Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wermgr.exe and ping.exe possible rootkit virus? please help


  • This topic is locked This topic is locked
55 replies to this topic

#1 tntpainting

tntpainting

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 31 October 2012 - 06:18 PM

On my laptop, which has windows 7, i noticed 100% cpu running while computer is shut. went to task manager. sometimes i see up to 30-40 wermgr.exe that say terminated but they pop on for a second and then terminate again. Same exact thing with ping.exe. I check this every couple of weeks for the last year and have never seen this behavior.

problems i've had. I cannot receive windows security updates, they fail. cannot look at pdf's or download them. On social networks, i can only see the first page and cannot scroll down to previous days or other links. My battery will last around 20 minutes if i'm lucky once it is unplugged. I don't think my malwarebytes or avast is actually getting the updates, even though the box pops up and says that they are.
I use this computer for my work and i really need to keep it alive and well. Any help would be much appreciated. thanks

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 01 November 2012 - 12:05 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tntpainting

tntpainting
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 02 November 2012 - 05:16 PM

thanks for the reply. I will be on computer quite a bit this evening. Here are the logs you asked for. the only thing to mention is the items downloaded, but could not see them in the download window. Had to go to start/downloads and find them.

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java™ 6 Update 31
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.4.402.287
Mozilla Firefox 15.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


-----------------------------------------------------------------------------------------------------------

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by thomas at 17:05:09 on 2012-11-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.752 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\Windows\SysWOW64\notepad.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - <orphaned>
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{5234EEB6-9645-4B41-80B9-9D92E56E0DAB} : DHCPNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{F86C1503-1C18-4311-821A-0746555072C2} : DHCPNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{F86C1503-1C18-4311-821A-0746555072C2}\16474777966696 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{F86C1503-1C18-4311-821A-0746555072C2}\2375942554537323 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F86C1503-1C18-4311-821A-0746555072C2}\73436353039333435363839313039383D27657563747 : DHCPNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{F86C1503-1C18-4311-821A-0746555072C2}\742716E646D61672370284F6573756D27657563747 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{F86C1503-1C18-4311-821A-0746555072C2}\75169707F62747F5143636563737 : DHCPNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - <no file>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7a4hi84b.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-1-27 969200]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-1-27 359464]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-11 98208]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-1-27 25232]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-1-27 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-28 44808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-9-17 92216]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-9-28 26680]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-5 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2010-11-11 1014624]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-24 250568]
S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-9-29 31088]
S3 GamesAppService;GamesAppService;"C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" --> C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-27 114144]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-6 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-19 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
S4 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
.
=============== Created Last 30 ================
.
2012-11-01 01:11:29 484 ----a-w- C:\Program Files (x86)\1031201220112943.bat
2012-10-30 05:39:32 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BEFB64EB-12F0-4F57-981D-42B8CD480914}\offreg.dll
2012-10-30 05:38:11 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BEFB64EB-12F0-4F57-981D-42B8CD480914}\mpengine.dll
2012-10-26 17:53:12 -------- d-----w- C:\Users\thomas\AppData\Roaming\SpinTop Games
2012-10-25 23:11:01 -------- d-----w- C:\Users\thomas\AppData\Roaming\Hidden Anthologies Pride and Prejudice
2012-10-24 16:11:36 -------- d-----w- C:\Users\thomas\AppData\Roaming\Total Eclipse
2012-10-18 19:43:47 -------- d-----w- C:\Users\thomas\AppData\Roaming\TheFixerUpper
2012-10-18 19:12:43 -------- d-----w- C:\Users\thomas\AppData\Roaming\MediaArt
2012-10-18 19:12:43 -------- d-----w- C:\ProgramData\MediaArt
2012-10-10 03:08:32 -------- d-----w- C:\Users\thomas\AppData\Roaming\LegacyGames
2012-10-10 01:31:14 1795952 ----a-w- C:\Windows\System32\WdfCoInstaller01011.dll
2012-10-09 20:24:40 -------- d-----w- C:\ProgramData\PuzzlesByJoe
2012-10-09 15:04:27 -------- d-----w- C:\Users\thomas\AppData\Roaming\MumboJumbo
2012-10-08 12:17:04 489 ----a-w- C:\Program Files (x86)\100820127170440.bat
2012-10-08 04:34:57 -------- d-----w- C:\Users\thomas\AppData\Roaming\PoBros
2012-10-08 04:34:57 -------- d-----w- C:\ProgramData\PoBros
2012-10-06 05:22:08 -------- d-----w- C:\ProgramData\1912 Titanic Mystery
2012-10-06 05:22:00 -------- d-----w- C:\Users\thomas\AppData\Roaming\TitanicMystery
2012-10-04 22:45:17 -------- d-----w- C:\ProgramData\GameHouse
2012-10-04 20:35:19 488 ----a-w- C:\Program Files (x86)\1004201215351979.bat
2012-10-04 03:18:04 0 ----a-w- C:\Windows\SysWow64\sho7BC6.tmp
2012-10-04 03:17:33 495 ----a-w- C:\Program Files (x86)\1003201222173334.bat
2012-10-04 03:10:33 -------- d-----w- C:\Users\thomas\AppData\Roaming\Flood Light Games
2012-10-04 03:10:33 -------- d-----w- C:\ProgramData\Flood Light Games
2012-10-04 02:58:42 -------- d-----w- C:\Users\thomas\AppData\Local\Deadtime Stories
2012-10-04 02:58:06 -------- d-----w- C:\ProgramData\Deadtime Stories
2012-10-03 23:38:27 0 ----a-w- C:\Windows\SysWow64\shoAA25.tmp
2012-10-03 23:01:56 -------- d-----w- C:\Users\thomas\AppData\Local\Oberon Games
2012-10-03 22:55:22 -------- d-----w- C:\Users\thomas\AppData\Roaming\Freeze Tag
.
==================== Find3M ====================
.
2012-10-09 13:32:14 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 13:32:14 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-09 13:32:04 10220472 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-29 02:42:04 2177704 ----a-w- C:\Windows\System32\coin92.dll
2012-09-20 08:08:38 0 ----a-w- C:\Windows\SysWow64\sho67DE.tmp
2012-09-09 04:30:50 0 ----a-w- C:\Windows\SysWow64\sho6518.tmp
2012-09-09 02:15:14 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-09 02:15:13 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-09 02:15:13 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-21 09:13:13 969200 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-08-21 09:13:12 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-21 09:13:12 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-08-21 09:12:33 41224 ----a-w- C:\Windows\avastSS.scr
.
============= FINISH: 17:05:56.50 ===============


------------------------------------------------------------------------------------------------------------------------------


DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/16/2011 1:44:17 PM
System Uptime: 11/1/2012 9:50:45 PM (20 hours ago)
.
Motherboard: Hewlett-Packard | | 1605
Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 214 GiB total, 160.083 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 2.737 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: CyberLink WebCam Virtual Driver
Device ID: ROOT\MEDIA\0000
Manufacturer: CyberLink
Name: CyberLink WebCam Virtual Driver
PNP Device ID: ROOT\MEDIA\0000
Service: clwvd
.
==== System Restore Points ===================
.
RP332: 10/26/2012 3:00:24 AM - Windows Update
RP333: 10/29/2012 4:56:05 PM - Windows Update
RP334: 10/30/2012 8:35:44 AM - Windows Update
RP335: 10/31/2012 8:05:28 AM - Windows Update
RP336: 10/31/2012 8:10:36 AM - Windows Update
RP337: 11/1/2012 8:42:24 AM - Windows Update
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 2.1.7
avast! Free Antivirus
Bing Rewards Client Installer
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MG5200 series MP Drivers
Canon MG5200 series User Registration
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
CCleaner
Cisco Connect
Compaq Setup Manager
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink YouCam
D3DX10
DHTML Editing Component
Energy Star Digital Logo
ESU for Microsoft Windows 7
HP Auto
HP Client Services
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP MovieStore
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HP Wireless Assistant
HPAsset component for HP Active Support Library
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
iTunes
Java 7 Update 7
Java Auto Updater
Java™ 6 Update 31
JavaFX 2.1.1
Journey Of Hope
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Mouse and Keyboard Center
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MobileMe Control Panel
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
PhotoNow!
Picasa 3
PlayReady PC Runtime x86
Power2Go
QuickTime
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Recovery Manager
RoxioNow Player
RtVOsd
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Titanics Keys to the Past
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Installer for WildTangent Games App
Vacation Quest Australia
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
11/2/2012 9:26:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
11/2/2012 4:24:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
11/1/2012 8:44:12 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 7 for x64-based Systems (KB2676562).
11/1/2012 5:55:35 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
10/31/2012 7:23:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
10/31/2012 7:21:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPClientSvc service.
10/30/2012 9:23:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
10/30/2012 9:23:39 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/30/2012 9:22:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
10/30/2012 11:57:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.
10/30/2012 11:56:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
10/30/2012 11:55:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/30/2012 11:55:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
10/29/2012 9:59:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
10/29/2012 4:53:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrustedInstaller service.
10/29/2012 4:53:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
10/26/2012 12:47:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wscsvc service.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 03 November 2012 - 06:45 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 tntpainting

tntpainting
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 03 November 2012 - 11:59 AM

Hi, computer is acting ok, but still limited. spybot search and destroy is acting very strange. i tried to open the program to disable, but it automatically wants to jump to scanning instead of menu. i tried from desktop, from start, etc. teatimer was already disabled. The scan took so long that avast shields came back on and i clicked it for 1 hour disabled. this happened during the combofix, i immediately disabled while scan was running, but that is the only time i touched anything during the scan.

