Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan:DOS/Alureon.E


  • This topic is locked This topic is locked
12 replies to this topic

#1 pointguard

pointguard

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 14 November 2012 - 05:39 PM

Microsoft security essentials keeps telling me that my PC is being cleaned when I reboot and that no action is needed. But then MSE says that an additional cleaning is required, and I need to download Windows Defender Offline to remove the threat. After following the instructions and using windows defender offline, I am told to reboot, and when I do the process repeats itself.

The computer is running a little slower than normal and sometimes when I'm typing on the internet a keystroke won't be recognized intermittently. Thanks so much for your help!


DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.5.1
Run by Mike at 16:28:50 on 2012-11-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1209 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll
uRun: [CPN Notifier] C:\Program Files (x86)\Lock Poker\PokerNotifier.exe
uRun: [CyberLink] rundll32.exe "C:\Users\Mike\AppData\Local\Diagnostics\CyberLink\hwczm.dll",DllRegisterServerW
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery"

UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
dRun: [CyberLink] rundll32.exe "C:\Users\Mike\AppData\Local\Diagnostics\CyberLink\hwczm.dll",DllRegisterServerW
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{76F3EE8A-31B0-4DE8-9228-50821538B8EF} : DHCPNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18

138576]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
R2 XMouseButton Launcher;XMouseButton Launcher;C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2009-9-1 84480]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-3 1255736]
.
=============== Created Last 30 ================
.
2012-11-14 20:14:38 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{944EA49A-6DC1-44CA-BBAB-

569B980AE3F5}\mpengine.dll
2012-11-14 18:51:40 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-14 18:51:39 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-14 18:51:39 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-14 18:51:39 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-14 18:43:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-14 18:43:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 18:35:10 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-14 18:35:10 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-14 18:35:01 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-14 18:35:01 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-14 18:34:59 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 18:34:58 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-14 18:34:58 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-14 12:46:19 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-11-14 12:46:19 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-11-14 12:46:19 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-11-14 12:46:19 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-11-14 12:46:04 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-14 12:46:00 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-11-14 12:46:00 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-11-14 12:46:00 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-11-14 12:45:59 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-11-14 12:45:59 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2012-11-14 12:45:59 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-11-14 12:45:59 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-11-14 12:45:59 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-11-14 12:45:58 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-11-14 12:45:58 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-11-14 12:45:58 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-11-14 12:45:58 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-11-14 12:45:30 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-14 12:45:29 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-13 22:23:19 20480 ----a-w- C:\Windows\svchost.exe
2012-11-13 19:30:58 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-10 08:43:46 -------- d-----w- C:\Program Files (x86)\PokerStrategy.com
2012-10-20 12:56:09 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5DBF646B-EE19-411E-A078-

17041B618E1C}\gapaengine.dll
.
==================== Find3M ====================
.
2012-11-06 23:29:14 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-06 23:29:13 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-31 03:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 03:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 16:30:02.75 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:02 PM

Posted 14 November 2012 - 07:17 PM

Please do the following:

Download the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive. (Choose the correct version depending on which architecture operating system you are using, 32bit (x86) or 64 (x64) bit)

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 pointguard

pointguard
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 14 November 2012 - 09:44 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2012
Ran by SYSTEM at 14-11-2012 20:32:52
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16333856 2009-07-29] (NVIDIA Corporation)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610360 2009-07-08] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup [1770400 2011-02-24] (Affinegy, Inc.)
HKU\Default\...\Run: [HPADVISOR] [x]
HKU\Default User\...\Run: [HPADVISOR] [x]
HKU\Mike\...\Run: [CPN Notifier] C:\Program Files (x86)\Lock Poker\PokerNotifier.exe [x]
HKU\Mike\...\Run: [CyberLink] rundll32.exe "C:\Users\Mike\AppData\Local\Diagnostics\CyberLink\hwczm.dll",DllRegisterServerW [673792 2012-11-10] ()
HKU\postgres\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1689144 2010-06-29] (Hewlett-Packard)
HKU\postgres.Mike-PC\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1689144 2010-06-29] (Hewlett-Packard)
HKU\postgres.Mike-PC.000\...\Run: [CyberLink] rundll32.exe "C:\Users\Mike\AppData\Local\Diagnostics\CyberLink\hwczm.dll",DllRegisterServerW [673792 2012-11-10] ()

==================== Services (Whitelisted) ===================

2 AffinegyService; "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe" [566688 2011-02-24] (Affinegy, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 pgsql-8.3; "C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files (x86)\PostgreSQL\8.3\data\" [x]

==================== Drivers (Whitelisted) =====================

0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
1 clquoefp; \??\C:\Windows\system32\drivers\clquoefp.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-14 14:30 - 2012-11-14 14:31 - 00016577 ____A C:\Users\Mike\Desktop\dds.txt
2012-11-14 14:26 - 2012-11-14 14:26 - 00688901 ____R (Swearware) C:\Users\Mike\Desktop\dds.com
2012-11-14 14:21 - 2012-11-14 14:21 - 00000470 ____A C:\Users\Mike\Desktop\defogger_disable.log
2012-11-14 10:51 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-14 10:51 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-14 10:51 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-14 10:51 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-14 10:43 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-14 10:43 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-14 10:43 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-14 10:43 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-14 10:42 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-14 10:42 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-14 10:42 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-14 10:42 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-14 10:42 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-14 10:42 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-14 10:42 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-14 10:42 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-14 10:42 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-14 10:42 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-14 10:42 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-14 10:42 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-14 10:42 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-14 10:42 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-14 10:42 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-14 10:42 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-14 10:42 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-14 10:42 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-14 10:42 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-14 10:42 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-14 10:42 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-14 10:42 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-14 10:42 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-14 10:42 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-14 10:42 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-14 10:42 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-14 10:42 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-14 10:42 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-14 10:41 - 2012-11-14 10:41 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-11-14 10:35 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-14 10:35 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-14 10:35 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-14 10:35 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-14 10:34 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-14 10:34 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-14 10:34 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 10:34 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-14 04:46 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-14 04:46 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-14 04:46 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-14 04:46 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-14 04:46 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-14 04:46 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-14 04:46 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-14 04:46 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-14 04:45 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-14 04:45 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-14 04:45 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-14 04:45 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-14 04:45 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-14 04:45 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-14 04:45 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-14 04:45 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-14 04:45 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-14 04:45 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-14 04:45 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-13 21:44 - 2012-11-13 23:02 - 1472321536 ____A C:\users\End.of.Watch.2012.DVDRip.-Lum1x-.avi
2012-11-13 14:23 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-11-13 11:25 - 2012-11-13 12:51 - 1145054695 ____A C:\users\12.11.12.BOS-CHI.540p.mkv
2012-11-12 21:10 - 2012-11-12 21:10 - 00000895 ____A C:\Users\Oliver! [1968] Musical - Best Picture - .x264\Oliver! (30th Anniversary Tribute Edition) Torrent Notes.txt
2012-11-12 19:06 - 2012-11-12 23:22 - 932905499 ____A C:\Users\Oliver! [1968] Musical - Best Picture - .x264\Oliver! (30th Anniversary Tribute Edition) part A.mkv
2012-11-12 19:06 - 2012-11-12 23:22 - 719590201 ____A C:\Users\Oliver! [1968] Musical - Best Picture - .x264\Oliver! (30th Anniversary Tribute Edition) part B.mkv
2012-11-12 19:06 - 2012-11-12 21:10 - 00000000 ____D C:\users\Oliver! [1968] Musical - Best Picture - .x264
2012-11-10 00:43 - 2012-11-10 00:43 - 00000000 ____D C:\Program Files (x86)\PokerStrategy.com
2012-11-02 23:11 - 2012-11-02 23:11 - 00000353 ____A C:\Users\Deadfall.2012.DVDRip.XViD-PLAYNOW\Torrent Downloaded From ExtraTorrent.com.txt
2012-11-02 23:08 - 2012-11-03 00:40 - 734277632 ____A C:\Users\Deadfall.2012.DVDRip.XViD-PLAYNOW\Deadfall.2012.DVDRip.XViD-PLAYNOW.avi
2012-11-02 23:08 - 2012-11-02 23:11 - 00000000 ____D C:\users\Deadfall.2012.DVDRip.XViD-PLAYNOW
2012-11-02 23:07 - 2012-11-02 23:07 - 00000339 ____A C:\Users\Savages.2012.UNRATED.WEBRIP.AC3.XVID.HS\Torrent Downloaded From ExtraTorrent.com.txt
2012-11-02 23:04 - 2012-11-03 03:06 - 1461243904 ____A C:\Users\Savages.2012.UNRATED.WEBRIP.AC3.XVID.HS\Savages.2012.UNRATED.WEBRIP.AC3.XVID.HS.avi
2012-11-02 23:04 - 2012-11-02 23:47 - 11008000 ____A C:\Users\Looper 2012 KORSUB XViD UNiQUE\sample.avi
2012-11-02 23:04 - 2012-11-02 23:07 - 00000000 ____D C:\users\Savages.2012.UNRATED.WEBRIP.AC3.XVID.HS
2012-11-02 23:04 - 2012-11-02 23:04 - 00002689 ____A C:\Users\Savages.2012.UNRATED.WEBRIP.AC3.XVID.HS\HS-INFO.txt
2012-11-02 23:04 - 2012-11-02 23:04 - 00000339 ____A C:\Users\Looper 2012 KORSUB XViD UNiQUE\Torrent Downloaded From ExtraTorrent.com.txt
2012-11-02 23:01 - 2012-11-03 03:08 - 1730064384 ____A C:\Users\Looper 2012 KORSUB XViD UNiQUE\Looper 2012.avi
2012-11-02 23:01 - 2012-11-02 23:04 - 00000000 ____D C:\users\Looper 2012 KORSUB XViD UNiQUE
2012-11-02 23:00 - 2012-11-03 19:05 - 00000000 ____D C:\users\The Watch 2012 DVDRip XViD-PLAYNOW avi
2012-11-02 22:04 - 2012-11-02 22:04 - 00000353 ____A C:\Users\Total.Recall.2012.DVDRip.XviD-Lum1x\Torrent Downloaded From ExtraTorrent.com.txt
2012-11-02 22:02 - 2012-11-02 23:47 - 1472491520 ____A C:\Users\Total.Recall.2012.DVDRip.XviD-Lum1x\Total.Recall.2012.DVDRip.XviD-Lum1x.avi
2012-11-02 22:02 - 2012-11-02 22:04 - 00000000 ____D C:\users\Total.Recall.2012.DVDRip.XviD-Lum1x
2012-10-31 01:13 - 2012-10-31 01:13 - 00014401 ____A C:\Users\Tracy.Morgan.Black.And.Blue.2010.DVDRip.XviD-IGUANA.(UsaBit.com)\iguana.tmbab.xvid.nfo
2012-10-30 22:19 - 2012-10-31 02:14 - 731576320 ____A C:\Users\Tracy.Morgan.Black.And.Blue.2010.DVDRip.XviD-IGUANA.(UsaBit.com)\iguana.tmbab.xvid.avi
2012-10-30 22:18 - 2012-10-31 01:13 - 00000000 ____D C:\users\Tracy.Morgan.Black.And.Blue.2010.DVDRip.XviD-IGUANA.(UsaBit.com)
2012-10-30 22:18 - 2012-10-30 22:18 - 00000000 ____D C:\Users\Tracy.Morgan.Black.And.Blue.2010.DVDRip.XviD-IGUANA.(UsaBit.com)\Sample
2012-10-30 22:18 - 2012-10-30 22:18 - 00000000 ____D C:\Users\Tracy.Morgan.Black.And.Blue.2010.DVDRip.XviD-IGUANA.(UsaBit.com)\Proof
2012-10-27 06:49 - 2012-10-27 06:49 - 00004041 ____A C:\Users\Universal.Soldier.Day.Of.Reckoning.2012.HDRiP.AC3-2.0.XviD-AXED\Universal.Soldier.Day.Of.Reckoning.2012.HDRiP.AC3-2.0.XviD-AXED.nfo
2012-10-27 02:56 - 2012-10-27 02:56 - 00000040 ____A C:\Users\Universal.Soldier.Day.Of.Reckoning.2012.HDRiP.AC3-2.0.XviD-AXED\Torrent downloaded from ExtraTorrent.com.txt
2012-10-27 02:54 - 2012-10-27 07:15 - 1446854214 ____A C:\Users\Universal.Soldier.Day.Of.Reckoning.2012.HDRiP.AC3-2.0.XviD-AXED\Universal.Soldier.Day.Of.Reckoning.2012.HDRiP.AC3-2.0.XviD-AXED.avi
2012-10-27 02:54 - 2012-10-27 06:49 - 00000000 ____D C:\users\Universal.Soldier.Day.Of.Reckoning.2012.HDRiP.AC3-2.0.XviD-AXED
2012-10-27 02:54 - 2012-10-27 06:00 - 14902568 ____A C:\Users\Universal.Soldier.Day.Of.Reckoning.2012.HDRiP.AC3-2.0.XviD-AXED\SAMPLE.avi


