11:49:39.0661 5124 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
11:49:39.0662 5124 amdagp - ok
11:49:39.0679 5124 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
11:49:39.0680 5124 amdide - ok
11:49:39.0698 5124 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:49:39.0699 5124 AmdK8 - ok
11:49:39.0729 5124 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
11:49:39.0730 5124 AmdPPM - ok
11:49:39.0764 5124 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:49:39.0766 5124 amdsata - ok
11:49:39.0781 5124 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
11:49:39.0786 5124 amdsbs - ok
11:49:39.0804 5124 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:49:39.0862 5124 amdxata - ok
11:49:39.0915 5124 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
11:49:39.0917 5124 AppID - ok
11:49:39.0948 5124 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:49:39.0949 5124 AppIDSvc - ok
11:49:39.0957 5124 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
11:49:39.0959 5124 Appinfo - ok
11:49:40.0028 5124 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:49:40.0030 5124 Apple Mobile Device - ok
11:49:40.0077 5124 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
11:49:40.0079 5124 AppMgmt - ok
11:49:40.0103 5124 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
11:49:40.0105 5124 arc - ok
11:49:40.0127 5124 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
11:49:40.0129 5124 arcsas - ok
11:49:40.0153 5124 [ 6E5B37EFC8BB04B55C5E417C893D839B ] asmthub3 C:\Windows\system32\drivers\asmthub3.sys
11:49:40.0156 5124 asmthub3 - ok
11:49:40.0178 5124 [ 0DDB9502E990C770E383B7A758E2B7DF ] asmtxhci C:\Windows\system32\drivers\asmtxhci.sys
11:49:40.0185 5124 asmtxhci - ok
11:49:40.0206 5124 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:49:40.0207 5124 AsyncMac - ok
11:49:40.0228 5124 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
11:49:40.0228 5124 atapi - ok
11:49:40.0265 5124 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:49:40.0272 5124 AudioEndpointBuilder - ok
11:49:40.0285 5124 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
11:49:40.0291 5124 Audiosrv - ok
11:49:40.0310 5124 [ 06C6E8F88E79E01C883043E25B99DB43 ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:49:40.0312 5124 AxInstSV - ok
11:49:40.0346 5124 [ 07EA834FAD4AB6CBFBF4C580EC95E0C2 ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
11:49:40.0354 5124 b06bdrv - ok
11:49:40.0368 5124 [ 260965B13B51B112F365FC11DD3C429A ] b06diag C:\Windows\system32\drivers\bxdiagx.sys
11:49:40.0371 5124 b06diag - ok
11:49:40.0393 5124 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
11:49:40.0396 5124 b57nd60x - ok
11:49:40.0491 5124 [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
11:49:40.0523 5124 BCM43XX - ok
11:49:40.0544 5124 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
11:49:40.0546 5124 BDESVC - ok
11:49:40.0588 5124 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
11:49:40.0588 5124 Beep - ok
11:49:40.0631 5124 [ 0644AACB72A5FF019B0704A7451C0A2E ] BFE C:\Windows\System32\bfe.dll
11:49:40.0638 5124 BFE - ok
11:49:40.0670 5124 [ 675BAB5FEAD17D2800B58C31F5113B66 ] BFN7x86 C:\Windows\system32\drivers\Xeno7x86.sys
11:49:40.0673 5124 BFN7x86 - ok
11:49:40.0716 5124 [ E2D17A2FA5EDEF495222AA25F02F0E34 ] BFNVis32 C:\Windows\system32\drivers\XenoVx86.sys
11:49:40.0719 5124 BFNVis32 - ok
11:49:40.0761 5124 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
11:49:40.0768 5124 BITS - ok
11:49:40.0795 5124 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:49:40.0797 5124 blbdrive - ok
11:49:40.0838 5124 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:49:40.0843 5124 Bonjour Service - ok
11:49:40.0863 5124 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:49:40.0865 5124 bowser - ok
11:49:40.0889 5124 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
11:49:40.0890 5124 BrFiltLo - ok
11:49:40.0918 5124 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
11:49:40.0919 5124 BrFiltUp - ok
11:49:40.0956 5124 [ DF0EDEB9A131E0310FB97F46EF3ED887 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:49:40.0958 5124 BridgeMP - ok
11:49:40.0997 5124 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
11:49:40.0999 5124 Browser - ok
11:49:41.0019 5124 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:49:41.0024 5124 Brserid - ok
11:49:41.0047 5124 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:49:41.0049 5124 BrSerWdm - ok
11:49:41.0078 5124 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:49:41.0079 5124 BrUsbMdm - ok
11:49:41.0095 5124 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:49:41.0097 5124 BrUsbSer - ok
11:49:41.0124 5124 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
11:49:41.0125 5124 BTHMODEM - ok
11:49:41.0149 5124 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
11:49:41.0152 5124 bthserv - ok
11:49:41.0194 5124 [ E28E93545A215E4F045C9FF795F13136 ] BXOIS C:\Windows\system32\drivers\bxois.sys
11:49:41.0201 5124 BXOIS - ok
11:49:41.0319 5124 catchme - ok
11:49:41.0362 5124 [ 53D2CFA25D9DF05EDADBF2A9023A4DEA ] cbaf C:\Windows\System32\Drivers\cbaf.sys
11:49:41.0363 5124 cbaf - ok
11:49:41.0380 5124 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:49:41.0382 5124 cdfs - ok
11:49:41.0403 5124 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
11:49:41.0405 5124 cdrom - ok
11:49:41.0433 5124 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
11:49:41.0436 5124 CertPropSvc - ok
11:49:41.0447 5124 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
11:49:41.0448 5124 circlass - ok
11:49:41.0465 5124 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
11:49:41.0470 5124 CLFS - ok
11:49:41.0542 5124 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:49:41.0544 5124 clr_optimization_v2.0.50727_32 - ok
11:49:41.0581 5124 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:49:41.0583 5124 clr_optimization_v4.0.30319_32 - ok
11:49:41.0610 5124 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:49:41.0611 5124 CmBatt - ok
11:49:41.0630 5124 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:49:41.0631 5124 cmdide - ok
11:49:41.0668 5124 [ 0BBDFA8C206C88351270895CC1A1B604 ] CNG C:\Windows\system32\Drivers\cng.sys
11:49:41.0673 5124 CNG - ok
11:49:41.0704 5124 [ A4D44AB8423791DB757B38150EC599A4 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
11:49:41.0707 5124 CnxtHdAudService - ok
11:49:41.0774 5124 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
11:49:41.0779 5124 Com4QLBEx - ok
11:49:41.0828 5124 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:49:41.0829 5124 Compbatt - ok
11:49:41.0865 5124 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
11:49:41.0866 5124 CompositeBus - ok
11:49:41.0874 5124 COMSysApp - ok
11:49:41.0893 5124 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
11:49:41.0894 5124 crcdisk - ok
11:49:41.0928 5124 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:49:41.0931 5124 CryptSvc - ok
11:49:41.0963 5124 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
11:49:41.0970 5124 CSC - ok
11:49:42.0011 5124 [ 631E8D7C440C001FADB0FF2D5FB5ACFB ] CscService C:\Windows\System32\cscsvc.dll
11:49:42.0018 5124 CscService - ok
11:49:42.0063 5124 [ FAFD0AE107BF665CB457608831814B0C ] DcomLaunch C:\Windows\system32\rpcss.dll
11:49:42.0069 5124 DcomLaunch - ok
11:49:42.0140 5124 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
11:49:42.0203 5124 defragsvc - ok
11:49:42.0247 5124 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:49:42.0251 5124 DfsC - ok
11:49:42.0296 5124 [ 80AFE83D3B9CE2B31F2EBAA10C13F4BF ] dfuuwb C:\Windows\System32\Drivers\DfuUWB.sys
11:49:42.0304 5124 dfuuwb - ok
11:49:42.0340 5124 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:49:42.0344 5124 Dhcp - ok
11:49:42.0359 5124 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
11:49:42.0360 5124 discache - ok
11:49:42.0390 5124 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
11:49:42.0391 5124 Disk - ok
11:49:42.0408 5124 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
11:49:42.0410 5124 dmvsc - ok
11:49:42.0427 5124 [ C941FD3429EA406D14266F671EC5B4A7 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:49:42.0430 5124 Dnscache - ok
11:49:42.0468 5124 [ DCAD2BDC526AE53BEED47BEAD703D144 ] dot3svc C:\Windows\System32\dot3svc.dll
11:49:42.0472 5124 dot3svc - ok
11:49:42.0494 5124 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
11:49:42.0497 5124 Dot4 - ok
11:49:42.0524 5124 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:49:42.0526 5124 Dot4Print - ok
11:49:42.0548 5124 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
11:49:42.0549 5124 dot4usb - ok
11:49:42.0576 5124 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
11:49:42.0580 5124 DPS - ok
11:49:42.0612 5124 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:49:42.0614 5124 drmkaud - ok
11:49:42.0652 5124 [ E73B01A9C5B8B43D8D3C233C8C1340D2 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:49:42.0662 5124 DXGKrnl - ok
11:49:42.0691 5124 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
11:49:42.0694 5124 EapHost - ok
11:49:42.0756 5124 [ 16CFF939DEE99B82AF86A52BC808AB16 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
11:49:42.0785 5124 ebdrv - ok
11:49:42.0820 5124 [ FA7B950E4CA6AA260C4EABA19E03644D ] EFS C:\Windows\System32\lsass.exe
11:49:42.0822 5124 EFS - ok
11:49:42.0879 5124 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:49:42.0887 5124 ehRecvr - ok
11:49:42.0903 5124 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
11:49:42.0906 5124 ehSched - ok
11:49:42.0948 5124 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
11:49:42.0955 5124 elxstor - ok
11:49:42.0976 5124 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:49:42.0977 5124 ErrDev - ok
11:49:43.0001 5124 [ 6AA41A73DF56CAC2004DDED5D530A578 ] ETD C:\Windows\system32\drivers\ETD.sys
11:49:43.0003 5124 ETD - ok
11:49:43.0027 5124 [ F252ECC4E4554CC455A917FF16FBD2B7 ] EtronHub3 C:\Windows\System32\Drivers\EtronHub3.sys
11:49:43.0028 5124 EtronHub3 - ok
11:49:43.0048 5124 [ EBE0A6A662364E099BCF9AE6B678DB90 ] EtronXHCI C:\Windows\System32\Drivers\EtronXHCI.sys
11:49:43.0050 5124 EtronXHCI - ok
11:49:43.0110 5124 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
11:49:43.0114 5124 EventSystem - ok
11:49:43.0129 5124 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
11:49:43.0132 5124 exfat - ok
11:49:43.0197 5124 [ 6C5B729C5934E2D8EC0BD6762AAE9251 ] ExpatShieldService C:\Program Files\Expat Shield\bin\openvpnas.exe
11:49:43.0206 5124 ExpatShieldService - ok
11:49:43.0249 5124 [ 2CFEA9C337B699ACA38487E8A7438F35 ] ExpatSrv C:\Program Files\Expat Shield\HssWPR\hsssrv.exe
11:49:43.0261 5124 ExpatSrv - ok