ComboFix 12-11-03.02 - thomas 11/03/2012 10:51:16.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.876 [GMT -5:00]
Running from: c:\users\thomas\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-03 to 2012-11-03 )))))))))))))))))))))))))))))))
.
.
2012-11-01 01:11 . 2012-11-01 01:11 484 ----a-w- c:\program files (x86)\1031201220112943.bat
2012-10-30 05:39 . 2012-11-02 22:04 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEFB64EB-12F0-4F57-981D-42B8CD480914}\offreg.dll
2012-10-30 05:38 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEFB64EB-12F0-4F57-981D-42B8CD480914}\mpengine.dll
2012-10-26 17:53 . 2012-10-26 17:53 -------- d-----w- c:\users\thomas\AppData\Roaming\SpinTop Games
2012-10-25 23:11 . 2012-10-25 23:22 -------- d-----w- c:\users\thomas\AppData\Roaming\Hidden Anthologies Pride and Prejudice
2012-10-24 16:11 . 2012-10-24 16:11 -------- d-----w- c:\users\thomas\AppData\Roaming\Total Eclipse
2012-10-18 19:43 . 2012-10-18 19:43 -------- d-----w- c:\users\thomas\AppData\Roaming\TheFixerUpper
2012-10-18 19:12 . 2012-10-18 19:12 -------- d-----w- c:\users\thomas\AppData\Roaming\MediaArt
2012-10-18 19:12 . 2012-10-18 19:12 -------- d-----w- c:\programdata\MediaArt
2012-10-10 03:08 . 2012-10-10 03:08 -------- d-----w- c:\users\thomas\AppData\Roaming\LegacyGames
2012-10-10 01:31 . 2012-10-10 01:31 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2012-10-09 20:24 . 2012-10-09 20:24 -------- d-----w- c:\programdata\PuzzlesByJoe
2012-10-09 15:04 . 2012-10-09 15:04 -------- d-----w- c:\users\thomas\AppData\Roaming\MumboJumbo
2012-10-08 12:17 . 2012-10-08 12:17 489 ----a-w- c:\program files (x86)\100820127170440.bat
2012-10-08 04:34 . 2012-10-08 04:34 -------- d-----w- c:\users\thomas\AppData\Roaming\PoBros
2012-10-08 04:34 . 2012-10-08 04:34 -------- d-----w- c:\programdata\PoBros
2012-10-06 05:22 . 2012-10-06 05:22 -------- d-----w- c:\programdata\1912 Titanic Mystery
2012-10-06 05:22 . 2012-10-06 05:23 -------- d-----w- c:\users\thomas\AppData\Roaming\TitanicMystery
2012-10-04 22:45 . 2012-10-04 22:45 -------- d-----w- c:\programdata\GameHouse
2012-10-04 20:35 . 2012-10-04 20:35 488 ----a-w- c:\program files (x86)\1004201215351979.bat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 13:32 . 2012-08-24 06:58 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 13:32 . 2012-02-27 01:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 13:32 . 2012-08-24 16:52 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-04 03:18 . 2012-10-04 03:18 0 ----a-w- c:\windows\SysWow64\sho7BC6.tmp
2012-10-04 03:17 . 2012-10-04 03:17 495 ----a-w- c:\program files (x86)\1003201222173334.bat
2012-10-03 23:38 . 2012-10-03 23:38 0 ----a-w- c:\windows\SysWow64\shoAA25.tmp
2012-09-30 00:54 . 2011-03-29 00:44 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-29 02:42 . 2012-09-29 02:42 2177704 ----a-w- c:\windows\system32\coin92.dll
2012-09-20 08:08 . 2012-09-20 08:08 0 ----a-w- c:\windows\SysWow64\sho67DE.tmp
2012-09-09 04:30 . 2012-09-09 04:30 0 ----a-w- c:\windows\SysWow64\sho6518.tmp
2012-09-09 02:15 . 2012-09-09 02:15 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-09 02:15 . 2012-08-21 02:06 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-09 02:15 . 2010-10-16 19:35 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-21 09:13 . 2012-01-27 19:57 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-01-27 19:57 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-01-27 19:57 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-02-26 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-21 09:13 . 2012-01-27 19:57 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2012-01-27 19:57 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2012-01-27 19:57 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-01-27 19:57 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-21 09:12 . 2012-01-27 19:57 285328 ----a-w- c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-29 584760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-29 31088]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-19 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
R4 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-09-17 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-29 26680]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-09-11 1014624]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 21:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 06:58]
.
2012-01-28 c:\windows\Tasks\DST.job
- c:\program files (x86)\Hewlett-Packard\Setup Manager\Toaster.exe [2010-09-21 18:31]
.
2012-01-28 c:\windows\Tasks\FileTransfer.job
- c:\program files (x86)\Hewlett-Packard\Setup Manager\Toaster.exe [2010-09-21 18:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 -c--a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 391192]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: pogo.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
FF - ProfilePath - c:\users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7a4hi84b.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{06C7AD57-B655-418D-9AB8-9526A6D2E052} - (no file)
Wow6432Node-HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
Wow6432Node-HKLM-Run-Adobe ARM - c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Notify-igfxcui - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe
AddRemove-WildTangentGameProvider-hp-main - c:\program files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe
AddRemove-WildTangentGDF-hp-clubpenguin - c:\program files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe
AddRemove-WildTangentGDF-hp-darkorbit - c:\program files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe
AddRemove-WildTangentGDF-hp-habbohotel - c:\program files (x86)\HP Games\Web Link - Habbo Hotel\Uninstall.exe
AddRemove-WildTangentGDF-hp-seafight - c:\program files (x86)\HP Games\Web Link - Seafight\Uninstall.exe
AddRemove-WildTangentGDF-hp-worldofwarcraft - c:\program files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe
AddRemove-WT087328 - c:\program files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe
AddRemove-WT087330 - c:\program files (x86)\HP Games\Bounce Symphony\Uninstall.exe
AddRemove-WT087335 - c:\program files (x86)\HP Games\Build-a-lot 2\Uninstall.exe
AddRemove-WT087343 - c:\program files (x86)\HP Games\Dora's World Adventure\Uninstall.exe
AddRemove-WT087360 - c:\program files (x86)\HP Games\Escape Rosecliff Island\Uninstall.exe
AddRemove-WT087361 - c:\program files (x86)\HP Games\FATE\Uninstall.exe
AddRemove-WT087362 - c:\program files (x86)\HP Games\Final Drive Nitro\Uninstall.exe
AddRemove-WT087372 - c:\program files (x86)\HP Games\Heroes of Hellas 2 - Olympia\Uninstall.exe
AddRemove-WT087379 - c:\program files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe
AddRemove-WT087394 - c:\program files (x86)\HP Games\Penguins!\Uninstall.exe
AddRemove-WT087395 - c:\program files (x86)\HP Games\Poker Superstars III\Uninstall.exe
AddRemove-WT087396 - c:\program files (x86)\HP Games\Polar Bowler\Uninstall.exe
AddRemove-WT087397 - c:\program files (x86)\HP Games\Polar Golfer\Uninstall.exe
AddRemove-WT087414 - c:\program files (x86)\HP Games\Virtual Families\Uninstall.exe
AddRemove-WT087415 - c:\program files (x86)\HP Games\Wheel of Fortune 2\Uninstall.exe
AddRemove-WT087428 - c:\program files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe
AddRemove-WT087453 - c:\program files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe
AddRemove-WT087501 - c:\program files (x86)\HP Games\Plants vs. Zombies\Uninstall.exe
AddRemove-WT087533 - c:\program files (x86)\HP Games\Zuma Deluxe\Uninstall.exe
AddRemove-WT087536 - c:\program files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe
AddRemove-WT089299 - c:\program files (x86)\HP Games\Mystery P.I. - The London Caper\Uninstall.exe
AddRemove-WT089307 - c:\program files (x86)\HP Games\Virtual Villagers 4 - The Tree of Life\Uninstall.exe
AddRemove-WT089308 - c:\program files (x86)\HP Games\Blasterball 3\Uninstall.exe
AddRemove-WT089328 - c:\program files (x86)\HP Games\Farm Frenzy\Uninstall.exe
AddRemove-WT089359 - c:\program files (x86)\HP Games\Cake Mania\Uninstall.exe
AddRemove-WT089362 - c:\program files (x86)\HP Games\Agatha Christie - Peril at End House\Uninstall.exe
AddRemove-WTA-14c178b9-dc6e-47d5-9173-14440c68a5c7 - c:\program files (x86)\WildGames\House MD\uninstall\uninstaller.exe
AddRemove-WTA-2dc4e53b-d879-4430-a8e1-ac1da0853076 - c:\program files (x86)\WildGames\Dream Day First Home\uninstall\uninstaller.exe
AddRemove-WTA-6ebe04c8-ec19-402e-ac5e-ff7080998907 - c:\program files (x86)\WildGames\World of Zoo Animal Creator Demo\uninstall\uninstaller.exe
AddRemove-WTA-c5549c2f-9ebc-4dab-bd56-2604b5521fb4 - c:\program files (x86)\WildGames\FATE The Cursed King\uninstall\uninstaller.exe
AddRemove-{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App - c:\program files (x86)\WildTangent Games\App\Uninstall.exe
AddRemove-{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp - c:\program files (x86)\WildTangent Games\Touchpoints\hp\Uninstall.exe
AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-03 11:47:40
ComboFix-quarantined-files.txt 2012-11-03 16:47
.
Pre-Run: 171,576,619,008 bytes free
Post-Run: 171,750,969,344 bytes free
.
- - End Of File - - 23F26FDAD5213D4DB7D06CCD9DE4EC47

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 04 November 2012 - 05:03 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 tntpainting

tntpainting
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 04 November 2012 - 10:46 AM

Something seems wrong to me. When i download these items, I can only click save file. the download window pops up and shows it downloading. then i must go to start-downloads- and physically locate the download--right click---send to ----desktop(shortcut).....Then i run tdss and everything shows ok. but i could not copy the log while in tdss. tried numerous times. Had to go to notepad/find file/ and copy paste it from there.

Two other things i noticed today. by the clock (lower right on screen) the java icon is there. when you get anywhere near it with the mouse cursor it disappears on its own. also getting java pop up asking if i give jucheck or juched.exe permission to make changes to computer. I click NO.

One other thing. everytime I start windows with a password, after a minute an avast box and voice pop up saying your avast system is up to date. and the update definition #'s. today there was a scan running at start up from avast. i stopped it and opened avast and it had the definitions showing out of date, even though the pop up says they are updated daily. Here is what you asked me for. thanks and hopefully we can get on the same schedule today.