==================== One Month Modified Files and Folders =======

2012-11-14 18:22 - 2009-09-01 02:59 - 01878531 ____A C:\Windows\WindowsUpdate.log
2012-11-14 18:22 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-14 18:22 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-14 18:18 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-14 18:18 - 2009-07-13 20:51 - 00051875 ____A C:\Windows\setupact.log
2012-11-14 18:16 - 2011-09-12 17:19 - 00000000 ____D C:\Users\Mike\AppData\Roaming\uTorrent
2012-11-14 18:09 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-14 17:52 - 2012-04-04 10:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-14 14:31 - 2012-11-14 14:30 - 00016577 ____A C:\Users\Mike\Desktop\dds.txt
2012-11-14 14:31 - 2012-07-06 21:58 - 00010703 ____A C:\Users\Mike\Desktop\Attach.txt
2012-11-14 14:26 - 2012-11-14 14:26 - 00688901 ____R (Swearware) C:\Users\Mike\Desktop\dds.com
2012-11-14 14:21 - 2012-11-14 14:21 - 00000470 ____A C:\Users\Mike\Desktop\defogger_disable.log
2012-11-14 11:59 - 2009-11-27 06:41 - 00090088 ____A C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-14 11:57 - 2009-07-13 20:45 - 00377176 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-14 10:51 - 2012-01-12 13:48 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-14 10:41 - 2012-11-14 10:41 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-11-14 10:37 - 2009-12-01 15:06 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-13 23:02 - 2012-11-13 21:44 - 1472321536 ____A C:\users\End.of.Watch.2012.DVDRip.-Lum1x-.avi
2012-11-13 18:11 - 2012-07-07 18:56 - 00000824 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-11-13 18:11 - 2012-07-07 18:56 - 00000000 ____D C:\Program Files\CCleaner
2012-11-13 14:22 - 2009-08-15 10:22 - 00213804 ____A C:\Windows\PFRO.log
2012-11-13 12:51 - 2012-11-13 11:25 - 1145054695 ____A C:\users\12.11.12.BOS-CHI.540p.mkv
2012-11-13 11:57 - 2011-04-09 18:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-12 23:22 - 2012-11-12 19:06 - 932905499 ____A C:\Users\Oliver! [1968] Musical - Best Picture - .x264\Oliver! (30th Anniversary Tribute Edition) part A.mkv
2012-11-12 23:22 - 2012-11-12 19:06 - 719590201 ____A C:\Users\Oliver! [1968] Musical - Best Picture - .x264\Oliver! (30th Anniversary Tribute Edition) part B.mkv
2012-11-12 22:59 - 2011-05-21 10:10 - 00000000 ____D C:\Program Files (x86)\CarbonPoker
2012-11-12 21:10 - 2012-11-12 21:10 - 00000895 ____A C:\Users\Oliver! [1968] Musical - Best Picture - .x264\Oliver! (30th Anniversary Tribute Edition) Torrent Notes.txt
2012-11-12 21:10 - 2012-11-12 19:06 - 00000000 ____D C:\users\Oliver! [1968] Musical - Best Picture - .x264
2012-11-11 21:33 - 2012-07-04 19:39 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForMike.job
2012-11-10 17:47 - 2009-12-01 09:13 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-11-10 17:47 - 2009-11-27 06:32 - 00000000 ____D C:\users\Mike
2012-11-10 17:44 - 2009-12-01 09:12 - 00000000 ____D C:\Users\Mike\AppData\Roaming\HpUpdate
2012-11-10 17:44 - 2009-12-01 09:12 - 00000000 ____D C:\Users\Mike\AppData\Roaming\HP Support Assistant
2012-11-10 00:57 - 2012-02-10 22:42 - 00000000 ____D C:\Users\Mike\AppData\Local\Equilab
2012-11-10 00:43 - 2012-11-10 00:43 - 00000000 ____D C:\Program Files (x86)\PokerStrategy.com
2012-11-10 00:43 - 2012-02-10 22:42 - 00002221 ____A C:\Users\Public\Desktop\PokerStrategy.com Equilab.lnk
2012-11-10 00:41 - 2012-02-10 22:41 - 00000000 ____D C:\Users\Mike\AppData\Local\Downloaded Installations
2012-11-06 15:29 - 2012-04-04 10:54 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-06 15:29 - 2011-07-23 01:48 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-06 15:29 - 2010-02-01 17:26 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-03 19:05 - 2012-11-02 23:00 - 00000000 ____D C:\users\The Watch 2012 DVDRip XViD-PLAYNOW avi
2012-11-03 03:08 - 2012-11-02 23:01 - 1730064384 ____A C:\Users\Looper 2012 KORSUB XViD UNiQUE\Looper 2012.avi
2012-11-03 03:06 - 2012-11-02 23:04 - 1461243904 ____A C:\Users\Savages.2012.UNRATED.WEBRIP.AC3.XVID.HS\Savages.2012.UNRATED.WEBRIP.AC3.XVID.HS.avi
2012-11-03 00:40 - 2012-11-02 23:08 - 734277632 ____A C:\Users\Deadfall.2012.DVDRip.XViD-PLAYNOW\Deadfall.2012.DVDRip.XViD-PLAYNOW.avi
2012-11-02 23:47 - 2012-11-02 23:04 - 11008000 ____A C:\Users\Looper 2012 KORSUB XViD UNiQUE\sample.avi
2012-11-02 23:47 - 2012-11-02 22:02 - 1472491520 ____A C:\Users\Total.Recall.2012.DVDRip.XviD-Lum1x\Total.Recall.2012.DVDRip.XviD-Lum1x.avi
2012-11-02 23:11 - 2012-11-02 23:11 - 00000353 ____A C:\Users\Deadfall.2012.DVDRip.XViD-PLAYNOW\Torrent Downloaded From ExtraTorrent.com.txt
2012-11-02 23:11 - 2012-11-02 23:08 - 00000000 ____D C:\users\Deadfall.2012.DVDRip.XViD-PLAYNOW
2012-11-02 23:07 - 2012-11-02 23:07 - 00000339 ____A C:\Users\Savages.2012.UNRATED.WEBRIP.AC3.XVID.HS\Torrent Downloaded From ExtraTorrent.com.txt
2012-11-02 23:07 - 2012-11-02 23:04 - 00000000 ____D C:\users\Savages.2012.UNRATED.WEBRIP.AC3.XVID.HS
2012-11-02 23:04 - 2012-11-02 23:04 - 00002689 ____A C:\Users\Savages.2012.UNRATED.WEBRIP.AC3.XVID.HS\HS-INFO.txt
2012-11-02 23:04 - 2012-11-02 23:04 - 00000339 ____A C:\Users\Looper 2012 KORSUB XViD UNiQUE\Torrent Downloaded From ExtraTorrent.com.txt
2012-11-02 23:04 - 2012-11-02 23:01 - 00000000 ____D C:\users\Looper 2012 KORSUB XViD UNiQUE
2012-11-02 22:04 - 2012-11-02 22:04 - 00000353 ____A C:\Users\Total.Recall.2012.DVDRip.XviD-Lum1x\Torrent Downloaded From ExtraTorrent.com.txt
2012-11-02 22:04 - 2012-11-02 22:02 - 00000000 ____D C:\users\Total.Recall.2012.DVDRip.XviD-Lum1x
2012-11-01 16:21 - 2012-07-11 17:55 - 00001782 ____A C:\Users\Mike\Desktop\PeerBlock.lnk
2012-11-01 03:24 - 2009-11-30 12:53 - 00000456 ____A C:\Windows\Tasks\PCDRScheduledMaintenance.job
2012-10-31 02:14 - 2012-10-30 22:19 - 731576320 ____A C:\Users\Tracy.Morgan.Black.And.Blue.2010.DVDRip.XviD-IGUANA.(UsaBit.com)\iguana.tmbab.xvid.avi
2012-10-31 01:13 - 2012-10-31 01:13 - 00014401 ____A C:\Users\Tracy.Morgan.Black.And.Blue.2010.DVDRip.XviD-IGUANA.(UsaBit.com)\iguana.tmbab.xvid.nfo
2012-10-31 01:13 - 2012-10-30 22:18 - 00000000 ____D C:\users\Tracy.Morgan.Black.And.Blue.2010.DVDRip.XviD-IGUANA.(UsaBit.com)
2012-10-30 22:18 - 2012-10-30 22:18 - 00000000 ____D C:\Users\Tracy.Morgan.Black.And.Blue.2010.DVDRip.XviD-IGUANA.(UsaBit.com)\Sample
2012-10-30 22:18 - 2012-10-30 22:18 - 00000000 ____D C:\Users\Tracy.Morgan.Black.And.Blue.2010.DVDRip.XviD-IGUANA.(UsaBit.com)\Proof
2012-10-27 07:15 - 2012-10-27 02:54 - 1446854214 ____A C:\Users\Universal.Soldier.Day.Of.Reckoning.2012.HDRiP.AC3-2.0.XviD-AXED\Universal.Soldier.Day.Of.Reckoning.2012.HDRiP.AC3-2.0.XviD-AXED.avi
2012-10-27 06:49 - 2012-10-27 06:49 - 00004041 ____A C:\Users\Universal.Soldier.Day.Of.Reckoning.2012.HDRiP.AC3-2.0.XviD-AXED\Universal.Soldier.Day.Of.Reckoning.2012.HDRiP.AC3-2.0.XviD-AXED.nfo
2012-10-27 06:49 - 2012-10-27 02:54 - 00000000 ____D C:\users\Universal.Soldier.Day.Of.Reckoning.2012.HDRiP.AC3-2.0.XviD-AXED
2012-10-27 06:00 - 2012-10-27 02:54 - 14902568 ____A C:\Users\Universal.Soldier.Day.Of.Reckoning.2012.HDRiP.AC3-2.0.XviD-AXED\SAMPLE.avi
2012-10-27 02:56 - 2012-10-27 02:56 - 00000040 ____A C:\Users\Universal.Soldier.Day.Of.Reckoning.2012.HDRiP.AC3-2.0.XviD-AXED\Torrent downloaded from ExtraTorrent.com.txt
2012-10-25 20:13 - 2009-11-30 12:07 - 00000000 ____D C:\Program Files (x86)\PokerTracker 3
2012-10-24 21:10 - 2010-01-01 12:07 - 00000000 ____D C:\users\postgres.Mike-PC.000
2012-10-19 00:05 - 2012-10-13 00:17 - 00000000 ____D C:\users\On The Road 2012
2012-10-18 10:25 - 2012-11-14 04:46 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys


ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-06 11:32:10
Restore point made on: 2012-11-09 20:17:16
Restore point made on: 2012-11-10 00:41:51
Restore point made on: 2012-11-13 11:26:48
Restore point made on: 2012-11-14 10:33:58

==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 2942.49 MB
Available physical RAM: 2260.26 MB
Total Pagefile: 2940.64 MB
Available Pagefile: 2243.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (HP) (Fixed) (Total:286.05 GB) (Free:211.38 GB) NTFS
2 Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:7.45 GB) (Free:6.43 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.08 GB) (Free:0.07 GB) NTFS
10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7633 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 286 GB 101 MB
Partition 3 Primary 11 GB 286 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C HP NTFS Partition 286 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FACTORY_IMA NTFS Partition 11 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7633 MB Healthy

=========================================================

Last Boot: 2012-11-05 05:27

==================== End Of Log =============================


Farbar Recovery Scan Tool (x64) Version: 12-11-2012
Ran by SYSTEM at 2012-11-14 20:34:49
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-07-07 00:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:02 PM

Posted 14 November 2012 - 09:53 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKU\Mike\...\Run: [CyberLink] rundll32.exe "C:\Users\Mike\AppData\Local\Diagnostics\CyberLink\hwczm.dll",DllRegisterServerW [673792 2012-11-10] ()
HKU\postgres.Mike-PC.000\...\Run: [CyberLink] rundll32.exe "C:\Users\Mike\AppData\Local\Diagnostics\CyberLink\hwczm.dll",DllRegisterServerW [673792 2012-11-10] ()
1 clquoefp; \??\C:\Windows\system32\drivers\clquoefp.sys [x]
C:\Windows\system32\drivers\clquoefp.sys
C:\Windows\svchost.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 pointguard

pointguard
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 14 November 2012 - 11:23 PM

I found two TDSSkiller logs. I'll copy and paste both of them.


Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-11-2012
Ran by SYSTEM at 2012-11-14 21:24:07 Run:1
Running from G:\

==============================================

HKEY_USERS\Mike\Software\Microsoft\Windows\CurrentVersion\Run\\CyberLink Value deleted successfully.
HKEY_USERS\postgres.Mike-PC.000\Software\Microsoft\Windows\CurrentVersion\Run\\CyberLink Value deleted successfully.
clquoefp service deleted successfully.
C:\Windows\system32\drivers\clquoefp.sys not found.
C:\Windows\svchost.exe moved successfully.

==== End of Fixlog ====

TDSSkiller log (1 of 2)