11:49:43.0307 5124 [ C73830C0AA60BD62CBD16B45DA7D87FD ] ExpatTrayService C:\Program Files\Expat Shield\bin\ExpatTrayService.EXE
11:49:43.0309 5124 ExpatTrayService - ok
11:49:43.0314 5124 ExpatWd - ok
11:49:43.0338 5124 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:49:43.0340 5124 fastfat - ok
11:49:43.0385 5124 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
11:49:43.0393 5124 Fax - ok
11:49:43.0411 5124 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
11:49:43.0412 5124 fdc - ok
11:49:43.0434 5124 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
11:49:43.0436 5124 fdPHost - ok
11:49:43.0452 5124 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
11:49:43.0455 5124 FDResPub - ok
11:49:43.0474 5124 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:49:43.0476 5124 FileInfo - ok
11:49:43.0489 5124 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:49:43.0490 5124 Filetrace - ok
11:49:43.0507 5124 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
11:49:43.0509 5124 flpydisk - ok
11:49:43.0532 5124 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:49:43.0536 5124 FltMgr - ok
11:49:43.0584 5124 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
11:49:43.0595 5124 FontCache - ok
11:49:43.0647 5124 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:49:43.0648 5124 FontCache3.0.0.0 - ok
11:49:43.0676 5124 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:49:43.0678 5124 FsDepends - ok
11:49:43.0712 5124 [ BFAAA92861526BB0ADCD01E964AB6609 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
11:49:43.0714 5124 fssfltr - ok
11:49:43.0789 5124 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
11:49:43.0824 5124 fsssvc - ok
11:49:43.0863 5124 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:49:43.0864 5124 Fs_Rec - ok
11:49:43.0922 5124 [ AAE37F0F2F613218DCE17B42A18C38DB ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
11:49:43.0924 5124 FTDIBUS - ok
11:49:43.0946 5124 [ 48BFD1BA45C9C9E7AB339E25ABFBA1D2 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
11:49:43.0948 5124 FTSER2K - ok
11:49:43.0977 5124 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:49:43.0980 5124 fvevol - ok
11:49:43.0993 5124 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
11:49:43.0994 5124 gagp30kx - ok
11:49:44.0033 5124 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:49:44.0035 5124 GEARAspiWDM - ok
11:49:44.0072 5124 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
11:49:44.0080 5124 gpsvc - ok
11:49:44.0109 5124 [ C172F0D0329E46513B09E1FC60A27B9D ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
11:49:44.0110 5124 HBtnKey - ok
11:49:44.0144 5124 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:49:44.0146 5124 hcw85cir - ok
11:49:44.0180 5124 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:49:44.0185 5124 HdAudAddService - ok
11:49:44.0208 5124 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
11:49:44.0210 5124 HDAudBus - ok
11:49:44.0231 5124 [ 30D57EE84E1E169D41A6E873B549A096 ] HECI C:\Windows\system32\drivers\HECI.sys
11:49:44.0232 5124 HECI - ok
11:49:44.0259 5124 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
11:49:44.0260 5124 HidBatt - ok
11:49:44.0293 5124 [ 72B8842C548A9584329690867FCA8B0E ] HidBth C:\Windows\system32\drivers\hidbth.sys
11:49:44.0295 5124 HidBth - ok
11:49:44.0317 5124 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
11:49:44.0319 5124 HidIr - ok
11:49:44.0342 5124 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
11:49:44.0345 5124 hidserv - ok
11:49:44.0357 5124 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:49:44.0358 5124 HidUsb - ok
11:49:44.0381 5124 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:49:44.0384 5124 hkmsvc - ok
11:49:44.0400 5124 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:49:44.0406 5124 HomeGroupListener - ok
11:49:44.0445 5124 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:49:44.0451 5124 HomeGroupProvider - ok
11:49:44.0546 5124 [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:49:44.0553 5124 hpqcxs08 - ok
11:49:44.0586 5124 [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:49:44.0592 5124 hpqddsvc - ok
11:49:44.0623 5124 [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
11:49:44.0624 5124 HpqKbFiltr - ok
11:49:44.0657 5124 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
11:49:44.0661 5124 hpqwmiex - ok
11:49:44.0678 5124 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:49:44.0680 5124 HpSAMD - ok
11:49:44.0705 5124 [ DC5A6C052B6D000F9417262F40CCF8EA ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
11:49:44.0713 5124 HPSLPSVC - ok
11:49:44.0748 5124 [ 06C9C9DE9AB51DAA5A83A838C7A58ADF ] HssDrv C:\Windows\system32\DRIVERS\HssDrv.sys
11:49:44.0749 5124 HssDrv - ok
11:49:44.0791 5124 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:49:44.0799 5124 HTTP - ok
11:49:44.0815 5124 [ 7F8590B4B3CEDC9C691F587BF847E0DB ] HWA C:\Windows\System32\Drivers\HWA.sys
11:49:44.0817 5124 HWA - ok
11:49:44.0838 5124 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:49:44.0839 5124 hwpolicy - ok
11:49:44.0858 5124 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:49:44.0860 5124 i8042prt - ok
11:49:44.0895 5124 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:49:44.0900 5124 iaStorV - ok
11:49:44.0946 5124 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:49:44.0958 5124 idsvc - ok
11:49:44.0996 5124 [ 45DAC45438C9BFDDF8F2E6734F3EC89A ] IFCoEMP C:\Windows\system32\drivers\ifM60x32.sys
11:49:45.0000 5124 IFCoEMP - ok
11:49:45.0021 5124 [ B6F742A0DDE9E97DCC34B5AB73A771C5 ] IFCoEVB C:\Windows\system32\drivers\ifP60X32.sys
11:49:45.0023 5124 IFCoEVB - ok
11:49:45.0039 5124 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
11:49:45.0040 5124 iirsp - ok
11:49:45.0081 5124 [ AEDC08B8B82487F1AA64D07DBB3575B0 ] IKEEXT C:\Windows\System32\ikeext.dll
11:49:45.0091 5124 IKEEXT - ok
11:49:45.0112 5124 [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd C:\Windows\system32\drivers\Impcd.sys
11:49:45.0115 5124 Impcd - ok
11:49:45.0139 5124 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
11:49:45.0140 5124 intelide - ok
11:49:45.0160 5124 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
11:49:45.0162 5124 intelppm - ok
11:49:45.0192 5124 [ 10411032B74715E251293CA44FD4F467 ] ioatdma1 C:\Windows\System32\Drivers\qd16032.sys
11:49:45.0194 5124 ioatdma1 - ok
11:49:45.0215 5124 [ 99A13B19A5958F285536E8516FD33669 ] ioatdma2 C:\Windows\System32\Drivers\qd26032.sys
11:49:45.0217 5124 ioatdma2 - ok
11:49:45.0251 5124 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:49:45.0254 5124 IPBusEnum - ok
11:49:45.0280 5124 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:49:45.0282 5124 IpFilterDriver - ok
11:49:45.0312 5124 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:49:45.0322 5124 iphlpsvc - ok
11:49:45.0339 5124 [ D38A50ED76F309C75591FDFA427E2997 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:49:45.0341 5124 IPMIDRV - ok
11:49:45.0358 5124 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:49:45.0360 5124 IPNAT - ok
11:49:45.0423 5124 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:49:45.0434 5124 iPod Service - ok
11:49:45.0469 5124 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:49:45.0470 5124 IRENUM - ok
11:49:45.0481 5124 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:49:45.0483 5124 isapnp - ok
11:49:45.0510 5124 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:49:45.0515 5124 iScsiPrt - ok
11:49:45.0549 5124 [ 2F03CEB28307983F3B36216D35FFA5AA ] ISODrive C:\Program Files\UltraISO\drivers\ISODrive.sys
11:49:45.0551 5124 ISODrive - ok
11:49:45.0572 5124 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:49:45.0573 5124 kbdclass - ok
11:49:45.0609 5124 [ 056B425B6E108632DAF3FEF267CEF7A6 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:49:45.0610 5124 kbdhid - ok
11:49:45.0617 5124 [ FA7B950E4CA6AA260C4EABA19E03644D ] KeyIso C:\Windows\system32\lsass.exe
11:49:45.0619 5124 KeyIso - ok
11:49:45.0647 5124 [ 1CB63B575ADBD14A7216F6C4716816BB ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:49:45.0649 5124 KSecDD - ok
11:49:45.0671 5124 [ E89DB2A38A7811004EAC9A83474B3549 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:49:45.0674 5124 KSecPkg - ok
11:49:45.0720 5124 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
11:49:45.0727 5124 KtmRm - ok
11:49:45.0752 5124 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
11:49:45.0758 5124 LanmanServer - ok
11:49:45.0778 5124 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:49:45.0784 5124 LanmanWorkstation - ok
11:49:45.0834 5124 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:49:45.0835 5124 lltdio - ok
11:49:45.0866 5124 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:49:45.0871 5124 lltdsvc - ok
11:49:45.0893 5124 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
11:49:45.0895 5124 lmhosts - ok
11:49:45.0935 5124 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
11:49:45.0937 5124 LSI_FC - ok
11:49:45.0978 5124 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
11:49:45.0980 5124 LSI_SAS - ok
11:49:46.0034 5124 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
11:49:46.0036 5124 LSI_SAS2 - ok
11:49:46.0070 5124 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
11:49:46.0075 5124 LSI_SCSI - ok
11:49:46.0120 5124 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
11:49:46.0124 5124 luafv - ok
11:49:46.0164 5124 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:49:46.0165 5124 MBAMProtector - ok
11:49:46.0226 5124 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:49:46.0232 5124 MBAMScheduler - ok
11:49:46.0269 5124 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:49:46.0277 5124 MBAMService - ok
11:49:46.0332 5124 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
11:49:46.0333 5124 MBAMSwissArmy - ok
11:49:46.0371 5124 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\Windows\system32\drivers\mcdbus.sys
11:49:46.0373 5124 mcdbus - ok
11:49:46.0399 5124 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:49:46.0403 5124 Mcx2Svc - ok
11:49:46.0420 5124 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
11:49:46.0422 5124 megasas - ok
11:49:46.0450 5124 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
11:49:46.0454 5124 MegaSR - ok
11:49:46.0475 5124 [ 30D57EE84E1E169D41A6E873B549A096 ] MEI C:\Windows\system32\drivers\HECI.sys
11:49:46.0476 5124 MEI - ok
11:49:46.0500 5124 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
11:49:46.0503 5124 MMCSS - ok
11:49:46.0519 5124 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
11:49:46.0520 5124 Modem - ok