08:57:34.0298 5192 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
08:57:36.0311 5192 ============================================================
08:57:36.0311 5192 Current date / time: 2012/11/04 08:57:36.0311
08:57:36.0311 5192 SystemInfo:
08:57:36.0311 5192
08:57:36.0311 5192 OS Version: 6.1.7601 ServicePack: 1.0
08:57:36.0311 5192 Product type: Workstation
08:57:36.0311 5192 ComputerName: NKEY
08:57:36.0311 5192 UserName: tomas
08:57:36.0311 5192 Windows directory: C:\Windows
08:57:36.0311 5192 System windows directory: C:\Windows
08:57:36.0311 5192 Running under WOW64
08:57:36.0311 5192 Processor architecture: Intel x64
08:57:36.0311 5192 Number of processors: 1
08:57:36.0311 5192 Page size: 0x1000
08:57:36.0311 5192 Boot type: Normal boot
08:57:36.0311 5192 ============================================================
08:57:38.0276 5192 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:57:38.0307 5192 ============================================================
08:57:38.0307 5192 \Device\Harddisk0\DR0:
08:57:38.0307 5192 MBR partitions:
08:57:38.0307 5192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
08:57:38.0307 5192 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1AB73000
08:57:38.0307 5192 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1ABD7000, BlocksNum 0x25BA800
08:57:38.0307 5192 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
08:57:38.0307 5192 ============================================================
08:57:38.0432 5192 C: <-> \Device\Harddisk0\DR0\Partition2
08:57:38.0479 5192 D: <-> \Device\Harddisk0\DR0\Partition3
08:57:38.0541 5192 ============================================================
08:57:38.0541 5192 Initialize success
08:57:38.0541 5192 ============================================================
08:57:46.0809 5764 ============================================================
08:57:46.0809 5764 Scan started
08:57:46.0809 5764 Mode: Manual;
08:57:46.0809 5764 ============================================================

