Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeus trojan - ZBotMem-B detected by Sophos


  • This topic is locked This topic is locked
18 replies to this topic

#1 dapater

dapater

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 22 November 2012 - 05:14 PM

I have what seems to be the evidence of the Zeus trojan on my computer.

I am running Sophos, which detected Troj/ZBotMem-B in the Memory (Manual cleanup required), and Mal/ZAAccess-CA in files in c:\$Recycle.Bin\ (Manual removal required)[See attched screenshot of the Sophos quarantine for the file names].

I then installed Malwarebytes and conducted a full scan. Malwarebytes continues to find evidence of the trojan trying to access the internet. I have posted below the malwarebytes log of the full scan of my computer and its protection log from today, noting the trojan trying to access the internet.

I have posted below those two logs the DDS log.

Any help you could provide would be much appreciated.


Malwarebytes log, full scan of my computer, 2011-11-21:

============

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.19.10

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7600.16385
dave! :: HP-HP [administrator]

Protection: Disabled

21/11/2012 1:46:24 PM
mbam-log-2012-11-21 (13-46-24).txt

Scan type: Full scan (C:\|D:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 599403
Time elapsed: 1 hour(s), 18 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\hp\AppData\Roaming\Umyt\otfy.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\hp\AppData\Roaming\Urne\naig.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\hp\AppData\Roaming\Ymahxo\yttoo.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\Users\hp\0.12380267838913273.exe (Exploit.Drop.UR.2) -> Quarantined and deleted successfully.
C:\Users\hp\0.7507285598281778.exe (Exploit.Drop.UR.2) -> Quarantined and deleted successfully.

(end)

============

Malwarebytes protection log 2011-11-22:

