Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown rootkit / partition issue


  • This topic is locked This topic is locked
30 replies to this topic

#1 andypops

andypops

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 12 November 2012 - 04:44 PM

Dear all,

I am running Windows 7 home premium. Sorry for the essay, but I'd like to fully describe my problem!

I believe I have a rootkit issue. It came from a downloaded video which had a corrupted time-base, and once a certain point in the episode was reached, my PC crashed and rebooted. Initially it started as before, but I very quickly started to receive the typical "your computer is infected with malware - buy our software", or "your hard-drive is corrupted!" scare-type messages. Also desktop icons were lost, and my start bar was changed in a few ways.

I deleted the infected video, ran Rkill, malwarebytes and then unhide. I typically have 2-3 processes killed by Rkill - almost always the following two:
* C:\Windows\DAODx.exe (PID: 2220) [WD-HEUR]
* C:\Windows\system32\lxdncoms.exe (PID: 3556) [WD-HEUR] (I would like to add that I do not have a lexmark printer, have any printing software installed, or has this PC ever been connected to any printer!)

The computer was (relatively) stable, the icons were recovered and I am able to open software (.exe). However, the start bar was left before, for example icons on the bar are listed rather than stacked, and the system tray does not auto-hide. I don't know if these are options which I can replace, but so far I can't find them.

In order to try to return to normal, I tried to run windows' System Restore, to a restore point before I downloaded the offending item. This informed me that my hard drive (Disk C:) may be corrupted and needs to be checked at the next reboot before I could restore. I opted to reboot, and on reboot the disk can started. This was very slow (about 2 1/2 hours). I had given up waiting for it at this point and gone to bed, and when I woke up the next morning the computer was booted, with odd start bar behaviour as before. I also noticed a couple of pop-up type messages offering various "services" - but these are not threatening, and do not redirect me to any website or try to open anything else. I simply run Rkill every time I reboot and do not have issues.

The "disk scan" now runs every time I boot the PC, and I do not know why. In my panic to try to fix this, I have run a variety of tools in order to see what this is - but I have tried to stick to the mainstream ones. I haven't used the one which the forums say not to use unless instructed! I have a log from AVAST which I have posted below (item 3). From my elementary knowledge of these things, I believe that I have a rootkit which has created a false-partition on my C:, which the appears corrupted to windows?

I am unable to run tdsskiller - it simply won't open (even when I run as administrator). My computer is running very slowly since, and especially internet browsing is not right. Sometimes, a page will open, while another tab opened at the same time is unable to load! Download times are generally unaffected though.

Please see the logs from dds and aswMBR (avast) below.

I would really appreciate it if anybody can help me out! I am within a few months of finishing my PhD thesis (Chemistry), and I can't afford to be without my computer right now!

All the best,


Andypops



dds (1)

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16800 BrowserJavaVersion: 10.5.0
Run by Andypops at 21:20:03 on 2012-11-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4094.2502 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Andypops\AppData\Local\Temp\nsa2F2C.tmp\PEV.DAT
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/news
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [cDwQgxKRTfxQaqo.exe] C:\ProgramData\cDwQgxKRTfxQaqo.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Andypops\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPBUTT~1.LNK - C:\Program Files (x86)\HP\Button Manager\BM.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{77E10699-9801-43A6-80B7-273E48979955} : DHCPNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andypops\AppData\Roaming\Mozilla\Firefox\Profiles\lce0bds7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news|http://www.biomed.curtin.edu.au/biochem/tutorials/aaquiz/index.html|http://www.bbc.co.uk/iplayer/radio/bbc_radio_fourfm/listenlive|http://www.menshealth.com/fitness/physical-fitness-test-pushups
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: C:\Users\Andypops\AppData\Roaming\Mozilla\Firefox\Profiles\lce0bds7.default\extensions\zoteroWinWordIntegration@zotero.org\components\zoteroWinWordIntegration.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\NPCDP32.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-6-13 600920]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-6-13 288088]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-7 202752]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-6-13 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-6-13 64856]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-6 42184]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-4 399432]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-7-11 39480]
S2 AVP;Kaspersky Anti-Virus Service;"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-10-16 319488]
S2 lxdn_device;lxdn_device;C:\Windows\System32\lxdncoms.exe -service --> C:\Windows\System32\lxdncoms.exe -service [?]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-4 676936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-7-11 346144]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
.
=============== Created Last 30 ================
.
2012-11-12 20:13:06 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97D83614-C386-410D-A77E-28C52EC74539}\mpengine.dll
2012-11-11 18:39:52 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{705D6F3C-60B1-446F-8108-7E1B80F4B42F}\gapaengine.dll
2012-11-11 18:39:37 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-08 23:29:51 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-11-08 23:29:43 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-11-08 23:29:26 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-11-04 23:17:12 -------- d-----w- C:\Users\Andypops\AppData\Roaming\Malwarebytes
2012-11-04 23:16:44 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-04 23:16:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-17 15:20:25 -------- d-----w- C:\Users\Andypops\AppData\Roaming\SnapGene
2012-10-17 15:20:25 -------- d-----w- C:\ProgramData\SnapGene
2012-10-17 15:20:18 -------- d-----w- C:\Program Files (x86)\SnapGene
2012-10-17 14:53:58 -------- d-----w- C:\Users\Andypops\AppData\Roaming\SnapGene Viewer
2012-10-17 14:53:58 -------- d-----w- C:\Users\Andypops\AppData\Roaming\GSLBiotech
2012-10-17 14:53:58 -------- d-----w- C:\ProgramData\SnapGene Viewer
2012-10-17 14:53:50 -------- d-----w- C:\Program Files (x86)\SnapGene Viewer
2012-10-17 14:27:37 -------- d-----w- C:\Program Files (x86)\BV Tech
.
==================== Find3M ====================
.
2012-10-11 21:32:13 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-11 21:32:13 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-30 22:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-30 22:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 21:23:09.26 ===============




attach (2)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/07/2010 20:32:40
System Uptime: 12/11/2012 21:02:37 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A89TD PRO USB3
Processor: AMD Phenom™ II X6 1055T Processor | AM3 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 81.148 GiB free.
D: is CDROM (CDFS)
.


[REDACTED]


==== Event Viewer Messages From Past Week ========
.
12/11/2012 21:19:47, Error: Service Control Manager [7034] - The lxdn_device service terminated unexpectedly. It has done this 1 time(s).
12/11/2012 21:14:48, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
12/11/2012 21:14:32, Error: Service Control Manager [7034] - The DeviceVM Meta Data Export Service service terminated unexpectedly. It has done this 1 time(s).
12/11/2012 21:12:43, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/11/2012 21:05:36, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
12/11/2012 21:04:09, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KL1 kl2 KLIF KLIM6
12/11/2012 21:04:08, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
12/11/2012 21:03:55, Error: Service Control Manager [7000] - The Kaspersky Anti-Virus Service service failed to start due to the following error: The system cannot find the file specified.
12/11/2012 21:02:53, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
12/11/2012 21:00:00, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/11/2012 18:36:15, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD External Events Utility service.
08/11/2012 23:38:05, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.139.1661.0).
08/11/2012 23:38:01, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: Andy-newdesktop\Andypops Error Code: 0x8007042c Error description: The dependency service or group failed to start.
08/11/2012 23:38:01, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: Andy-newdesktop\Andypops Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
08/11/2012 23:37:36, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1661.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80070643 Error description: Fatal error during installation.
08/11/2012 23:37:33, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: Engine Type: Network Inspection System User: NT AUTHORITY\SYSTEM Error Code: 0x8007042c Error description: The dependency service or group failed to start.
08/11/2012 23:37:33, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: Error code: 0x8007042c Error description: The dependency service or group failed to start.
08/11/2012 22:39:12, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
08/11/2012 22:39:09, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
08/11/2012 22:39:06, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
08/11/2012 22:39:01, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
08/11/2012 22:38:42, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
08/11/2012 22:38:30, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
08/11/2012 22:23:59, Error: Service Control Manager [7034] - The avast! Antivirus service terminated unexpectedly. It has done this 3 time(s).
08/11/2012 20:18:37, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
08/11/2012 20:18:37, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
08/11/2012 20:18:05, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
08/11/2012 20:18:05, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473536.
06/11/2012 23:48:46, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
06/11/2012 23:48:46, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
05/11/2012 23:13:55, Error: Service Control Manager [7034] - The Steam Client Service service terminated unexpectedly. It has done this 1 time(s).
05/11/2012 20:18:14, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
.
==== End Of File ===========================



aswMBR log (3)
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-08 23:31:59
-----------------------------
23:31:59.968 OS Version: Windows x64 6.1.7600
23:31:59.968 Number of processors: 6 586 0xA00
23:31:59.978 ComputerName: ANDY-NEWDESKTOP UserName: Andypops
23:32:02.961 Initialize success
23:32:03.148 AVAST engine defs: 12110800
23:32:15.925 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
23:32:15.925 Disk 0 Vendor: ST3500412AS CC32 Size: 476940MB BusType: 3
23:32:15.940 Disk 0 MBR read successfully
23:32:15.940 Disk 0 MBR scan
23:32:15.956 Disk 0 Windows 7 default MBR code
23:32:15.956 Disk 0 MBR hidden
23:32:15.972 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 100 MB offset 2048
23:32:15.972 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476824 MB offset 206848
23:32:16.018 Disk 0 Partition 3 80 (A) 17 Hidd HPFS/NTFS NTFS 10 MB offset 976744448
23:32:16.018 Disk 0 Partition 3 **INFECTED** MBR:SST [Rtk]
23:32:16.034 Disk 0 MBR [SST] **ROOTKIT**
23:32:16.034 Disk 0 trace - called modules:
23:32:16.050 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004b4d5a4]<<>>UNKNOWN [0xfffffa80047032c0]<<spcr.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:32:16.050 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b3a060]
23:32:16.050 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa80048ca520]
23:32:16.065 5 ACPI.sys[fffff88000e3a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa80048cc060]
23:32:16.065 \Driver\atapi[0xfffffa800486a440] -> IRP_MJ_CREATE -> 0xfffffa80047032c0
23:32:17.313 AVAST engine scan C:\Windows
23:32:19.809 AVAST engine scan C:\Windows\system32
23:34:29.347 AVAST engine scan C:\Windows\system32\drivers
23:34:37.505 AVAST engine scan C:\Users\Andypops
23:38:55.605 Disk 0 MBR has been saved successfully to "C:\Users\Andypops\Desktop\MBR.dat"
23:38:55.745 The log file has been saved successfully to "C:\Users\Andypops\Desktop\aswMBR 2012 11 08.txt"

Edited by andypops, 12 November 2012 - 04:52 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 12 November 2012 - 11:13 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 andypops

andypops
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 15 November 2012 - 05:07 PM

Dear Gringo,

Please find everything below. Sorry I've been so slow replying to your post, I am still here but have been working 22 hour days!