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-04 08:09:51
-----------------------------
08:09:51.579 OS Version: Windows x64 6.1.7601 Service Pack 1
08:09:51.579 Number of processors: 1 586 0x170A
08:09:51.579 ComputerName: DONKEY UserName: thomas
08:09:53.139 Initialize success
08:09:53.248 AVAST engine defs: 12110400
08:10:32.748 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:10:32.748 Disk 0 Vendor: ST925031 0005 Size: 238475MB BusType: 3
08:10:32.748 Disk 0 MBR read successfully
08:10:32.748 Disk 0 MBR scan
08:10:32.763 Disk 0 Windows 7 default MBR code
08:10:32.779 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
08:10:32.779 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 218854 MB offset 409600
08:10:32.826 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19317 MB offset 448622592
08:10:32.841 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
08:10:32.888 Disk 0 scanning C:\Windows\system32\drivers
08:10:44.323 Service scanning
08:11:07.567 Modules scanning
08:11:07.567 Disk 0 trace - called modules:
08:11:08.144 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
08:11:08.144 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80026d8060]
08:11:08.160 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002224050]
08:11:08.690 AVAST engine scan C:\Windows
08:11:11.093 AVAST engine scan C:\Windows\system32
08:13:47.389 AVAST engine scan C:\Windows\system32\drivers
08:14:01.616 AVAST engine scan C:\Users\thomas
08:38:40.661 Disk 0 MBR has been saved successfully to "C:\Users\thomas\
08:38:40.677 The log file has been saved successfully to "C:\Users\thoma
08:57:47.0995 5764 ================ Scan system memory ========================
08:57:47.0995 5764 System memory - ok
08:57:47.0995 5764 ================ Scan services =============================
08:57:49.0867 5764 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:57:49.0867 5764 1394ohci - ok
08:57:49.0976 5764 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:57:50.0023 5764 ACPI - ok
08:57:50.0085 5764 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:57:50.0101 5764 AcpiPmi - ok
08:57:51.0255 5764 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:57:51.0318 5764 AdobeFlashPlayerUpdateSvc - ok
08:57:51.0567 5764 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:57:51.0645 5764 adp94xx - ok
08:57:51.0755 5764 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:57:51.0755 5764 adpahci - ok
08:57:51.0833 5764 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:57:51.0833 5764 adpu320 - ok
08:57:51.0895 5764 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:57:51.0911 5764 AeLookupSvc - ok
08:57:52.0082 5764 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
08:57:52.0098 5764 AERTFilters - ok
08:57:52.0176 5764 [ D5B031C308A409A0A576BFF4CF083D30 ] AFD C:\Windows\system32\drivers\afd.sys
08:57:52.0191 5764 AFD - ok
08:57:52.0394 5764 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:57:52.0394 5764 agp440 - ok
08:57:52.0535 5764 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:57:52.0550 5764 ALG - ok
08:57:52.0644 5764 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:57:52.0659 5764 aliide - ok
08:57:52.0675 5764 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:57:52.0675 5764 amdide - ok
08:57:52.0784 5764 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:57:52.0784 5764 AmdK8 - ok
08:57:52.0815 5764 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:57:52.0815 5764 AmdPPM - ok
08:57:52.0940 5764 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:57:52.0940 5764 amdsata - ok
08:57:53.0003 5764 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:57:53.0003 5764 amdsbs - ok
08:57:53.0049 5764 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:57:53.0049 5764 amdxata - ok
08:57:53.0112 5764 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:57:53.0127 5764 AppID - ok
08:57:53.0205 5764 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:57:53.0205 5764 AppIDSvc - ok
08:57:53.0299 5764 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:57:53.0315 5764 Appinfo - ok
08:57:53.0502 5764 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:57:53.0502 5764 Apple Mobile Device - ok
08:57:53.0595 5764 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
08:57:53.0595 5764 arc - ok
08:57:53.0627 5764 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:57:53.0627 5764 arcsas - ok
08:57:53.0673 5764 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
08:57:53.0689 5764 aswFsBlk - ok
08:57:53.0798 5764 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
08:57:53.0798 5764 aswMonFlt - ok
08:57:53.0907 5764 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
08:57:53.0907 5764 aswRdr - ok
08:57:54.0110 5764 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
08:57:54.0141 5764 aswSnx - ok
08:57:54.0422 5764 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
08:57:54.0500 5764 aswSP - ok
08:57:54.0578 5764 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
08:57:54.0578 5764 aswTdi - ok
08:57:54.0672 5764 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:57:54.0672 5764 AsyncMac - ok
08:57:54.0812 5764 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:57:54.0812 5764 atapi - ok
08:57:54.0968 5764 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:57:54.0999 5764 AudioEndpointBuilder - ok
08:57:55.0015 5764 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:57:55.0031 5764 AudioSrv - ok
08:57:55.0140 5764 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:57:55.0140 5764 avast! Antivirus - ok
08:57:55.0249 5764 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:57:55.0265 5764 AxInstSV - ok
08:57:55.0343 5764 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
08:57:55.0374 5764 b06bdrv - ok
08:57:55.0561 5764 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:57:55.0561 5764 b57nd60a - ok
08:57:55.0639 5764 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:57:55.0655 5764 BDESVC - ok
08:57:55.0733 5764 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:57:55.0733 5764 Beep - ok
08:57:56.0029 5764 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:57:56.0076 5764 BFE - ok
08:57:56.0201 5764 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
08:57:56.0232 5764 BITS - ok
08:57:56.0310 5764 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:57:56.0310 5764 blbdrive - ok
08:57:56.0528 5764 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:57:56.0528 5764 bowser - ok
08:57:56.0559 5764 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:57:56.0575 5764 BrFiltLo - ok
08:57:56.0591 5764 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:57:56.0591 5764 BrFiltUp - ok
08:57:56.0747 5764 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
08:57:56.0747 5764 BridgeMP - ok
08:57:56.0809 5764 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
08:57:56.0809 5764 Browser - ok
08:57:56.0856 5764 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:57:56.0856 5764 Brserid - ok
08:57:56.0934 5764 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:57:56.0934 5764 BrSerWdm - ok
08:57:57.0027 5764 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:57:57.0043 5764 BrUsbMdm - ok
08:57:57.0105 5764 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:57:57.0105 5764 BrUsbSer - ok
08:57:57.0137 5764 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:57:57.0137 5764 BTHMODEM - ok
08:57:57.0277 5764 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:57:57.0277 5764 bthserv - ok
08:57:57.0324 5764 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:57:57.0339 5764 cdfs - ok
08:57:57.0449 5764 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
08:57:57.0449 5764 cdrom - ok
08:57:57.0573 5764 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:57:57.0589 5764 CertPropSvc - ok
08:57:57.0667 5764 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:57:57.0683 5764 circlass - ok
08:57:57.0761 5764 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:57:57.0776 5764 CLFS - ok
08:57:57.0963 5764 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:57:57.0979 5764 clr_optimization_v2.0.50727_32 - ok
08:57:58.0244 5764 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:57:58.0275 5764 clr_optimization_v2.0.50727_64 - ok
08:57:58.0509 5764 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:57:58.0665 5764 clr_optimization_v4.0.30319_32 - ok
08:57:58.0884 5764 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:57:58.0884 5764 clr_optimization_v4.0.30319_64 - ok
08:57:59.0009 5764 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
08:57:59.0009 5764 clwvd - ok
08:57:59.0133 5764 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:57:59.0133 5764 CmBatt - ok
08:57:59.0243 5764 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:57:59.0243 5764 cmdide - ok
08:57:59.0399 5764 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys
08:57:59.0461 5764 CNG - ok
08:57:59.0508 5764 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:57:59.0523 5764 Compbatt - ok
08:57:59.0586 5764 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:57:59.0586 5764 CompositeBus - ok
08:57:59.0633 5764 COMSysApp - ok
08:57:59.0679 5764 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:57:59.0695 5764 crcdisk - ok
08:57:59.0789 5764 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:57:59.0789 5764 CryptSvc - ok
08:57:59.0991 5764 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
08:58:00.0054 5764 cvhsvc - ok
08:58:00.0288 5764 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
08:58:00.0288 5764 dc3d - ok
08:58:00.0491 5764 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:58:00.0506 5764 DcomLaunch - ok
08:58:00.0678 5764 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:58:00.0709 5764 defragsvc - ok
08:58:00.0787 5764 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:58:00.0803 5764 DfsC - ok
08:58:00.0943 5764 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:58:00.0959 5764 Dhcp - ok
08:58:01.0052 5764 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:58:01.0052 5764 discache - ok
08:58:01.0208 5764 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:58:01.0208 5764 Disk - ok
08:58:01.0271 5764 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:58:01.0286 5764 Dnscache - ok
08:58:01.0349 5764 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:58:01.0364 5764 dot3svc - ok
08:58:01.0442 5764 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:58:01.0442 5764 DPS - ok
08:58:01.0489 5764 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:58:01.0489 5764 drmkaud - ok
08:58:01.0629 5764 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:58:01.0676 5764 DXGKrnl - ok
08:58:01.0739 5764 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:58:01.0739 5764 EapHost - ok
08:58:02.0160 5764 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
08:58:02.0253 5764 ebdrv - ok
08:58:02.0331 5764 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:58:02.0331 5764 EFS - ok
08:58:02.0706 5764 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:58:02.0753 5764 ehRecvr - ok
08:58:02.0815 5764 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:58:02.0831 5764 ehSched - ok
08:58:03.0018 5764 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:58:03.0065 5764 elxstor - ok
08:58:03.0127 5764 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:58:03.0127 5764 ErrDev - ok
08:58:03.0252 5764 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:58:03.0267 5764 EventSystem - ok
08:58:03.0314 5764 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:58:03.0392 5764 exfat - ok
08:58:03.0408 5764 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:58:03.0408 5764 fastfat - ok
08:58:03.0735 5764 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:58:03.0876 5764 Fax - ok
08:58:03.0938 5764 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:58:03.0938 5764 fdc - ok
08:58:04.0001 5764 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:58:04.0016 5764 fdPHost - ok
08:58:04.0047 5764 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:58:04.0047 5764 FDResPub - ok
08:58:04.0110 5764 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:58:04.0110 5764 FileInfo - ok
08:58:04.0157 5764 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:58:04.0172 5764 Filetrace - ok
08:58:04.0188 5764 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:58:04.0203 5764 flpydisk - ok
08:58:04.0266 5764 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:58:04.0266 5764 FltMgr - ok
08:58:04.0453 5764 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
08:58:04.0500 5764 FontCache - ok
08:58:04.0687 5764 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:58:04.0703 5764 FontCache3.0.0.0 - ok
08:58:04.0781 5764 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:58:04.0781 5764 FsDepends - ok
08:58:04.0812 5764 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:58:04.0827 5764 Fs_Rec - ok
08:58:04.0921 5764 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:58:04.0921 5764 fvevol - ok
08:58:05.0077 5764 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:58:05.0077 5764 gagp30kx - ok
08:58:05.0202 5764 GamesAppService - ok
08:58:05.0295 5764 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:58:05.0311 5764 GEARAspiWDM - ok
08:58:05.0451 5764 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:58:05.0467 5764 gpsvc - ok
08:58:05.0607 5764 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:58:05.0607 5764 gusvc - ok
08:58:05.0810 5764 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:58:05.0810 5764 hcw85cir - ok
08:58:05.0888 5764 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:58:05.0904 5764 HdAudAddService - ok
08:58:06.0091 5764 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:58:06.0091 5764 HDAudBus - ok
08:58:06.0169 5764 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:58:06.0169 5764 HidBatt - ok
08:58:06.0231 5764 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:58:06.0247 5764 HidBth - ok
08:58:06.0325 5764 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:58:06.0325 5764 HidIr - ok
08:58:06.0434 5764 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
08:58:06.0434 5764 hidserv - ok
08:58:06.0543 5764 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:58:06.0559 5764 HidUsb - ok
08:58:06.0606 5764 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:58:06.0606 5764 hkmsvc - ok
08:58:06.0699 5764 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:58:06.0715 5764 HomeGroupListener - ok
08:58:06.0746 5764 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:58:06.0762 5764 HomeGroupProvider - ok
08:58:06.0887 5764 [ 37965381364B2E106E1DD7D74CDCAA43 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
08:58:06.0887 5764 HP Health Check Service - ok
08:58:07.0074 5764 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
08:58:07.0089 5764 HP Wireless Assistant Service - ok
08:58:07.0152 5764 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
08:58:07.0199 5764 HPClientSvc - ok
08:58:07.0292 5764 [ F323230C391771611BBE9363B88C3E3E ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
08:58:07.0308 5764 HPDrvMntSvc.exe - ok
08:58:07.0479 5764 [ 5311386F0EC157D155BB07A1D420FB4D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
08:58:07.0495 5764 hpqwmiex - ok
08:58:07.0589 5764 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:58:07.0589 5764 HpSAMD - ok
08:58:07.0854 5764 [ 854197D1270D20193FE2D4B14784AADE ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
08:58:07.0869 5764 HPWMISVC - ok
08:58:08.0103 5764 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:58:08.0135 5764 HTTP - ok
08:58:08.0213 5764 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:58:08.0213 5764 hwpolicy - ok
08:58:08.0353 5764 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:58:08.0353 5764 i8042prt - ok
08:58:08.0571 5764 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
08:58:08.0571 5764 iaStor - ok
08:58:08.0649 5764 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:58:08.0696 5764 iaStorV - ok
08:58:08.0946 5764 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:58:09.0055 5764 idsvc - ok
08:58:10.0163 5764 [ 898AB5BFED7040D7AB07AF01885EB944 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
08:58:10.0397 5764 igfx - ok
08:58:10.0443 5764 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:58:10.0459 5764 iirsp - ok
08:58:10.0631 5764 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:58:10.0693 5764 IKEEXT - ok
08:58:10.0927 5764 [ D311E2DD59A34079D89C249B2A4D9FDB ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
08:58:11.0036 5764 IntcAzAudAddService - ok
08:58:11.0083 5764 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:58:11.0083 5764 intelide - ok
08:58:11.0114 5764 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:58:11.0130 5764 intelppm - ok
08:58:11.0208 5764 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:58:11.0208 5764 IPBusEnum - ok
08:58:11.0286 5764 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:58:11.0301 5764 IpFilterDriver - ok
08:58:11.0535 5764 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:58:11.0613 5764 iphlpsvc - ok
08:58:11.0676 5764 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:58:11.0676 5764 IPMIDRV - ok
08:58:11.0691 5764 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:58:11.0691 5764 IPNAT - ok
08:58:11.0863 5764 [ B7CB0B121962CD89F98C0DD89331B0C0 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:58:12.0050 5764 iPod Service - ok
08:58:12.0097 5764 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:58:12.0113 5764 IRENUM - ok
08:58:12.0191 5764 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:58:12.0206 5764 isapnp - ok
08:58:12.0284 5764 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:58:12.0284 5764 iScsiPrt - ok
08:58:12.0347 5764 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:58:12.0347 5764 kbdclass - ok
08:58:12.0487 5764 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:58:12.0503 5764 kbdhid - ok
08:58:12.0518 5764 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:58:12.0518 5764 KeyIso - ok
08:58:12.0549 5764 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:58:12.0565 5764 KSecDD - ok
08:58:12.0596 5764 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:58:12.0596 5764 KSecPkg - ok
08:58:12.0768 5764 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:58:12.0783 5764 ksthunk - ok
08:58:13.0017 5764 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:58:13.0064 5764 KtmRm - ok
08:58:13.0142 5764 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
08:58:13.0158 5764 LanmanServer - ok
08:58:13.0251 5764 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:58:13.0267 5764 LanmanWorkstation - ok
08:58:13.0501 5764 [ FCBDCC6F1801E32244235608E1277752 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
08:58:13.0517 5764 LightScribeService - ok
08:58:13.0548 5764 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:58:13.0563 5764 lltdio - ok
08:58:13.0641 5764 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:58:13.0704 5764 lltdsvc - ok
08:58:13.0735 5764 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:58:13.0735 5764 lmhosts - ok
08:58:13.0829 5764 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:58:13.0829 5764 LSI_FC - ok
08:58:13.0875 5764 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:58:13.0875 5764 LSI_SAS - ok
08:58:13.0907 5764 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:58:13.0907 5764 LSI_SAS2 - ok
08:58:13.0985 5764 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:58:13.0985 5764 LSI_SCSI - ok
08:58:14.0016 5764 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:58:14.0016 5764 luafv - ok
08:58:14.0172 5764 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:58:14.0172 5764 Mcx2Svc - ok
08:58:14.0219 5764 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:58:14.0234 5764 megasas - ok
08:58:14.0343 5764 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:58:14.0375 5764 MegaSR - ok
08:58:14.0531 5764 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:58:14.0531 5764 MMCSS - ok
08:58:14.0687 5764 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:58:14.0687 5764 Modem - ok
08:58:14.0780 5764 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:58:14.0780 5764 monitor - ok
08:58:14.0843 5764 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:58:14.0843 5764 mouclass - ok
08:58:14.0905 5764 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:58:14.0905 5764 mouhid - ok
08:58:14.0952 5764 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:58:14.0952 5764 mountmgr - ok
08:58:15.0092 5764 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:58:15.0108 5764 MozillaMaintenance - ok
08:58:15.0170 5764 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:58:15.0170 5764 mpio - ok
08:58:15.0202 5764 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:58:15.0217 5764 mpsdrv - ok
08:58:15.0451 5764 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:58:15.0529 5764 MpsSvc - ok
08:58:15.0576 5764 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:58:15.0576 5764 MRxDAV - ok
08:58:15.0716 5764 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:58:15.0716 5764 mrxsmb - ok
08:58:15.0779 5764 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:58:15.0826 5764 mrxsmb10 - ok
08:58:15.0872 5764 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:58:15.0872 5764 mrxsmb20 - ok
08:58:15.0935 5764 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:58:15.0935 5764 msahci - ok
08:58:15.0997 5764 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:58:16.0013 5764 msdsm - ok
08:58:16.0044 5764 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:58:16.0044 5764 MSDTC - ok
08:58:16.0106 5764 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:58:16.0106 5764 Msfs - ok
08:58:16.0184 5764 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:58:16.0184 5764 mshidkmdf - ok
08:58:16.0294 5764 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:58:16.0294 5764 msisadrv - ok
08:58:16.0372 5764 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:58:16.0372 5764 MSiSCSI - ok
08:58:16.0387 5764 msiserver - ok
08:58:16.0418 5764 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:58:16.0418 5764 MSKSSRV - ok
08:58:16.0450 5764 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:58:16.0465 5764 MSPCLOCK - ok
08:58:16.0606 5764 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:58:16.0621 5764 MSPQM - ok
08:58:16.0730 5764 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:58:16.0746 5764 MsRPC - ok
08:58:16.0793 5764 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:58:16.0793 5764 mssmbios - ok
08:58:16.0840 5764 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:58:16.0840 5764 MSTEE - ok
08:58:16.0918 5764 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:58:16.0933 5764 MTConfig - ok
08:58:16.0964 5764 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:58:16.0980 5764 Mup - ok
08:58:17.0105 5764 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:58:17.0120 5764 napagent - ok
08:58:17.0230 5764 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:58:17.0308 5764 NativeWifiP - ok
08:58:17.0510 5764 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
08:58:17.0557 5764 NDIS - ok
08:58:17.0651 5764 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:58:17.0651 5764 NdisCap - ok
08:58:17.0744 5764 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:58:17.0744 5764 NdisTapi - ok
08:58:17.0963 5764 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:58:17.0963 5764 Ndisuio - ok
08:58:18.0228 5764 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:58:18.0228 5764 NdisWan - ok