============

2012/11/22 08:07:06 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 53912, Process: rundll32.exe)
2012/11/22 08:17:16 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 54342, Process: rundll32.exe)
2012/11/22 08:27:28 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 54530, Process: rundll32.exe)
2012/11/22 08:37:38 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 54687, Process: rundll32.exe)
2012/11/22 08:47:49 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 54822, Process: rundll32.exe)
2012/11/22 08:57:58 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 54941, Process: rundll32.exe)
2012/11/22 09:08:09 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 55677, Process: rundll32.exe)
2012/11/22 09:18:14 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 55900, Process: rundll32.exe)
2012/11/22 09:28:26 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 56011, Process: rundll32.exe)
2012/11/22 09:38:35 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 56123, Process: rundll32.exe)
2012/11/22 09:48:45 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 56978, Process: rundll32.exe)
2012/11/22 09:58:54 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 57156, Process: rundll32.exe)
2012/11/22 10:09:03 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 57336, Process: rundll32.exe)
2012/11/22 10:19:12 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 57486, Process: rundll32.exe)
2012/11/22 10:27:57 -0800 HP-HP dave! MESSAGE Executing scheduled update: Daily
2012/11/22 10:28:20 -0800 HP-HP dave! MESSAGE Scheduled update executed successfully: database updated from version v2012.11.19.10 to version v2012.11.22.09
2012/11/22 10:28:20 -0800 HP-HP dave! MESSAGE Starting database refresh
2012/11/22 10:28:20 -0800 HP-HP dave! MESSAGE Stopping IP protection
2012/11/22 10:28:20 -0800 HP-HP dave! MESSAGE IP Protection stopped successfully
2012/11/22 10:28:24 -0800 HP-HP dave! MESSAGE Database refreshed successfully
2012/11/22 10:28:24 -0800 HP-HP dave! MESSAGE Starting IP protection
2012/11/22 10:28:31 -0800 HP-HP dave! MESSAGE IP Protection started successfully
2012/11/22 10:29:20 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 57636, Process: rundll32.exe)
2012/11/22 10:39:29 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 57755, Process: rundll32.exe)
2012/11/22 10:49:46 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 57869, Process: rundll32.exe)
2012/11/22 10:59:55 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 58004, Process: rundll32.exe)
2012/11/22 11:10:04 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 58125, Process: rundll32.exe)
2012/11/22 11:20:13 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 58229, Process: rundll32.exe)
2012/11/22 11:30:22 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 58344, Process: rundll32.exe)
2012/11/22 11:40:31 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 58834, Process: rundll32.exe)
2012/11/22 11:50:40 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 59467, Process: rundll32.exe)
2012/11/22 12:00:50 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 60077, Process: rundll32.exe)
2012/11/22 12:10:59 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 60318, Process: rundll32.exe)
2012/11/22 12:21:08 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 60871, Process: rundll32.exe)
2012/11/22 12:31:18 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 61257, Process: rundll32.exe)
2012/11/22 12:41:27 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 61372, Process: rundll32.exe)
2012/11/22 12:51:36 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 61729, Process: rundll32.exe)
2012/11/22 13:01:46 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 62127, Process: rundll32.exe)
2012/11/22 13:05:09 -0800 HP-HP dave! MESSAGE Starting protection
2012/11/22 13:05:09 -0800 HP-HP dave! MESSAGE Protection started successfully
2012/11/22 13:05:09 -0800 HP-HP dave! MESSAGE Starting IP protection
2012/11/22 13:05:16 -0800 HP-HP dave! MESSAGE IP Protection started successfully
2012/11/22 13:10:26 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50415, Process: opera.exe)
2012/11/22 13:10:26 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50418, Process: opera.exe)
2012/11/22 13:10:26 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50421, Process: opera.exe)
2012/11/22 13:10:26 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50424, Process: opera.exe)
2012/11/22 13:10:26 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50427, Process: opera.exe)
2012/11/22 13:10:26 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50430, Process: opera.exe)
2012/11/22 13:10:26 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50433, Process: opera.exe)
2012/11/22 13:10:26 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50436, Process: opera.exe)
2012/11/22 13:10:26 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50439, Process: opera.exe)
2012/11/22 13:10:26 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50442, Process: opera.exe)
2012/11/22 13:10:26 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50445, Process: opera.exe)
2012/11/22 13:10:26 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50448, Process: opera.exe)
2012/11/22 13:10:34 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50469, Process: opera.exe)
2012/11/22 13:10:34 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50472, Process: opera.exe)
2012/11/22 13:10:34 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50475, Process: opera.exe)
2012/11/22 13:10:34 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50478, Process: opera.exe)
2012/11/22 13:10:51 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50585, Process: opera.exe)
2012/11/22 13:10:51 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50588, Process: opera.exe)
2012/11/22 13:10:51 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50600, Process: opera.exe)
2012/11/22 13:10:51 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50603, Process: opera.exe)
2012/11/22 13:11:16 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50720, Process: opera.exe)
2012/11/22 13:11:16 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50723, Process: opera.exe)
2012/11/22 13:11:24 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50726, Process: opera.exe)
2012/11/22 13:11:24 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50729, Process: opera.exe)
2012/11/22 13:11:48 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50743, Process: opera.exe)
2012/11/22 13:11:48 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50746, Process: opera.exe)
2012/11/22 13:11:48 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50750, Process: opera.exe)
2012/11/22 13:11:48 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50753, Process: opera.exe)
2012/11/22 13:12:13 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50765, Process: opera.exe)
2012/11/22 13:12:13 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50768, Process: opera.exe)
2012/11/22 13:12:21 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50771, Process: opera.exe)
2012/11/22 13:12:21 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50774, Process: opera.exe)
2012/11/22 13:12:46 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50787, Process: opera.exe)
2012/11/22 13:12:46 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50790, Process: opera.exe)
2012/11/22 13:12:46 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50793, Process: opera.exe)
2012/11/22 13:12:46 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50796, Process: opera.exe)
2012/11/22 13:13:10 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50809, Process: opera.exe)
2012/11/22 13:13:10 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50812, Process: opera.exe)
2012/11/22 13:13:10 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50815, Process: opera.exe)
2012/11/22 13:13:10 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50818, Process: opera.exe)
2012/11/22 13:13:43 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50831, Process: opera.exe)
2012/11/22 13:13:43 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50834, Process: opera.exe)
2012/11/22 13:13:43 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50837, Process: opera.exe)
2012/11/22 13:13:43 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50840, Process: opera.exe)
2012/11/22 13:14:07 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50853, Process: opera.exe)
2012/11/22 13:14:07 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50856, Process: opera.exe)
2012/11/22 13:14:15 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50859, Process: opera.exe)
2012/11/22 13:14:15 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50862, Process: opera.exe)
2012/11/22 13:14:39 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50875, Process: opera.exe)
2012/11/22 13:14:39 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50878, Process: opera.exe)
2012/11/22 13:14:39 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50881, Process: opera.exe)
2012/11/22 13:14:39 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50884, Process: opera.exe)
2012/11/22 13:15:04 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50897, Process: opera.exe)
2012/11/22 13:15:04 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50900, Process: opera.exe)
2012/11/22 13:15:12 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50903, Process: opera.exe)
2012/11/22 13:15:12 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50906, Process: opera.exe)
2012/11/22 13:15:28 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 50911, Process: rundll32.exe)
2012/11/22 13:15:36 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50920, Process: opera.exe)
2012/11/22 13:15:36 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50923, Process: opera.exe)
2012/11/22 13:15:36 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50926, Process: opera.exe)