11:49:46.0551 5124 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:49:46.0551 5124 monitor - ok
11:49:46.0573 5124 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:49:46.0575 5124 mouclass - ok
11:49:46.0595 5124 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:49:46.0597 5124 mouhid - ok
11:49:46.0613 5124 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:49:46.0615 5124 mountmgr - ok
11:49:46.0672 5124 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:49:46.0676 5124 MozillaMaintenance - ok
11:49:46.0712 5124 [ 295D096AEB9E3E62BE6DA40778275976 ] mpio C:\Windows\system32\drivers\mpio.sys
11:49:46.0717 5124 mpio - ok
11:49:46.0753 5124 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:49:46.0757 5124 mpsdrv - ok
11:49:46.0804 5124 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:49:46.0813 5124 MpsSvc - ok
11:49:46.0826 5124 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:49:46.0830 5124 MRxDAV - ok
11:49:46.0861 5124 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:49:46.0864 5124 mrxsmb - ok
11:49:46.0900 5124 [ AC8EB88C4176892062CF7A8952943662 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:49:46.0904 5124 mrxsmb10 - ok
11:49:46.0920 5124 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:49:46.0923 5124 mrxsmb20 - ok
11:49:46.0941 5124 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
11:49:46.0943 5124 msahci - ok
11:49:46.0967 5124 [ 60B7B332BB86C4F313C7D4CF8D3A830C ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:49:46.0969 5124 msdsm - ok
11:49:46.0987 5124 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
11:49:46.0992 5124 MSDTC - ok
11:49:47.0039 5124 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:49:47.0040 5124 Msfs - ok
11:49:47.0060 5124 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:49:47.0062 5124 mshidkmdf - ok
11:49:47.0083 5124 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:49:47.0084 5124 msisadrv - ok
11:49:47.0120 5124 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:49:47.0123 5124 MSiSCSI - ok
11:49:47.0130 5124 msiserver - ok
11:49:47.0151 5124 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:49:47.0152 5124 MSKSSRV - ok
11:49:47.0170 5124 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:49:47.0171 5124 MSPCLOCK - ok
11:49:47.0202 5124 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:49:47.0203 5124 MSPQM - ok
11:49:47.0224 5124 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:49:47.0227 5124 MsRPC - ok
11:49:47.0251 5124 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
11:49:47.0252 5124 mssmbios - ok
11:49:47.0264 5124 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:49:47.0266 5124 MSTEE - ok
11:49:47.0315 5124 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
11:49:47.0322 5124 MTConfig - ok
11:49:47.0364 5124 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\drivers\ASACPI.sys
11:49:47.0365 5124 MTsensor - ok
11:49:47.0407 5124 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
11:49:47.0408 5124 Mup - ok
11:49:47.0444 5124 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
11:49:47.0452 5124 napagent - ok
11:49:47.0498 5124 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:49:47.0502 5124 NativeWifiP - ok
11:49:47.0545 5124 [ 15B74B6283CEBCCE3054C1001CA01B5E ] NDIS C:\Windows\system32\drivers\ndis.sys
11:49:47.0551 5124 NDIS - ok
11:49:47.0570 5124 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:49:47.0572 5124 NdisCap - ok
11:49:47.0591 5124 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:49:47.0593 5124 NdisTapi - ok
11:49:47.0621 5124 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:49:47.0623 5124 Ndisuio - ok
11:49:47.0644 5124 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:49:47.0646 5124 NdisWan - ok
11:49:47.0666 5124 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:49:47.0668 5124 NDProxy - ok
11:49:47.0703 5124 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:49:47.0705 5124 Net Driver HPZ12 - ok
11:49:47.0717 5124 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:49:47.0718 5124 NetBIOS - ok
11:49:47.0759 5124 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:49:47.0763 5124 NetBT - ok
11:49:47.0776 5124 [ FA7B950E4CA6AA260C4EABA19E03644D ] Netlogon C:\Windows\system32\lsass.exe
11:49:47.0778 5124 Netlogon - ok
11:49:47.0833 5124 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
11:49:47.0838 5124 Netman - ok
11:49:47.0884 5124 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
11:49:47.0892 5124 netprofm - ok
11:49:47.0919 5124 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:49:47.0922 5124 NetTcpPortSharing - ok
11:49:47.0956 5124 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
11:49:47.0958 5124 nfrd960 - ok
11:49:48.0000 5124 [ 88BA747AA5C103566FE6289B4AC3937D ] NitroReaderDriverReadSpool2 C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
11:49:48.0003 5124 NitroReaderDriverReadSpool2 - ok
11:49:48.0043 5124 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:49:48.0049 5124 NlaSvc - ok
11:49:48.0072 5124 [ DD0216110AE219F333D0F99079A4BE42 ] NMgamingmsFltr C:\Windows\system32\drivers\NMgamingms.sys
11:49:48.0074 5124 NMgamingmsFltr - ok
11:49:48.0085 5124 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:49:48.0087 5124 Npfs - ok
11:49:48.0100 5124 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
11:49:48.0104 5124 nsi - ok
11:49:48.0129 5124 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:49:48.0131 5124 nsiproxy - ok
11:49:48.0198 5124 [ E2EDE3F02F95B896A1C7C6F0CC0C4083 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:49:48.0210 5124 Ntfs - ok
11:49:48.0236 5124 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
11:49:48.0237 5124 Null - ok
11:49:48.0253 5124 [ BAD636EE7FF5BF539854BBA33868EFC2 ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
11:49:48.0256 5124 nusb3hub - ok
11:49:48.0286 5124 [ DFAFDC3051E04FFAFDDC4872394C1FC8 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
11:49:48.0289 5124 nusb3xhc - ok
11:49:48.0310 5124 [ BC9795F928C1775286E207F55F4870CD ] nvamacpi C:\Windows\system32\drivers\NVAMACPI.sys
11:49:48.0311 5124 nvamacpi - ok
11:49:48.0355 5124 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
11:49:48.0362 5124 NVENETFD - ok
11:49:48.0567 5124 [ 05B288B25C2EBD9A4E9E5114AE790876 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:49:48.0723 5124 nvlddmkm - ok
11:49:48.0757 5124 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:49:48.0760 5124 nvraid - ok
11:49:48.0774 5124 [ F13618F0CB1E95232F4C2401592A59E9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
11:49:48.0775 5124 nvsmu - ok
11:49:48.0795 5124 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:49:48.0797 5124 nvstor - ok
11:49:48.0828 5124 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:49:48.0830 5124 nv_agp - ok
11:49:48.0914 5124 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:49:48.0926 5124 odserv - ok
11:49:48.0957 5124 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:49:48.0962 5124 ohci1394 - ok
11:49:49.0020 5124 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:49:49.0023 5124 ose - ok
11:49:49.0065 5124 [ 38BEA463EF49BC314C1167E5246E48A9 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:49:49.0071 5124 p2pimsvc - ok
11:49:49.0097 5124 [ A664AFCAC636466AFBE7C16F9841A4BA ] p2psvc C:\Windows\system32\p2psvc.dll
11:49:49.0105 5124 p2psvc - ok
11:49:49.0131 5124 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
11:49:49.0133 5124 Parport - ok
11:49:49.0163 5124 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:49:49.0165 5124 partmgr - ok
11:49:49.0174 5124 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
11:49:49.0176 5124 Parvdm - ok
11:49:49.0203 5124 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:49:49.0208 5124 PcaSvc - ok
11:49:49.0221 5124 [ 1A3A608A0FA58B6FFDB61901074CC7C5 ] pci C:\Windows\system32\drivers\pci.sys
11:49:49.0223 5124 pci - ok
11:49:49.0242 5124 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
11:49:49.0244 5124 pciide - ok
11:49:49.0273 5124 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
11:49:49.0276 5124 pcmcia - ok
11:49:49.0293 5124 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
11:49:49.0295 5124 pcw - ok
11:49:49.0332 5124 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:49:49.0340 5124 PEAUTH - ok
11:49:49.0395 5124 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
11:49:49.0412 5124 PeerDistSvc - ok
11:49:49.0510 5124 [ BBD76805265483BE78F61D7E5DCBA5FA ] pla C:\Windows\system32\pla.dll
11:49:49.0553 5124 pla - ok
11:49:49.0597 5124 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:49:49.0605 5124 PlugPlay - ok
11:49:49.0620 5124 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:49:49.0622 5124 Pml Driver HPZ12 - ok
11:49:49.0660 5124 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:49:49.0663 5124 PNRPAutoReg - ok
11:49:49.0687 5124 [ 38BEA463EF49BC314C1167E5246E48A9 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:49:49.0692 5124 PNRPsvc - ok
11:49:49.0736 5124 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:49:49.0743 5124 PolicyAgent - ok
11:49:49.0778 5124 [ AC42F771CC29727BD1663F211E9AC507 ] Power C:\Windows\system32\umpo.dll
11:49:49.0783 5124 Power - ok
11:49:49.0822 5124 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:49:49.0824 5124 PptpMiniport - ok
11:49:49.0840 5124 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
11:49:49.0842 5124 Processor - ok
11:49:49.0875 5124 [ F74950D2C7297B23D925D90E936DA17F ] ProfSvc C:\Windows\system32\profsvc.dll
11:49:49.0881 5124 ProfSvc - ok
11:49:49.0899 5124 [ FA7B950E4CA6AA260C4EABA19E03644D ] ProtectedStorage C:\Windows\system32\lsass.exe
11:49:49.0901 5124 ProtectedStorage - ok
11:49:49.0915 5124 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:49:49.0918 5124 Psched - ok
11:49:49.0968 5124 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
11:49:49.0986 5124 ql2300 - ok
11:49:50.0002 5124 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
11:49:50.0005 5124 ql40xx - ok
11:49:50.0047 5124 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
11:49:50.0053 5124 QWAVE - ok
11:49:50.0084 5124 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:49:50.0085 5124 QWAVEdrv - ok
11:49:50.0099 5124 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:49:50.0101 5124 RasAcd - ok
11:49:50.0135 5124 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:49:50.0137 5124 RasAgileVpn - ok
11:49:50.0160 5124 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
11:49:50.0164 5124 RasAuto - ok
11:49:50.0177 5124 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:49:50.0180 5124 Rasl2tp - ok
11:49:50.0204 5124 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