I hope this helps. Thanks for taking the time to go through this :)

All the best,


Andy


EDIT:
I noticed from the below logs that I have a few out-of-date programs- e.g. Internet Explorer (this is only ever used as my "backup" browser, as I use Firefox usually). Should I update, for example, my firefox (although I believe 14.01 is still supported?) and / or windows service updates, in order to plug any gaps?

Finally, after I ran the 3 programs you recommended, I am still suffering from slow computer running, and some problems connecting to websites (refreshing works - so there seems to be a "randomness" factor in whether a tab will be open). Also, on rebooting I still receive a warning that an NTFS harddrive (C:) is possibly corrupt and needs to be scanned. I am currently skipping this every time, as it took well over 2 hours the last few times.

In addition, I am unable to put my computer to sleep or hibernate; I can only log on / off (I am sole user) and shut down. Previously, I used to sleep or hibernate most of the time. I haven't deleted any files or changed any settings to prevent this.



Security Check Results

Results of screen317's Security Check version 0.99.54
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!
avast! Antivirus
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 14.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


AdwCleaner Report

# AdwCleaner v2.007 - Logfile created 11/15/2012 at 21:53:01
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Andypops - ANDY-NEWDESKTOP
# Boot Mode : Normal
# Running from : C:\Users\Andypops\Desktop\New folder (3)\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Andypops\AppData\Roaming\Mozilla\Firefox\Profiles\lce0bds7.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [711 octets] - [15/11/2012 21:53:01]

########## EOF - C:\AdwCleaner[S2].txt - [770 octets] ##########


RKiller Report

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Andypops [Admin rights]
Mode : Scan -- Date : 11/15/2012 22:01:39

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] DAODx.exe -- C:\Windows\DAODx.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cDwQgxKRTfxQaqo.exe (C:\ProgramData\cDwQgxKRTfxQaqo.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3292465053-2252723455-3984825215-1000[...]\Run : cDwQgxKRTfxQaqo.exe (C:\ProgramData\cDwQgxKRTfxQaqo.exe) -> FOUND
[TASK][SUSP PATH] RunDAOD : C:\Windows\DAODx.exe -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500412AS ATA Device +++++
--- User ---
[MBR] 8d31029289c3b4dfb40a7631dd19e227
[BSP] b99561b8ad84959a19d26c4be76851aa : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476824 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11152012_02d2201.txt >>
RKreport[1]_S_11152012_02d2201.txt






Edited by andypops, 15 November 2012 - 06:37 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 15 November 2012 - 09:38 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 andypops

andypops
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 16 November 2012 - 03:14 PM

Hi Gringo,

I originally thought it was going to be bad news - here is a full narrative of events.

I followed your instructions to the letter. After Combofix had finished (it ran with no problems), I re-started the antivirus software I usually run (Avast and Microsoft Security Essentials), and saved the log file.

When I opened Firefox to write back to you, nothing happened. The loading icon came up, but then disappeared again. I tried again; nothing happened. I tried to open up task manager from the start bar to see what processes were going, but the computer hung at this point, with a perpetually spinning "blue-circle" loading icon.

Ten minutes later, I shut the computer down using the power button, and attempted to restart. Again, the disk checker came up which I skipped. I opted to boot the computer as normal (not in safe mode). Again, as soon as I had rebooted the computer hung, without allowing me the time to load any programme.

Again, I turned off via power button, and rebooted. Again I opened in normal, non-safe mode, and this time accepted the disk checker.

This time, the disk checker took about 5 minutes, which is roughly how long it took before I had any infection. The computer rebooted, and this time, it didn't go back to the disk checker! :D

The computer has booted normally, I am able to use Firefox and other software, and I will post the Combofix log underneath this post.

Thanks very much!


Andy




Combofix Log File

ComboFix 12-11-16.02 - Andypops 16/11/2012 19:38:04.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4094.3066 [GMT 0:00]
Running from: c:\users\Andypops\Desktop\New folder (3)\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\5vCQA5exkoJCRa
c:\windows\iun6002.exe
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))
.
.
2012-11-16 19:45 . 2012-11-16 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-15 18:03 . 2012-10-12 00:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02970914-6D80-415F-A7E9-88BBF43C40CA}\mpengine.dll
2012-11-14 17:03 . 2012-10-12 00:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-11 18:39 . 2012-11-11 18:39 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{705D6F3C-60B1-446F-8108-7E1B80F4B42F}\gapaengine.dll
2012-11-08 23:29 . 2012-11-08 23:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-11-08 23:29 . 2012-11-08 23:30 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-08 23:29 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-11-04 23:17 . 2012-11-04 23:17 -------- d-----w- c:\users\Andypops\AppData\Roaming\Malwarebytes
2012-11-04 23:16 . 2012-11-04 23:16 -------- d-----w- c:\programdata\Malwarebytes
2012-11-04 23:16 . 2012-11-04 23:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 21:32 . 2012-07-24 23:13 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-11 21:32 . 2011-08-08 17:25 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-30 22:03 . 2012-08-30 22:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 22:03 . 2012-08-30 22:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-07-14 00:17 . 2012-08-14 17:46 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-05 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Andypops\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-9-26 142848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Button Manager.lnk - c:\program files (x86)\HP\Button Manager\BM.exe [2011-10-25 356864]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-12 834544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 64856]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-11-28 1039872]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-03 00:23]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-03 00:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bbc.co.uk/news
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Andypops\AppData\Roaming\Mozilla\Firefox\Profiles\lce0bds7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news|http://www.biomed.curtin.edu.au/biochem/tutorials/aaquiz/index.html|http://www.bbc.co.uk/iplayer/radio/bbc_radio_fourfm/listenlive|http://www.menshealth.com/fitness/physical-fitness-test-pushups
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Command_And_Conquer_Yuri's_Revenge_1.001_MPI - c:\windows\iun6002.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-S3 Gold - c:\bluebyte\Settlers3\Uninst.isu
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3292465053-2252723455-3984825215-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*o*åL}W\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3292465053-2252723455-3984825215-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*P*e*t*e*_*H*a*l*e*y*C*HlI\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3292465053-2252723455-3984825215-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*™né}P**€©]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3292465053-2252723455-3984825215-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*™né}P**€©\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3292465053-2252723455-3984825215-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6f,d4,dd,4d,e2,97,5a,e0,e6,2e,19,5e,8a,b8,a3,d8,df,4b,7f,57,45,35,2f,
5a,a6,c3,43,68,b0,c8,35,ff,40,91,69,d7,1f,63,0b,76,ed,5d,90,83,dc,4f,e2,7e,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-16 19:48:16
ComboFix-quarantined-files.txt 2012-11-16 19:48
.
Pre-Run: 86,081,310,720 bytes free
Post-Run: 86,048,276,480 bytes free
.
- - End Of File - - D9E36D4C1F5E7E1F2C8BCF41A30A17FF

Edited by andypops, 16 November 2012 - 03:22 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 16 November 2012 - 04:44 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 andypops

andypops
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 16 November 2012 - 05:27 PM

Hi Gringo,

tdssKiller Report is below. AswMBR report to follow.