2012/11/22 13:15:36 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 50929, Process: opera.exe)
2012/11/22 13:16:32 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51259, Process: opera.exe)
2012/11/22 13:16:32 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51262, Process: opera.exe)
2012/11/22 13:16:32 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51265, Process: opera.exe)
2012/11/22 13:16:32 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51268, Process: opera.exe)
2012/11/22 13:16:32 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51271, Process: opera.exe)
2012/11/22 13:16:32 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51274, Process: opera.exe)
2012/11/22 13:16:32 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51277, Process: opera.exe)
2012/11/22 13:16:32 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51280, Process: opera.exe)
2012/11/22 13:16:32 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51283, Process: opera.exe)
2012/11/22 13:16:32 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51286, Process: opera.exe)
2012/11/22 13:16:41 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51298, Process: opera.exe)
2012/11/22 13:16:41 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51301, Process: opera.exe)
2012/11/22 13:16:41 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51304, Process: opera.exe)
2012/11/22 13:16:41 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51307, Process: opera.exe)
2012/11/22 13:16:41 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51310, Process: opera.exe)
2012/11/22 13:17:21 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51671, Process: opera.exe)
2012/11/22 13:17:21 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51674, Process: opera.exe)
2012/11/22 13:17:29 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51680, Process: opera.exe)
2012/11/22 13:17:29 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51683, Process: opera.exe)
2012/11/22 13:17:37 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51693, Process: opera.exe)
2012/11/22 13:17:37 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51696, Process: opera.exe)
2012/11/22 13:17:37 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51699, Process: opera.exe)
2012/11/22 13:17:37 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51702, Process: opera.exe)
2012/11/22 13:17:37 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51705, Process: opera.exe)
2012/11/22 13:17:37 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51708, Process: opera.exe)
2012/11/22 13:17:37 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51711, Process: opera.exe)
2012/11/22 13:17:37 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51714, Process: opera.exe)
2012/11/22 13:17:37 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51717, Process: opera.exe)
2012/11/22 13:17:37 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51720, Process: opera.exe)
2012/11/22 13:17:37 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51723, Process: opera.exe)
2012/11/22 13:17:37 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51726, Process: opera.exe)
2012/11/22 13:17:37 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51729, Process: opera.exe)
2012/11/22 13:17:37 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51732, Process: opera.exe)
2012/11/22 13:17:37 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51735, Process: opera.exe)
2012/11/22 13:17:37 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51738, Process: opera.exe)
2012/11/22 13:17:37 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51741, Process: opera.exe)
2012/11/22 13:17:37 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51744, Process: opera.exe)
2012/11/22 13:18:09 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51892, Process: opera.exe)
2012/11/22 13:18:10 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51895, Process: opera.exe)
2012/11/22 13:18:10 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51916, Process: opera.exe)
2012/11/22 13:18:10 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51919, Process: opera.exe)
2012/11/22 13:18:34 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51962, Process: opera.exe)
2012/11/22 13:18:34 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51965, Process: opera.exe)
2012/11/22 13:18:34 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51968, Process: opera.exe)
2012/11/22 13:18:34 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51971, Process: opera.exe)
2012/11/22 13:19:06 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51990, Process: opera.exe)
2012/11/22 13:19:06 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 51993, Process: opera.exe)
2012/11/22 13:19:06 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52002, Process: opera.exe)
2012/11/22 13:19:06 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52005, Process: opera.exe)
2012/11/22 13:19:06 -0800 HP-HP dave! IP-BLOCK 66.154.69.157 (Type: outgoing, Port: 52122, Process: opera.exe)
2012/11/22 13:19:14 -0800 HP-HP dave! IP-BLOCK 66.154.69.157 (Type: outgoing, Port: 52126, Process: opera.exe)
2012/11/22 13:19:14 -0800 HP-HP dave! IP-BLOCK 66.154.69.157 (Type: outgoing, Port: 52129, Process: opera.exe)
2012/11/22 13:19:14 -0800 HP-HP dave! IP-BLOCK 66.154.69.157 (Type: outgoing, Port: 52132, Process: opera.exe)
2012/11/22 13:19:14 -0800 HP-HP dave! IP-BLOCK 66.154.69.157 (Type: outgoing, Port: 52141, Process: opera.exe)
2012/11/22 13:19:14 -0800 HP-HP dave! IP-BLOCK 66.154.69.157 (Type: outgoing, Port: 52144, Process: opera.exe)
2012/11/22 13:19:30 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52157, Process: opera.exe)
2012/11/22 13:19:30 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52160, Process: opera.exe)
2012/11/22 13:19:30 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52163, Process: opera.exe)
2012/11/22 13:19:30 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52166, Process: opera.exe)
2012/11/22 13:20:02 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52350, Process: opera.exe)
2012/11/22 13:20:02 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52353, Process: opera.exe)
2012/11/22 13:20:02 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52356, Process: opera.exe)
2012/11/22 13:20:02 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52359, Process: opera.exe)
2012/11/22 13:20:02 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52362, Process: opera.exe)
2012/11/22 13:20:02 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52365, Process: opera.exe)
2012/11/22 13:20:02 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52368, Process: opera.exe)
2012/11/22 13:20:02 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52371, Process: opera.exe)
2012/11/22 13:20:02 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52374, Process: opera.exe)
2012/11/22 13:20:02 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52377, Process: opera.exe)
2012/11/22 13:20:02 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52380, Process: opera.exe)
2012/11/22 13:20:02 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52386, Process: opera.exe)
2012/11/22 13:20:02 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52389, Process: opera.exe)
2012/11/22 13:20:02 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52392, Process: opera.exe)
2012/11/22 13:20:02 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52395, Process: opera.exe)
2012/11/22 13:20:02 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52398, Process: opera.exe)
2012/11/22 13:20:19 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52566, Process: opera.exe)
2012/11/22 13:20:19 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52569, Process: opera.exe)
2012/11/22 13:20:19 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52572, Process: opera.exe)
2012/11/22 13:20:19 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52575, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52588, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52591, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52594, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52597, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52600, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52603, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52606, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52609, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52612, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52615, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52618, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52621, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52624, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52627, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52630, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52633, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52636, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52639, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52642, Process: opera.exe)
2012/11/22 13:20:35 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52645, Process: opera.exe)
2012/11/22 13:20:59 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52742, Process: opera.exe)
2012/11/22 13:20:59 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52745, Process: opera.exe)
2012/11/22 13:21:07 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52769, Process: opera.exe)
2012/11/22 13:21:07 -0800 HP-HP dave! IP-BLOCK 66.152.78.239 (Type: outgoing, Port: 52772, Process: opera.exe)
2012/11/22 13:25:41 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 52971, Process: rundll32.exe)
2012/11/22 13:35:51 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 53835, Process: rundll32.exe)
2012/11/22 13:46:02 -0800 HP-HP dave! IP-BLOCK 46.183.216.247 (Type: outgoing, Port: 54029, Process: rundll32.exe)