11:49:50.0212 5124 RasMan - ok
11:49:50.0231 5124 [ C4AACCECA39AF598DCDB3D9304067569 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:49:50.0233 5124 RasPppoe - ok
11:49:50.0258 5124 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:49:50.0261 5124 RasSstp - ok
11:49:50.0279 5124 [ 3DE21D7810540772789732E6DB84C17C ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:49:50.0284 5124 rdbss - ok
11:49:50.0308 5124 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:49:50.0310 5124 rdpbus - ok
11:49:50.0332 5124 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:49:50.0333 5124 RDPCDD - ok
11:49:50.0366 5124 [ 7F881C6D3781CAB9C0E15595BB8696BE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
11:49:50.0369 5124 RDPDR - ok
11:49:50.0377 5124 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:49:50.0378 5124 RDPENCDD - ok
11:49:50.0411 5124 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:49:50.0412 5124 RDPREFMP - ok
11:49:50.0448 5124 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
11:49:50.0449 5124 RdpVideoMiniport - ok
11:49:50.0487 5124 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:49:50.0490 5124 RDPWD - ok
11:49:50.0524 5124 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:49:50.0528 5124 rdyboost - ok
11:49:50.0567 5124 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
11:49:50.0570 5124 RemoteAccess - ok
11:49:50.0595 5124 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:49:50.0599 5124 RemoteRegistry - ok
11:49:50.0627 5124 [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
11:49:50.0629 5124 rimmptsk - ok
11:49:50.0646 5124 [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
11:49:50.0648 5124 rimsptsk - ok
11:49:50.0667 5124 [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
11:49:50.0668 5124 rismxdp - ok
11:49:50.0690 5124 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:49:50.0694 5124 RpcEptMapper - ok
11:49:50.0715 5124 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
11:49:50.0718 5124 RpcLocator - ok
11:49:50.0752 5124 [ FAFD0AE107BF665CB457608831814B0C ] RpcSs C:\Windows\System32\rpcss.dll
11:49:50.0759 5124 RpcSs - ok
11:49:50.0792 5124 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:49:50.0795 5124 rspndr - ok
11:49:50.0831 5124 [ 9CE8DEFFAFFCCBF473015D76AE8EE514 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
11:49:50.0839 5124 RTL8192su - ok
11:49:50.0858 5124 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
11:49:50.0859 5124 s3cap - ok
11:49:50.0876 5124 [ FA7B950E4CA6AA260C4EABA19E03644D ] SamSs C:\Windows\system32\lsass.exe
11:49:50.0879 5124 SamSs - ok
11:49:50.0925 5124 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:49:50.0925 5124 SASDIFSV - ok
11:49:50.0961 5124 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:49:50.0962 5124 SASKUTIL - ok
11:49:51.0003 5124 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:49:51.0005 5124 sbp2port - ok
11:49:51.0098 5124 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
11:49:51.0125 5124 SBSDWSCService - ok
11:49:51.0169 5124 [ 4E9B73E60D128E2703EC6E7EA066BB32 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:49:51.0175 5124 SCardSvr - ok
11:49:51.0192 5124 [ 12784CF1B1E9C3540CC7C83324965277 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:49:51.0194 5124 scfilter - ok
11:49:51.0232 5124 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
11:49:51.0242 5124 Schedule - ok
11:49:51.0257 5124 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:49:51.0258 5124 SCPolicySvc - ok
11:49:51.0286 5124 [ B17170183C47FB1D3CCD6CEC5FF587B6 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
11:49:51.0289 5124 sdbus - ok
11:49:51.0318 5124 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:49:51.0323 5124 SDRSVC - ok
11:49:51.0401 5124 [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
11:49:51.0405 5124 SeaPort - ok
11:49:51.0440 5124 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:49:51.0442 5124 secdrv - ok
11:49:51.0471 5124 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
11:49:51.0474 5124 seclogon - ok
11:49:51.0496 5124 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
11:49:51.0500 5124 SENS - ok
11:49:51.0526 5124 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:49:51.0530 5124 SensrSvc - ok
11:49:51.0558 5124 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
11:49:51.0560 5124 Serenum - ok
11:49:51.0574 5124 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
11:49:51.0576 5124 Serial - ok
11:49:51.0602 5124 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
11:49:51.0603 5124 sermouse - ok
11:49:51.0658 5124 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
11:49:51.0662 5124 SessionEnv - ok
11:49:51.0685 5124 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
11:49:51.0686 5124 sffdisk - ok
11:49:51.0699 5124 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:49:51.0700 5124 sffp_mmc - ok
11:49:51.0715 5124 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
11:49:51.0716 5124 sffp_sd - ok
11:49:51.0750 5124 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
11:49:51.0750 5124 sfloppy - ok
11:49:51.0815 5124 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:49:51.0819 5124 SharedAccess - ok
11:49:51.0866 5124 [ C99E91D09029514F07586307A75A95A6 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:49:51.0872 5124 ShellHWDetection - ok
11:49:51.0902 5124 [ 546B935F005E9BB7FEC7B17D42547D0E ] sisagp C:\Windows\system32\drivers\SISAGPX.sys
11:49:51.0903 5124 sisagp - ok
11:49:51.0918 5124 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
11:49:51.0919 5124 SiSRaid2 - ok
11:49:51.0946 5124 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
11:49:51.0947 5124 SiSRaid4 - ok
11:49:51.0993 5124 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
11:49:51.0996 5124 SkypeUpdate - ok
11:49:52.0013 5124 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:49:52.0014 5124 Smb - ok
11:49:52.0068 5124 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:49:52.0071 5124 SNMPTRAP - ok
11:49:52.0103 5124 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
11:49:52.0105 5124 spldr - ok
11:49:52.0142 5124 [ CAE10A25F936C053E41CBE0FA06FF15D ] Spooler C:\Windows\System32\spoolsv.exe
11:49:52.0148 5124 Spooler - ok
11:49:52.0263 5124 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
11:49:52.0319 5124 sppsvc - ok
11:49:52.0333 5124 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:49:52.0337 5124 sppuinotify - ok
11:49:52.0376 5124 [ 58CA0690268B85EBA331ABAAA577239E ] SRS_AE_Service C:\Windows\system32\drivers\SRS_AE_i386.sys
11:49:52.0381 5124 SRS_AE_Service - ok
11:49:52.0432 5124 [ B9526AFE58B0EB537A391DFA925A1E40 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:49:52.0435 5124 srv - ok
11:49:52.0457 5124 [ DBAF2D20FD39EFA9AED654C9E99CE7F5 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:49:52.0460 5124 srv2 - ok
11:49:52.0499 5124 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:49:52.0502 5124 SrvHsfHDA - ok
11:49:52.0538 5124 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
11:49:52.0548 5124 SrvHsfV92 - ok
11:49:52.0576 5124 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
11:49:52.0583 5124 SrvHsfWinac - ok
11:49:52.0620 5124 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:49:52.0622 5124 srvnet - ok
11:49:52.0657 5124 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:49:52.0662 5124 SSDPSRV - ok
11:49:52.0686 5124 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:49:52.0690 5124 SstpSvc - ok
11:49:52.0707 5124 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
11:49:52.0708 5124 stexstor - ok
11:49:52.0737 5124 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
11:49:52.0738 5124 StillCam - ok
11:49:52.0779 5124 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
11:49:52.0788 5124 StiSvc - ok
11:49:52.0811 5124 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
11:49:52.0812 5124 storflt - ok
11:49:52.0852 5124 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
11:49:52.0853 5124 storvsc - ok
11:49:52.0878 5124 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
11:49:52.0879 5124 swenum - ok
11:49:52.0918 5124 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
11:49:52.0924 5124 swprv - ok
11:49:52.0940 5124 [ 16E7642DA4BACCCD7696B326CAA84870 ] Synth3dVsc C:\Windows\system32\drivers\Synth3dVsc.sys
11:49:52.0942 5124 Synth3dVsc - ok
11:49:52.0982 5124 [ F5D926807BD9BC0AF68F9376144DE425 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:49:52.0985 5124 SynTP - ok
11:49:53.0054 5124 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
11:49:53.0069 5124 SysMain - ok
11:49:53.0090 5124 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:49:53.0094 5124 TabletInputService - ok
11:49:53.0120 5124 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
11:49:53.0121 5124 taphss - ok
11:49:53.0149 5124 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
11:49:53.0155 5124 TapiSrv - ok
11:49:53.0186 5124 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
11:49:53.0189 5124 TBS - ok
11:49:53.0240 5124 [ 23790A44D9A6B67F8690C34D4F516446 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:49:53.0251 5124 Tcpip - ok
11:49:53.0280 5124 [ 23790A44D9A6B67F8690C34D4F516446 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:49:53.0293 5124 TCPIP6 - ok
11:49:53.0333 5124 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:49:53.0335 5124 tcpipreg - ok
11:49:53.0362 5124 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:49:53.0363 5124 TDPIPE - ok
11:49:53.0396 5124 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:49:53.0397 5124 TDTCP - ok
11:49:53.0415 5124 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:49:53.0417 5124 tdx - ok
11:49:53.0446 5124 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
11:49:53.0447 5124 TermDD - ok
11:49:53.0464 5124 [ 052306FD76793D5D5AB5D9891FD1ADBB ] terminpt C:\Windows\system32\drivers\terminpt.sys
11:49:53.0465 5124 terminpt - ok
11:49:53.0508 5124 [ 80C7A9E2BEC5013A5BB46BA05538BB40 ] TermService C:\Windows\System32\termsrv.dll
11:49:53.0515 5124 TermService - ok
11:49:53.0538 5124 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
11:49:53.0545 5124 Themes - ok
11:49:53.0568 5124 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
11:49:53.0570 5124 THREADORDER - ok
11:49:53.0586 5124 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
11:49:53.0590 5124 TrkWks - ok
11:49:53.0637 5124 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:49:53.0640 5124 TrustedInstaller - ok
11:49:53.0660 5124 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:49:53.0662 5124 tssecsrv - ok
11:49:53.0686 5124 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:49:53.0688 5124 TsUsbFlt - ok