All the best,


Andy

22:25:04.0153 5220 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:25:04.0565 5220 ============================================================
22:25:04.0565 5220 Current date / time: 2012/11/16 22:25:04.0565
22:25:04.0565 5220 SystemInfo:
22:25:04.0565 5220
22:25:04.0565 5220 OS Version: 6.1.7600 ServicePack: 0.0
22:25:04.0565 5220 Product type: Workstation
22:25:04.0565 5220 ComputerName: ANDY-NEWDESKTOP
22:25:04.0566 5220 UserName: Andypops
22:25:04.0566 5220 Windows directory: C:\Windows
22:25:04.0566 5220 System windows directory: C:\Windows
22:25:04.0566 5220 Running under WOW64
22:25:04.0566 5220 Processor architecture: Intel x64
22:25:04.0566 5220 Number of processors: 6
22:25:04.0566 5220 Page size: 0x1000
22:25:04.0566 5220 Boot type: Normal boot
22:25:04.0566 5220 ============================================================
22:25:06.0427 5220 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:25:06.0507 5220 ============================================================
22:25:06.0507 5220 \Device\Harddisk0\DR0:
22:25:06.0577 5220 MBR partitions:
22:25:06.0577 5220 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:25:06.0577 5220 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A34C030
22:25:06.0577 5220 ============================================================
22:25:06.0666 5220 C: <-> \Device\Harddisk0\DR0\Partition2
22:25:06.0666 5220 ============================================================
22:25:06.0666 5220 Initialize success
22:25:06.0666 5220 ============================================================
22:25:24.0684 5320 ============================================================
22:25:24.0684 5320 Scan started
22:25:24.0684 5320 Mode: Manual;
22:25:24.0684 5320 ============================================================
22:25:24.0977 5320 ================ Scan system memory ========================
22:25:24.0977 5320 System memory - ok
22:25:24.0978 5320 ================ Scan services =============================
22:25:25.0204 5320 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:25:25.0209 5320 1394ohci - ok
22:25:25.0318 5320 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
22:25:25.0322 5320 ACDaemon - ok
22:25:25.0361 5320 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:25:25.0368 5320 ACPI - ok
22:25:25.0397 5320 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:25:25.0400 5320 AcpiPmi - ok
22:25:25.0469 5320 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:25:25.0472 5320 AdobeARMservice - ok
22:25:25.0568 5320 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:25:25.0574 5320 AdobeFlashPlayerUpdateSvc - ok
22:25:25.0615 5320 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:25:25.0626 5320 adp94xx - ok
22:25:25.0649 5320 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:25:25.0657 5320 adpahci - ok
22:25:25.0676 5320 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:25:25.0681 5320 adpu320 - ok
22:25:25.0717 5320 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:25:25.0719 5320 AeLookupSvc - ok
22:25:25.0755 5320 [ 6EF20DDF3172E97D69F596FB90602F29 ] AFD C:\Windows\system32\drivers\afd.sys
22:25:25.0762 5320 AFD - ok
22:25:25.0782 5320 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:25:25.0784 5320 agp440 - ok
22:25:25.0802 5320 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:25:25.0805 5320 ALG - ok
22:25:25.0829 5320 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:25:25.0830 5320 aliide - ok
22:25:25.0865 5320 [ CAA6ED31C6DA3C505A684162B3492166 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:25:25.0917 5320 AMD External Events Utility - ok
22:25:25.0930 5320 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:25:25.0931 5320 amdide - ok
22:25:25.0968 5320 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:25:25.0971 5320 AmdK8 - ok
22:25:26.0119 5320 [ CC0B8B1912967D429C4A2D2BD7A9E52D ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:25:26.0304 5320 amdkmdag - ok
22:25:26.0316 5320 [ B855C99C23A57EDECA29F49A3210B95C ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
22:25:26.0329 5320 amdkmdap - ok
22:25:26.0348 5320 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:25:26.0349 5320 AmdPPM - ok
22:25:26.0358 5320 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
22:25:26.0360 5320 amdsata - ok
22:25:26.0388 5320 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:25:26.0391 5320 amdsbs - ok
22:25:26.0402 5320 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
22:25:26.0404 5320 amdxata - ok
22:25:26.0423 5320 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
22:25:26.0425 5320 AppID - ok
22:25:26.0441 5320 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:25:26.0442 5320 AppIDSvc - ok
22:25:26.0467 5320 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
22:25:26.0469 5320 Appinfo - ok
22:25:26.0537 5320 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:25:26.0541 5320 Apple Mobile Device - ok
22:25:26.0570 5320 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:25:26.0574 5320 arc - ok
22:25:26.0595 5320 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:25:26.0598 5320 arcsas - ok
22:25:26.0718 5320 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:25:26.0722 5320 aspnet_state - ok
22:25:26.0777 5320 [ 55353CD0DA287B2C3782485740965B54 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
22:25:26.0779 5320 aswFsBlk - ok
22:25:26.0850 5320 [ B38061CDEFB71361E0C7547AC60527E8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
22:25:26.0854 5320 aswMonFlt - ok
22:25:26.0870 5320 [ 91E7ACA95933633B2557F47CDFDB74C3 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
22:25:26.0873 5320 aswRdr - ok
22:25:26.0907 5320 [ 2B15499F68FAD60CE69264A327E9B0F0 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
22:25:26.0916 5320 aswSnx - ok
22:25:26.0931 5320 [ 4D939ECB19DC930056593390D1C87C43 ] aswSP C:\Windows\system32\drivers\aswSP.sys
22:25:26.0935 5320 aswSP - ok
22:25:26.0944 5320 [ D633426C5A207CE21767569AA4946891 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
22:25:26.0946 5320 aswTdi - ok
22:25:26.0956 5320 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:25:26.0958 5320 AsyncMac - ok
22:25:26.0976 5320 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:25:26.0977 5320 atapi - ok
22:25:27.0010 5320 [ 637E0753BD6DEB8EA5314A5C357EC1A0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
22:25:27.0013 5320 AtiHdmiService - ok
22:25:27.0055 5320 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:25:27.0065 5320 AudioEndpointBuilder - ok
22:25:27.0077 5320 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:25:27.0083 5320 AudioSrv - ok
22:25:27.0147 5320 [ D16C826F375A44802BF317982E81A7E2 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:25:27.0149 5320 avast! Antivirus - ok
22:25:27.0155 5320 AVP - ok
22:25:27.0195 5320 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:25:27.0198 5320 AxInstSV - ok
22:25:27.0236 5320 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:25:27.0243 5320 b06bdrv - ok
22:25:27.0279 5320 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:25:27.0283 5320 b57nd60a - ok
22:25:27.0308 5320 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:25:27.0312 5320 BDESVC - ok
22:25:27.0336 5320 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:25:27.0337 5320 Beep - ok
22:25:27.0368 5320 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
22:25:27.0378 5320 BFE - ok
22:25:27.0411 5320 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
22:25:27.0425 5320 BITS - ok
22:25:27.0448 5320 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:25:27.0450 5320 blbdrive - ok
22:25:27.0497 5320 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:25:27.0504 5320 Bonjour Service - ok
22:25:27.0529 5320 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:25:27.0533 5320 bowser - ok
22:25:27.0551 5320 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:25:27.0553 5320 BrFiltLo - ok
22:25:27.0574 5320 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:25:27.0576 5320 BrFiltUp - ok
22:25:27.0612 5320 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
22:25:27.0615 5320 BridgeMP - ok
22:25:27.0646 5320 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
22:25:27.0649 5320 Browser - ok
22:25:27.0668 5320 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:25:27.0673 5320 Brserid - ok
22:25:27.0698 5320 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:25:27.0700 5320 BrSerWdm - ok
22:25:27.0720 5320 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:25:27.0722 5320 BrUsbMdm - ok
22:25:27.0736 5320 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:25:27.0738 5320 BrUsbSer - ok
22:25:27.0759 5320 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:25:27.0761 5320 BTHMODEM - ok
22:25:27.0789 5320 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:25:27.0791 5320 bthserv - ok
22:25:27.0802 5320 catchme - ok
22:25:27.0815 5320 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:25:27.0818 5320 cdfs - ok
22:25:27.0854 5320 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:25:27.0859 5320 cdrom - ok
22:25:27.0876 5320 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
22:25:27.0879 5320 CertPropSvc - ok
22:25:27.0900 5320 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:25:27.0902 5320 circlass - ok
22:25:27.0923 5320 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:25:27.0929 5320 CLFS - ok
22:25:27.0981 5320 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:25:27.0984 5320 clr_optimization_v2.0.50727_32 - ok
22:25:28.0031 5320 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:25:28.0035 5320 clr_optimization_v2.0.50727_64 - ok
22:25:28.0096 5320 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:25:28.0101 5320 clr_optimization_v4.0.30319_32 - ok
22:25:28.0116 5320 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:25:28.0119 5320 clr_optimization_v4.0.30319_64 - ok
22:25:28.0156 5320 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:25:28.0158 5320 CmBatt - ok
22:25:28.0176 5320 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:25:28.0178 5320 cmdide - ok
22:25:28.0211 5320 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
22:25:28.0218 5320 CNG - ok
22:25:28.0233 5320 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:25:28.0235 5320 Compbatt - ok
22:25:28.0252 5320 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:25:28.0254 5320 CompositeBus - ok
22:25:28.0259 5320 COMSysApp - ok
22:25:28.0283 5320 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:25:28.0285 5320 crcdisk - ok
22:25:28.0315 5320 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:25:28.0318 5320 CryptSvc - ok
22:25:28.0346 5320 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:25:28.0357 5320 DcomLaunch - ok
22:25:28.0398 5320 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:25:28.0404 5320 defragsvc - ok
22:25:28.0434 5320 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:25:28.0437 5320 DfsC - ok
22:25:28.0453 5320 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
22:25:28.0459 5320 Dhcp - ok
22:25:28.0478 5320 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:25:28.0480 5320 discache - ok
22:25:28.0499 5320 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:25:28.0501 5320 Disk - ok
22:25:28.0523 5320 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:25:28.0528 5320 Dnscache - ok
22:25:28.0540 5320 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
22:25:28.0546 5320 dot3svc - ok
22:25:28.0561 5320 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
22:25:28.0565 5320 DPS - ok
22:25:28.0601 5320 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:25:28.0603 5320 drmkaud - ok
22:25:28.0737 5320 [ E5B95C75557120881076C45CD146D72C ] DvmMDES C:\ASUS.SYS\config\DVMExportService.exe
22:25:28.0824 5320 DvmMDES - ok
22:25:28.0859 5320 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:25:28.0869 5320 DXGKrnl - ok
22:25:28.0896 5320 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:25:28.0899 5320 EapHost - ok
22:25:28.0956 5320 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:25:28.0999 5320 ebdrv - ok
22:25:29.0015 5320 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
22:25:29.0018 5320 EFS - ok
22:25:29.0083 5320 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:25:29.0159 5320 ehRecvr - ok
22:25:29.0187 5320 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:25:29.0240 5320 ehSched - ok
22:25:29.0275 5320 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:25:29.0281 5320 elxstor - ok
22:25:29.0289 5320 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:25:29.0291 5320 ErrDev - ok
22:25:29.0334 5320 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:25:29.0340 5320 EventSystem - ok
22:25:29.0365 5320 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:25:29.0368 5320 exfat - ok
22:25:29.0381 5320 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:25:29.0384 5320 fastfat - ok
22:25:29.0404 5320 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
22:25:29.0413 5320 Fax - ok
22:25:29.0418 5320 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:25:29.0419 5320 fdc - ok
22:25:29.0429 5320 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:25:29.0431 5320 fdPHost - ok
22:25:29.0441 5320 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:25:29.0444 5320 FDResPub - ok
22:25:29.0471 5320 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:25:29.0473 5320 FileInfo - ok
22:25:29.0485 5320 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:25:29.0487 5320 Filetrace - ok
22:25:29.0491 5320 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:25:29.0492 5320 flpydisk - ok
22:25:29.0507 5320 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:25:29.0511 5320 FltMgr - ok
22:25:29.0538 5320 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
22:25:29.0559 5320 FontCache - ok
22:25:29.0595 5320 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:25:29.0597 5320 FontCache3.0.0.0 - ok
22:25:29.0606 5320 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:25:29.0608 5320 FsDepends - ok
22:25:29.0621 5320 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:25:29.0622 5320 Fs_Rec - ok
22:25:29.0644 5320 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:25:29.0647 5320 fvevol - ok
22:25:29.0668 5320 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:25:29.0670 5320 gagp30kx - ok
22:25:29.0704 5320 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:25:29.0706 5320 GEARAspiWDM - ok
22:25:29.0735 5320 GMSIPCI - ok
22:25:29.0775 5320 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
22:25:29.0787 5320 gpsvc - ok
22:25:29.0871 5320 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:25:29.0875 5320 gupdate - ok
22:25:29.0901 5320 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:25:29.0904 5320 gupdatem - ok
22:25:29.0938 5320 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
22:25:29.0941 5320 hamachi - ok
22:25:29.0958 5320 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:25:29.0961 5320 hcw85cir - ok
22:25:30.0006 5320 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:25:30.0014 5320 HdAudAddService - ok
22:25:30.0036 5320 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:25:30.0041 5320 HDAudBus - ok
22:25:30.0062 5320 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:25:30.0065 5320 HidBatt - ok
22:25:30.0084 5320 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:25:30.0088 5320 HidBth - ok
22:25:30.0099 5320 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:25:30.0104 5320 HidIr - ok
22:25:30.0121 5320 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
22:25:30.0125 5320 hidserv - ok
22:25:30.0147 5320 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:25:30.0150 5320 HidUsb - ok
22:25:30.0181 5320 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:25:30.0189 5320 hkmsvc - ok