21:28:57.0572 3780 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:28:58.0086 3780 ============================================================
21:28:58.0086 3780 Current date / time: 2012/11/14 21:28:58.0086
21:28:58.0086 3780 SystemInfo:
21:28:58.0086 3780
21:28:58.0086 3780 OS Version: 6.1.7601 ServicePack: 1.0
21:28:58.0086 3780 Product type: Workstation
21:28:58.0086 3780 ComputerName: MIKE-PC
21:28:58.0086 3780 UserName: Mike
21:28:58.0086 3780 Windows directory: C:\Windows
21:28:58.0086 3780 System windows directory: C:\Windows
21:28:58.0086 3780 Running under WOW64
21:28:58.0086 3780 Processor architecture: Intel x64
21:28:58.0086 3780 Number of processors: 1
21:28:58.0086 3780 Page size: 0x1000
21:28:58.0086 3780 Boot type: Normal boot
21:28:58.0086 3780 ============================================================
21:29:00.0426 3780 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
21:29:00.0442 3780 Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:29:00.0473 3780 ============================================================
21:29:00.0473 3780 \Device\Harddisk0\DR0:
21:29:00.0473 3780 MBR partitions:
21:29:00.0473 3780 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:29:00.0473 3780 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23C1A800
21:29:00.0473 3780 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23C4D000, BlocksNum 0x17E1000
21:29:00.0473 3780 \Device\Harddisk1\DR1:
21:29:00.0473 3780 MBR partitions:
21:29:00.0473 3780 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
21:29:00.0473 3780 ============================================================
21:29:00.0489 3780 C: <-> \Device\Harddisk0\DR0\Partition2
21:29:00.0536 3780 D: <-> \Device\Harddisk0\DR0\Partition3
21:29:00.0536 3780 ============================================================
21:29:00.0536 3780 Initialize success
21:29:00.0536 3780 ============================================================
21:29:36.0431 3048 ============================================================
21:29:36.0431 3048 Scan started
21:29:36.0431 3048 Mode: Manual; TDLFS;
21:29:36.0431 3048 ============================================================
21:29:37.0211 3048 ================ Scan system memory ========================
21:29:37.0211 3048 System memory - ok
21:29:37.0211 3048 ================ Scan services =============================
21:29:37.0367 3048 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:29:37.0398 3048 1394ohci - ok
21:29:37.0445 3048 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:29:37.0445 3048 ACPI - ok
21:29:37.0492 3048 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:29:37.0492 3048 AcpiPmi - ok
21:29:37.0617 3048 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:29:37.0632 3048 AdobeFlashPlayerUpdateSvc - ok
21:29:37.0710 3048 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:29:37.0726 3048 adp94xx - ok
21:29:37.0773 3048 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:29:37.0788 3048 adpahci - ok
21:29:37.0820 3048 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:29:37.0820 3048 adpu320 - ok
21:29:37.0851 3048 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:29:37.0851 3048 AeLookupSvc - ok
21:29:37.0913 3048 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:29:37.0929 3048 AFD - ok
21:29:38.0054 3048 [ 7F1130830B3BA85921519A5616E29803 ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
21:29:38.0069 3048 AffinegyService - ok
21:29:38.0116 3048 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
21:29:38.0116 3048 AgereModemAudio - ok
21:29:38.0178 3048 [ 184E1AD35DBF9328ADD7D560A792E6E9 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
21:29:38.0194 3048 AgereSoftModem - ok
21:29:38.0241 3048 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:29:38.0256 3048 agp440 - ok
21:29:38.0288 3048 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:29:38.0288 3048 ALG - ok
21:29:38.0319 3048 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:29:38.0319 3048 aliide - ok
21:29:38.0350 3048 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:29:38.0350 3048 amdide - ok
21:29:38.0381 3048 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:29:38.0381 3048 AmdK8 - ok
21:29:38.0412 3048 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:29:38.0412 3048 AmdPPM - ok
21:29:38.0459 3048 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:29:38.0459 3048 amdsata - ok
21:29:38.0506 3048 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:29:38.0506 3048 amdsbs - ok
21:29:38.0522 3048 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:29:38.0537 3048 amdxata - ok
21:29:38.0600 3048 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:29:38.0600 3048 AppID - ok
21:29:38.0631 3048 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:29:38.0631 3048 AppIDSvc - ok
21:29:38.0678 3048 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:29:38.0678 3048 Appinfo - ok
21:29:38.0740 3048 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:29:38.0740 3048 arc - ok
21:29:38.0756 3048 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:29:38.0771 3048 arcsas - ok
21:29:38.0818 3048 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:29:38.0818 3048 AsyncMac - ok
21:29:38.0865 3048 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:29:38.0865 3048 atapi - ok
21:29:38.0927 3048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:29:38.0943 3048 AudioEndpointBuilder - ok
21:29:38.0974 3048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:29:38.0974 3048 AudioSrv - ok
21:29:39.0021 3048 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:29:39.0021 3048 AxInstSV - ok
21:29:39.0068 3048 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:29:39.0083 3048 b06bdrv - ok
21:29:39.0146 3048 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:29:39.0146 3048 b57nd60a - ok
21:29:39.0192 3048 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:29:39.0192 3048 BDESVC - ok
21:29:39.0255 3048 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:29:39.0255 3048 Beep - ok
21:29:39.0317 3048 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:29:39.0348 3048 BFE - ok
21:29:39.0426 3048 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
21:29:39.0458 3048 BITS - ok
21:29:39.0473 3048 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:29:39.0489 3048 blbdrive - ok
21:29:39.0520 3048 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:29:39.0520 3048 bowser - ok
21:29:39.0551 3048 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:29:39.0551 3048 BrFiltLo - ok
21:29:39.0582 3048 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:29:39.0582 3048 BrFiltUp - ok
21:29:39.0645 3048 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:29:39.0645 3048 BridgeMP - ok
21:29:39.0692 3048 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:29:39.0692 3048 Browser - ok
21:29:39.0723 3048 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:29:39.0723 3048 Brserid - ok
21:29:39.0738 3048 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:29:39.0754 3048 BrSerWdm - ok
21:29:39.0785 3048 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:29:39.0785 3048 BrUsbMdm - ok
21:29:39.0801 3048 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:29:39.0801 3048 BrUsbSer - ok
21:29:39.0832 3048 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:29:39.0832 3048 BTHMODEM - ok
21:29:39.0879 3048 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:29:39.0879 3048 bthserv - ok
21:29:39.0926 3048 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:29:39.0926 3048 cdfs - ok
21:29:39.0988 3048 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:29:39.0988 3048 cdrom - ok
21:29:40.0082 3048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:29:40.0082 3048 CertPropSvc - ok
21:29:40.0097 3048 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:29:40.0113 3048 circlass - ok
21:29:40.0144 3048 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:29:40.0160 3048 CLFS - ok
21:29:40.0238 3048 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:29:40.0238 3048 clr_optimization_v2.0.50727_32 - ok
21:29:40.0300 3048 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:29:40.0300 3048 clr_optimization_v2.0.50727_64 - ok
21:29:40.0425 3048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:29:40.0456 3048 clr_optimization_v4.0.30319_32 - ok
21:29:40.0518 3048 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:29:40.0534 3048 clr_optimization_v4.0.30319_64 - ok
21:29:40.0565 3048 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:29:40.0565 3048 CmBatt - ok
21:29:40.0612 3048 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:29:40.0612 3048 cmdide - ok
21:29:40.0643 3048 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:29:40.0659 3048 CNG - ok
21:29:40.0674 3048 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:29:40.0690 3048 Compbatt - ok
21:29:40.0721 3048 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:29:40.0721 3048 CompositeBus - ok
21:29:40.0752 3048 COMSysApp - ok
21:29:40.0784 3048 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:29:40.0784 3048 crcdisk - ok
21:29:40.0846 3048 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:29:40.0846 3048 CryptSvc - ok
21:29:40.0893 3048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:29:40.0940 3048 DcomLaunch - ok
21:29:41.0002 3048 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:29:41.0018 3048 defragsvc - ok
21:29:41.0080 3048 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:29:41.0096 3048 DfsC - ok
21:29:41.0142 3048 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:29:41.0189 3048 Dhcp - ok
21:29:41.0236 3048 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:29:41.0236 3048 discache - ok
21:29:41.0283 3048 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:29:41.0283 3048 Disk - ok
21:29:41.0314 3048 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:29:41.0330 3048 Dnscache - ok
21:29:41.0376 3048 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:29:41.0376 3048 dot3svc - ok
21:29:41.0423 3048 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:29:41.0423 3048 DPS - ok
21:29:41.0470 3048 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:29:41.0470 3048 drmkaud - ok
21:29:41.0532 3048 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:29:41.0532 3048 DXGKrnl - ok
21:29:41.0579 3048 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:29:41.0579 3048 EapHost - ok
21:29:41.0688 3048 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:29:41.0766 3048 ebdrv - ok
21:29:41.0813 3048 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:29:41.0813 3048 EFS - ok
21:29:41.0860 3048 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:29:41.0876 3048 ehRecvr - ok
21:29:41.0907 3048 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:29:41.0907 3048 ehSched - ok
21:29:41.0969 3048 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:29:41.0985 3048 elxstor - ok
21:29:42.0032 3048 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:29:42.0032 3048 ErrDev - ok
21:29:42.0094 3048 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:29:42.0110 3048 EventSystem - ok
21:29:42.0141 3048 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:29:42.0141 3048 exfat - ok
21:29:42.0172 3048 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:29:42.0172 3048 fastfat - ok
21:29:42.0250 3048 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:29:42.0266 3048 Fax - ok
21:29:42.0297 3048 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:29:42.0312 3048 fdc - ok
21:29:42.0344 3048 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:29:42.0344 3048 fdPHost - ok
21:29:42.0359 3048 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:29:42.0359 3048 FDResPub - ok
21:29:42.0390 3048 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:29:42.0390 3048 FileInfo - ok
21:29:42.0422 3048 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:29:42.0422 3048 Filetrace - ok
21:29:42.0453 3048 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:29:42.0453 3048 flpydisk - ok
21:29:42.0500 3048 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:29:42.0515 3048 FltMgr - ok
21:29:42.0562 3048 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:29:42.0578 3048 FontCache - ok
21:29:42.0640 3048 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:29:42.0640 3048 FontCache3.0.0.0 - ok
21:29:42.0671 3048 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:29:42.0671 3048 FsDepends - ok
21:29:42.0718 3048 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:29:42.0718 3048 Fs_Rec - ok
21:29:42.0765 3048 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:29:42.0780 3048 fvevol - ok
21:29:42.0812 3048 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:29:42.0827 3048 gagp30kx - ok
21:29:42.0874 3048 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:29:42.0905 3048 gpsvc - ok
21:29:42.0921 3048 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:29:42.0921 3048 hcw85cir - ok
21:29:42.0952 3048 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:29:42.0952 3048 HDAudBus - ok
21:29:42.0968 3048 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:29:42.0983 3048 HidBatt - ok
21:29:42.0999 3048 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:29:42.0999 3048 HidBth - ok
21:29:43.0046 3048 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:29:43.0046 3048 HidIr - ok
21:29:43.0077 3048 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:29:43.0077 3048 hidserv - ok
21:29:43.0124 3048 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:29:43.0124 3048 HidUsb - ok
21:29:43.0170 3048 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:29:43.0170 3048 hkmsvc - ok
21:29:43.0217 3048 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:29:43.0217 3048 HomeGroupListener - ok
21:29:43.0264 3048 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:29:43.0280 3048 HomeGroupProvider - ok
21:29:43.0358 3048 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:29:43.0358 3048 HP Support Assistant Service - ok
21:29:43.0451 3048 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:29:43.0451 3048 HPDrvMntSvc.exe - ok
21:29:43.0514 3048 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
21:29:43.0545 3048 hpqwmiex - ok
21:29:43.0576 3048 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:29:43.0576 3048 HpSAMD - ok
21:29:43.0638 3048 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:29:43.0654 3048 HTTP - ok
21:29:43.0701 3048 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:29:43.0701 3048 hwpolicy - ok
21:29:43.0763 3048 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:29:43.0763 3048 i8042prt - ok
21:29:43.0810 3048 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:29:43.0826 3048 iaStorV - ok
21:29:43.0888 3048 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:29:43.0919 3048 idsvc - ok
21:29:43.0982 3048 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:29:43.0982 3048 iirsp - ok
21:29:44.0028 3048 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:29:44.0044 3048 IKEEXT - ok
21:29:44.0122 3048 [ 31C32BC56D85D109EBB0C526BE5CACA7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:29:44.0138 3048 IntcAzAudAddService - ok
21:29:44.0184 3048 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:29:44.0184 3048 intelide - ok
21:29:44.0231 3048 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:29:44.0231 3048 intelppm - ok