08:58:18.0306 5764 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:58:18.0306 5764 NDProxy - ok
08:58:18.0384 5764 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:58:18.0384 5764 NetBIOS - ok
08:58:18.0493 5764 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:58:18.0509 5764 NetBT - ok
08:58:18.0540 5764 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:58:18.0556 5764 Netlogon - ok
08:58:18.0743 5764 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:58:18.0758 5764 Netman - ok
08:58:18.0805 5764 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:58:18.0821 5764 netprofm - ok
08:58:19.0024 5764 [ AA1D8F9DE032BE4E8303AF33368FDFC8 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
08:58:19.0055 5764 netr28x - ok
08:58:19.0164 5764 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:58:19.0164 5764 NetTcpPortSharing - ok
08:58:20.0147 5764 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
08:58:20.0303 5764 netw5v64 - ok
08:58:20.0334 5764 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:58:20.0334 5764 nfrd960 - ok
08:58:20.0474 5764 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:58:20.0490 5764 NlaSvc - ok
08:58:20.0584 5764 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:58:20.0584 5764 Npfs - ok
08:58:20.0615 5764 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:58:20.0615 5764 nsi - ok
08:58:20.0662 5764 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:58:20.0662 5764 nsiproxy - ok
08:58:20.0911 5764 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:58:20.0989 5764 Ntfs - ok
08:58:21.0114 5764 [ A2F750E416D1C628BDCDC2075AC33BC6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
08:58:21.0114 5764 NuidFltr - ok
08:58:21.0145 5764 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:58:21.0161 5764 Null - ok
08:58:21.0223 5764 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:58:21.0223 5764 nvraid - ok
08:58:21.0301 5764 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:58:21.0301 5764 nvstor - ok
08:58:21.0410 5764 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:58:21.0410 5764 nv_agp - ok
08:58:21.0551 5764 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:58:21.0551 5764 ohci1394 - ok
08:58:21.0676 5764 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:58:21.0676 5764 ose - ok
08:58:21.0878 5764 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:58:22.0456 5764 osppsvc - ok
08:58:22.0534 5764 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:58:22.0596 5764 p2pimsvc - ok
08:58:22.0674 5764 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:58:22.0705 5764 p2psvc - ok
08:58:22.0768 5764 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:58:22.0783 5764 Parport - ok
08:58:22.0830 5764 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:58:22.0830 5764 partmgr - ok
08:58:22.0924 5764 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:58:22.0939 5764 PcaSvc - ok
08:58:23.0017 5764 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:58:23.0064 5764 pci - ok
08:58:23.0173 5764 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:58:23.0173 5764 pciide - ok
08:58:23.0282 5764 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:58:23.0282 5764 pcmcia - ok
08:58:23.0376 5764 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:58:23.0376 5764 pcw - ok
08:58:23.0501 5764 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:58:23.0501 5764 PEAUTH - ok
08:58:24.0234 5764 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:58:24.0234 5764 PerfHost - ok
08:58:24.0515 5764 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:58:24.0577 5764 pla - ok
08:58:24.0655 5764 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:58:24.0702 5764 PlugPlay - ok
08:58:24.0780 5764 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:58:24.0780 5764 PNRPAutoReg - ok
08:58:24.0905 5764 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:58:24.0920 5764 PNRPsvc - ok
08:58:24.0967 5764 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
08:58:24.0967 5764 Point64 - ok
08:58:25.0092 5764 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:58:25.0170 5764 PolicyAgent - ok
08:58:25.0248 5764 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:58:25.0248 5764 Power - ok
08:58:25.0388 5764 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:58:25.0388 5764 PptpMiniport - ok
08:58:25.0435 5764 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:58:25.0451 5764 Processor - ok
08:58:25.0591 5764 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
08:58:25.0591 5764 ProfSvc - ok
08:58:25.0654 5764 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:58:25.0654 5764 ProtectedStorage - ok
08:58:25.0778 5764 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:58:25.0778 5764 Psched - ok
08:58:26.0059 5764 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:58:26.0200 5764 ql2300 - ok
08:58:26.0278 5764 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:58:26.0278 5764 ql40xx - ok
08:58:26.0402 5764 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:58:26.0449 5764 QWAVE - ok
08:58:26.0605 5764 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:58:26.0605 5764 QWAVEdrv - ok
08:58:26.0699 5764 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:58:26.0699 5764 RasAcd - ok
08:58:26.0839 5764 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:58:26.0839 5764 RasAgileVpn - ok
08:58:26.0917 5764 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:58:26.0917 5764 RasAuto - ok
08:58:27.0120 5764 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:58:27.0120 5764 Rasl2tp - ok
08:58:27.0229 5764 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:58:27.0245 5764 RasMan - ok
08:58:27.0463 5764 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:58:27.0463 5764 RasPppoe - ok
08:58:27.0526 5764 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:58:27.0526 5764 RasSstp - ok
08:58:27.0604 5764 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:58:27.0635 5764 rdbss - ok
08:58:27.0682 5764 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:58:27.0682 5764 rdpbus - ok
08:58:27.0744 5764 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:58:27.0744 5764 RDPCDD - ok
08:58:27.0791 5764 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:58:27.0791 5764 RDPENCDD - ok
08:58:27.0853 5764 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:58:27.0869 5764 RDPREFMP - ok
08:58:27.0962 5764 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:58:27.0962 5764 RDPWD - ok
08:58:28.0087 5764 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:58:28.0087 5764 rdyboost - ok
08:58:28.0134 5764 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:58:28.0134 5764 RemoteAccess - ok
08:58:28.0181 5764 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:58:28.0196 5764 RemoteRegistry - ok
08:58:28.0384 5764 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
08:58:28.0399 5764 RMCAST - ok
08:58:28.0602 5764 [ C1568E17039B2EC2B73A4F880DDD51E5 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
08:58:28.0618 5764 RoxioNow Service - ok
08:58:28.0696 5764 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:58:28.0711 5764 RpcEptMapper - ok
08:58:28.0774 5764 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:58:28.0774 5764 RpcLocator - ok
08:58:28.0883 5764 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
08:58:28.0883 5764 RpcSs - ok
08:58:28.0976 5764 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:58:28.0976 5764 rspndr - ok
08:58:29.0101 5764 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
08:58:29.0164 5764 RTL8167 - ok
08:58:29.0320 5764 [ E49193101EEEC5EF6B6E943673A07260 ] RtVOsdService C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
08:58:29.0320 5764 RtVOsdService - ok
08:58:29.0351 5764 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:58:29.0351 5764 SamSs - ok
08:58:29.0429 5764 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:58:29.0429 5764 sbp2port - ok
08:58:29.0756 5764 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
08:58:29.0866 5764 SBSDWSCService - ok
08:58:29.0928 5764 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:58:29.0928 5764 SCardSvr - ok
08:58:30.0022 5764 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:58:30.0037 5764 scfilter - ok
08:58:30.0178 5764 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:58:30.0209 5764 Schedule - ok
08:58:30.0271 5764 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:58:30.0271 5764 SCPolicySvc - ok
08:58:30.0349 5764 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
08:58:30.0349 5764 sdbus - ok
08:58:30.0505 5764 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:58:30.0568 5764 SDRSVC - ok
08:58:30.0661 5764 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:58:30.0661 5764 secdrv - ok
08:58:30.0739 5764 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:58:30.0739 5764 seclogon - ok
08:58:30.0817 5764 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
08:58:30.0817 5764 SENS - ok
08:58:30.0911 5764 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:58:30.0926 5764 SensrSvc - ok
08:58:30.0958 5764 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:58:30.0973 5764 Serenum - ok
08:58:31.0004 5764 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:58:31.0020 5764 Serial - ok
08:58:31.0051 5764 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:58:31.0051 5764 sermouse - ok
08:58:31.0145 5764 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:58:31.0145 5764 SessionEnv - ok
08:58:31.0207 5764 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:58:31.0238 5764 sffdisk - ok
08:58:31.0254 5764 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:58:31.0270 5764 sffp_mmc - ok
08:58:31.0301 5764 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:58:31.0316 5764 sffp_sd - ok
08:58:31.0363 5764 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:58:31.0363 5764 sfloppy - ok
08:58:31.0535 5764 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
08:58:31.0613 5764 Sftfs - ok
08:58:31.0862 5764 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
08:58:31.0909 5764 sftlist - ok
08:58:32.0003 5764 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
08:58:32.0003 5764 Sftplay - ok
08:58:32.0112 5764 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
08:58:32.0112 5764 Sftredir - ok
08:58:32.0174 5764 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
08:58:32.0190 5764 Sftvol - ok
08:58:32.0284 5764 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
08:58:32.0284 5764 sftvsa - ok
08:58:32.0346 5764 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:58:32.0362 5764 SharedAccess - ok
08:58:32.0518 5764 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:58:32.0533 5764 ShellHWDetection - ok
08:58:32.0596 5764 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:58:32.0596 5764 SiSRaid2 - ok
08:58:32.0642 5764 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:58:32.0642 5764 SiSRaid4 - ok
08:58:32.0705 5764 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:58:32.0705 5764 Smb - ok
08:58:32.0767 5764 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:58:32.0767 5764 SNMPTRAP - ok
08:58:32.0830 5764 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:58:32.0830 5764 spldr - ok
08:58:32.0970 5764 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
08:58:33.0001 5764 Spooler - ok
08:58:33.0329 5764 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:58:33.0438 5764 sppsvc - ok
08:58:33.0500 5764 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:58:33.0516 5764 sppuinotify - ok
08:58:33.0734 5764 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:58:33.0750 5764 srv - ok
08:58:33.0812 5764 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:58:33.0812 5764 srv2 - ok
08:58:33.0922 5764 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
08:58:33.0953 5764 SrvHsfHDA - ok
08:58:34.0140 5764 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
08:58:34.0202 5764 SrvHsfV92 - ok
08:58:34.0468 5764 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
08:58:34.0624 5764 SrvHsfWinac - ok
08:58:34.0686 5764 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:58:34.0686 5764 srvnet - ok
08:58:34.0780 5764 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:58:34.0795 5764 SSDPSRV - ok
08:58:34.0826 5764 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:58:34.0842 5764 SstpSvc - ok
08:58:34.0889 5764 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:58:34.0889 5764 stexstor - ok
08:58:34.0982 5764 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:58:35.0045 5764 stisvc - ok
08:58:35.0107 5764 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
08:58:35.0107 5764 swenum - ok
08:58:35.0294 5764 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:58:35.0326 5764 swprv - ok
08:58:35.0684 5764 [ 961CFAC2A5318E212F459D651F28E0A4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
08:58:35.0716 5764 SynTP - ok
08:58:35.0887 5764 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:58:35.0981 5764 SysMain - ok
08:58:36.0059 5764 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:58:36.0059 5764 TabletInputService - ok
08:58:36.0137 5764 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:58:36.0168 5764 TapiSrv - ok
08:58:36.0215 5764 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:58:36.0215 5764 TBS - ok
08:58:36.0418 5764 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:58:36.0480 5764 Tcpip - ok
08:58:36.0698 5764 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:58:36.0714 5764 TCPIP6 - ok
08:58:36.0792 5764 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:58:36.0808 5764 tcpipreg - ok
08:58:36.0901 5764 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:58:36.0901 5764 TDPIPE - ok
08:58:36.0964 5764 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:58:36.0964 5764 TDTCP - ok
08:58:37.0104 5764 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:58:37.0104 5764 tdx - ok
08:58:37.0166 5764 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:58:37.0166 5764 TermDD - ok
08:58:37.0354 5764 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:58:37.0385 5764 TermService - ok
08:58:37.0432 5764 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:58:37.0432 5764 Themes - ok
08:58:37.0478 5764 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:58:37.0478 5764 THREADORDER - ok
08:58:37.0525 5764 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:58:37.0525 5764 TrkWks - ok
08:58:37.0666 5764 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:58:37.0666 5764 TrustedInstaller - ok
08:58:37.0744 5764 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:58:37.0744 5764 tssecsrv - ok
08:58:37.0931 5764 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:58:37.0931 5764 TsUsbFlt - ok
08:58:38.0009 5764 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:58:38.0024 5764 tunnel - ok
08:58:38.0071 5764 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:58:38.0071 5764 uagp35 - ok
08:58:38.0180 5764 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:58:38.0196 5764 udfs - ok
08:58:38.0243 5764 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:58:38.0258 5764 UI0Detect - ok
08:58:38.0368 5764 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:58:38.0368 5764 uliagpkx - ok
08:58:38.0524 5764 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
08:58:38.0539 5764 umbus - ok
08:58:38.0617 5764 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:58:38.0617 5764 UmPass - ok
08:58:38.0680 5764 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:58:38.0695 5764 upnphost - ok
08:58:38.0820 5764 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:58:38.0836 5764 USBAAPL64 - ok
08:58:38.0882 5764 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:58:38.0882 5764 usbccgp - ok
08:58:38.0929 5764 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:58:38.0929 5764 usbcir - ok
08:58:39.0007 5764 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
08:58:39.0007 5764 usbehci - ok
08:58:39.0070 5764 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:58:39.0085 5764 usbhub - ok
08:58:39.0163 5764 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:58:39.0163 5764 usbohci - ok
08:58:39.0210 5764 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:58:39.0210 5764 usbprint - ok
08:58:39.0272 5764 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:58:39.0288 5764 usbscan - ok
08:58:39.0335 5764 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:58:39.0335 5764 USBSTOR - ok
08:58:39.0444 5764 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:58:39.0444 5764 usbuhci - ok
08:58:39.0522 5764 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:58:39.0522 5764 UxSms - ok
08:58:39.0569 5764 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:58:39.0569 5764 VaultSvc - ok
08:58:39.0631 5764 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:58:39.0647 5764 vdrvroot - ok
08:58:39.0740 5764 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:58:39.0772 5764 vds - ok
08:58:39.0850 5764 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:58:39.0865 5764 vga - ok
08:58:39.0896 5764 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:58:39.0896 5764 VgaSave - ok
08:58:40.0006 5764 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:58:40.0006 5764 vhdmp - ok
08:58:40.0052 5764 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:58:40.0068 5764 viaide - ok
08:58:40.0099 5764 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:58:40.0115 5764 volmgr - ok
08:58:40.0162 5764 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:58:40.0177 5764 volmgrx - ok
08:58:40.0224 5764 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:58:40.0224 5764 volsnap - ok
08:58:40.0318 5764 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:58:40.0318 5764 vsmraid - ok
08:58:40.0442 5764 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:58:40.0520 5764 VSS - ok
08:58:40.0583 5764 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:58:40.0598 5764 vwifibus - ok
08:58:40.0645 5764 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:58:40.0645 5764 vwififlt - ok
08:58:40.0739 5764 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:58:40.0786 5764 W32Time - ok
08:58:40.0817 5764 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:58:40.0832 5764 WacomPen - ok
08:58:41.0160 5764 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:58:41.0160 5764 WANARP - ok
08:58:41.0207 5764 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:58:41.0207 5764 Wanarpv6 - ok
08:58:41.0394 5764 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:58:41.0441 5764 WatAdminSvc - ok
08:58:41.0737 5764 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:58:41.0784 5764 wbengine - ok
08:58:41.0878 5764 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:58:41.0893 5764 WbioSrvc - ok
08:58:42.0034 5764 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:58:42.0112 5764 wcncsvc - ok
08:58:42.0190 5764 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:58:42.0190 5764 WcsPlugInService - ok
08:58:42.0236 5764 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:58:42.0236 5764 Wd - ok
08:58:42.0361 5764 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:58:42.0408 5764 Wdf01000 - ok
08:58:42.0439 5764 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:58:42.0455 5764 WdiServiceHost - ok
08:58:42.0470 5764 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:58:42.0470 5764 WdiSystemHost - ok
08:58:42.0517 5764 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:58:42.0533 5764 WebClient - ok
08:58:42.0595 5764 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:58:42.0595 5764 Wecsvc - ok
08:58:42.0626 5764 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:58:42.0642 5764 wercplsupport - ok
08:58:42.0689 5764 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:58:42.0704 5764 WerSvc - ok
08:58:42.0751 5764 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:58:42.0751 5764 WfpLwf - ok
08:58:42.0782 5764 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:58:42.0782 5764 WIMMount - ok
08:58:42.0845 5764 WinDefend - ok
08:58:42.0860 5764 WinHttpAutoProxySvc - ok
08:58:43.0001 5764 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:58:43.0016 5764 Winmgmt - ok
08:58:43.0282 5764 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:58:43.0344 5764 WinRM - ok
08:58:43.0453 5764 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:58:43.0453 5764 WinUsb - ok
08:58:43.0547 5764 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:58:43.0562 5764 Wlansvc - ok
08:58:43.0921 5764 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:58:43.0999 5764 wlidsvc - ok
08:58:44.0062 5764 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:58:44.0062 5764 WmiAcpi - ok
08:58:44.0124 5764 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:58:44.0124 5764 wmiApSrv - ok
08:58:44.0218 5764 WMPNetworkSvc - ok
08:58:44.0296 5764 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:58:44.0311 5764 WPCSvc - ok
08:58:44.0358 5764 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:58:44.0358 5764 WPDBusEnum - ok
08:58:44.0389 5764 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:58:44.0405 5764 ws2ifsl - ok
08:58:44.0436 5764 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
08:58:44.0436 5764 wscsvc - ok
08:58:44.0452 5764 WSearch - ok
08:58:44.0654 5764 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll
08:58:44.0764 5764 wuauserv - ok
08:58:44.0795 5764 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:58:44.0810 5764 WudfPf - ok
08:58:44.0888 5764 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:58:44.0904 5764 WUDFRd - ok
08:58:44.0951 5764 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:58:44.0951 5764 wudfsvc - ok
08:58:45.0013 5764 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:58:45.0029 5764 WwanSvc - ok
08:58:45.0091 5764 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
08:58:45.0091 5764 yukonw7 - ok
08:58:45.0122 5764 ================ Scan global ===============================
08:58:45.0185 5764 [ BA0CD8C393E8C9F835410093832C7B ] C:\Windows\system32\basesrv.dll
08:58:45.0294 5764 [ EB6A48CC998E109E44E8EF1009A640 ] C:\Windows\system32\winsrv.dll
08:58:45.0310 5764 [ EB6A48CC998E100E44E8E7F109A640 ] C:\Windows\system32\winsrv.dll
08:58:45.0341 5764 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:58:45.0434 5764 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:58:45.0466 5764 [Global] - ok
08:58:45.0466 5764 ================ Scan MBR ==================================
08:58:45.0497 5764 [ AF00FC1920E1CF861B390A4375EDF3 ] \Device\Harddisk0\DR0
08:58:47.0150 5764 \Device\Harddisk0\DR0 - ok
08:58:47.0150 5764 ================ Scan VBR ==================================
08:58:47.0166 5764 [ 221F5CE03CCDF19C9C24CC31D7FD42C8 ] \Device\Harddisk0\DR0\Partition1
08:58:47.0166 5764 \Device\Harddisk0\DR0\Partition1 - ok
08:58:47.0197 5764 [ 2FA9F165E5FA7AB45527CD8F9E02581C ] \Device\Harddisk0\DR0\Partition2
08:58:47.0197 5764 \Device\Harddisk0\DR0\Partition2 - ok
08:58:47.0228 5764 [ F1020EBFEEC1E4E96B1389A2335C5021 ] \Device\Harddisk0\DR0\Partition3
08:58:47.0244 5764 \Device\Harddisk0\DR0\Partition3 - ok
08:58:47.0322 5764 [ 68A9DE9FAC335DAE40DA318F1DE0CFE5 ] \Device\Harddisk0\DR0\Partition4
08:58:47.0322 5764 \Device\Harddisk0\DR0\Partition4 - ok
08:58:47.0338 5764 ============================================================
08:58:47.0338 5764 Scan finished
08:58:47.0338 5764 ============================================================
08:58:47.0353 3184 Detected object count: 0
08:58:47.0353 3184 Actual detected object count: 0