22:25:30.0213 5320 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:25:30.0219 5320 HomeGroupListener - ok
22:25:30.0247 5320 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:25:30.0254 5320 HomeGroupProvider - ok
22:25:30.0273 5320 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:25:30.0276 5320 HpSAMD - ok
22:25:30.0305 5320 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:25:30.0316 5320 HTTP - ok
22:25:30.0327 5320 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:25:30.0329 5320 hwpolicy - ok
22:25:30.0360 5320 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:25:30.0364 5320 i8042prt - ok
22:25:30.0396 5320 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
22:25:30.0406 5320 iaStorV - ok
22:25:30.0485 5320 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:25:30.0531 5320 IDriverT - ok
22:25:30.0592 5320 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:25:30.0610 5320 idsvc - ok
22:25:30.0636 5320 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:25:30.0640 5320 iirsp - ok
22:25:30.0719 5320 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
22:25:30.0739 5320 IKEEXT - ok
22:25:30.0852 5320 [ A3BCBD0F710580A07D1B929D787D36CE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:25:30.0917 5320 IntcAzAudAddService - ok
22:25:30.0940 5320 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:25:30.0947 5320 intelide - ok
22:25:31.0014 5320 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:25:31.0018 5320 intelppm - ok
22:25:31.0067 5320 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:25:31.0075 5320 IPBusEnum - ok
22:25:31.0084 5320 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:25:31.0088 5320 IpFilterDriver - ok
22:25:31.0140 5320 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:25:31.0155 5320 iphlpsvc - ok
22:25:31.0170 5320 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:25:31.0173 5320 IPMIDRV - ok
22:25:31.0179 5320 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:25:31.0182 5320 IPNAT - ok
22:25:31.0230 5320 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:25:31.0242 5320 iPod Service - ok
22:25:31.0260 5320 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:25:31.0263 5320 IRENUM - ok
22:25:31.0275 5320 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:25:31.0277 5320 isapnp - ok
22:25:31.0294 5320 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:25:31.0298 5320 iScsiPrt - ok
22:25:31.0316 5320 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:25:31.0318 5320 kbdclass - ok
22:25:31.0345 5320 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:25:31.0347 5320 kbdhid - ok
22:25:31.0354 5320 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
22:25:31.0357 5320 KeyIso - ok
22:25:31.0373 5320 KL1 - ok
22:25:31.0379 5320 kl2 - ok
22:25:31.0404 5320 KLIF - ok
22:25:31.0410 5320 KLIM6 - ok
22:25:31.0415 5320 klmouflt - ok
22:25:31.0431 5320 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:25:31.0434 5320 KSecDD - ok
22:25:31.0453 5320 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:25:31.0455 5320 KSecPkg - ok
22:25:31.0462 5320 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:25:31.0463 5320 ksthunk - ok
22:25:31.0490 5320 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:25:31.0496 5320 KtmRm - ok
22:25:31.0516 5320 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:25:31.0521 5320 LanmanServer - ok
22:25:31.0540 5320 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:25:31.0545 5320 LanmanWorkstation - ok
22:25:31.0584 5320 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:25:31.0586 5320 lltdio - ok
22:25:31.0605 5320 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:25:31.0609 5320 lltdsvc - ok
22:25:31.0638 5320 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:25:31.0640 5320 lmhosts - ok
22:25:31.0669 5320 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:25:31.0671 5320 LSI_FC - ok
22:25:31.0690 5320 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:25:31.0692 5320 LSI_SAS - ok
22:25:31.0701 5320 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:25:31.0703 5320 LSI_SAS2 - ok
22:25:31.0718 5320 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:25:31.0720 5320 LSI_SCSI - ok
22:25:31.0735 5320 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:25:31.0737 5320 luafv - ok
22:25:31.0752 5320 lxdn_device - ok
22:25:31.0763 5320 MBAMProtector - ok
22:25:31.0808 5320 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:25:31.0817 5320 MBAMScheduler - ok
22:25:31.0858 5320 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:25:31.0867 5320 MBAMService - ok
22:25:31.0910 5320 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:25:31.0916 5320 Mcx2Svc - ok
22:25:31.0928 5320 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:25:31.0930 5320 megasas - ok
22:25:31.0950 5320 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:25:31.0954 5320 MegaSR - ok
22:25:31.0986 5320 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:25:31.0991 5320 MMCSS - ok
22:25:32.0000 5320 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:25:32.0003 5320 Modem - ok
22:25:32.0026 5320 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:25:32.0029 5320 monitor - ok
22:25:32.0037 5320 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:25:32.0039 5320 mouclass - ok
22:25:32.0049 5320 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:25:32.0051 5320 mouhid - ok
22:25:32.0064 5320 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:25:32.0067 5320 mountmgr - ok
22:25:32.0144 5320 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:25:32.0148 5320 MozillaMaintenance - ok
22:25:32.0185 5320 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
22:25:32.0191 5320 MpFilter - ok
22:25:32.0210 5320 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:25:32.0215 5320 mpio - ok
22:25:32.0232 5320 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:25:32.0236 5320 mpsdrv - ok
22:25:32.0278 5320 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:25:32.0300 5320 MpsSvc - ok
22:25:32.0316 5320 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:25:32.0321 5320 MRxDAV - ok
22:25:32.0346 5320 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:25:32.0351 5320 mrxsmb - ok
22:25:32.0377 5320 [ A8C2D7673C8A010569390C826A0EFAF4 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:25:32.0385 5320 mrxsmb10 - ok
22:25:32.0406 5320 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:25:32.0411 5320 mrxsmb20 - ok
22:25:32.0440 5320 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:25:32.0443 5320 msahci - ok
22:25:32.0469 5320 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:25:32.0472 5320 msdsm - ok
22:25:32.0484 5320 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:25:32.0489 5320 MSDTC - ok
22:25:32.0513 5320 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:25:32.0515 5320 Msfs - ok
22:25:32.0524 5320 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:25:32.0526 5320 mshidkmdf - ok
22:25:32.0533 5320 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:25:32.0535 5320 msisadrv - ok
22:25:32.0563 5320 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:25:32.0568 5320 MSiSCSI - ok
22:25:32.0572 5320 msiserver - ok
22:25:32.0598 5320 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:25:32.0600 5320 MSKSSRV - ok
22:25:32.0690 5320 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:25:32.0693 5320 MsMpSvc - ok
22:25:32.0727 5320 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:25:32.0738 5320 MSPCLOCK - ok
22:25:32.0767 5320 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:25:32.0775 5320 MSPQM - ok
22:25:32.0812 5320 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:25:32.0821 5320 MsRPC - ok
22:25:32.0842 5320 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:25:32.0844 5320 mssmbios - ok
22:25:32.0867 5320 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:25:32.0869 5320 MSTEE - ok
22:25:32.0888 5320 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:25:32.0890 5320 MTConfig - ok
22:25:32.0915 5320 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:25:32.0918 5320 MTsensor - ok
22:25:32.0932 5320 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:25:32.0936 5320 Mup - ok
22:25:32.0965 5320 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
22:25:32.0973 5320 napagent - ok
22:25:33.0003 5320 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:25:33.0012 5320 NativeWifiP - ok
22:25:33.0046 5320 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:25:33.0059 5320 NDIS - ok
22:25:33.0076 5320 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:25:33.0078 5320 NdisCap - ok
22:25:33.0095 5320 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:25:33.0098 5320 NdisTapi - ok
22:25:33.0122 5320 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:25:33.0124 5320 Ndisuio - ok
22:25:33.0152 5320 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:25:33.0156 5320 NdisWan - ok
22:25:33.0164 5320 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:25:33.0166 5320 NDProxy - ok
22:25:33.0177 5320 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:25:33.0179 5320 NetBIOS - ok
22:25:33.0193 5320 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:25:33.0198 5320 NetBT - ok
22:25:33.0216 5320 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
22:25:33.0219 5320 Netlogon - ok
22:25:33.0246 5320 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:25:33.0254 5320 Netman - ok
22:25:33.0287 5320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:25:33.0290 5320 NetMsmqActivator - ok
22:25:33.0295 5320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:25:33.0297 5320 NetPipeActivator - ok
22:25:33.0308 5320 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:25:33.0317 5320 netprofm - ok
22:25:33.0322 5320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:25:33.0324 5320 NetTcpActivator - ok
22:25:33.0329 5320 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:25:33.0331 5320 NetTcpPortSharing - ok
22:25:33.0354 5320 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:25:33.0356 5320 nfrd960 - ok
22:25:33.0382 5320 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:25:33.0384 5320 NisDrv - ok
22:25:33.0423 5320 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
22:25:33.0431 5320 NisSrv - ok
22:25:33.0459 5320 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:25:33.0472 5320 NlaSvc - ok
22:25:33.0491 5320 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:25:33.0494 5320 Npfs - ok
22:25:33.0510 5320 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:25:33.0515 5320 nsi - ok
22:25:33.0528 5320 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:25:33.0530 5320 nsiproxy - ok
22:25:33.0573 5320 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:25:33.0605 5320 Ntfs - ok
22:25:33.0614 5320 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:25:33.0616 5320 Null - ok
22:25:33.0643 5320 [ 8EBCB9165EE7F1571842F4D9D624A74C ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
22:25:33.0646 5320 nusb3hub - ok
22:25:33.0680 5320 [ 5D54DBB12BBFE07CC283FD39F2CD6D63 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:25:33.0683 5320 nusb3xhc - ok
22:25:33.0913 5320 [ BBE872A814B00798C2D568D46C42A71B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:25:34.0100 5320 nvlddmkm - ok
22:25:34.0128 5320 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
22:25:34.0130 5320 nvraid - ok
22:25:34.0135 5320 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
22:25:34.0138 5320 nvstor - ok
22:25:34.0163 5320 [ 0393E59488C67F704336F3FF06E2B7BD ] NVSvc C:\Windows\system32\nvvsvc.exe
22:25:34.0174 5320 NVSvc - ok
22:25:34.0200 5320 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:25:34.0204 5320 nv_agp - ok
22:25:34.0233 5320 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:25:34.0238 5320 ohci1394 - ok
22:25:34.0270 5320 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:25:34.0278 5320 p2pimsvc - ok
22:25:34.0296 5320 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:25:34.0306 5320 p2psvc - ok
22:25:34.0321 5320 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:25:34.0325 5320 Parport - ok
22:25:34.0341 5320 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:25:34.0343 5320 partmgr - ok
22:25:34.0358 5320 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:25:34.0365 5320 PcaSvc - ok
22:25:34.0376 5320 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
22:25:34.0379 5320 pci - ok
22:25:34.0394 5320 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:25:34.0396 5320 pciide - ok
22:25:34.0417 5320 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:25:34.0421 5320 pcmcia - ok
22:25:34.0436 5320 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:25:34.0439 5320 pcw - ok
22:25:34.0458 5320 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:25:34.0467 5320 PEAUTH - ok
22:25:34.0541 5320 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:25:34.0549 5320 PerfHost - ok
22:25:34.0614 5320 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
22:25:34.0646 5320 pla - ok
22:25:34.0673 5320 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:25:34.0683 5320 PlugPlay - ok
22:25:34.0702 5320 PnkBstrA - ok
22:25:34.0724 5320 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:25:34.0731 5320 PNRPAutoReg - ok
22:25:34.0768 5320 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:25:34.0774 5320 PNRPsvc - ok
22:25:34.0806 5320 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:25:34.0815 5320 PolicyAgent - ok
22:25:34.0830 5320 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:25:34.0837 5320 Power - ok
22:25:34.0870 5320 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:25:34.0873 5320 PptpMiniport - ok
22:25:34.0892 5320 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:25:34.0894 5320 Processor - ok
22:25:34.0908 5320 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
22:25:34.0915 5320 ProfSvc - ok
22:25:34.0925 5320 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
22:25:34.0928 5320 ProtectedStorage - ok
22:25:34.0944 5320 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:25:34.0946 5320 Psched - ok
22:25:35.0002 5320 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:25:35.0036 5320 ql2300 - ok
22:25:35.0055 5320 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:25:35.0058 5320 ql40xx - ok
22:25:35.0072 5320 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:25:35.0080 5320 QWAVE - ok
22:25:35.0095 5320 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:25:35.0097 5320 QWAVEdrv - ok
22:25:35.0112 5320 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:25:35.0114 5320 RasAcd - ok
22:25:35.0135 5320 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:25:35.0137 5320 RasAgileVpn - ok
22:25:35.0149 5320 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:25:35.0156 5320 RasAuto - ok
22:25:35.0168 5320 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:25:35.0171 5320 Rasl2tp - ok
22:25:35.0180 5320 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
22:25:35.0189 5320 RasMan - ok
22:25:35.0201 5320 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:25:35.0204 5320 RasPppoe - ok
22:25:35.0219 5320 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:25:35.0223 5320 RasSstp - ok
22:25:35.0237 5320 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:25:35.0242 5320 rdbss - ok
22:25:35.0257 5320 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:25:35.0259 5320 rdpbus - ok
22:25:35.0281 5320 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:25:35.0283 5320 RDPCDD - ok
22:25:35.0301 5320 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:25:35.0303 5320 RDPENCDD - ok
22:25:35.0319 5320 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:25:35.0320 5320 RDPREFMP - ok