============

DDS 2011-11-22:

============



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1
Run by dave! at 13:36:42 on 2012-11-22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3835.1783 [GMT -8:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sophos Anti-Virus *Enabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://secure.ingdirect.ca/InitialINGDirect.html?command=displayLogin&device=web&locale=en_CA
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
uRun: [AdobeBridge] <no file>
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\hp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.153.176.9 75.153.176.1
TCP: Interfaces\{38FA5306-3187-4A7C-B932-5563C8A2948A} : DHCPNameServer = 75.153.176.9 75.153.176.1
TCP: Interfaces\{38FA5306-3187-4A7C-B932-5563C8A2948A}\7723D277F627B63786F607 : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{38FA5306-3187-4A7C-B932-5563C8A2948A}\E456C637F6E602478656023556167657C6C6 : DHCPNameServer = 192.168.254.254 192.168.254.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll
Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
AppInit_DLLs= C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - <orphaned>
x64-Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\mkgiyaaz.default\
FF - prefs.js: browser.startup.homepage - hxxps://servicing.capitalone.com/c1/login.aspx?CountryCode=CA
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\hp\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\hp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\hp\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2011-09-30 21:02; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxps://servicing.capitalone.com/c1/login.aspx?CountryCode=CA
FF - user.js: browser.startup.page - 1
.
============= SERVICES / DRIVERS ===============
.
R1 SAVOnAccess;SAVOnAccess;C:\Windows\System32\drivers\savonaccess.sys [2012-11-15 144672]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-6-18 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-16 202752]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-6-4 32880]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-19 25928]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-6-9 38456]
S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-9-10 1436424]
S3 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-6-9 239136]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-9 295424]
S3 sdcfilter;sdcfilter;C:\Windows\System32\drivers\sdcfilter.sys [2012-11-15 36640]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 SophosBootDriver;SophosBootDriver;C:\Windows\System32\drivers\SophosBootDriver.sys [2012-11-15 25608]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2012-11-22 16:15:22 -------- d-----w- C:\Program Files\CCleaner
2012-11-22 07:18:57 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-22 07:17:46 -------- d-s---w- C:\ComboFix
2012-11-20 07:31:23 -------- d-----w- C:\Users\hp\AppData\Roaming\Malwarebytes
2012-11-20 07:30:43 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-20 07:30:37 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-20 07:30:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-16 05:23:12 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2012-11-15 17:13:50 -------- d-----w- C:\Users\hp\AppData\Roaming\SpeedyPC Software
2012-11-15 17:13:50 -------- d-----w- C:\Users\hp\AppData\Roaming\DriverCure
2012-11-15 17:13:33 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software
2012-11-15 17:13:29 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-11-15 17:13:29 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software
2012-11-15 17:00:30 -------- d-----w- C:\Users\hp\AppData\Roaming\Ximoa
2012-11-15 17:00:30 -------- d-----w- C:\Users\hp\AppData\Roaming\Umyt
2012-11-15 17:00:30 -------- d-----w- C:\Users\hp\AppData\Roaming\Giahud
2012-11-15 15:47:55 -------- d-----w- C:\Users\hp\AppData\Roaming\Yxap
2012-11-15 15:47:55 -------- d-----w- C:\Users\hp\AppData\Roaming\Urne
2012-11-15 15:47:55 -------- d-----w- C:\Users\hp\AppData\Roaming\Boampa
2012-11-15 08:38:51 -------- d-----w- C:\Users\hp\AppData\Roaming\Ymahxo
2012-11-15 08:38:51 -------- d-----w- C:\Users\hp\AppData\Roaming\Usebwo
2012-11-15 08:38:51 -------- d-----w- C:\Users\hp\AppData\Roaming\Cyosig
2012-11-15 08:20:15 -------- d-----w- C:\Users\hp\AppData\Local\Sophos
2012-11-15 08:12:45 -------- d-----w- C:\Program Files (x86)\Common Files\Cisco Systems
2012-11-15 08:12:42 37400 ----a-w- C:\Windows\System32\SophosBootTasks.exe
2012-11-15 08:09:01 36640 ----a-w- C:\Windows\System32\drivers\sdcfilter.sys
2012-11-15 08:06:39 144672 ----a-w- C:\Windows\System32\drivers\savonaccess.sys
2012-11-15 08:05:26 183024 ----a-w- C:\Windows\System32\sdccoinstaller.dll
2012-11-15 08:03:38 25608 ----a-w- C:\Windows\System32\drivers\SophosBootDriver.sys
2012-11-15 08:01:55 -------- d-----w- C:\ProgramData\Sophos
2012-11-15 08:01:55 -------- d-----w- C:\Program Files (x86)\Sophos
2012-11-15 07:59:21 -------- d-----w- C:\Users\hp\AppData\Roaming\e-academy Inc
2012-11-15 07:59:21 -------- d-----w- C:\Users\hp\AppData\Local\e-academy Inc
2012-11-14 10:06:45 -------- d-----w- C:\Users\hp\AppData\Roaming\Reogqi
2012-11-14 10:06:45 -------- d-----w- C:\Users\hp\AppData\Roaming\Pausa
2012-11-14 10:06:45 -------- d-----w- C:\Users\hp\AppData\Roaming\Hiuqq
2012-11-14 07:37:13 -------- d-----w- C:\Users\hp\AppData\Roaming\Nuob
2012-11-14 07:37:13 -------- d-----w- C:\Users\hp\AppData\Roaming\Kebuec
2012-11-14 07:37:13 -------- d-----w- C:\Users\hp\AppData\Roaming\Cumiuz