11:49:53.0724 5124 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
11:49:53.0725 5124 TsUsbGD - ok
11:49:53.0741 5124 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
11:49:53.0743 5124 tsusbhub - ok
11:49:53.0761 5124 [ F5B8DAD03E1BA3EB875E361385DA9F1F ] TTP7 C:\Windows\system32\drivers\ttp7up.sys
11:49:53.0763 5124 TTP7 - ok
11:49:53.0781 5124 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:49:53.0783 5124 tunnel - ok
11:49:53.0813 5124 [ 546B935F005E9BB7FEC7B17D42547D0E ] uagp35 C:\Windows\system32\drivers\sisagpx.sys
11:49:53.0814 5124 uagp35 - ok
11:49:53.0835 5124 [ E604DE37D14C79D9E44DBD585A31F095 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:49:53.0838 5124 udfs - ok
11:49:53.0886 5124 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:49:53.0890 5124 UI0Detect - ok
11:49:53.0911 5124 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:49:53.0912 5124 uliagpkx - ok
11:49:53.0930 5124 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:49:53.0932 5124 umbus - ok
11:49:53.0944 5124 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
11:49:53.0945 5124 UmPass - ok
11:49:53.0975 5124 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
11:49:53.0980 5124 UmRdpService - ok
11:49:54.0026 5124 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
11:49:54.0032 5124 upnphost - ok
11:49:54.0055 5124 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
11:49:54.0056 5124 USBAAPL - ok
11:49:54.0092 5124 [ 4663AD7F61519E88687393BFCB154E4C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:49:54.0093 5124 usbccgp - ok
11:49:54.0125 5124 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:49:54.0127 5124 usbcir - ok
11:49:54.0179 5124 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
11:49:54.0181 5124 usbehci - ok
11:49:54.0193 5124 [ 08369F1FDD7C0D4287373D253D64D75E ] usbfilter C:\Windows\system32\drivers\usbfilter.sys
11:49:54.0194 5124 usbfilter - ok
11:49:54.0221 5124 [ CA349E24ECDE0E0005DAC5A2DC9931A2 ] UsbFltr C:\Windows\system32\drivers\copperhd.sys
11:49:54.0222 5124 UsbFltr - ok
11:49:54.0254 5124 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:49:54.0257 5124 usbhub - ok
11:49:54.0298 5124 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
11:49:54.0299 5124 usbohci - ok
11:49:54.0315 5124 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:49:54.0316 5124 usbprint - ok
11:49:54.0343 5124 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:49:54.0344 5124 usbscan - ok
11:49:54.0380 5124 [ 6A3DB51D317307F3AC65CB127B9A2BEB ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:49:54.0382 5124 USBSTOR - ok
11:49:54.0405 5124 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:49:54.0406 5124 usbuhci - ok
11:49:54.0445 5124 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
11:49:54.0447 5124 usbvideo - ok
11:49:54.0486 5124 [ 5F417923B13D093168A4503D3C2B9AF6 ] uwbusb C:\Windows\System32\Drivers\usbuwbmini.sys
11:49:54.0487 5124 uwbusb - ok
11:49:54.0531 5124 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
11:49:54.0534 5124 UxSms - ok
11:49:54.0555 5124 [ FA7B950E4CA6AA260C4EABA19E03644D ] VaultSvc C:\Windows\system32\lsass.exe
11:49:54.0558 5124 VaultSvc - ok
11:49:54.0572 5124 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:49:54.0573 5124 vdrvroot - ok
11:49:54.0609 5124 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
11:49:54.0617 5124 vds - ok
11:49:54.0639 5124 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:49:54.0641 5124 vga - ok
11:49:54.0661 5124 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:49:54.0662 5124 VgaSave - ok
11:49:54.0672 5124 VGPU - ok
11:49:54.0706 5124 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:49:54.0708 5124 vhdmp - ok
11:49:54.0726 5124 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
11:49:54.0728 5124 viaagp - ok
11:49:54.0741 5124 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
11:49:54.0742 5124 ViaC7 - ok
11:49:54.0758 5124 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
11:49:54.0759 5124 viaide - ok
11:49:54.0780 5124 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
11:49:54.0783 5124 vmbus - ok
11:49:54.0807 5124 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
11:49:54.0809 5124 VMBusHID - ok
11:49:54.0834 5124 [ B3D128CA06C1C84A2918B239C535E399 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:49:54.0835 5124 volmgr - ok
11:49:54.0860 5124 [ 92BF001FFCB6D705302267BBEEFE473A ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:49:54.0863 5124 volmgrx - ok
11:49:54.0888 5124 [ 9356AA63B1F89A7B283983446D58899E ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:49:54.0891 5124 volsnap - ok
11:49:54.0908 5124 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
11:49:54.0910 5124 vsmraid - ok
11:49:54.0973 5124 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
11:49:54.0985 5124 VSS - ok
11:49:55.0016 5124 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:49:55.0017 5124 vwifibus - ok
11:49:55.0032 5124 [ 632F1B4B573B19CE0C80DF8432D1F65D ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:49:55.0034 5124 vwififlt - ok
11:49:55.0066 5124 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
11:49:55.0072 5124 W32Time - ok
11:49:55.0094 5124 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
11:49:55.0095 5124 WacomPen - ok
11:49:55.0120 5124 [ 1FFE8CA5F775E1C4DA3629F215A322B5 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:49:55.0121 5124 WANARP - ok
11:49:55.0130 5124 [ 1FFE8CA5F775E1C4DA3629F215A322B5 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:49:55.0131 5124 Wanarpv6 - ok
11:49:55.0214 5124 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:49:55.0239 5124 WatAdminSvc - ok
11:49:55.0308 5124 [ E7DA95E73F04EF2D7155171C50C7EA74 ] wbengine C:\Windows\system32\wbengine.exe
11:49:55.0321 5124 wbengine - ok
11:49:55.0345 5124 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:49:55.0350 5124 WbioSrvc - ok
11:49:55.0382 5124 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:49:55.0388 5124 wcncsvc - ok
11:49:55.0405 5124 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:49:55.0409 5124 WcsPlugInService - ok
11:49:55.0435 5124 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
11:49:55.0436 5124 Wd - ok
11:49:55.0474 5124 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
11:49:55.0475 5124 WDC_SAM - ok
11:49:55.0506 5124 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:49:55.0511 5124 Wdf01000 - ok
11:49:55.0542 5124 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:49:55.0546 5124 WdiServiceHost - ok
11:49:55.0555 5124 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:49:55.0559 5124 WdiSystemHost - ok
11:49:55.0581 5124 [ 75AD548A2083386B9F8EB84FE9F05EC2 ] WebClient C:\Windows\System32\webclnt.dll
11:49:55.0589 5124 WebClient - ok
11:49:55.0608 5124 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:49:55.0613 5124 Wecsvc - ok
11:49:55.0634 5124 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:49:55.0639 5124 wercplsupport - ok
11:49:55.0660 5124 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
11:49:55.0664 5124 WerSvc - ok
11:49:55.0697 5124 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:49:55.0698 5124 WfpLwf - ok
11:49:55.0714 5124 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:49:55.0715 5124 WIMMount - ok
11:49:55.0772 5124 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
11:49:55.0778 5124 WinDefend - ok
11:49:55.0795 5124 WinHttpAutoProxySvc - ok
11:49:55.0866 5124 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:49:55.0868 5124 Winmgmt - ok
11:49:55.0925 5124 [ 1766B28802CC29054B4C7A285FE0ADF6 ] WinRM C:\Windows\system32\WsmSvc.dll
11:49:55.0938 5124 WinRM - ok
11:49:55.0973 5124 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:49:55.0974 5124 WinUsb - ok
11:49:56.0035 5124 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:49:56.0045 5124 Wlansvc - ok
11:49:56.0099 5124 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:49:56.0100 5124 wlcrasvc - ok
11:49:56.0195 5124 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:49:56.0228 5124 wlidsvc - ok
11:49:56.0258 5124 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
11:49:56.0259 5124 WmiAcpi - ok
11:49:56.0310 5124 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:49:56.0312 5124 wmiApSrv - ok
11:49:56.0388 5124 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
11:49:56.0398 5124 WMPNetworkSvc - ok
11:49:56.0438 5124 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:49:56.0442 5124 WPCSvc - ok
11:49:56.0468 5124 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:49:56.0473 5124 WPDBusEnum - ok
11:49:56.0507 5124 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:49:56.0508 5124 ws2ifsl - ok
11:49:56.0533 5124 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
11:49:56.0537 5124 wscsvc - ok
11:49:56.0547 5124 WSearch - ok
11:49:56.0664 5124 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
11:49:56.0708 5124 wuauserv - ok
11:49:56.0747 5124 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:49:56.0749 5124 WudfPf - ok
11:49:56.0772 5124 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:49:56.0774 5124 WUDFRd - ok
11:49:56.0806 5124 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:49:56.0811 5124 wudfsvc - ok
11:49:56.0837 5124 [ 69D5B92C5A787E405534DCE9054B3922 ] WwanSvc C:\Windows\System32\wwansvc.dll
11:49:56.0842 5124 WwanSvc - ok
11:49:56.0884 5124 ================ Scan global ===============================
11:49:56.0930 5124 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
11:49:56.0956 5124 [ AB00D1D5B8C4D59D641A626240E90589 ] C:\Windows\system32\winsrv.dll
11:49:56.0971 5124 [ AB00D1D5B8C4D59D641A626240E90589 ] C:\Windows\system32\winsrv.dll
11:49:57.0002 5124 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
11:49:57.0048 5124 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
11:49:57.0054 5124 [Global] - ok
11:49:57.0054 5124 ================ Scan MBR ==================================
11:49:57.0073 5124 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:49:57.0573 5124 \Device\Harddisk0\DR0 - ok
11:49:57.0574 5124 ================ Scan VBR ==================================
11:49:57.0650 5124 [ A5E3F85697DC84010DA434F6201C1C60 ] \Device\Harddisk0\DR0\Partition1
11:49:57.0653 5124 \Device\Harddisk0\DR0\Partition1 - ok
11:49:57.0654 5124 ============================================================
11:49:57.0654 5124 Scan finished
11:49:57.0655 5124 ============================================================
11:49:57.0701 5940 Detected object count: 0
11:49:57.0701 5940 Actual detected object count: 0
11:53:19.0588 5276 Deinitialize success