22:25:35.0337 5320 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:25:35.0341 5320 RDPWD - ok
22:25:35.0362 5320 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:25:35.0366 5320 rdyboost - ok
22:25:35.0384 5320 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:25:35.0390 5320 RemoteAccess - ok
22:25:35.0416 5320 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:25:35.0423 5320 RemoteRegistry - ok
22:25:35.0451 5320 [ 77B3B747EB2413072B8E4306018D0C9B ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
22:25:35.0455 5320 RMCAST - ok
22:25:35.0472 5320 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:25:35.0478 5320 RpcEptMapper - ok
22:25:35.0496 5320 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:25:35.0501 5320 RpcLocator - ok
22:25:35.0527 5320 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
22:25:35.0536 5320 RpcSs - ok
22:25:35.0564 5320 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:25:35.0566 5320 rspndr - ok
22:25:35.0596 5320 [ 68DD0457D18FCCEF7384AE84022F0C86 ] RTL8023x64 C:\Windows\system32\DRIVERS\Rtnic64.sys
22:25:35.0599 5320 RTL8023x64 - ok
22:25:35.0651 5320 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:25:35.0675 5320 RTL8167 - ok
22:25:35.0688 5320 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
22:25:35.0690 5320 SamSs - ok
22:25:35.0707 5320 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:25:35.0710 5320 sbp2port - ok
22:25:35.0731 5320 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:25:35.0743 5320 SCardSvr - ok
22:25:35.0776 5320 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:25:35.0779 5320 scfilter - ok
22:25:35.0823 5320 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
22:25:35.0854 5320 Schedule - ok
22:25:35.0871 5320 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:25:35.0873 5320 SCPolicySvc - ok
22:25:35.0887 5320 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:25:35.0894 5320 SDRSVC - ok
22:25:35.0923 5320 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:25:35.0925 5320 secdrv - ok
22:25:35.0939 5320 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
22:25:35.0944 5320 seclogon - ok
22:25:35.0952 5320 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
22:25:35.0958 5320 SENS - ok
22:25:35.0967 5320 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:25:35.0972 5320 SensrSvc - ok
22:25:35.0986 5320 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:25:35.0987 5320 Serenum - ok
22:25:36.0002 5320 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:25:36.0004 5320 Serial - ok
22:25:36.0026 5320 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:25:36.0027 5320 sermouse - ok
22:25:36.0053 5320 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
22:25:36.0057 5320 SessionEnv - ok
22:25:36.0066 5320 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:25:36.0068 5320 sffdisk - ok
22:25:36.0071 5320 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:25:36.0072 5320 sffp_mmc - ok
22:25:36.0075 5320 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:25:36.0076 5320 sffp_sd - ok
22:25:36.0088 5320 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:25:36.0089 5320 sfloppy - ok
22:25:36.0111 5320 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:25:36.0116 5320 SharedAccess - ok
22:25:36.0145 5320 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:25:36.0150 5320 ShellHWDetection - ok
22:25:36.0174 5320 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:25:36.0176 5320 SiSRaid2 - ok
22:25:36.0193 5320 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:25:36.0194 5320 SiSRaid4 - ok
22:25:36.0241 5320 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:25:36.0246 5320 SkypeUpdate - ok
22:25:36.0275 5320 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:25:36.0279 5320 Smb - ok
22:25:36.0326 5320 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:25:36.0334 5320 SNMPTRAP - ok
22:25:36.0376 5320 [ 5F9785E7535F8F602CB294A54962C9E7 ] speedfan C:\Windows\syswow64\speedfan.sys
22:25:36.0396 5320 speedfan - ok
22:25:36.0413 5320 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:25:36.0415 5320 spldr - ok
22:25:36.0445 5320 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
22:25:36.0457 5320 Spooler - ok
22:25:36.0531 5320 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
22:25:36.0605 5320 sppsvc - ok
22:25:36.0614 5320 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:25:36.0619 5320 sppuinotify - ok
22:25:36.0676 5320 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\System32\Drivers\sptd.sys
22:25:36.0693 5320 sptd - ok
22:25:36.0726 5320 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:25:36.0733 5320 srv - ok
22:25:36.0762 5320 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:25:36.0768 5320 srv2 - ok
22:25:36.0799 5320 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:25:36.0803 5320 srvnet - ok
22:25:36.0878 5320 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:25:36.0901 5320 SSDPSRV - ok
22:25:36.0943 5320 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:25:36.0982 5320 SstpSvc - ok
22:25:37.0021 5320 Steam Client Service - ok
22:25:37.0040 5320 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:25:37.0044 5320 stexstor - ok
22:25:37.0069 5320 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
22:25:37.0082 5320 stisvc - ok
22:25:37.0092 5320 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:25:37.0094 5320 swenum - ok
22:25:37.0114 5320 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:25:37.0126 5320 swprv - ok
22:25:37.0176 5320 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
22:25:37.0218 5320 SysMain - ok
22:25:37.0231 5320 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:25:37.0236 5320 TabletInputService - ok
22:25:37.0254 5320 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:25:37.0259 5320 TapiSrv - ok
22:25:37.0273 5320 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:25:37.0276 5320 TBS - ok
22:25:37.0313 5320 [ 61DC720BB065D607D5823F13D2A64321 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:25:37.0344 5320 Tcpip - ok
22:25:37.0384 5320 [ 61DC720BB065D607D5823F13D2A64321 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:25:37.0392 5320 TCPIP6 - ok
22:25:37.0402 5320 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:25:37.0403 5320 tcpipreg - ok
22:25:37.0415 5320 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:25:37.0417 5320 TDPIPE - ok
22:25:37.0420 5320 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:25:37.0422 5320 TDTCP - ok
22:25:37.0436 5320 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:25:37.0438 5320 tdx - ok
22:25:37.0464 5320 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:25:37.0466 5320 TermDD - ok
22:25:37.0500 5320 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
22:25:37.0508 5320 TermService - ok
22:25:37.0514 5320 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:25:37.0518 5320 Themes - ok
22:25:37.0540 5320 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:25:37.0542 5320 THREADORDER - ok
22:25:37.0555 5320 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:25:37.0559 5320 TrkWks - ok
22:25:37.0602 5320 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:25:37.0663 5320 TrustedInstaller - ok
22:25:37.0685 5320 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:25:37.0687 5320 tssecsrv - ok
22:25:37.0721 5320 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:25:37.0724 5320 tunnel - ok
22:25:37.0747 5320 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:25:37.0751 5320 uagp35 - ok
22:25:37.0775 5320 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:25:37.0783 5320 udfs - ok
22:25:37.0813 5320 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:25:37.0818 5320 UI0Detect - ok
22:25:37.0835 5320 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:25:37.0837 5320 uliagpkx - ok
22:25:37.0851 5320 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:25:37.0853 5320 umbus - ok
22:25:37.0857 5320 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:25:37.0859 5320 UmPass - ok
22:25:37.0872 5320 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:25:37.0879 5320 upnphost - ok
22:25:37.0913 5320 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:25:37.0915 5320 USBAAPL64 - ok
22:25:37.0944 5320 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:25:37.0949 5320 usbaudio - ok
22:25:37.0965 5320 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:25:37.0969 5320 usbccgp - ok
22:25:37.0992 5320 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:25:37.0995 5320 usbcir - ok
22:25:38.0020 5320 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:25:38.0023 5320 usbehci - ok
22:25:38.0051 5320 [ 858BE9C0E498C8E505E198E17EECE0D9 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
22:25:38.0054 5320 usbfilter - ok
22:25:38.0080 5320 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:25:38.0086 5320 usbhub - ok
22:25:38.0096 5320 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:25:38.0099 5320 usbohci - ok
22:25:38.0117 5320 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:25:38.0119 5320 usbprint - ok
22:25:38.0137 5320 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:25:38.0140 5320 USBSTOR - ok
22:25:38.0145 5320 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:25:38.0147 5320 usbuhci - ok
22:25:38.0168 5320 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:25:38.0172 5320 usbvideo - ok
22:25:38.0190 5320 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:25:38.0196 5320 UxSms - ok
22:25:38.0210 5320 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
22:25:38.0213 5320 VaultSvc - ok
22:25:38.0226 5320 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:25:38.0228 5320 vdrvroot - ok
22:25:38.0248 5320 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
22:25:38.0260 5320 vds - ok
22:25:38.0265 5320 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:25:38.0267 5320 vga - ok
22:25:38.0275 5320 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:25:38.0277 5320 VgaSave - ok
22:25:38.0285 5320 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:25:38.0289 5320 vhdmp - ok
22:25:38.0303 5320 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:25:38.0306 5320 viaide - ok
22:25:38.0322 5320 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:25:38.0325 5320 volmgr - ok
22:25:38.0349 5320 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:25:38.0354 5320 volmgrx - ok
22:25:38.0363 5320 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
22:25:38.0367 5320 volsnap - ok
22:25:38.0389 5320 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:25:38.0392 5320 vsmraid - ok
22:25:38.0435 5320 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
22:25:38.0478 5320 VSS - ok
22:25:38.0490 5320 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:25:38.0493 5320 vwifibus - ok
22:25:38.0511 5320 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:25:38.0521 5320 W32Time - ok
22:25:38.0541 5320 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:25:38.0543 5320 WacomPen - ok
22:25:38.0564 5320 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:25:38.0567 5320 WANARP - ok
22:25:38.0571 5320 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:25:38.0573 5320 Wanarpv6 - ok
22:25:38.0605 5320 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
22:25:38.0636 5320 wbengine - ok
22:25:38.0660 5320 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:25:38.0668 5320 WbioSrvc - ok
22:25:38.0692 5320 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:25:38.0702 5320 wcncsvc - ok
22:25:38.0711 5320 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:25:38.0717 5320 WcsPlugInService - ok
22:25:38.0728 5320 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:25:38.0730 5320 Wd - ok
22:25:38.0754 5320 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:25:38.0764 5320 Wdf01000 - ok
22:25:38.0778 5320 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:25:38.0785 5320 WdiServiceHost - ok
22:25:38.0789 5320 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:25:38.0795 5320 WdiSystemHost - ok
22:25:38.0813 5320 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
22:25:38.0822 5320 WebClient - ok
22:25:38.0840 5320 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:25:38.0849 5320 Wecsvc - ok
22:25:38.0876 5320 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:25:38.0883 5320 wercplsupport - ok
22:25:38.0899 5320 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:25:38.0906 5320 WerSvc - ok
22:25:38.0927 5320 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:25:38.0929 5320 WfpLwf - ok
22:25:38.0947 5320 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:25:38.0949 5320 WIMMount - ok
22:25:38.0958 5320 WinDefend - ok
22:25:38.0967 5320 WinHttpAutoProxySvc - ok
22:25:39.0023 5320 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:25:39.0066 5320 Winmgmt - ok
22:25:39.0107 5320 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
22:25:39.0139 5320 WinRM - ok
22:25:39.0176 5320 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:25:39.0178 5320 WinUsb - ok
22:25:39.0201 5320 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:25:39.0211 5320 Wlansvc - ok
22:25:39.0315 5320 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:25:39.0379 5320 wlidsvc - ok
22:25:39.0417 5320 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:25:39.0419 5320 WmiAcpi - ok
22:25:39.0447 5320 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:25:39.0471 5320 wmiApSrv - ok
22:25:39.0497 5320 WMPNetworkSvc - ok
22:25:39.0522 5320 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:25:39.0527 5320 WPCSvc - ok
22:25:39.0539 5320 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:25:39.0545 5320 WPDBusEnum - ok
22:25:39.0559 5320 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:25:39.0561 5320 ws2ifsl - ok
22:25:39.0574 5320 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
22:25:39.0579 5320 wscsvc - ok
22:25:39.0583 5320 WSearch - ok
22:25:39.0652 5320 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:25:39.0718 5320 wuauserv - ok
22:25:39.0738 5320 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:25:39.0740 5320 WudfPf - ok
22:25:39.0769 5320 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:25:39.0772 5320 WUDFRd - ok
22:25:39.0782 5320 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:25:39.0787 5320 wudfsvc - ok
22:25:39.0801 5320 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:25:39.0808 5320 WwanSvc - ok
22:25:39.0812 5320 ================ Scan global ===============================
22:25:39.0833 5320 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:25:39.0844 5320 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
22:25:39.0854 5320 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
22:25:39.0867 5320 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:25:39.0887 5320 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:25:39.0892 5320 [Global] - ok
22:25:39.0893 5320 ================ Scan MBR ==================================
22:25:39.0905 5320 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:25:40.0085 5320 \Device\Harddisk0\DR0 - ok
22:25:40.0086 5320 ================ Scan VBR ==================================
22:25:40.0089 5320 [ F1DB8EDB455B570403C928D445A3E523 ] \Device\Harddisk0\DR0\Partition1
22:25:40.0091 5320 \Device\Harddisk0\DR0\Partition1 - ok
22:25:40.0098 5320 [ 29A5C20E101DFD6258027B53D37822D1 ] \Device\Harddisk0\DR0\Partition2
22:25:40.0100 5320 \Device\Harddisk0\DR0\Partition2 - ok
22:25:40.0101 5320 ============================================================
22:25:40.0101 5320 Scan finished
22:25:40.0101 5320 ============================================================
22:25:40.0112 5400 Detected object count: 0
22:25:40.0112 5400 Actual detected object count: 0