2012-11-14 05:37:27 -------- d-----w- C:\Users\hp\AppData\Roaming\Riylq
2012-11-14 05:37:27 -------- d-----w- C:\Users\hp\AppData\Roaming\Pyfie
2012-11-14 05:37:27 -------- d-----w- C:\Users\hp\AppData\Roaming\Ohxoza
2012-11-14 03:37:10 -------- d-----w- C:\Users\hp\AppData\Roaming\Poygz
2012-11-14 03:37:10 -------- d-----w- C:\Users\hp\AppData\Roaming\Ixidiq
2012-11-14 03:37:10 -------- d-----w- C:\Users\hp\AppData\Roaming\Begeg
2012-11-13 20:39:38 -------- d-----w- C:\Users\hp\AppData\Roaming\Ordexa
2012-11-13 20:39:38 -------- d-----w- C:\Users\hp\AppData\Roaming\Evsewa
2012-11-13 20:39:38 -------- d-----w- C:\Users\hp\AppData\Roaming\Apic
2012-11-13 17:31:20 -------- d-----w- C:\Users\hp\AppData\Roaming\Upqeil
2012-11-13 17:31:20 -------- d-----w- C:\Users\hp\AppData\Roaming\Geyzk
2012-11-13 17:31:20 -------- d-----w- C:\Users\hp\AppData\Roaming\Ecadem
2012-11-13 15:28:06 -------- d-----w- C:\Users\hp\AppData\Roaming\Vyabew
2012-11-13 15:28:06 -------- d-----w- C:\Users\hp\AppData\Roaming\Kuok
2012-11-13 15:28:06 -------- d-----w- C:\Users\hp\AppData\Roaming\Azak
2012-11-13 08:02:02 -------- d-----w- C:\Users\hp\AppData\Roaming\Ucevob
2012-11-13 08:02:02 -------- d-----w- C:\Users\hp\AppData\Roaming\Hyiq
2012-11-13 08:02:02 -------- d-----w- C:\Users\hp\AppData\Roaming\Duano
2012-11-13 06:01:49 -------- d-----w- C:\Users\hp\AppData\Roaming\Zauxu
2012-11-13 06:01:49 -------- d-----w- C:\Users\hp\AppData\Roaming\Uvwa
2012-11-13 06:01:49 -------- d-----w- C:\Users\hp\AppData\Roaming\Mygexu
2012-11-13 04:00:53 -------- d-----w- C:\Users\hp\AppData\Roaming\Oxobk
2012-11-13 04:00:53 -------- d-----w- C:\Users\hp\AppData\Roaming\Buhoam
2012-11-13 04:00:53 -------- d-----w- C:\Users\hp\AppData\Roaming\Akiky
2012-11-13 02:00:55 -------- d-----w- C:\Users\hp\AppData\Roaming\Ytsi
2012-11-13 02:00:55 -------- d-----w- C:\Users\hp\AppData\Roaming\Biiz
2012-11-13 02:00:55 -------- d-----w- C:\Users\hp\AppData\Roaming\Bemu
2012-11-13 00:00:21 -------- d-----w- C:\Users\hp\AppData\Roaming\Retiu
2012-11-13 00:00:21 -------- d-----w- C:\Users\hp\AppData\Roaming\Ekib
2012-11-13 00:00:21 -------- d-----w- C:\Users\hp\AppData\Roaming\Akyql
2012-11-12 22:00:13 -------- d-----w- C:\Users\hp\AppData\Roaming\Ytmeg
2012-11-12 22:00:13 -------- d-----w- C:\Users\hp\AppData\Roaming\Vixus
2012-11-12 22:00:13 -------- d-----w- C:\Users\hp\AppData\Roaming\Hyquhe
2012-11-12 20:00:33 -------- d-----w- C:\Users\hp\AppData\Roaming\Wouna
2012-11-12 20:00:33 -------- d-----w- C:\Users\hp\AppData\Roaming\Opoloh
2012-11-12 20:00:33 -------- d-----w- C:\Users\hp\AppData\Roaming\Amup
2012-11-12 17:59:29 -------- d-----w- C:\Users\hp\AppData\Roaming\Zeeg
2012-11-12 17:59:29 -------- d-----w- C:\Users\hp\AppData\Roaming\Utnii
2012-11-12 17:59:29 -------- d-----w- C:\Users\hp\AppData\Roaming\Okvoxe
2012-11-12 15:59:14 -------- d-----w- C:\Users\hp\AppData\Roaming\Raod
2012-11-12 15:59:14 -------- d-----w- C:\Users\hp\AppData\Roaming\Ohroun
2012-11-12 15:59:14 -------- d-----w- C:\Users\hp\AppData\Roaming\Fyhaf
2012-11-12 08:28:55 -------- d-----w- C:\Users\hp\AppData\Roaming\Uhfy
2012-11-12 08:28:55 -------- d-----w- C:\Users\hp\AppData\Roaming\Okneah
2012-11-12 08:28:55 -------- d-----w- C:\Users\hp\AppData\Roaming\Iwugfe
2012-11-12 07:17:44 -------- d-----w- C:\Users\hp\AppData\Local\Macromedia
2012-11-12 06:28:48 -------- d-----w- C:\Users\hp\AppData\Roaming\Yqaw
2012-11-12 06:28:48 -------- d-----w- C:\Users\hp\AppData\Roaming\Ruazi
2012-11-12 06:28:48 -------- d-----w- C:\Users\hp\AppData\Roaming\Atyc
2012-11-12 04:29:02 -------- d-----w- C:\Users\hp\AppData\Roaming\Niheaz
2012-11-12 04:29:02 -------- d-----w- C:\Users\hp\AppData\Roaming\Domym
2012-11-12 04:29:02 -------- d-----w- C:\Users\hp\AppData\Roaming\Ceeco
2012-11-12 02:29:05 -------- d-----w- C:\Users\hp\AppData\Roaming\Yzida
2012-11-12 02:29:05 -------- d-----w- C:\Users\hp\AppData\Roaming\Qipais
2012-11-12 02:29:05 -------- d-----w- C:\Users\hp\AppData\Roaming\Abte
2012-11-12 00:28:58 -------- d-----w- C:\Users\hp\AppData\Roaming\Oqubto
2012-11-12 00:28:58 -------- d-----w- C:\Users\hp\AppData\Roaming\Hese
2012-11-12 00:28:58 -------- d-----w- C:\Users\hp\AppData\Roaming\Egpyy
2012-11-11 22:28:06 -------- d-----w- C:\Users\hp\AppData\Roaming\Kuiz
2012-11-11 22:28:06 -------- d-----w- C:\Users\hp\AppData\Roaming\Fexoqe
2012-11-11 22:28:06 -------- d-----w- C:\Users\hp\AppData\Roaming\Caud
2012-11-11 20:27:17 -------- d-----w- C:\Users\hp\AppData\Roaming\Wiusve
2012-11-11 20:27:17 -------- d-----w- C:\Users\hp\AppData\Roaming\Lafu
2012-11-11 20:27:17 -------- d-----w- C:\Users\hp\AppData\Roaming\Ixzy
2012-11-11 18:27:25 -------- d-----w- C:\Users\hp\AppData\Roaming\Ykinq
2012-11-11 18:27:25 -------- d-----w- C:\Users\hp\AppData\Roaming\Xume
2012-11-11 18:27:25 -------- d-----w- C:\Users\hp\AppData\Roaming\Gaosz
2012-11-11 18:21:31 -------- d-----w- C:\Users\hp\AppData\Roaming\Ryamu
2012-11-11 18:21:31 -------- d-----w- C:\Users\hp\AppData\Roaming\Holous
2012-11-11 18:21:31 -------- d-----w- C:\Users\hp\AppData\Roaming\Hoaxce
2012-11-11 18:19:22 -------- d-----w- C:\Users\hp\AppData\Roaming\Yxnaan
2012-11-11 18:19:22 -------- d-----w- C:\Users\hp\AppData\Roaming\Souhug
2012-11-11 18:19:22 -------- d-----w- C:\Users\hp\AppData\Roaming\Evxy
2012-11-04 19:42:55 -------- d-----w- C:\Users\hp\AppData\Local\Adobe_Systems_Incorporate
.
==================== Find3M ====================
.
2012-10-23 04:30:12 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-23 04:30:11 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 13:38:00.66 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 AM