The MBR file created after the scan contained these words in the script. "Invalid partition table Error loading operating system Missing operating system"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 04 November 2012 - 09:24 PM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 tntpainting

tntpainting
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 04 November 2012 - 10:29 PM

# AdwCleaner v2.006 - Logfile created 11/04/2012 at 21:21:51
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : thomas - ONKEY
# Boot Mode : Normal
# Running from : C:\Users\thomas\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\iBryte
Folder Deleted : C:\Users\thomas\AppData\Local\Conduit
Folder Deleted : C:\Users\thomas\AppData\LocalLow\MyWebSearch

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2856449
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\7a4hi84b.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\tnttom\AppData\Roaming\Mozilla\Firefox\Profiles\07gbpnee.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2483 octets] - [04/11/2012 21:21:51]

########## EOF - C:\AdwCleaner[S1].txt - [2543 octets] ##########

#10 tntpainting

tntpainting
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 04 November 2012 - 10:37 PM

RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : thomas [Admin rights]
Mode : Remove -- Date : 11/04/2012 21:33:33

Bad processes : 0

Registry Entries : 3
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


MBR Check:

+++++ PhysicalDrive0: ST9250315AS +++++
--- User ---
[MBR] 361c9e308a10fbf281036ca219599463
[BSP] d385a21e23f6245530ed7799cd010f60 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 218854 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 448622592 | Size: 19317 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 488183808 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11042012_02d2133.txt >>
RKreport[1]_S_11042012_02d2132.txt ; RKreport[2]_D_11042012_02d2133.txt

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 04 November 2012 - 11:03 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 tntpainting

tntpainting
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 05 November 2012 - 11:50 AM

computer was very slow last night. cpu seemed high but when i pulled up resource monitor it would all calm down, then i shut and back to running full bore. Never did see what caused it. if i look at internet connections, cpu will go up. Its like it goes where i'm not.?