#8 andypops

andypops
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 16 November 2012 - 05:35 PM

Hi Gringo:

aswMBR report attached below.

The computer is behaving much more normally now; is this a good sign?

Thanks for all your help so far,



Andy



aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-16 22:27:41
-----------------------------
22:27:41.037 OS Version: Windows x64 6.1.7600
22:27:41.037 Number of processors: 6 586 0xA00
22:27:41.038 ComputerName: ANDY-NEWDESKTOP UserName: Andypops
22:27:42.698 Initialize success
22:27:44.571 AVAST engine defs: 12111600
22:27:56.982 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
22:27:56.987 Disk 0 Vendor: ST3500412AS CC32 Size: 476940MB BusType: 3
22:27:57.012 Disk 0 MBR read successfully
22:27:57.017 Disk 0 MBR scan
22:27:57.024 Disk 0 Windows 7 default MBR code
22:27:57.036 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:27:57.049 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476824 MB offset 206848
22:27:57.069 Disk 0 scanning C:\Windows\system32\drivers
22:28:09.554 Service scanning
22:28:24.542 Modules scanning
22:28:24.559 Disk 0 trace - called modules:
22:28:24.586 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:28:24.590 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a8b060]
22:28:24.921 3 CLASSPNP.SYS[fffff8800189143f] -> nt!IofCallDriver -> [0xfffffa80047f7580]
22:28:24.932 5 ACPI.sys[fffff88000f99781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa80047f9060]
22:28:25.533 AVAST engine scan C:\Windows
22:28:29.470 AVAST engine scan C:\Windows\system32
22:31:39.357 AVAST engine scan C:\Windows\system32\drivers
22:31:50.914 AVAST engine scan C:\Users\Andypops
22:33:28.724 Disk 0 MBR has been saved successfully to "C:\Users\Andypops\Desktop\New folder (3)\MBR.dat"
22:33:28.804 The log file has been saved successfully to "C:\Users\Andypops\Desktop\New folder (3)\aswMBR log.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 16 November 2012 - 05:51 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 andypops

andypops
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 16 November 2012 - 07:00 PM

Hi Gringo,

Please find the log below.