#9 Mike_Bates

Mike_Bates
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marietta, GA
  • Local time:04:30 AM

Posted 19 October 2012 - 11:53 AM

I finally got it to run successfully:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-19 12:25:15
-----------------------------
12:25:15.131 OS Version: Windows 6.1.7601 Service Pack 1
12:25:15.131 Number of processors: 2 586 0x4802
12:25:15.131 ComputerName: MIKE-LAPTOP UserName: Mike
12:25:18.298 Initialize success
12:26:52.764 AVAST engine defs: 12101900
12:32:05.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007a
12:32:05.046 Disk 0 Vendor: TOSHIBA_ GS00 Size: 305245MB BusType: 3
12:32:05.062 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
12:32:05.077 Disk 1 Vendor: ( Size: 1964MB BusType: 12
12:32:05.093 Disk 0 MBR read successfully
12:32:05.093 Disk 0 MBR scan
12:32:05.093 Disk 0 Windows 7 default MBR code
12:32:05.171 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
12:32:05.187 Disk 0 scanning sectors +625139712
12:32:05.265 Disk 0 scanning C:\Windows\system32\drivers
12:32:25.501 Service scanning
12:33:10.463 Modules scanning
12:33:59.665 Disk 0 trace - called modules:
12:33:59.697 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
12:33:59.712 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85af9030]
12:33:59.712 3 CLASSPNP.SYS[887d959e] -> nt!IofCallDriver -> [0x85592590]
12:33:59.728 5 ACPI.sys[886443d4] -> nt!IofCallDriver -> \Device\0000007a[0x85592030]
12:34:00.976 AVAST engine scan C:\Windows
12:34:04.704 AVAST engine scan C:\Windows\system32
12:37:21.873 AVAST engine scan C:\Windows\system32\drivers
12:37:36.147 AVAST engine scan C:\Users\Mike
12:44:25.232 AVAST engine scan C:\ProgramData
12:45:31.158 Scan finished successfully
12:51:03.361 Disk 0 MBR has been saved successfully to "C:\Users\Mike\Desktop\Bleeping Computer\MBR.dat"
12:51:03.376 The log file has been saved successfully to "C:\Users\Mike\Desktop\Bleeping Computer\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 19 October 2012 - 12:04 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Mike_Bates

Mike_Bates
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marietta, GA
  • Local time:04:30 AM

Posted 19 October 2012 - 02:56 PM

Gringo,

Here's my latest results from Combofix:

ComboFix 12-10-19.01 - Mike 10/19/2012 15:38:39.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1983.1066 [GMT -4:00]
Running from: c:\users\Mike\Desktop\Bleeping Computer\ComboFix.exe
Command switches used :: c:\users\Mike\Desktop\Bleeping Computer\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
.
.
2012-10-19 19:45 . 2012-10-19 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-19 16:31 . 2012-09-25 03:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-19 16:30 . 2012-10-19 16:30 -------- d-----w- c:\programdata\McAfee
2012-10-19 10:43 . 2012-10-19 10:43 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC0AC972-707C-4A78-BD7C-1CEB1C8A1FCB}\offreg.dll
2012-10-16 11:55 . 2012-10-16 11:55 -------- d-----w- c:\windows\system32\EF5B~1
2012-10-16 11:55 . 2012-10-19 19:45 -------- d-----w- c:\users\Mike\AppData\Local\temp
2012-10-16 11:18 . 2012-10-16 13:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-16 11:18 . 2012-10-16 11:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-10-16 10:54 . 2012-10-16 10:54 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-10-16 10:48 . 2012-10-16 10:54 -------- d-----w- c:\programdata\HitmanPro
2012-10-16 10:42 . 2012-10-16 10:42 -------- d-----w- c:\program files\FileASSASSIN
2012-10-16 10:29 . 2012-10-16 10:29 357 ----a-w- C:\check.bat
2012-10-15 19:20 . 2012-10-15 19:20 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-10-15 15:39 . 2012-10-15 15:39 -------- d-----w- c:\users\patric
2012-10-14 15:38 . 2012-08-21 17:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-14 15:37 . 2012-10-14 15:37 -------- d-----w- c:\program files\iPod
2012-10-14 15:37 . 2012-10-14 15:38 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-10-14 15:37 . 2012-10-14 15:38 -------- d-----w- c:\program files\iTunes
2012-10-13 15:28 . 2012-10-13 15:28 -------- d-----w- c:\program files\MSN Toolbar
2012-10-13 15:28 . 2012-10-13 15:29 -------- d-----w- c:\program files\Bing Bar Installer
2012-10-13 15:28 . 2012-10-13 15:30 -------- d-----w- c:\programdata\HP Photo Creations
2012-10-13 15:28 . 2012-10-13 15:28 -------- d-----w- c:\program files\HP Photo Creations
2012-10-13 15:28 . 2010-11-16 18:10 527208 ------w- c:\windows\system32\HPDiscoPM8e11.dll
2012-10-09 23:38 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC0AC972-707C-4A78-BD7C-1CEB1C8A1FCB}\mpengine.dll
2012-09-21 15:47 . 2012-09-21 15:47 -------- d-----w- c:\program files\WildPackets
2012-09-21 15:22 . 2012-09-21 15:57 -------- d-----w- C:\Training stuff
2012-09-20 12:03 . 2012-09-20 12:03 -------- d-----w- c:\users\Mike\AppData\Roaming\SUPERAntiSpyware.com
2012-09-20 12:03 . 2012-09-26 10:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-20 12:03 . 2012-09-20 12:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-20 11:55 . 2012-09-20 11:55 -------- d-----w- c:\users\Mike\Pavark
2012-09-20 09:36 . 2012-09-20 09:36 -------- d-----w- c:\program files\Common Files\Symantec Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 12:55 . 2012-04-03 12:59 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 12:55 . 2012-03-12 08:38 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-19 04:21 . 2012-09-19 04:21 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-19 04:21 . 2012-09-19 04:21 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-19 04:21 . 2012-09-19 04:21 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-19 04:21 . 2012-09-19 04:21 1306992 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-19 04:21 . 2012-09-19 04:21 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-19 04:21 . 2012-09-19 04:21 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-19 04:20 . 2012-09-19 04:20 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-09-18 15:30 . 2012-07-29 09:51 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-18 15:30 . 2012-07-29 09:51 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-11 14:35 . 2012-09-11 14:35 10077 ----a-w- c:\windows\bcm310E.tmp
2012-09-11 14:35 . 2012-09-11 14:35 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-09-07 12:04 . 2012-04-11 16:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 17:01 . 2012-03-12 09:53 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-23 10:59 . 2012-09-19 04:17 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-10-14 11:47 . 2012-10-14 11:47 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02 233288 ----a-w- c:\program files\Expat Shield\HssIE\ExpatIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 4780928]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 05:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [x]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [x]
R3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [x]
R3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [x]
R3 BFNVis32;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\XenoVx86.sys [x]
R3 BXOIS;BXOIS;c:\windows\system32\drivers\bxois.sys [x]
R3 cbaf;UWB Cable Based Association Framework Driver;c:\windows\System32\Drivers\cbaf.sys [x]
R3 dfuuwb;Intel Wireless UWB Link 1480M Device Firmware Utility;c:\windows\System32\Drivers\DfuUWB.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [x]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [x]
R3 ExpatTrayService;Expat Shield Tray Service;c:\program files\Expat Shield\bin\ExpatTrayService.EXE [x]
R3 HWA;Intel® Wireless USB Host Adapter;c:\windows\System32\Drivers\HWA.sys [x]
R3 IFCoEMP;IFCoEMP;c:\windows\system32\drivers\ifM60x32.sys [x]
R3 IFCoEVB;IFCoEVB;c:\windows\system32\drivers\ifP60X32.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd16032.sys [x]
R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd26032.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
R3 nvamacpi;nvamacpi;c:\windows\system32\drivers\NVAMACPI.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SRS_AE_Service;SRS Audio;c:\windows\system32\drivers\SRS_AE_i386.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TTP7;Flash Update for TerraTec PHASE 26 USB;c:\windows\system32\drivers\ttp7up.sys [x]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [x]
R3 uwbusb;UWB Bus Control USB-Miniport Driver;c:\windows\System32\Drivers\usbuwbmini.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 ExpatShieldService;Expat Shield Service;c:\program files\Expat Shield\bin\openvpnas.exe [x]
S2 ExpatSrv;Expat Shield Routing Service;c:\program files\Expat Shield\HssWPR\hsssrv.exe [x]
S2 ExpatWd;Expat Shield Monitoring Service;c:\program files\Expat Shield\bin\hsswd.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 12:56]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2480504058-1309294343-3151129647-1000Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 10:25]
.
2012-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2480504058-1309294343-3151129647-1000UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 10:25]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\k1wc3jwk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2012-09-15 14:52; C7yFVpIP@WeolS3acxgS.com; c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\k1wc3jwk.default\extensions\C7yFVpIP@WeolS3acxgS.com.xpi
FF - ExtSQL: 2012-10-13 11:28; {27182e60-b5f3-411c-b545-b44205977502}; c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF - ExtSQL: 2012-10-13 11:29; {3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}; c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-19 15:47:31
ComboFix-quarantined-files.txt 2012-10-19 19:47
ComboFix2.txt 2012-10-19 10:44
ComboFix3.txt 2012-10-16 12:01
.
Pre-Run: 36,562,321,408 bytes free
Post-Run: 36,291,760,128 bytes free
.
- - End Of File - - A7DD40CED60A8B447DA437A70A411DC4