21:29:44.0278 3048 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:29:44.0278 3048 IPBusEnum - ok
21:29:44.0325 3048 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:29:44.0325 3048 IpFilterDriver - ok
21:29:44.0372 3048 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:29:44.0481 3048 iphlpsvc - ok
21:29:44.0528 3048 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:29:44.0528 3048 IPMIDRV - ok
21:29:44.0559 3048 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:29:44.0559 3048 IPNAT - ok
21:29:44.0606 3048 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:29:44.0606 3048 IRENUM - ok
21:29:44.0637 3048 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:29:44.0637 3048 isapnp - ok
21:29:44.0684 3048 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:29:44.0684 3048 iScsiPrt - ok
21:29:44.0730 3048 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:29:44.0730 3048 kbdclass - ok
21:29:44.0777 3048 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:29:44.0777 3048 kbdhid - ok
21:29:44.0808 3048 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:29:44.0808 3048 KeyIso - ok
21:29:44.0840 3048 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:29:44.0840 3048 KSecDD - ok
21:29:44.0871 3048 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:29:44.0871 3048 KSecPkg - ok
21:29:44.0902 3048 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:29:44.0902 3048 ksthunk - ok
21:29:44.0949 3048 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:29:44.0949 3048 KtmRm - ok
21:29:45.0011 3048 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:29:45.0011 3048 LanmanServer - ok
21:29:45.0074 3048 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:29:45.0074 3048 LanmanWorkstation - ok
21:29:45.0136 3048 [ 108333981C841EB0FF198AA5DFCF3D3B ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:29:45.0152 3048 LightScribeService - ok
21:29:45.0183 3048 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:29:45.0183 3048 lltdio - ok
21:29:45.0230 3048 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:29:45.0245 3048 lltdsvc - ok
21:29:45.0261 3048 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:29:45.0276 3048 lmhosts - ok
21:29:45.0308 3048 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:29:45.0308 3048 LSI_FC - ok
21:29:45.0339 3048 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:29:45.0339 3048 LSI_SAS - ok
21:29:45.0370 3048 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:29:45.0370 3048 LSI_SAS2 - ok
21:29:45.0401 3048 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:29:45.0401 3048 LSI_SCSI - ok
21:29:45.0432 3048 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:29:45.0432 3048 luafv - ok
21:29:45.0479 3048 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:29:45.0479 3048 Mcx2Svc - ok
21:29:45.0510 3048 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:29:45.0510 3048 megasas - ok
21:29:45.0573 3048 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:29:45.0604 3048 MegaSR - ok
21:29:45.0666 3048 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:29:45.0666 3048 MMCSS - ok
21:29:45.0682 3048 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:29:45.0682 3048 Modem - ok
21:29:45.0713 3048 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:29:45.0713 3048 monitor - ok
21:29:45.0744 3048 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:29:45.0744 3048 mouclass - ok
21:29:45.0807 3048 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:29:45.0807 3048 mouhid - ok
21:29:45.0854 3048 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:29:45.0854 3048 mountmgr - ok
21:29:45.0916 3048 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:29:45.0916 3048 MpFilter - ok
21:29:45.0932 3048 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:29:45.0932 3048 mpio - ok
21:29:46.0072 3048 [ 0EBB390B7AEEC45EC061D9870A34FD42 ] MpKsle98a98ca c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{944EA49A-6DC1-44CA-BBAB-569B980AE3F5}\MpKsle98a98ca.sys
21:29:46.0088 3048 MpKsle98a98ca - ok
21:29:46.0150 3048 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:29:46.0150 3048 mpsdrv - ok
21:29:46.0212 3048 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:29:46.0228 3048 MpsSvc - ok
21:29:46.0275 3048 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:29:46.0275 3048 MRxDAV - ok
21:29:46.0322 3048 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:29:46.0322 3048 mrxsmb - ok
21:29:46.0368 3048 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:29:46.0368 3048 mrxsmb10 - ok
21:29:46.0415 3048 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:29:46.0415 3048 mrxsmb20 - ok
21:29:46.0462 3048 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:29:46.0462 3048 msahci - ok
21:29:46.0509 3048 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:29:46.0509 3048 msdsm - ok
21:29:46.0540 3048 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:29:46.0540 3048 MSDTC - ok
21:29:46.0602 3048 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:29:46.0602 3048 Msfs - ok
21:29:46.0649 3048 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:29:46.0649 3048 mshidkmdf - ok
21:29:46.0712 3048 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:29:46.0712 3048 msisadrv - ok
21:29:46.0743 3048 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:29:46.0758 3048 MSiSCSI - ok
21:29:46.0758 3048 msiserver - ok
21:29:46.0805 3048 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:29:46.0805 3048 MSKSSRV - ok
21:29:46.0868 3048 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:29:46.0868 3048 MsMpSvc - ok
21:29:46.0914 3048 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:29:46.0914 3048 MSPCLOCK - ok
21:29:46.0930 3048 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:29:46.0930 3048 MSPQM - ok
21:29:46.0977 3048 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:29:46.0977 3048 MsRPC - ok
21:29:47.0024 3048 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:29:47.0024 3048 mssmbios - ok
21:29:47.0055 3048 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:29:47.0055 3048 MSTEE - ok
21:29:47.0070 3048 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:29:47.0070 3048 MTConfig - ok
21:29:47.0102 3048 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:29:47.0102 3048 Mup - ok
21:29:47.0164 3048 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:29:47.0180 3048 napagent - ok
21:29:47.0211 3048 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:29:47.0226 3048 NativeWifiP - ok
21:29:47.0289 3048 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:29:47.0304 3048 NDIS - ok
21:29:47.0320 3048 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:29:47.0336 3048 NdisCap - ok
21:29:47.0382 3048 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:29:47.0382 3048 NdisTapi - ok
21:29:47.0414 3048 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:29:47.0414 3048 Ndisuio - ok
21:29:47.0460 3048 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:29:47.0460 3048 NdisWan - ok
21:29:47.0507 3048 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:29:47.0507 3048 NDProxy - ok
21:29:47.0523 3048 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:29:47.0523 3048 NetBIOS - ok
21:29:47.0570 3048 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:29:47.0570 3048 NetBT - ok
21:29:47.0601 3048 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:29:47.0601 3048 Netlogon - ok
21:29:47.0632 3048 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:29:47.0648 3048 Netman - ok
21:29:47.0679 3048 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:29:47.0694 3048 netprofm - ok
21:29:47.0726 3048 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:29:47.0726 3048 NetTcpPortSharing - ok
21:29:47.0757 3048 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:29:47.0757 3048 nfrd960 - ok
21:29:47.0819 3048 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:29:47.0819 3048 NisDrv - ok
21:29:47.0882 3048 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:29:47.0897 3048 NisSrv - ok
21:29:47.0944 3048 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:29:47.0991 3048 NlaSvc - ok
21:29:48.0022 3048 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:29:48.0022 3048 Npfs - ok
21:29:48.0053 3048 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:29:48.0053 3048 nsi - ok
21:29:48.0084 3048 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:29:48.0084 3048 nsiproxy - ok
21:29:48.0162 3048 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:29:48.0225 3048 Ntfs - ok
21:29:48.0240 3048 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:29:48.0240 3048 Null - ok
21:29:48.0474 3048 [ 181B6E6F49F9F3AD05589B48E29BA167 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:29:48.0568 3048 nvlddmkm - ok
21:29:48.0615 3048 [ 9C3024E48DB4C98E50AF7D8B72D0EF89 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
21:29:48.0615 3048 NVNET - ok
21:29:48.0662 3048 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:29:48.0662 3048 nvraid - ok
21:29:48.0693 3048 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:29:48.0708 3048 nvstor - ok
21:29:48.0740 3048 [ 6BA747B1A9297A6C0271700D12FDD495 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
21:29:48.0740 3048 nvstor64 - ok
21:29:48.0786 3048 [ B5B5DA18380F625C34B88B93D09D7D40 ] nvsvc C:\Windows\system32\nvvsvc.exe
21:29:48.0802 3048 nvsvc - ok
21:29:48.0818 3048 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:29:48.0818 3048 nv_agp - ok
21:29:48.0911 3048 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:29:48.0942 3048 odserv - ok
21:29:49.0005 3048 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:29:49.0005 3048 ohci1394 - ok
21:29:49.0083 3048 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:29:49.0083 3048 ose - ok
21:29:49.0130 3048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:29:49.0130 3048 p2pimsvc - ok
21:29:49.0161 3048 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:29:49.0176 3048 p2psvc - ok
21:29:49.0208 3048 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:29:49.0208 3048 Parport - ok
21:29:49.0254 3048 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:29:49.0254 3048 partmgr - ok
21:29:49.0286 3048 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:29:49.0286 3048 PcaSvc - ok
21:29:49.0332 3048 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:29:49.0348 3048 pci - ok
21:29:49.0395 3048 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:29:49.0395 3048 pciide - ok
21:29:49.0442 3048 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:29:49.0457 3048 pcmcia - ok
21:29:49.0488 3048 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:29:49.0488 3048 pcw - ok
21:29:49.0520 3048 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:29:49.0535 3048 PEAUTH - ok
21:29:49.0613 3048 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:29:49.0613 3048 PerfHost - ok
21:29:49.0707 3048 [ ACC93675D78D1C07DAD09D7837F2397A ] pgsql-8.3 C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
21:29:49.0707 3048 pgsql-8.3 - ok
21:29:49.0754 3048 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:29:49.0785 3048 pla - ok
21:29:49.0832 3048 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:29:49.0863 3048 PlugPlay - ok
21:29:49.0894 3048 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:29:49.0894 3048 PNRPAutoReg - ok
21:29:49.0910 3048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:29:49.0925 3048 PNRPsvc - ok
21:29:49.0956 3048 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:29:49.0972 3048 PolicyAgent - ok
21:29:50.0003 3048 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:29:50.0019 3048 Power - ok
21:29:50.0081 3048 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:29:50.0081 3048 PptpMiniport - ok
21:29:50.0112 3048 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:29:50.0112 3048 Processor - ok
21:29:50.0175 3048 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:29:50.0190 3048 ProfSvc - ok
21:29:50.0237 3048 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:29:50.0237 3048 ProtectedStorage - ok
21:29:50.0300 3048 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:29:50.0300 3048 Psched - ok
21:29:50.0346 3048 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:29:50.0393 3048 ql2300 - ok
21:29:50.0409 3048 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:29:50.0409 3048 ql40xx - ok
21:29:50.0440 3048 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:29:50.0456 3048 QWAVE - ok
21:29:50.0471 3048 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:29:50.0471 3048 QWAVEdrv - ok
21:29:50.0502 3048 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:29:50.0502 3048 RasAcd - ok
21:29:50.0549 3048 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:29:50.0549 3048 RasAgileVpn - ok
21:29:50.0565 3048 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:29:50.0565 3048 RasAuto - ok
21:29:50.0612 3048 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:29:50.0612 3048 Rasl2tp - ok
21:29:50.0658 3048 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:29:50.0674 3048 RasMan - ok
21:29:50.0721 3048 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:29:50.0721 3048 RasPppoe - ok
21:29:50.0736 3048 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:29:50.0736 3048 RasSstp - ok
21:29:50.0799 3048 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:29:50.0814 3048 rdbss - ok
21:29:50.0830 3048 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:29:50.0830 3048 rdpbus - ok
21:29:50.0861 3048 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:29:50.0861 3048 RDPCDD - ok
21:29:50.0892 3048 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:29:50.0892 3048 RDPENCDD - ok
21:29:50.0924 3048 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:29:50.0924 3048 RDPREFMP - ok
21:29:50.0970 3048 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:29:50.0986 3048 RDPWD - ok
21:29:51.0033 3048 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:29:51.0033 3048 rdyboost - ok
21:29:51.0064 3048 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:29:51.0080 3048 RemoteAccess - ok
21:29:51.0111 3048 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:29:51.0111 3048 RemoteRegistry - ok
21:29:51.0158 3048 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:29:51.0158 3048 RpcEptMapper - ok
21:29:51.0189 3048 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:29:51.0189 3048 RpcLocator - ok
21:29:51.0236 3048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:29:51.0251 3048 RpcSs - ok
21:29:51.0282 3048 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:29:51.0282 3048 rspndr - ok
21:29:51.0314 3048 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:29:51.0314 3048 SamSs - ok
21:29:51.0345 3048 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:29:51.0360 3048 sbp2port - ok
21:29:51.0376 3048 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:29:51.0392 3048 SCardSvr - ok
21:29:51.0423 3048 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:29:51.0423 3048 scfilter - ok
21:29:51.0485 3048 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:29:51.0516 3048 Schedule - ok
21:29:51.0548 3048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:29:51.0548 3048 SCPolicySvc - ok
21:29:51.0594 3048 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:29:51.0610 3048 SDRSVC - ok
21:29:51.0641 3048 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:29:51.0641 3048 secdrv - ok