Generally, the computer is running much more smoothly (close to / the same as prior to the problem). However, I am still having a few issues with internet connection, RE connecting to websites. I did have this occasionally before the infection - therefore it may not be linked, and I'll try to fix it separately if no infections are present.

All the best,



Andy



Combofix log 2

ComboFix 12-11-16.02 - Andypops 16/11/2012 23:42:52.2.6 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4094.2207 [GMT 0:00]
Running from: c:\users\Andypops\Desktop\New folder (3)\ComboFix.exe
Command switches used :: c:\users\Andypops\Desktop\New folder (3)\CFScript.txt.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))
.
.
2012-11-16 23:50 . 2012-11-16 23:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-16 22:33 . 2012-11-16 22:33 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55AC754B-0B19-44FE-8B16-A481082A33D3}\offreg.dll
2012-11-16 21:01 . 2012-11-16 21:01 289768 ----a-w- c:\windows\system32\javaws.exe
2012-11-16 21:01 . 2012-11-16 21:01 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-11-16 21:01 . 2012-11-16 21:01 189416 ----a-w- c:\windows\system32\javaw.exe
2012-11-16 21:01 . 2012-11-16 21:01 188904 ----a-w- c:\windows\system32\java.exe
2012-11-16 21:01 . 2012-11-16 21:01 -------- d-----w- c:\program files\Java
2012-11-16 21:00 . 2012-11-16 21:00 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-16 20:59 . 2012-11-16 20:59 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-16 20:59 . 2012-11-16 20:59 -------- d-----w- c:\program files (x86)\Java
2012-11-16 20:34 . 2012-11-16 20:34 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-11-16 20:18 . 2012-10-12 00:19 9291768 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55AC754B-0B19-44FE-8B16-A481082A33D3}\mpengine.dll
2012-11-16 19:51 . 2012-10-12 00:19 9291768 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-11 18:39 . 2012-11-11 18:39 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{705D6F3C-60B1-446F-8108-7E1B80F4B42F}\gapaengine.dll
2012-11-08 23:29 . 2012-11-08 23:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-11-08 23:29 . 2012-11-08 23:30 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-08 23:29 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2012-11-04 23:17 . 2012-11-04 23:17 -------- d-----w- c:\users\Andypops\AppData\Roaming\Malwarebytes
2012-11-04 23:16 . 2012-11-04 23:16 -------- d-----w- c:\programdata\Malwarebytes
2012-11-04 23:16 . 2012-11-04 23:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 21:01 . 2012-08-08 22:17 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-16 21:01 . 2012-08-08 22:17 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-16 20:59 . 2011-03-08 18:14 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-16 20:54 . 2012-07-24 23:13 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-16 20:54 . 2011-08-08 17:25 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-30 22:03 . 2012-08-30 22:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 22:03 . 2012-08-30 22:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-07-14 00:17 . 2012-08-14 17:46 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-05 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-06 102400]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
c:\users\Andypops\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [2011-9-26 142848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Button Manager.lnk - c:\program files (x86)\HP\Button Manager\BM.exe [2011-10-25 356864]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-12 834544]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 64856]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe [2007-11-28 1039872]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 70310130
*Deregistered* - 70310130
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 20:54]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-03 00:23]
.
2012-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-03 00:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bbc.co.uk/news
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Andypops\AppData\Roaming\Mozilla\Firefox\Profiles\lce0bds7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news|http://www.biomed.curtin.edu.au/biochem/tutorials/aaquiz/index.html|http://www.bbc.co.uk/iplayer/radio/bbc_radio_fourfm/listenlive|http://www.menshealth.com/fitness/physical-fitness-test-pushups
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Command_And_Conquer_Yuri's_Revenge_1.001_MPI - c:\windows\iun6002.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-S3 Gold - c:\bluebyte\Settlers3\Uninst.isu
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3292465053-2252723455-3984825215-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*c*o*L}W\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3292465053-2252723455-3984825215-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*P*e*t*e*_*H*a*l*e*y*C*HlI\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3292465053-2252723455-3984825215-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*n}P**]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3292465053-2252723455-3984825215-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*n}P**\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3292465053-2252723455-3984825215-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6f,d4,dd,4d,e2,97,5a,e0,e6,2e,19,5e,8a,b8,a3,d8,df,4b,7f,57,45,35,2f,
5a,a6,c3,43,68,b0,c8,35,ff,40,91,69,d7,1f,63,0b,76,ed,5d,90,83,dc,4f,e2,7e,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-16 23:53:08
ComboFix-quarantined-files.txt 2012-11-16 23:53
ComboFix2.txt 2012-11-16 19:48
.
Pre-Run: 87,850,807,296 bytes free
Post-Run: 87,426,850,816 bytes free
.
- - End Of File - - A5A46155AA4552B0876824C3DD2AD64F

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 16 November 2012 - 07:20 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 andypops

andypops
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 16 November 2012 - 07:33 PM

Hi Gringo,

Please find the log below. I think this will be the last thing I try tonight - I am in the UK so it's 0030 here! If there's anything else you want me to try, I'll get onto it tomorrow.

Thank you so much for all your help so far this evening and over the past few days,

All the best,


Andy


OTL logfile created on: 17/11/2012 00:23:15 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andypops\Desktop\New folder (3)
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 54.60% Memory free
7.99 Gb Paging File | 6.18 Gb Available in Paging File | 77.35% Paging File free
Paging file location(s): c:\pagefile.sys 4094 10000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.65 Gb Total Space | 81.53 Gb Free Space | 17.51% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: ANDY-NEWDESKTOP | User Name: Andypops | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Andypops\Desktop\New folder (3)\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxdn_device) -- C:\Windows\SysNative\lxdncoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (DvmMDES) -- C:\ASUS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation)
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3292465053-2252723455-3984825215-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news
IE - HKU\S-1-5-21-3292465053-2252723455-3984825215-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3292465053-2252723455-3984825215-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF 69 12 B7 33 21 CB 01 [binary data]
IE - HKU\S-1-5-21-3292465053-2252723455-3984825215-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3292465053-2252723455-3984825215-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3292465053-2252723455-3984825215-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3292465053-2252723455-3984825215-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk/news|http://www.biomed.curtin.edu.au/biochem/tutorials/aaquiz/index.html|http://www.bbc.co.uk/iplayer/radio/bbc_radio_fourfm/listenlive|http://www.menshealth.com/fitness/physical-fitness-test-pushups"
FF - prefs.js..extensions.enabledAddons: zotero@chnm.gmu.edu:3.0.8
FF - prefs.js..extensions.enabledAddons: zoteroWinWordIntegration@zotero.org:3.1.8
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.67.0
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.9
FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.0b1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/07/06 21:51:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/14 17:46:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/08 22:18:29 | 000,000,000 | ---D | M]