#12 Mike_Bates

Mike_Bates
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marietta, GA
  • Local time:04:30 AM

Posted 19 October 2012 - 03:32 PM

Gringo,

No change, btw. Do you want a screen shot?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 19 October 2012 - 04:16 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Mike_Bates

Mike_Bates
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marietta, GA
  • Local time:04:30 AM

Posted 19 October 2012 - 07:41 PM

OTL logfile created on: 10/19/2012 8:31:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mike\Desktop\Bleeping Computer
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 49.66% Memory free
3.87 Gb Paging File | 2.31 Gb Available in Paging File | 59.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 33.86 Gb Free Space | 11.36% Space Free | Partition Type: NTFS
Drive D: | 9.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.92 Gb Total Space | 1.56 Gb Free Space | 81.48% Space Free | Partition Type: FAT

Computer Name: MIKE-LAPTOP | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mike\Desktop\Bleeping Computer\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Program Files\Expat Shield\bin\openvpntray.exe ()
PRC - C:\Program Files\Expat Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\Expat Shield\bin\hsswd.exe ()
PRC - C:\Program Files\Expat Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3f4638d86a4e977b1953b9fa45ff1490\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3c74632d523e46ac649c6c16d91328eb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9ea2a54ee0aa0c823c7fd92c843d38aa\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9cb143a2e2ae2c355c00182c7c856788\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Expat Shield\bin\lang\gui-eng.dll ()
MOD - C:\Program Files\Expat Shield\bin\openvpntray.exe ()


========== Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (ExpatTrayService) -- C:\Program Files\Expat Shield\bin\EXPATTrayService.exe ()
SRV - (ExpatShieldService) -- C:\Program Files\Expat Shield\bin\openvpnas.exe ()
SRV - (ExpatWd) -- C:\Program Files\Expat Shield\bin\hsswd.exe ()
SRV - (ExpatSrv) -- C:\Program Files\Expat Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (catchme) -- C:\Users\Mike\AppData\Local\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\Users\Mike\AppData\Local\Temp\aswMBR.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SRS_AE_Service) -- C:\Windows\System32\drivers\SRS_AE_i386.sys ()
DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (EtronXHCI) -- C:\Windows\System32\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV - (EtronHub3) -- C:\Windows\System32\drivers\EtronHub3.sys (Etron Technology Inc)
DRV - (asmtxhci) -- C:\Windows\System32\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV - (asmthub3) -- C:\Windows\System32\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (BFN7x86) -- C:\Windows\System32\drivers\Xeno7x86.sys (Bigfoot Networks, Inc.)
DRV - (BFNVis32) -- C:\Windows\System32\drivers\XenoVx86.sys (Bigfoot Networks, Inc.)
DRV - (IFCoEVB) -- C:\Windows\System32\drivers\ifP60x32.sys (Intel® Corporation)
DRV - (IFCoEMP) -- C:\Windows\System32\drivers\ifM60x32.sys (Intel® Corporation)
DRV - (b06diag) -- C:\Windows\System32\drivers\bxdiagx.sys (Broadcom Corporation)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (BXOIS) -- C:\Windows\System32\drivers\bxois.sys (Broadcom Corporation)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company)
DRV - (ISODrive) -- C:\Program Files\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (ioatdma2) -- C:\Windows\System32\drivers\qd26032.sys (Intel Corporation)
DRV - (ioatdma1) -- C:\Windows\System32\drivers\qd16032.sys (Intel Corporation)
DRV - (uagp35) -- C:\Windows\System32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (sisagp) -- C:\Windows\System32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (NMgamingmsFltr) -- C:\Windows\System32\drivers\NMgamingms.sys (Primax Ltd)
DRV - (nvamacpi) -- C:\Windows\System32\drivers\nvamacpi.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (mcdbus) -- C:\Windows\System32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (HWA) -- C:\Windows\System32\drivers\HWA.sys (Intel Corp.)
DRV - (uwbusb) -- C:\Windows\System32\drivers\usbuwbmini.sys (Intel Corp.)
DRV - (dfuuwb) -- C:\Windows\System32\drivers\DfuUWB.sys (Intel Corp.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (cbaf) -- C:\Windows\System32\drivers\cbaf.sys (Intel Corp.)
DRV - (TTP7) -- C:\Windows\System32\drivers\ttp7up.sys (TerraTec)
DRV - (UsbFltr) -- C:\Windows\System32\drivers\copperhd.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2480504058-1309294343-3151129647-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2480504058-1309294343-3151129647-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 1B 74 B1 38 83 CD 01 [binary data]
IE - HKU\S-1-5-21-2480504058-1309294343-3151129647-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2480504058-1309294343-3151129647-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2480504058-1309294343-3151129647-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: C7yFVpIP@WeolS3acxgS.com:11
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/10/13 11:28:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/10/13 11:29:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/14 09:12:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/14 09:12:12 | 000,000,000 | ---D | M]