21:29:51.0688 3048 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:29:51.0688 3048 seclogon - ok
21:29:51.0719 3048 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:29:51.0719 3048 SENS - ok
21:29:51.0766 3048 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:29:51.0766 3048 SensrSvc - ok
21:29:51.0797 3048 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:29:51.0813 3048 Serenum - ok
21:29:51.0828 3048 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:29:51.0844 3048 Serial - ok
21:29:51.0891 3048 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:29:51.0891 3048 sermouse - ok
21:29:51.0938 3048 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:29:51.0953 3048 SessionEnv - ok
21:29:51.0984 3048 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:29:51.0984 3048 sffdisk - ok
21:29:52.0016 3048 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:29:52.0016 3048 sffp_mmc - ok
21:29:52.0031 3048 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:29:52.0031 3048 sffp_sd - ok
21:29:52.0062 3048 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:29:52.0062 3048 sfloppy - ok
21:29:52.0109 3048 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:29:52.0125 3048 SharedAccess - ok
21:29:52.0172 3048 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:29:52.0187 3048 ShellHWDetection - ok
21:29:52.0234 3048 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:29:52.0250 3048 SiSRaid2 - ok
21:29:52.0296 3048 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:29:52.0312 3048 SiSRaid4 - ok
21:29:52.0359 3048 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:29:52.0374 3048 SkypeUpdate - ok
21:29:52.0406 3048 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:29:52.0406 3048 Smb - ok
21:29:52.0468 3048 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:29:52.0468 3048 SNMPTRAP - ok
21:29:52.0499 3048 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:29:52.0499 3048 spldr - ok
21:29:52.0546 3048 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:29:52.0562 3048 Spooler - ok
21:29:52.0686 3048 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:29:52.0764 3048 sppsvc - ok
21:29:52.0796 3048 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:29:52.0796 3048 sppuinotify - ok
21:29:52.0842 3048 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:29:52.0858 3048 srv - ok
21:29:52.0905 3048 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:29:52.0920 3048 srv2 - ok
21:29:52.0936 3048 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:29:52.0936 3048 srvnet - ok
21:29:52.0983 3048 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:29:52.0998 3048 SSDPSRV - ok
21:29:53.0014 3048 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:29:53.0014 3048 SstpSvc - ok
21:29:53.0061 3048 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:29:53.0061 3048 stexstor - ok
21:29:53.0123 3048 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:29:53.0154 3048 stisvc - ok
21:29:53.0186 3048 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:29:53.0186 3048 swenum - ok
21:29:53.0232 3048 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:29:53.0248 3048 swprv - ok
21:29:53.0310 3048 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:29:53.0342 3048 SysMain - ok
21:29:53.0388 3048 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:29:53.0388 3048 TabletInputService - ok
21:29:53.0435 3048 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:29:53.0451 3048 TapiSrv - ok
21:29:53.0466 3048 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:29:53.0482 3048 TBS - ok
21:29:53.0544 3048 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:29:53.0591 3048 Tcpip - ok
21:29:53.0654 3048 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:29:53.0669 3048 TCPIP6 - ok
21:29:53.0716 3048 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:29:53.0732 3048 tcpipreg - ok
21:29:53.0763 3048 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:29:53.0778 3048 TDPIPE - ok
21:29:53.0825 3048 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:29:53.0825 3048 TDTCP - ok
21:29:53.0872 3048 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:29:53.0872 3048 tdx - ok
21:29:53.0919 3048 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:29:53.0919 3048 TermDD - ok
21:29:53.0950 3048 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:29:53.0966 3048 TermService - ok
21:29:53.0997 3048 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:29:53.0997 3048 Themes - ok
21:29:54.0028 3048 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:29:54.0028 3048 THREADORDER - ok
21:29:54.0044 3048 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:29:54.0059 3048 TrkWks - ok
21:29:54.0106 3048 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:29:54.0122 3048 TrustedInstaller - ok
21:29:54.0200 3048 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:29:54.0215 3048 tssecsrv - ok
21:29:54.0246 3048 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:29:54.0246 3048 TsUsbFlt - ok
21:29:54.0309 3048 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:29:54.0309 3048 tunnel - ok
21:29:54.0340 3048 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:29:54.0340 3048 uagp35 - ok
21:29:54.0387 3048 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:29:54.0387 3048 udfs - ok
21:29:54.0434 3048 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:29:54.0434 3048 UI0Detect - ok
21:29:54.0465 3048 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:29:54.0465 3048 uliagpkx - ok
21:29:54.0527 3048 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:29:54.0527 3048 umbus - ok
21:29:54.0558 3048 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:29:54.0558 3048 UmPass - ok
21:29:54.0590 3048 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:29:54.0605 3048 upnphost - ok
21:29:54.0668 3048 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
21:29:54.0668 3048 usbaudio - ok
21:29:54.0699 3048 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:29:54.0699 3048 usbccgp - ok
21:29:54.0746 3048 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:29:54.0746 3048 usbcir - ok
21:29:54.0777 3048 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:29:54.0777 3048 usbehci - ok
21:29:54.0808 3048 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:29:54.0824 3048 usbhub - ok
21:29:54.0855 3048 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:29:54.0855 3048 usbohci - ok
21:29:54.0886 3048 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:29:54.0886 3048 usbprint - ok
21:29:54.0933 3048 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:29:54.0933 3048 usbscan - ok
21:29:54.0948 3048 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:29:54.0948 3048 USBSTOR - ok
21:29:54.0980 3048 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:29:54.0980 3048 usbuhci - ok
21:29:55.0026 3048 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:29:55.0026 3048 UxSms - ok
21:29:55.0058 3048 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:29:55.0058 3048 VaultSvc - ok
21:29:55.0089 3048 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:29:55.0089 3048 vdrvroot - ok
21:29:55.0151 3048 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:29:55.0167 3048 vds - ok
21:29:55.0198 3048 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:29:55.0198 3048 vga - ok
21:29:55.0229 3048 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:29:55.0229 3048 VgaSave - ok
21:29:55.0276 3048 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:29:55.0292 3048 vhdmp - ok
21:29:55.0354 3048 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:29:55.0354 3048 viaide - ok
21:29:55.0385 3048 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:29:55.0385 3048 volmgr - ok
21:29:55.0448 3048 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:29:55.0448 3048 volmgrx - ok
21:29:55.0479 3048 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:29:55.0479 3048 volsnap - ok
21:29:55.0526 3048 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:29:55.0526 3048 vsmraid - ok
21:29:55.0604 3048 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:29:55.0635 3048 VSS - ok
21:29:55.0666 3048 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:29:55.0666 3048 vwifibus - ok
21:29:55.0697 3048 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:29:55.0713 3048 W32Time - ok
21:29:55.0760 3048 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:29:55.0760 3048 WacomPen - ok
21:29:55.0806 3048 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:29:55.0806 3048 WANARP - ok
21:29:55.0853 3048 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:29:55.0853 3048 Wanarpv6 - ok
21:29:55.0931 3048 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:29:55.0978 3048 WatAdminSvc - ok
21:29:56.0087 3048 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:29:56.0118 3048 wbengine - ok
21:29:56.0165 3048 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:29:56.0165 3048 WbioSrvc - ok
21:29:56.0212 3048 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:29:56.0228 3048 wcncsvc - ok
21:29:56.0243 3048 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:29:56.0259 3048 WcsPlugInService - ok
21:29:56.0290 3048 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:29:56.0290 3048 Wd - ok
21:29:56.0337 3048 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:29:56.0352 3048 Wdf01000 - ok
21:29:56.0399 3048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:29:56.0399 3048 WdiServiceHost - ok
21:29:56.0415 3048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:29:56.0415 3048 WdiSystemHost - ok
21:29:56.0462 3048 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:29:56.0462 3048 WebClient - ok
21:29:56.0477 3048 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:29:56.0508 3048 Wecsvc - ok
21:29:56.0524 3048 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:29:56.0524 3048 wercplsupport - ok
21:29:56.0555 3048 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:29:56.0555 3048 WerSvc - ok
21:29:56.0602 3048 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:29:56.0602 3048 WfpLwf - ok
21:29:56.0618 3048 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:29:56.0633 3048 WIMMount - ok
21:29:56.0649 3048 WinDefend - ok
21:29:56.0680 3048 WinHttpAutoProxySvc - ok
21:29:56.0727 3048 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:29:56.0727 3048 Winmgmt - ok
21:29:56.0805 3048 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:29:56.0852 3048 WinRM - ok
21:29:56.0961 3048 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:29:56.0976 3048 Wlansvc - ok
21:29:57.0008 3048 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:29:57.0008 3048 WmiAcpi - ok
21:29:57.0054 3048 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:29:57.0070 3048 wmiApSrv - ok
21:29:57.0101 3048 WMPNetworkSvc - ok
21:29:57.0117 3048 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:29:57.0117 3048 WPCSvc - ok
21:29:57.0148 3048 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:29:57.0164 3048 WPDBusEnum - ok
21:29:57.0179 3048 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:29:57.0195 3048 ws2ifsl - ok
21:29:57.0210 3048 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:29:57.0226 3048 wscsvc - ok
21:29:57.0242 3048 WSearch - ok
21:29:57.0335 3048 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:29:57.0413 3048 wuauserv - ok
21:29:57.0460 3048 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:29:57.0476 3048 WudfPf - ok
21:29:57.0507 3048 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:29:57.0538 3048 WUDFRd - ok
21:29:57.0585 3048 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:29:57.0616 3048 wudfsvc - ok
21:29:57.0647 3048 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:29:57.0647 3048 WwanSvc - ok
21:29:57.0741 3048 [ 75729DB2738093C0EDCA5DBE3207FE5E ] XMouseButton Launcher C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
21:29:57.0819 3048 XMouseButton Launcher - ok
21:29:57.0866 3048 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:29:57.0897 3048 YahooAUService - ok
21:29:57.0912 3048 ================ Scan global ===============================
21:29:57.0944 3048 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:29:57.0975 3048 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:29:58.0006 3048 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:29:58.0037 3048 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:29:58.0068 3048 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:29:58.0068 3048 [Global] - ok
21:29:58.0084 3048 ================ Scan MBR ==================================
21:29:58.0084 3048 [ 7776D739BFD97B30B095C7D4B834C04C ] \Device\Harddisk0\DR0
21:29:58.0084 3048 Suspicious mbr (Forged): \Device\Harddisk0\DR0
21:29:58.0162 3048 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
21:29:58.0162 3048 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
21:29:58.0209 3048 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:29:58.0209 3048 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:29:58.0240 3048 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
21:29:58.0365 3048 \Device\Harddisk1\DR1 - ok
21:29:58.0365 3048 ================ Scan VBR ==================================
21:29:58.0380 3048 [ 20D218B71287C01B0817F27ABF3AC4BC ] \Device\Harddisk0\DR0\Partition1
21:29:58.0380 3048 \Device\Harddisk0\DR0\Partition1 - ok
21:29:58.0427 3048 [ 7A6424EA9E4D5582E37F247F5E00541D ] \Device\Harddisk0\DR0\Partition2
21:29:58.0427 3048 \Device\Harddisk0\DR0\Partition2 - ok
21:29:58.0458 3048 [ E5F490D53C7C27E497FECD887F8BAD12 ] \Device\Harddisk0\DR0\Partition3
21:29:58.0458 3048 \Device\Harddisk0\DR0\Partition3 - ok
21:29:58.0474 3048 [ EBAEB64881EDD0DFB07A000302560C31 ] \Device\Harddisk1\DR1\Partition1
21:29:58.0474 3048 \Device\Harddisk1\DR1\Partition1 - ok
21:29:58.0474 3048 ============================================================
21:29:58.0474 3048 Scan finished
21:29:58.0474 3048 ============================================================
21:29:58.0505 2532 Detected object count: 2
21:29:58.0505 2532 Actual detected object count: 2
21:30:40.0625 2532 \Device\Harddisk0\DR0\# - copied to quarantine
21:30:40.0766 2532 \Device\Harddisk0\DR0 - copied to quarantine
21:30:42.0591 2532 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:30:42.0747 2532 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:30:42.0809 2532 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:30:49.0252 2532 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:30:49.0611 2532 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:30:49.0938 2532 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:30:50.0250 2532 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:30:51.0249 2532 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:30:51.0857 2532 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:30:52.0107 2532 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:30:52.0419 2532 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:30:52.0871 2532 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
21:30:54.0182 2532 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:30:54.0338 2532 \Device\Harddisk0\DR0 - ok
21:30:56.0787 2532 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
21:30:56.0787 2532 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:30:56.0787 2532 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:31:11.0295 2548 Deinitialize success