[2010/07/11 20:39:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andypops\AppData\Roaming\Mozilla\Extensions
[2012/11/16 23:58:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andypops\AppData\Roaming\Mozilla\Firefox\Profiles\lce0bds7.default\extensions
[2012/05/09 17:38:27 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Andypops\AppData\Roaming\Mozilla\Firefox\Profiles\lce0bds7.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/07/01 21:43:30 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Andypops\AppData\Roaming\Mozilla\Firefox\Profiles\lce0bds7.default\extensions\battlefieldheroespatcher@ea.com
[2012/11/16 23:59:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andypops\AppData\Roaming\Mozilla\Firefox\Profiles\lce0bds7.default\extensions\staged
[2012/07/08 21:20:05 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Andypops\AppData\Roaming\Mozilla\Firefox\Profiles\lce0bds7.default\extensions\zotero@chnm.gmu.edu
[2012/08/21 21:47:31 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\Andypops\AppData\Roaming\Mozilla\Firefox\Profiles\lce0bds7.default\extensions\zoteroWinWordIntegration@zotero.org
[2011/10/10 19:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/10 19:52:32 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2012/11/16 19:46:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3292465053-2252723455-3984825215-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Andypops\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3292465053-2252723455-3984825215-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3292465053-2252723455-3984825215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77E10699-9801-43A6-80B7-273E48979955}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/16 23:53:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/16 21:01:36 | 000,289,768 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/11/16 21:01:28 | 000,189,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/11/16 21:01:28 | 000,188,904 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/11/16 21:01:28 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/11/16 21:01:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/11/16 21:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/11/16 20:59:22 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/11/16 20:59:14 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/11/16 20:59:14 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/11/16 20:59:14 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/11/16 20:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/11/16 20:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/11/16 19:36:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/16 19:36:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/16 19:36:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/16 19:36:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/16 19:35:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/15 21:46:11 | 000,000,000 | ---D | C] -- C:\Users\Andypops\Desktop\New folder (3)
[2012/11/12 20:57:45 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Andypops\Desktop\dds.com
[2012/11/08 23:29:59 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Andypops\Desktop\aswMBR.exe
[2012/11/08 23:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/11/08 23:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/11/08 23:29:26 | 000,374,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/11/08 23:19:20 | 000,000,000 | ---D | C] -- C:\Users\Andypops\Desktop\bootitng
[2012/11/08 23:17:05 | 013,529,576 | ---- | C] (Microsoft Corporation) -- C:\Users\Andypops\Desktop\mseinstall.exe
[2012/11/08 23:01:10 | 021,702,936 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Andypops\Desktop\SUPERAntiSpyware.exe
[2012/11/08 22:33:44 | 002,213,976 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Users\Andypops\Desktop\bobo.com.exe
[2012/11/05 23:15:19 | 001,679,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Andypops\Desktop\iExplore.exe
[2012/11/04 23:17:12 | 000,000,000 | ---D | C] -- C:\Users\Andypops\AppData\Roaming\Malwarebytes
[2012/11/04 23:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/04 23:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/04 23:16:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/04 23:16:01 | 010,669,896 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Andypops\Desktop\mbam-setup.exe
[2012/11/04 23:13:14 | 000,000,000 | ---D | C] -- C:\Users\Andypops\Desktop\rkill
[2012/11/04 22:27:24 | 000,000,000 | ---D | C] -- C:\Users\Andypops\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Restore
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/17 00:15:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/16 23:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/16 21:39:42 | 000,001,093 | ---- | M] () -- C:\Users\Andypops\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2012/11/16 21:01:22 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2012/11/16 21:01:20 | 001,034,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/11/16 21:01:20 | 000,289,768 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/11/16 21:01:20 | 000,189,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/11/16 21:01:20 | 000,188,904 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/11/16 21:01:19 | 000,916,456 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/11/16 20:59:09 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/11/16 20:59:07 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/11/16 20:59:07 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/11/16 20:59:07 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/11/16 20:59:06 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/11/16 20:54:55 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/16 20:54:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/16 20:22:10 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/16 20:22:10 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/16 20:17:34 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012/11/16 20:07:48 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/16 20:06:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/16 20:06:36 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/16 20:05:42 | 000,003,272 | ---- | M] () -- C:\bootsqm.dat
[2012/11/16 19:46:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/12 21:00:00 | 000,000,188 | ---- | M] () -- C:\Users\Andypops\defogger_reenable
[2012/11/12 20:58:06 | 000,050,477 | ---- | M] () -- C:\Users\Andypops\Desktop\Defogger.exe
[2012/11/12 20:57:55 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Andypops\Desktop\dds.com
[2012/11/11 18:41:36 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/11 18:41:36 | 000,663,664 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/11 18:41:36 | 000,124,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/08 23:38:55 | 000,000,512 | ---- | M] () -- C:\Users\Andypops\Desktop\MBR.dat
[2012/11/08 23:31:02 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Andypops\Desktop\aswMBR.exe
[2012/11/08 23:30:20 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/08 23:25:04 | 013,529,576 | ---- | M] (Microsoft Corporation) -- C:\Users\Andypops\Desktop\mseinstall.exe
[2012/11/08 23:15:41 | 021,702,936 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Andypops\Desktop\SUPERAntiSpyware.exe
[2012/11/08 23:13:50 | 000,928,178 | ---- | M] () -- C:\Users\Andypops\Desktop\bootitng.zip
[2012/11/08 22:59:16 | 002,213,976 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Users\Andypops\Desktop\bobo.com.exe
[2012/11/05 23:17:21 | 001,679,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Andypops\Desktop\iExplore.exe
[2012/11/05 23:03:59 | 002,356,985 | ---- | M] () -- C:\Users\Andypops\Desktop\RW_Driver_Manual_Web.pdf
[2012/11/04 23:16:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/04 22:58:26 | 010,669,896 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Andypops\Desktop\mbam-setup.exe
[2012/11/04 22:27:25 | 000,000,176 | ---- | M] () -- C:\ProgramData\-5vCQA5exkoJCRar
[2012/11/04 22:27:25 | 000,000,160 | ---- | M] () -- C:\ProgramData\-5vCQA5exkoJCRa
[2012/11/04 22:27:24 | 000,000,677 | ---- | M] () -- C:\Users\Andypops\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012/10/20 17:38:24 | 000,074,757 | ---- | M] () -- C:\Users\Andypops\Desktop\Voyager - Off to Bed.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/16 20:34:45 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012/11/16 20:29:33 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/16 20:05:42 | 000,003,272 | ---- | C] () -- C:\bootsqm.dat
[2012/11/16 19:43:01 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\OpenTTD.lnk
[2012/11/16 19:36:08 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/16 19:36:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/16 19:36:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/16 19:36:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/16 19:36:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/12 20:59:44 | 000,000,188 | ---- | C] () -- C:\Users\Andypops\defogger_reenable
[2012/11/12 20:58:04 | 000,050,477 | ---- | C] () -- C:\Users\Andypops\Desktop\Defogger.exe
[2012/11/08 23:38:55 | 000,000,512 | ---- | C] () -- C:\Users\Andypops\Desktop\MBR.dat
[2012/11/08 23:30:20 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/11/08 23:30:06 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/11/08 23:11:35 | 000,928,178 | ---- | C] () -- C:\Users\Andypops\Desktop\bootitng.zip
[2012/11/05 23:03:59 | 002,356,985 | ---- | C] () -- C:\Users\Andypops\Desktop\RW_Driver_Manual_Web.pdf
[2012/11/05 01:32:30 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/05 01:32:30 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/11/05 01:32:30 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/05 01:32:30 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/11/05 01:32:29 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/11/05 01:32:29 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/11/05 01:32:29 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012/11/05 01:32:29 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/11/05 01:32:29 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/11/05 01:32:29 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/11/05 01:32:28 | 000,001,706 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk
[2012/11/05 01:32:27 | 000,002,657 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
[2012/11/05 01:32:27 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2012/11/05 01:32:27 | 000,002,625 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
[2012/11/05 01:32:27 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/11/05 01:32:27 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/11/05 01:32:22 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/11/05 01:32:22 | 000,002,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 2.4 64-bit.lnk
[2012/11/05 01:32:22 | 000,000,993 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBC iPlayer Desktop.lnk
[2012/11/04 23:16:45 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/04 22:27:25 | 000,000,176 | ---- | C] () -- C:\ProgramData\-5vCQA5exkoJCRar
[2012/11/04 22:27:25 | 000,000,160 | ---- | C] () -- C:\ProgramData\-5vCQA5exkoJCRa
[2012/11/04 22:27:24 | 000,000,677 | ---- | C] () -- C:\Users\Andypops\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012/10/20 17:38:17 | 000,074,757 | ---- | C] () -- C:\Users\Andypops\Desktop\Voyager - Off to Bed.jpg
[2012/02/19 22:18:29 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/02/19 22:18:29 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/02/04 17:53:03 | 000,722,107 | ---- | C] () -- C:\Users\Andypops\NATIONAL - 30 Jan 2012.pdf
[2012/01/25 22:49:43 | 000,210,111 | ---- | C] () -- C:\Users\Andypops\Network_Map.pdf
[2012/01/25 22:49:25 | 000,828,664 | ---- | C] () -- C:\Users\Andypops\nationalrailnetworkmap.pdf
[2012/01/25 22:49:13 | 000,907,004 | ---- | C] () -- C:\Users\Andypops\nationalrailnetworkmapZoom.pdf
[2012/01/25 22:49:02 | 000,692,614 | ---- | C] () -- C:\Users\Andypops\nationalrailoperatorsmap.pdf
[2012/01/25 22:48:45 | 000,989,860 | ---- | C] () -- C:\Users\Andypops\OfficialNationalRailmaplarge.pdf
[2011/12/06 17:57:25 | 000,001,715 | ---- | C] () -- C:\Windows\tefview.ini
[2011/10/10 19:53:03 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/22 23:40:17 | 000,763,706 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/21 21:57:14 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/07/03 12:29:59 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/01/01 23:33:41 | 005,065,946 | ---- | C] () -- C:\Users\Andypops\Rings.zip
[2010/12/01 18:09:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/12/01 13:10:57 | 000,000,268 | R--- | C] () -- C:\ProgramData\Synth Leads
[2010/12/01 13:10:57 | 000,000,268 | R--- | C] () -- C:\ProgramData\Synth Basics
[2010/12/01 13:10:57 | 000,000,268 | R--- | C] () -- C:\ProgramData\Sync Services
[2010/12/01 13:10:57 | 000,000,268 | R--- | C] () -- C:\Users\Andypops\AppData\Roaming\SupportPrinters
[2010/12/01 13:10:57 | 000,000,268 | R--- | C] () -- C:\Users\Andypops\AppData\Roaming\Super Strings
[2010/12/01 13:10:57 | 000,000,268 | R--- | C] () -- C:\Users\Andypops\AppData\Roaming\Strings
[2010/12/01 13:10:57 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2010/12/01 13:10:57 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2010/12/01 13:10:57 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010/12/01 12:56:47 | 000,000,268 | R--- | C] () -- C:\ProgramData\Stingers
[2010/12/01 12:56:47 | 000,000,268 | R--- | C] () -- C:\Users\Andypops\AppData\Roaming\Standard Tool
[2010/12/01 12:56:47 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/06/10 20:55:17 | 000,008,558 | ---- | C] () -- C:\Users\Andypops\.recently-used.xbel

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 14:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 14:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 16 November 2012 - 08:02 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\cdo - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2012/11/04 22:27:25 | 000,000,176 | ---- | M] () -- C:\ProgramData\-5vCQA5exkoJCRar
    [2012/11/04 22:27:25 | 000,000,160 | ---- | M] () -- C:\ProgramData\-5vCQA5exkoJCRa
    [2012/11/04 22:27:24 | 000,000,677 | ---- | C] () -- C:\Users\Andypops\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
      
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 andypops

andypops
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 17 November 2012 - 03:46 AM

Hi Gringo,

The computer seems to be doing fine now. I have no problems and the computer doesn't feel so slow any more. I don't have any problems connecting to the internet (or so it seems!)

The OTL log is below. No reboot was requested / performed.

All the best,


Andy


========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cdo\ deleted successfully.
File Protocol\Handler\cdo - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap\ deleted successfully.
File Protocol\Handler\mso-offdap - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\ProgramData\-5vCQA5exkoJCRar moved successfully.
C:\ProgramData\-5vCQA5exkoJCRa moved successfully.
C:\Users\Andypops\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Andypops\Desktop\New folder (3)\cmd.bat deleted successfully.
C:\Users\Andypops\Desktop\New folder (3)\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Andypops
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Andypops
->Flash cache emptied: 83231 bytes

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11172012_084248

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:57 PM

Posted 17 November 2012 - 07:25 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users