Posted 22 November 2012 - 09:59 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dapater

dapater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 23 November 2012 - 03:02 AM

Thanks Gringo,

I restarted my computer and disabled Malware Bytes and Sophos before running them. Here are the reports:


-Security Check-

Results of screen317's Security Check version 0.99.54
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Sophos Anti-Virus
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 15.0.1 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Sophos Sophos Anti-Virus SavService.exe
Sophos Sophos Anti-Virus SAVAdminService.exe
Sophos Sophos Anti-Virus Web Control swc_service.exe
Sophos Sophos Anti-Virus Web Intelligence swi_service.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


-AdwCleaner-


# AdwCleaner v2.008 - Logfile created 11/22/2012 at 23:43:25
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : dave! - HP-HP
# Boot Mode : Normal
# Running from : C:\Users\hp\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Users\hp\AppData\LocalLow\boost_interprocess
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\mkgiyaaz.default\prefs.js

C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\mkgiyaaz.default\user.js ... Deleted !

[OK] File is clean.

Profile name : default
File : C:\Users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\mkgiyaaz.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.2.1578.0

File : C:\Users\hp\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Users\hp\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1591 octets] - [22/11/2012 23:43:25]

########## EOF - C:\AdwCleaner[S1].txt - [1651 octets] ##########


--RogueKiller--

RogueKiller V8.3.1 [Nov 22 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : dave! [Admin rights]
Mode : Scan -- Date : 11/22/2012 23:54:06

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] ISUSPM.exe -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe -> KILLED [TermProc]
[][DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\hp\AppData\Local\hretola.dll -> KILLED [TermProc]
[][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\hp\AppData\Local\hretola.dll -> KILLED [TermProc]