TDSSkiller log (2 of 2)

21:32:57.0724 2260 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:32:58.0754 2260 ============================================================
21:32:58.0754 2260 Current date / time: 2012/11/14 21:32:58.0754
21:32:58.0754 2260 SystemInfo:
21:32:58.0754 2260
21:32:58.0754 2260 OS Version: 6.1.7601 ServicePack: 1.0
21:32:58.0754 2260 Product type: Workstation
21:32:58.0754 2260 ComputerName: MIKE-PC
21:32:58.0754 2260 UserName: Mike
21:32:58.0754 2260 Windows directory: C:\Windows
21:32:58.0754 2260 System windows directory: C:\Windows
21:32:58.0754 2260 Running under WOW64
21:32:58.0754 2260 Processor architecture: Intel x64
21:32:58.0754 2260 Number of processors: 1
21:32:58.0754 2260 Page size: 0x1000
21:32:58.0754 2260 Boot type: Normal boot
21:32:58.0754 2260 ============================================================
21:33:02.0763 2260 BG loaded
21:33:05.0072 2260 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
21:33:05.0508 2260 Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:33:05.0524 2260 ============================================================
21:33:05.0524 2260 \Device\Harddisk0\DR0:
21:33:05.0571 2260 MBR partitions:
21:33:05.0571 2260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:33:05.0571 2260 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x23C1A800
21:33:05.0571 2260 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23C4D000, BlocksNum 0x17E1000
21:33:05.0571 2260 \Device\Harddisk1\DR1:
21:33:05.0571 2260 MBR partitions:
21:33:05.0571 2260 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
21:33:05.0571 2260 ============================================================
21:33:05.0742 2260 C: <-> \Device\Harddisk0\DR0\Partition2
21:33:05.0930 2260 D: <-> \Device\Harddisk0\DR0\Partition3
21:33:05.0930 2260 ============================================================
21:33:05.0930 2260 Initialize success
21:33:05.0930 2260 ============================================================
21:33:36.0771 2196 Deinitialize success