ComboFix 12-11-05.01 - thomas 11/05/2012 10:27:13.3.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.1016 [GMT -6:00]
Running from: c:\users\thomas\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-05 to 2012-11-05 )))))))))))))))))))))))))))))))
.
.
2012-11-05 16:39 . 2012-11-05 16:39 -------- d-----w- c:\users\tnttom\AppData\Local\temp
2012-11-05 16:39 . 2012-11-05 16:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-05 16:39 . 2012-11-05 16:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-04 03:55 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D83CDBF1-AE5E-4308-A20B-FEC0304E70EC}\mpengine.dll
2012-11-01 01:11 . 2012-11-01 01:11 484 ----a-w- c:\program files (x86)\1031201220112943.bat
2012-10-26 17:53 . 2012-10-26 17:53 -------- d-----w- c:\users\thomas\AppData\Roaming\SpinTop Games
2012-10-25 23:11 . 2012-10-25 23:22 -------- d-----w- c:\users\thomas\AppData\Roaming\Hidden Anthologies Pride and Prejudice
2012-10-24 16:11 . 2012-10-24 16:11 -------- d-----w- c:\users\thomas\AppData\Roaming\Total Eclipse
2012-10-18 19:43 . 2012-10-18 19:43 -------- d-----w- c:\users\thomas\AppData\Roaming\TheFixerUpper
2012-10-18 19:12 . 2012-10-18 19:12 -------- d-----w- c:\users\thomas\AppData\Roaming\MediaArt
2012-10-18 19:12 . 2012-10-18 19:12 -------- d-----w- c:\programdata\MediaArt
2012-10-10 03:08 . 2012-10-10 03:08 -------- d-----w- c:\users\thomas\AppData\Roaming\LegacyGames
2012-10-10 01:31 . 2012-10-10 01:31 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2012-10-09 20:24 . 2012-10-09 20:24 -------- d-----w- c:\programdata\PuzzlesByJoe
2012-10-09 15:04 . 2012-10-09 15:04 -------- d-----w- c:\users\thomas\AppData\Roaming\MumboJumbo
2012-10-08 12:17 . 2012-10-08 12:17 489 ----a-w- c:\program files (x86)\100820127170440.bat
2012-10-08 04:34 . 2012-10-08 04:34 -------- d-----w- c:\users\thomas\AppData\Roaming\PoBros
2012-10-08 04:34 . 2012-10-08 04:34 -------- d-----w- c:\programdata\PoBros
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 23:51 . 2012-01-27 19:57 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 23:51 . 2012-01-27 19:57 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 23:51 . 2012-01-27 19:57 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51 . 2012-01-27 19:57 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 23:51 . 2012-01-27 19:57 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 23:51 . 2012-01-27 19:57 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 23:50 . 2012-01-27 19:57 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 23:50 . 2012-01-27 19:57 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-02-26 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-09 13:32 . 2012-08-24 06:58 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 13:32 . 2012-02-27 01:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 13:32 . 2012-08-24 16:52 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-04 20:35 . 2012-10-04 20:35 488 ----a-w- c:\program files (x86)\1004201215351979.bat
2012-10-04 03:18 . 2012-10-04 03:18 0 ----a-w- c:\windows\SysWow64\sho7BC6.tmp
2012-10-04 03:17 . 2012-10-04 03:17 495 ----a-w- c:\program files (x86)\1003201222173334.bat
2012-10-03 23:38 . 2012-10-03 23:38 0 ----a-w- c:\windows\SysWow64\shoAA25.tmp
2012-09-30 00:54 . 2011-03-29 00:44 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-29 02:42 . 2012-09-29 02:42 2177704 ----a-w- c:\windows\system32\coin92.dll
2012-09-20 08:08 . 2012-09-20 08:08 0 ----a-w- c:\windows\SysWow64\sho67DE.tmp
2012-09-09 04:30 . 2012-09-09 04:30 0 ----a-w- c:\windows\SysWow64\sho6518.tmp
2012-09-09 02:15 . 2012-09-09 02:15 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-09 02:15 . 2012-08-21 02:06 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-09 02:15 . 2010-10-16 19:35 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-09-29 584760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"aswasOutExt.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-10-30 47832]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
[BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-29 31088]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-19 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
R4 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-09-17 92216]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-29 26680]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-09-11 1014624]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 21:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 06:58]
.
2012-01-28 c:\windows\Tasks\DST.job
- c:\program files (x86)\Hewlett-Packard\Setup Manager\Toaster.exe [2010-09-21 18:31]
.
2012-01-28 c:\windows\Tasks\FileTransfer.job
- c:\program files (x86)\Hewlett-Packard\Setup Manager\Toaster.exe [2010-09-21 18:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 133400 -c--a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 391192]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: pogo.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
FF - ProfilePath - c:\users\thomas\AppData\Roaming\Mozilla\Firefox\Profiles\7a4hi84b.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{06C7AD57-B655-418D-9AB8-9526A6D2E052} - (no file)
AddRemove-WildTangentGameProvider-hp-genres - c:\program files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe
AddRemove-WildTangentGameProvider-hp-main - c:\program files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe
AddRemove-WildTangentGDF-hp-clubpenguin - c:\program files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe
AddRemove-WildTangentGDF-hp-darkorbit - c:\program files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe
AddRemove-WildTangentGDF-hp-habbohotel - c:\program files (x86)\HP Games\Web Link - Habbo Hotel\Uninstall.exe
AddRemove-WildTangentGDF-hp-seafight - c:\program files (x86)\HP Games\Web Link - Seafight\Uninstall.exe
AddRemove-WildTangentGDF-hp-worldofwarcraft - c:\program files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe
AddRemove-WT087328 - c:\program files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe
AddRemove-WT087330 - c:\program files (x86)\HP Games\Bounce Symphony\Uninstall.exe
AddRemove-WT087335 - c:\program files (x86)\HP Games\Build-a-lot 2\Uninstall.exe
AddRemove-WT087343 - c:\program files (x86)\HP Games\Dora's World Adventure\Uninstall.exe
AddRemove-WT087360 - c:\program files (x86)\HP Games\Escape Rosecliff Island\Uninstall.exe
AddRemove-WT087361 - c:\program files (x86)\HP Games\FATE\Uninstall.exe
AddRemove-WT087362 - c:\program files (x86)\HP Games\Final Drive Nitro\Uninstall.exe
AddRemove-WT087372 - c:\program files (x86)\HP Games\Heroes of Hellas 2 - Olympia\Uninstall.exe
AddRemove-WT087379 - c:\program files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe
AddRemove-WT087394 - c:\program files (x86)\HP Games\Penguins!\Uninstall.exe
AddRemove-WT087395 - c:\program files (x86)\HP Games\Poker Superstars III\Uninstall.exe
AddRemove-WT087396 - c:\program files (x86)\HP Games\Polar Bowler\Uninstall.exe
AddRemove-WT087397 - c:\program files (x86)\HP Games\Polar Golfer\Uninstall.exe
AddRemove-WT087414 - c:\program files (x86)\HP Games\Virtual Families\Uninstall.exe
AddRemove-WT087415 - c:\program files (x86)\HP Games\Wheel of Fortune 2\Uninstall.exe
AddRemove-WT087428 - c:\program files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe
AddRemove-WT087453 - c:\program files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe
AddRemove-WT087501 - c:\program files (x86)\HP Games\Plants vs. Zombies\Uninstall.exe
AddRemove-WT087533 - c:\program files (x86)\HP Games\Zuma Deluxe\Uninstall.exe
AddRemove-WT087536 - c:\program files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe
AddRemove-WT089299 - c:\program files (x86)\HP Games\Mystery P.I. - The London Caper\Uninstall.exe
AddRemove-WT089307 - c:\program files (x86)\HP Games\Virtual Villagers 4 - The Tree of Life\Uninstall.exe
AddRemove-WT089308 - c:\program files (x86)\HP Games\Blasterball 3\Uninstall.exe
AddRemove-WT089328 - c:\program files (x86)\HP Games\Farm Frenzy\Uninstall.exe
AddRemove-WT089359 - c:\program files (x86)\HP Games\Cake Mania\Uninstall.exe
AddRemove-WT089362 - c:\program files (x86)\HP Games\Agatha Christie - Peril at End House\Uninstall.exe
AddRemove-WTA-14c178b9-dc6e-47d5-9173-14440c68a5c7 - c:\program files (x86)\WildGames\House MD\uninstall\uninstaller.exe
AddRemove-WTA-2dc4e53b-d879-4430-a8e1-ac1da0853076 - c:\program files (x86)\WildGames\Dream Day First Home\uninstall\uninstaller.exe
AddRemove-WTA-6ebe04c8-ec19-402e-ac5e-ff7080998907 - c:\program files (x86)\WildGames\World of Zoo Animal Creator Demo\uninstall\uninstaller.exe
AddRemove-WTA-c5549c2f-9ebc-4dab-bd56-2604b5521fb4 - c:\program files (x86)\WildGames\FATE The Cursed King\uninstall\uninstaller.exe
AddRemove-{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App - c:\program files (x86)\WildTangent Games\App\Uninstall.exe
AddRemove-{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp - c:\program files (x86)\WildTangent Games\Touchpoints\hp\Uninstall.exe
AddRemove-{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8} - c:\program files (x86)\InstallShield Installation Information\{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-05 10:43:26
ComboFix-quarantined-files.txt 2012-11-05 16:43
ComboFix2.txt 2012-11-03 16:47
.
Pre-Run: 171,553,529,856 bytes free
Post-Run: 171,191,451,648 bytes free
.
- - End Of File - - 9A57509205B36AA0D09385CB2D63DF6A

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:37 PM

Posted 05 November 2012 - 02:53 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 tntpainting

tntpainting
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 05 November 2012 - 04:56 PM

Have you not seen anything abnormal?