[2012/05/10 02:29:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Extensions
[2012/10/16 07:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\k1wc3jwk.default\extensions
[2012/09/15 14:52:11 | 000,003,680 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\k1wc3jwk.default\extensions\C7yFVpIP@WeolS3acxgS.com.xpi
[2012/05/28 11:34:37 | 000,272,844 | ---- | M] () (No name found) -- C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\k1wc3jwk.default\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
[2012/10/18 06:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/14 07:47:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/14 07:47:20 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/21 02:45:33 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/14 07:47:20 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Mike\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Flash Player = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgdjaajoajmniboghkmkdeocpedheja\11_0\
CHR - Extension: Skype Click to Call = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/16 07:57:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-2480504058-1309294343-3151129647-1000..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-2480504058-1309294343-3151129647-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2480504058-1309294343-3151129647-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2480504058-1309294343-3151129647-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2480504058-1309294343-3151129647-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2480504058-1309294343-3151129647-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3940E2ED-B19E-4FDC-8D85-5CE2203F5008}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0F9B1CC-172D-448A-8521-32C9D4351D72}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/19 15:46:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/19 12:31:49 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/10/19 12:31:49 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/10/19 12:31:49 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/10/19 12:30:29 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/10/18 06:19:26 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\RK_Quarantine
[2012/10/18 06:16:22 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\Bleeping Computer
[2012/10/16 15:50:43 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\gmer
[2012/10/16 15:45:49 | 000,706,431 | R--- | C] (Swearware) -- C:\Users\Mike\Desktop\dds.com
[2012/10/16 07:55:10 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\temp
[2012/10/16 07:44:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/16 07:44:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/16 07:44:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/16 07:44:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/16 07:43:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/16 07:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/10/16 07:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/10/16 07:18:08 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/10/16 06:54:26 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/10/16 06:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/10/16 06:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2012/10/16 06:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2012/10/15 15:20:28 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/14 11:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/10/14 11:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/10/14 11:37:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/10/14 11:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/10/14 11:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/10/14 07:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/10/13 11:28:51 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2012/10/13 11:28:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2012/10/13 11:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2012/10/13 11:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2012/10/13 11:28:15 | 000,527,208 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\HPDiscoPM8e11.dll
[2012/09/23 10:38:49 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Local\{7B14753F-661E-47E1-8033-3BEA5AD44197}
[2012/09/21 11:47:49 | 000,000,000 | ---D | C] -- C:\Program Files\WildPackets
[2012/09/21 11:22:21 | 000,000,000 | ---D | C] -- C:\Training stuff
[2012/09/20 08:03:34 | 000,000,000 | ---D | C] -- C:\Users\Mike\AppData\Roaming\SUPERAntiSpyware.com
[2012/09/20 08:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/09/20 08:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/09/20 08:03:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/09/20 07:55:26 | 000,000,000 | ---D | C] -- C:\Users\Mike\Pavark
[2012/09/20 07:45:31 | 000,000,000 | ---D | C] -- C:\Users\Mike\Desktop\Utilities
[2012/09/20 05:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/19 20:01:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2480504058-1309294343-3151129647-1000UA.job
[2012/10/19 19:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/19 15:35:11 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/19 15:35:11 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/19 12:24:54 | 000,026,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 12:24:54 | 000,026,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 12:10:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/19 12:10:22 | 320,596,706 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/19 12:10:12 | 1559,187,456 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/19 12:04:39 | 000,000,000 | ---- | M] () -- C:\Windows\System32\cd.dat
[2012/10/19 08:01:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2480504058-1309294343-3151129647-1000Core.job
[2012/10/16 17:19:28 | 000,067,694 | ---- | M] () -- C:\Users\Mike\Desktop\MB1 3.jpg
[2012/10/16 17:18:45 | 000,041,961 | ---- | M] () -- C:\Users\Mike\Desktop\MB1 2.jpg
[2012/10/16 17:18:00 | 000,023,083 | ---- | M] () -- C:\Users\Mike\Desktop\MB1.jpg
[2012/10/16 15:50:02 | 000,294,216 | ---- | M] () -- C:\Users\Mike\Desktop\gmer.zip
[2012/10/16 15:45:49 | 000,706,431 | R--- | M] (Swearware) -- C:\Users\Mike\Desktop\dds.com
[2012/10/16 07:57:23 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/10/16 07:43:31 | 000,005,598 | ---- | M] () -- C:\Windows\wininit.ini
[2012/10/16 07:18:14 | 000,001,244 | ---- | M] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/10/16 07:18:14 | 000,001,220 | ---- | M] () -- C:\Users\Mike\Desktop\Spybot - Search & Destroy.lnk
[2012/10/16 06:54:26 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2012/10/16 06:42:48 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2012/10/16 06:29:05 | 000,000,357 | ---- | M] () -- C:\check.bat
[2012/10/15 15:20:28 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/10/14 11:38:33 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/13 11:28:44 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012/10/13 11:28:15 | 000,002,272 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Plus B210 series.lnk
[2012/10/13 11:28:15 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Photosmart Plus B210 series.lnk
[2012/10/13 11:28:15 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart Plus B210 series.lnk
[2012/10/13 11:28:15 | 000,001,210 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart Plus B210 series Scan.lnk
[2012/10/11 05:55:07 | 000,053,985 | ---- | M] () -- C:\Users\Mike\Desktop\United Airlines - Boarding Passes.pdf
[2012/10/11 02:23:27 | 000,002,444 | ---- | M] () -- C:\Users\Mike\Desktop\Google Chrome.lnk
[2012/10/09 08:55:57 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 08:55:56 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/30 02:33:15 | 000,139,264 | ---- | M] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/24 23:16:36 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/24 23:08:27 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/24 23:07:57 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/23 11:15:12 | 176,085,242 | ---- | M] () -- C:\Users\Mike\Desktop\Beggars.wmv
[2012/09/23 10:46:05 | 000,011,481 | ---- | M] () -- C:\Users\Mike\Desktop\Delhi.wlmp
[2012/09/23 10:34:21 | 000,000,843 | ---- | M] () -- C:\Users\Mike\Documents\Delhi.spl
[2012/09/21 11:47:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/09/21 11:47:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/09/20 08:03:30 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/19 12:10:22 | 320,596,706 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/10/19 12:04:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2012/10/16 17:19:28 | 000,067,694 | ---- | C] () -- C:\Users\Mike\Desktop\MB1 3.jpg
[2012/10/16 17:18:45 | 000,041,961 | ---- | C] () -- C:\Users\Mike\Desktop\MB1 2.jpg
[2012/10/16 17:17:59 | 000,023,083 | ---- | C] () -- C:\Users\Mike\Desktop\MB1.jpg
[2012/10/16 15:50:02 | 000,294,216 | ---- | C] () -- C:\Users\Mike\Desktop\gmer.zip
[2012/10/16 07:44:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/16 07:44:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/16 07:44:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/16 07:44:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/16 07:44:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/16 07:43:24 | 000,005,598 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/16 07:18:14 | 000,001,244 | ---- | C] () -- C:\Users\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/10/16 07:18:14 | 000,001,220 | ---- | C] () -- C:\Users\Mike\Desktop\Spybot - Search & Destroy.lnk
[2012/10/16 06:42:48 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2012/10/16 06:29:05 | 000,000,357 | ---- | C] () -- C:\check.bat
[2012/10/14 11:38:33 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/13 11:29:03 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
[2012/10/13 11:28:44 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012/10/13 11:28:15 | 000,002,272 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Plus B210 series.lnk
[2012/10/13 11:28:15 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Photosmart Plus B210 series.lnk
[2012/10/13 11:28:15 | 000,001,215 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart Plus B210 series.lnk
[2012/10/13 11:28:15 | 000,001,210 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart Plus B210 series Scan.lnk
[2012/10/11 05:55:03 | 000,053,985 | ---- | C] () -- C:\Users\Mike\Desktop\United Airlines - Boarding Passes.pdf
[2012/09/23 11:06:24 | 176,085,242 | ---- | C] () -- C:\Users\Mike\Desktop\Beggars.wmv
[2012/09/23 10:46:05 | 000,011,481 | ---- | C] () -- C:\Users\Mike\Desktop\Delhi.wlmp
[2012/09/23 10:16:11 | 000,000,843 | ---- | C] () -- C:\Users\Mike\Documents\Delhi.spl
[2012/09/21 11:47:50 | 000,001,245 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WildPackets IP Subnet Calculator.lnk
[2012/09/21 11:47:39 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/09/21 11:47:39 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/09/20 08:03:30 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/09/15 14:50:27 | 000,001,736 | ---- | C] () -- C:\Users\Mike\AppData\Local\yyjkccuxtez.crx
[2012/09/11 10:35:43 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2012/09/03 14:34:22 | 000,030,554 | ---- | C] () -- C:\Users\Mike\energy-report.html
[2012/08/16 06:31:48 | 000,000,351 | ---- | C] () -- C:\Users\Mike\AppData\Roaming\Network Meter_Settings.ini
[2012/06/21 09:04:52 | 000,407,368 | ---- | C] () -- C:\Windows\System32\drivers\SRS_AE_i386.sys
[2012/04/20 01:05:45 | 000,180,624 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2012/04/10 15:09:52 | 000,007,596 | ---- | C] () -- C:\Users\Mike\AppData\Local\resmon.resmoncfg
[2012/03/30 21:39:21 | 000,148,896 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/03/30 21:38:11 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/03/30 17:21:20 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012/03/12 04:25:50 | 000,139,264 | ---- | C] () -- C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/12 04:25:50 | 000,001,356 | ---- | C] () -- C:\Users\Mike\AppData\Local\d3d9caps.dat
[2012/03/12 03:38:03 | 1278,336,154 | ---- | C] () -- C:\Users\Mike\KB3AIK_EN.iso.part
[2012/02/27 20:39:54 | 004,414,976 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2012/02/26 12:47:02 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/02/26 12:46:18 | 000,260,608 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2012/02/26 12:46:00 | 000,158,720 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2012/02/26 12:46:00 | 000,099,840 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2012/02/26 12:45:58 | 001,525,248 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2012/02/26 12:45:58 | 000,146,944 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2012/02/26 12:45:56 | 000,212,480 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2012/02/26 12:45:56 | 000,115,200 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2012/02/26 12:45:54 | 000,328,704 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2012/02/26 12:45:54 | 000,137,728 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2012/02/24 10:51:06 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2012/02/24 10:51:00 | 006,426,793 | ---- | C] () -- C:\Windows\System32\avcodec-lav-54.dll
[2012/02/24 10:51:00 | 001,136,653 | ---- | C] () -- C:\Windows\System32\avformat-lav-54.dll
[2012/02/24 10:51:00 | 000,369,109 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2012/02/24 10:51:00 | 000,208,659 | ---- | C] () -- C:\Windows\System32\avutil-lav-51.dll
[2012/02/24 10:51:00 | 000,142,647 | ---- | C] () -- C:\Windows\System32\avfilter-lav-2.dll
[2011/12/07 15:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll
[2011/09/08 10:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2011/09/08 10:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2011/09/08 10:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2011/09/08 10:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2011/09/08 10:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\System32\dsmux.exe
[2011/09/08 10:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\System32\ts.dll
[2011/09/08 10:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\System32\mkv2vfr.exe
[2011/09/08 10:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\System32\gdsmux.exe
[2011/09/08 09:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2011/09/08 09:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2011/05/30 09:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/23 03:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/05/18 16:56:35 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2011/05/16 06:48:26 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2011/03/03 07:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\System32\avi.dll
[2011/03/03 07:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\System32\avs.dll
[2011/03/03 07:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\System32\avss.dll
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2010/11/20 17:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/20 17:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:24:45 | 012,874,752 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2012/10/16 07:55:51 | 000,000,000 | ---D | M](C:\Windows\System32\???i??) -- C:\Windows\System32\ƪ扥ĭ瞦瘋
[2012/10/16 07:55:51 | 000,000,000 | ---D | C](C:\Windows\System32\???i??) -- C:\Windows\System32\ƪ扥ĭ瞦瘋

========== Alternate Data Streams ==========

@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:FB1B13D8

< End of report >

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:30 AM

Posted 20 October 2012 - 12:44 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:FB1B13D8
    [2012/09/15 14:50:27 | 000,001,736 | ---- | C] () -- C:\Users\Mike\AppData\Local\yyjkccuxtez.crx
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users