combofix log

ComboFix 12-11-14.01 - Mike 11/14/2012 21:48:12.3.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2942.1850 [GMT -6:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mike\AppData\Local\Diagnostics\CyberLink\hwczm.dll
c:\users\Mike\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 )))))))))))))))))))))))))))))))
.
.
2012-11-15 04:32 . 2012-11-15 04:32 -------- d-----w- C:\FRST
2012-11-15 03:59 . 2012-11-15 03:59 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{944EA49A-6DC1-44CA-BBAB-569B980AE3F5}\offreg.dll
2012-11-15 03:57 . 2012-11-15 03:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-15 03:57 . 2012-11-15 03:57 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-11-15 03:57 . 2012-11-15 03:57 -------- d-----w- c:\users\postgres.Mike-PC\AppData\Local\temp
2012-11-15 03:57 . 2012-11-15 03:57 -------- d-----w- c:\users\postgres.Mike-PC.000\AppData\Local\temp
2012-11-15 03:57 . 2012-11-15 03:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-15 03:30 . 2012-11-15 03:30 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-14 20:14 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{944EA49A-6DC1-44CA-BBAB-569B980AE3F5}\mpengine.dll
2012-11-14 18:51 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 18:51 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 18:51 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 18:51 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 18:43 . 2012-10-08 11:13 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 18:43 . 2012-10-08 11:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 18:43 . 2012-10-08 07:40 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-14 18:35 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 18:35 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 18:35 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 18:35 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 18:34 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 18:34 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 18:34 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 12:46 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 12:46 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-14 12:46 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-14 12:46 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-14 12:46 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 12:46 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 12:46 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 12:46 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-11-14 12:45 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 12:45 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 12:45 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 12:45 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-11-14 12:45 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2012-11-14 12:45 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 12:45 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 12:45 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-11-14 12:45 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 12:45 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 12:45 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-13 19:30 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-13 03:06 . 2012-11-13 05:10 -------- d-----w- c:\users\Oliver! [1968] Musical - Best Picture - .x264
2012-11-10 08:43 . 2012-11-10 08:43 -------- d-----w- c:\program files (x86)\PokerStrategy.com
2012-11-03 07:08 . 2012-11-03 07:11 -------- d-----w- c:\users\Deadfall.2012.DVDRip.XViD-PLAYNOW
2012-11-03 07:04 . 2012-11-03 07:07 -------- d-----w- c:\users\Savages.2012.UNRATED.WEBRIP.AC3.XVID.HS
2012-11-03 07:01 . 2012-11-03 07:04 -------- d-----w- c:\users\Looper 2012 KORSUB XViD UNiQUE
2012-11-03 07:00 . 2012-11-04 03:05 -------- d-----w- c:\users\The Watch 2012 DVDRip XViD-PLAYNOW avi
2012-11-03 06:02 . 2012-11-03 06:04 -------- d-----w- c:\users\Total.Recall.2012.DVDRip.XviD-Lum1x
2012-10-31 06:18 . 2012-10-31 09:13 -------- d-----w- c:\users\Tracy.Morgan.Black.And.Blue.2010.DVDRip.XviD-IGUANA.(UsaBit.com)
2012-10-27 10:54 . 2012-10-27 14:49 -------- d-----w- c:\users\Universal.Soldier.Day.Of.Reckoning.2012.HDRiP.AC3-2.0.XviD-AXED
2012-10-20 12:56 . 2012-09-27 01:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5DBF646B-EE19-411E-A078-17041B618E1C}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 18:37 . 2009-12-01 23:06 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-06 23:29 . 2012-04-04 18:54 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-06 23:29 . 2011-07-23 09:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 01:54 . 2011-04-10 02:37 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-27 01:18 . 2011-03-27 15:17 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-14 19:19 . 2012-10-10 06:03 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 06:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 06:04 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2010-10-25 03:25 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 18:03 . 2012-10-10 06:04 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 06:04 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 06:04 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-24 18:05 . 2012-10-10 06:04 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 06:04 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-22 18:12 . 2012-09-14 00:13 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-14 00:13 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-14 00:13 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 19:44 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-10 06:04 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 06:04 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 06:04 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 06:04 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 06:04 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 06:04 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 06:04 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 06:04 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 06:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 06:04 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 06:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 06:04 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 06:04 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 06:04 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 06:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:38 . 2012-10-10 06:04 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-08-20 15:38 . 2012-10-10 06:04 2048 ----a-w- c:\windows\SysWow64\user.exe
2012-08-20 15:33 . 2012-10-10 06:04 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 06:04 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 06:04 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 06:04 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTo0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-03 1255736]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
S2 XMouseButton Launcher;XMouseButton Launcher;c:\program files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2009-09-01 84480]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:29]
.
2012-11-12 c:\windows\Tasks\HPCeeScheduleForMike.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
2012-11-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-29 16333856]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-CPN Notifier - c:\program files (x86)\Lock Poker\PokerNotifier.exe
Wow6432Node-HKU-Default-Run-CyberLink - c:\users\Mike\AppData\Local\Diagnostics\CyberLink\hwczm.dll
SafeBoot-74546599.sys
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72,
1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00
"{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}"=hex:51,66,7a,6c,4c,1d,38,12,c5,15,ac,
a2,93,0c,ab,0e,e9,4b,1d,00,7b,1a,de,be
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{ABD3B5E1-B268-407B-A150-2641DAB8D898}"=hex:51,66,7a,6c,4c,1d,38,12,8f,b6,c0,
af,5a,fc,15,05,de,46,65,01,df,e6,9c,8c
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EB5CEE80-030A-4ED8-8E20-454E9C68380F}"=hex:51,66,7a,6c,4c,1d,38,12,ee,ed,4f,
ef,38,4d,b6,0b,f1,36,06,0e,99,36,7c,1b
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a0,59,a1,1c,50,5b,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2012-11-14 22:05:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-15 04:05
.
Pre-Run: 228,355,538,944 bytes free
Post-Run: 228,131,782,656 bytes free
.
- - End Of File - - 8663DB73EF7C5B456A59D1A16E64CC8F

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:02 PM

Posted 15 November 2012 - 05:33 PM

Please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 pointguard

pointguard
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 16 November 2012 - 01:55 AM

# AdwCleaner v2.007 - Logfile created 11/15/2012 at 18:03:44
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Mike - MIKE-PC
# Boot Mode : Normal
# Running from : C:\Users\Mike\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\uTorrentControl2
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Bandoo
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandoo
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\Users\Mike\AppData\Local\Conduit
Folder Deleted : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dloejdefkancmfajekobpfoacecnhpgp
Folder Deleted : C:\Users\Mike\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Mike\AppData\LocalLow\Bandoo
Folder Deleted : C:\Users\Mike\AppData\LocalLow\bflixtoolbar
Folder Deleted : C:\Users\Mike\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Mike\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Mike\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Mike\AppData\Roaming\Bandoo
Folder Deleted : C:\Users\Mike\AppData\Roaming\iWin

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\bflixtoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A01A3335-0C30-4312-A430-92356CC37A92}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dloejdefkancmfajekobpfoacecnhpgp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{04D6E828-DC59-447E-8D10-89DB41C995CF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5110854B-79FA-4993-8FEE-D87B7EE12022}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6BF16AB-42A1-4BC5-965D-5E407E449AAA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01222E21-6BD0-4EB3-94F1-967EB09CCED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{33DDFC61-F531-4982-8C32-4212B7835D44}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9005ED5-4A1D-4606-A4DF-1A25E7D7B417}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [ffox@bandoo.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6715 octets] - [15/11/2012 18:03:44]

########## EOF - C:\AdwCleaner[S1].txt - [6775 octets] ##########


MBAM log

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.15.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mike :: MIKE-PC [administrator]

11/15/2012 6:11:39 PM
mbam-log-2012-11-15 (18-11-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 364088
Time elapsed: 6 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESETSCAN

C:\TDSSKiller_Quarantine\14.11.2012_21.28.58\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan
C:\TDSSKiller_Quarantine\14.11.2012_21.28.58\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:02 PM

Posted 16 November 2012 - 07:15 AM

P2P - I see you have P2P software µTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.
I would strongly recommend that you uninstall this now. You can do so via Control Panel >> Programs and Features.


NEXT


Posted Image Your Java is out of date.
Java™ 7 Update 7can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


NEXT



Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 pointguard

pointguard
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 16 November 2012 - 02:17 PM

The computer is running normally and there are no outstanding issues.

Thank you very much for those links and for all your hard work resolving this matter for me. Your instructions were easy to follow, and I greatly appreciate it.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:02 PM

Posted 16 November 2012 - 04:16 PM

That's good to hear. We just have some housekeeping to do now,

Please do the following:


You can delete the DDS and Farbar logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    PC Safety and Security--What Do I Need?.
  • Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 pointguard

pointguard
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 16 November 2012 - 06:12 PM

Wow, this is great info! I will definitely read it and pass it on to others. Thanks again, CatByte!

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:02 PM

Posted 16 November 2012 - 06:17 PM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:02 PM

Posted 16 November 2012 - 06:17 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users