OTL logfile created on: 11/5/2012 3:34:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\thomas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 49.70% Memory free
3.87 Gb Paging File | 2.60 Gb Available in Paging File | 67.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 213.72 Gb Total Space | 159.44 Gb Free Space | 74.60% Space Free | Partition Type: NTFS
Drive D: | 18.86 Gb Total Space | 2.74 Gb Free Space | 14.51% Space Free | Partition Type: NTFS

Computer Name: DONKEY | User Name: thomas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\thomas\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (RtVOsdService) -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe ()
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2275789538-1692829317-1745667720-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2275789538-1692829317-1745667720-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2275789538-1692829317-1745667720-1001\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=2d644d58-0a0c-4a15-9d06-5c3dcc16e767&query={searchTerms}
IE - HKU\S-1-5-21-2275789538-1692829317-1745667720-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2275789538-1692829317-1745667720-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2275789538-1692829317-1745667720-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8888
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll File not found
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\thomas\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/11 03:04:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/04 10:20:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/11 10:57:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/02/05 11:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thomas\AppData\Roaming\mozilla\Extensions
[2011/02/05 11:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thomas\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2012/02/28 17:23:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thomas\AppData\Roaming\mozilla\Firefox\Profiles\7a4hi84b.default\extensions
[2012/09/11 10:57:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/04 10:20:08 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/11 10:57:15 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/24 20:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/24 20:00:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/09/13 22:38:51 | 000,443,504 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15259 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2275789538-1692829317-1745667720-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2275789538-1692829317-1745667720-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKU\S-1-5-21-2275789538-1692829317-1745667720-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2275789538-1692829317-1745667720-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2275789538-1692829317-1745667720-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-2275789538-1692829317-1745667720-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2275789538-1692829317-1745667720-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2275789538-1692829317-1745667720-1001\..Trusted Domains: pogo.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-2275789538-1692829317-1745667720-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2275789538-1692829317-1745667720-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5234EEB6-9645-4B41-80B9-9D92E56E0DAB}: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F86C1503-1C18-4311-821A-0746555072C2}: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/05 11:45:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/05 10:43:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/05 10:25:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/11/04 21:32:15 | 000,000,000 | ---D | C] -- C:\Users\thomas\Desktop\RK_Quarantine
[2012/11/03 09:48:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/03 09:48:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/03 09:48:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/03 09:47:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/26 11:53:12 | 000,000,000 | ---D | C] -- C:\Users\thomas\AppData\Roaming\SpinTop Games
[2012/10/25 17:11:01 | 000,000,000 | ---D | C] -- C:\Users\thomas\AppData\Roaming\Hidden Anthologies Pride and Prejudice
[2012/10/24 10:11:36 | 000,000,000 | ---D | C] -- C:\Users\thomas\AppData\Roaming\Total Eclipse
[2012/10/18 13:43:47 | 000,000,000 | ---D | C] -- C:\Users\thomas\AppData\Roaming\TheFixerUpper
[2012/10/18 13:12:43 | 000,000,000 | ---D | C] -- C:\Users\thomas\AppData\Roaming\MediaArt
[2012/10/18 13:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaArt
[2012/10/09 21:08:32 | 000,000,000 | ---D | C] -- C:\Users\thomas\AppData\Roaming\LegacyGames
[2012/10/09 19:31:14 | 001,795,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
[2012/10/09 14:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\PuzzlesByJoe
[2012/10/09 09:04:27 | 000,000,000 | ---D | C] -- C:\Users\thomas\AppData\Roaming\MumboJumbo
[2012/10/07 22:34:57 | 000,000,000 | ---D | C] -- C:\Users\thomas\AppData\Roaming\PoBros
[2012/10/07 22:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PoBros
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/05 15:33:30 | 000,001,064 | ---- | M] () -- C:\Users\thomas\Desktop\OTL - Shortcut.lnk
[2012/11/05 15:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/05 15:29:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/05 10:27:47 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/05 10:27:47 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/05 10:24:46 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/05 10:24:46 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/05 10:24:46 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/05 10:24:38 | 000,001,119 | ---- | M] () -- C:\Users\thomas\Desktop\ComboFix - Shortcut.lnk
[2012/11/05 10:19:40 | 1556,287,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/04 21:30:59 | 000,001,142 | ---- | M] () -- C:\Users\thomas\Desktop\RogueKiller - Shortcut.lnk
[2012/11/04 21:19:13 | 000,001,137 | ---- | M] () -- C:\Users\thomas\Desktop\adwcleaner - Shortcut.lnk
[2012/11/04 13:46:08 | 000,007,624 | ---- | M] () -- C:\Users\thomas\AppData\Local\resmon.resmoncfg
[2012/11/04 10:20:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/11/04 08:38:40 | 000,000,512 | ---- | M] () -- C:\Users\thomas\Documents\MBR.dat
[2012/11/04 07:52:43 | 000,001,137 | ---- | M] () -- C:\Users\thomas\Desktop\tdsskiller - Shortcut.lnk
[2012/11/04 07:52:19 | 000,001,099 | ---- | M] () -- C:\Users\thomas\Desktop\aswMBR - Shortcut.lnk
[2012/11/02 15:58:45 | 000,000,756 | ---- | M] () -- C:\Users\thomas\Desktop\SecurityCheck(1) - Shortcut.lnk
[2012/11/02 15:56:54 | 000,000,000 | ---- | M] () -- C:\Users\thomas\defogger_reenable
[2012/10/31 19:11:29 | 000,000,484 | ---- | M] () -- C:\Program Files (x86)\1031201220112943.bat
[2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/30 17:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 17:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/30 17:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/26 01:43:59 | 000,001,248 | ---- | M] () -- C:\Users\thomas\Desktop\MSN Games.lnk
[2012/10/26 01:42:13 | 000,002,146 | ---- | M] () -- C:\Users\thomas\Desktop\Titanics Keys to the Past.lnk
[2012/10/26 01:40:32 | 000,002,167 | ---- | M] () -- C:\Users\thomas\Desktop\Vacation Quest Australia.lnk
[2012/10/20 23:11:58 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/15 10:59:28 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/10/09 19:31:14 | 001,795,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
[2012/10/09 07:32:14 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/09 07:32:14 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/09 07:32:04 | 010,220,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/10/08 08:14:51 | 000,001,684 | ---- | M] () -- C:\Users\thomas\Desktop\Journey Of Hope.lnk
[2012/10/08 06:17:04 | 000,000,489 | ---- | M] () -- C:\Program Files (x86)\100820127170440.bat
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/05 15:33:30 | 000,001,064 | ---- | C] () -- C:\Users\thomas\Desktop\OTL - Shortcut.lnk
[2012/11/05 10:24:38 | 000,001,119 | ---- | C] () -- C:\Users\thomas\Desktop\ComboFix - Shortcut.lnk
[2012/11/04 21:30:59 | 000,001,142 | ---- | C] () -- C:\Users\thomas\Desktop\RogueKiller - Shortcut.lnk
[2012/11/04 21:19:13 | 000,001,137 | ---- | C] () -- C:\Users\thomas\Desktop\adwcleaner - Shortcut.lnk
[2012/11/04 07:52:43 | 000,001,137 | ---- | C] () -- C:\Users\thomas\Desktop\tdsskiller - Shortcut.lnk
[2012/11/04 07:52:19 | 000,001,099 | ---- | C] () -- C:\Users\thomas\Desktop\aswMBR - Shortcut.lnk
[2012/11/03 09:48:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/03 09:48:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/03 09:48:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/03 09:48:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/03 09:48:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/02 15:58:45 | 000,000,756 | ---- | C] () -- C:\Users\thomas\Desktop\SecurityCheck(1) - Shortcut.lnk
[2012/11/02 15:56:54 | 000,000,000 | ---- | C] () -- C:\Users\thomas\defogger_reenable
[2012/10/31 19:11:29 | 000,000,484 | ---- | C] () -- C:\Program Files (x86)\1031201220112943.bat
[2012/10/26 01:42:13 | 000,002,146 | ---- | C] () -- C:\Users\thomas\Desktop\Titanics Keys to the Past.lnk
[2012/10/26 01:40:32 | 000,002,167 | ---- | C] () -- C:\Users\thomas\Desktop\Vacation Quest Australia.lnk
[2012/10/08 08:14:50 | 000,001,684 | ---- | C] () -- C:\Users\thomas\Desktop\Journey Of Hope.lnk
[2012/10/08 08:05:13 | 000,001,248 | ---- | C] () -- C:\Users\thomas\Desktop\MSN Games.lnk
[2012/10/08 06:17:04 | 000,000,489 | ---- | C] () -- C:\Program Files (x86)\100820127170440.bat
[2012/10/04 14:35:19 | 000,000,488 | ---- | C] () -- C:\Program Files (x86)\1004201215351979.bat
[2012/10/03 21:17:33 | 000,000,495 | ---- | C] () -- C:\Program Files (x86)\1003201222173334.bat
[2012/08/31 17:01:02 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/01/22 23:29:54 | 000,007,624 | ---- | C] () -- C:\Users\thomas\AppData\Local\resmon.resmoncfg
[2012/01/01 10:57:51 | 000,010,386 | -HS- | C] () -- C:\Users\thomas\AppData\Local\470av02ni13w25762888bioyaq5x238ldp8ge70703j
[2012/01/01 10:57:51 | 000,010,386 | -HS- | C] () -- C:\ProgramData\470av02ni13w25762888bioyaq5x238ldp8ge70703j
[2011/07/11 08:13:20 | 000,000,129 | ---- | C] () -- C:\Users\thomas\jagex_runescape_preferences2.dat
[2011/07/11 08:12:29 | 000,000,034 | ---- | C] () -- C:\Users\thomas\jagex_runescape_preferences.dat
[2011/01/21 12:16:50 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/11 02:38:05 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/11/11 02:34:13 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/11/11 02:34:13 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 07:27:25 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 06:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:B874BDDD
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:C06BB457
@Alternate Data Stream - 158 bytes -> C:\ProgramData\Temp:67C7FE3A
@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:B1E629F5
@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:B0D93116
@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:479D2971
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:70354350
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:C5AB6B6C
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:02B4B58C
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:ADCBD4B1
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:987CE5C8
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:E776E5F2
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:D6603C06
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:1C3669BF
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:E4BB3B5C
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:2A6EEF31
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:DAE59DEF
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:697B45E6
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:CE3E87C1
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:A1E49723
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:688E43AA
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:15C4429D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:FDBFA193
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:095FBA08
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:DBBE9F64
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:8EBDAD11
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:788022C4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:30C74695
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:A653982F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:56530ABD
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:BCE093DE
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:A38088D6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:B4C4AC77
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:A17BCEAD
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:6EEA7FA7
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:5E8FAAFC
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:4F0FEF51
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:DA6D0195
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4FD11E07
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:AFC9DFB8
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:2104E882
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:E6528C43
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:F18BEDBC
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A90435A2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:FD20BDA6
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:DC87F3FA
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:0794061A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:019F3658
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:ACDD7398
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:993F0BCE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:54997B77
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:2208DD60
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:78A567DB
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:C4B6B958
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5D6871F1
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4CA2C0F2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:231902A8
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:00325F08
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

#15 tntpainting

tntpainting
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 05 November 2012 - 10:16 PM

Hi gringo. Having some new issues i thought i should tell you about. I was on google and the computer was stalling out to where i had to wait each letter i typed into search. I opened task manager and it would show minimal cpu. i minimized it and went back to type on google. One letter and cpu is at 100%, check task manager and firefox.exe is at 95-85 cpu. i switched to safemode and same thing exept this time i see rundll32.exe in gray and under terminated but still using cpu.
windows flag at bottom right has a red x next to it. click on it and it says "turn on windows security center service"(important). i tried clicking on it and it says. "the windows security center service can't be turned on".

=====added 11-6-12 a.m.=== I woke up this morning and opened my laptop and there was an rkill.scr scan log in notebook. I did not run it, no one else uses this computer, and I put it in sleep/hibernate mode at end of day. no alcohol involved-lol. strange.

Edited by tntpainting, 06 November 2012 - 09:25 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users