¤¤¤ Registry Entries : 17 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : ISUSPM ("C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : hretola (rundll32 "C:\Users\hp\AppData\Local\hretola.dll",hretola) -> FOUND
[RUN][ROGUE ST] HKLM\[...]\Run : HPWirelessAssistant (C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3594923890-1071736509-2284832241-1000[...]\Run : ISUSPM ("C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3594923890-1071736509-2284832241-1000[...]\Run : hretola (rundll32 "C:\Users\hp\AppData\Local\hretola.dll",hretola) -> FOUND
[TASK][RESIDUE] SpeedyPC Registration3.job : C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns -> FOUND
[TASK][RESIDUE] SpeedyPC Registration3 : C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns -> FOUND
[TASK][RESIDUE] ProgramDataUpdater : C:\Windows\System32\rundll32.exe aepdu.dll,AePduRunUpdate -> FOUND
[TASK][RESIDUE] Proxy : C:\Windows\System32\rundll32.exe /d acproxy.dll,PerformAutochkOperations -> FOUND
[TASK][RESIDUE] SR : C:\Windows\System32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation -> FOUND
[TASK][RESIDUE] IpAddressConflict1 : C:\Windows\System32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem -> FOUND
[TASK][RESIDUE] IpAddressConflict2 : C:\Windows\System32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem -> FOUND
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BEVT-60A0RT0 ATA Device +++++
--- User ---
[MBR] 5b3c8060d1ec27d20682b95565724417
[BSP] af49ba161edb5b3ed5e9bf3adf3e0df7 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 589084 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1206853632 | Size: 21092 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11222012_02d2354.txt >>
RKreport[1]_S_11222012_02d2354.txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 AM

Posted 23 November 2012 - 03:04 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 dapater

dapater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 23 November 2012 - 11:38 AM

My computer seems to be running smoothly and responding quickly.

Here is the log from Combofix:

ComboFix 12-11-22.03 - dave! 23/11/2012 0:14.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3835.2354 [GMT -8:00]
Running from: c:\users\hp\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\hp\AppData\Local\hretola.dll
c:\users\hp\AppData\Roaming\Akiky
c:\users\hp\AppData\Roaming\Akiky\ygyxk.ycc
c:\users\hp\AppData\Roaming\Amup
c:\users\hp\AppData\Roaming\Amup\nyazo.qed
c:\users\hp\AppData\Roaming\Begeg
c:\users\hp\AppData\Roaming\Begeg\axes.umq
c:\users\hp\AppData\Roaming\Bemu
c:\users\hp\AppData\Roaming\Bemu\pailu.atg
c:\users\hp\AppData\Roaming\Boampa
c:\users\hp\AppData\Roaming\Boampa\riqax.fel
c:\users\hp\AppData\Roaming\Ceeco
c:\users\hp\AppData\Roaming\Ceeco\esafu.rug
c:\users\hp\AppData\Roaming\Cumiuz
c:\users\hp\AppData\Roaming\Cumiuz\ibni.tan
c:\users\hp\AppData\Roaming\Cyosig
c:\users\hp\AppData\Roaming\Cyosig\gywiu.aqk
c:\users\hp\AppData\Roaming\Duano
c:\users\hp\AppData\Roaming\Duano\ysinh.qyd
c:\users\hp\AppData\Roaming\Ekib
c:\users\hp\AppData\Roaming\Ekib\xuxou.goe
c:\users\hp\AppData\Roaming\Evsewa
c:\users\hp\AppData\Roaming\Evsewa\afvi.ehc
c:\users\hp\AppData\Roaming\Fexoqe
c:\users\hp\AppData\Roaming\Fexoqe\ifez.tas
c:\users\hp\AppData\Roaming\Fyhaf
c:\users\hp\AppData\Roaming\Fyhaf\ybby.keu
c:\users\hp\AppData\Roaming\Gaosz
c:\users\hp\AppData\Roaming\Gaosz\orxa.kei
c:\users\hp\AppData\Roaming\Geyzk
c:\users\hp\AppData\Roaming\Geyzk\ufecv.ofw
c:\users\hp\AppData\Roaming\Giahud
c:\users\hp\AppData\Roaming\Giahud\ohdef.guy
c:\users\hp\AppData\Roaming\Hese
c:\users\hp\AppData\Roaming\Hese\qiyr.oby
c:\users\hp\AppData\Roaming\Hiuqq
c:\users\hp\AppData\Roaming\Hiuqq\yzdiy.dua
c:\users\hp\AppData\Roaming\Holous
c:\users\hp\AppData\Roaming\Holous\raxu.ipi
c:\users\hp\AppData\Roaming\Hyiq
c:\users\hp\AppData\Roaming\Hyiq\paun.vaa
c:\users\hp\AppData\Roaming\Hyquhe
c:\users\hp\AppData\Roaming\Hyquhe\osbi.eko
c:\users\hp\AppData\Roaming\Iwugfe
c:\users\hp\AppData\Roaming\Iwugfe\asbyf.ubi
c:\users\hp\AppData\Roaming\Ixidiq
c:\users\hp\AppData\Roaming\Ixidiq\oxqya.ykx
c:\users\hp\AppData\Roaming\Kuiz
c:\users\hp\AppData\Roaming\Kuiz\riez.isy
c:\users\hp\AppData\Roaming\Kuok
c:\users\hp\AppData\Roaming\Kuok\ihrur.uxt
c:\users\hp\AppData\Roaming\Lafu
c:\users\hp\AppData\Roaming\Lafu\wysoa.cei
c:\users\hp\AppData\Roaming\Mygexu
c:\users\hp\AppData\Roaming\Mygexu\enku.oxi
c:\users\hp\AppData\Roaming\Niheaz
c:\users\hp\AppData\Roaming\Niheaz\yfvec.iwe
c:\users\hp\AppData\Roaming\Nuob
c:\users\hp\AppData\Roaming\Nuob\acpia.abe
c:\users\hp\AppData\Roaming\Okneah
c:\users\hp\AppData\Roaming\Okneah\ihoq.cui
c:\users\hp\AppData\Roaming\Okvoxe
c:\users\hp\AppData\Roaming\Okvoxe\rary.afs
c:\users\hp\AppData\Roaming\Opoloh
c:\users\hp\AppData\Roaming\Opoloh\ybryf.yfy
c:\users\hp\AppData\Roaming\Oqubto
c:\users\hp\AppData\Roaming\Oqubto\onsy.seg
c:\users\hp\AppData\Roaming\Ordexa
c:\users\hp\AppData\Roaming\Ordexa\gyak.pek
c:\users\hp\AppData\Roaming\Oxobk
c:\users\hp\AppData\Roaming\Oxobk\kuhoa.ebi
c:\users\hp\AppData\Roaming\Pyfie
c:\users\hp\AppData\Roaming\Pyfie\biqu.xyn
c:\users\hp\AppData\Roaming\Qipais
c:\users\hp\AppData\Roaming\Qipais\olyne.gym
c:\users\hp\AppData\Roaming\Raod
c:\users\hp\AppData\Roaming\Raod\kyqo.udr
c:\users\hp\AppData\Roaming\Reogqi
c:\users\hp\AppData\Roaming\Reogqi\izgai.uzy
c:\users\hp\AppData\Roaming\Retiu
c:\users\hp\AppData\Roaming\Retiu\raug.itu
c:\users\hp\AppData\Roaming\Riylq
c:\users\hp\AppData\Roaming\Riylq\mygyy.irw
c:\users\hp\AppData\Roaming\Ruazi
c:\users\hp\AppData\Roaming\Ruazi\yrbuo.ofg
c:\users\hp\AppData\Roaming\Ryamu
c:\users\hp\AppData\Roaming\Ryamu\nibii.wes
c:\users\hp\AppData\Roaming\Upqeil
c:\users\hp\AppData\Roaming\Upqeil\pozee.eni
c:\users\hp\AppData\Roaming\Usebwo
c:\users\hp\AppData\Roaming\Usebwo\xaabd.siu
c:\users\hp\AppData\Roaming\Vixus
c:\users\hp\AppData\Roaming\Vixus\emawy.onu
c:\users\hp\AppData\Roaming\Vyabew
c:\users\hp\AppData\Roaming\Vyabew\awdu.xet
c:\users\hp\AppData\Roaming\Wiusve
c:\users\hp\AppData\Roaming\Wiusve\maud.oze
c:\users\hp\AppData\Roaming\Ximoa
c:\users\hp\AppData\Roaming\Ximoa\haebu.ika
c:\users\hp\AppData\Roaming\Ykinq
c:\users\hp\AppData\Roaming\Ykinq\ermo.qoe
c:\users\hp\AppData\Roaming\Yqaw
c:\users\hp\AppData\Roaming\Yqaw\upeq.nef
c:\users\hp\AppData\Roaming\Ytsi
c:\users\hp\AppData\Roaming\Ytsi\ofutr.edv
c:\users\hp\AppData\Roaming\Yxap
c:\users\hp\AppData\Roaming\Yxap\guaf.uws
c:\users\hp\AppData\Roaming\Yxnaan
c:\users\hp\AppData\Roaming\Yxnaan\ciyg.ruz
c:\users\hp\AppData\Roaming\Yzida
c:\users\hp\AppData\Roaming\Yzida\miyr.awu
c:\users\hp\AppData\Roaming\Zauxu
c:\users\hp\AppData\Roaming\Zauxu\iqwol.egg
c:\users\hp\AppData\Roaming\Zeeg
c:\users\hp\AppData\Roaming\Zeeg\ukiw.xey
.
.
((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 )))))))))))))))))))))))))))))))
.
.
2012-11-23 08:35 . 2012-11-23 08:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-23 08:35 . 2012-11-23 08:35 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-22 16:15 . 2012-11-22 16:15 -------- d-----w- c:\program files\CCleaner
2012-11-20 07:31 . 2012-11-20 07:31 -------- d-----w- c:\users\hp\AppData\Roaming\Malwarebytes
2012-11-20 07:30 . 2012-11-20 07:30 -------- d-----w- c:\programdata\Malwarebytes
2012-11-20 07:30 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-20 07:30 . 2012-11-20 07:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-16 05:23 . 2012-11-16 05:23 18912 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2012-11-15 17:13 . 2012-11-15 17:13 -------- d-----w- c:\users\hp\AppData\Roaming\SpeedyPC Software
2012-11-15 17:13 . 2012-11-15 17:13 -------- d-----w- c:\users\hp\AppData\Roaming\DriverCure
2012-11-15 17:13 . 2012-11-15 17:13 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-11-15 17:13 . 2012-11-15 17:13 -------- d-----w- c:\programdata\SpeedyPC Software
2012-11-15 17:13 . 2012-11-15 17:13 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-11-15 17:00 . 2012-11-21 23:05 -------- d-----w- c:\users\hp\AppData\Roaming\Umyt
2012-11-15 15:47 . 2012-11-21 23:05 -------- d-----w- c:\users\hp\AppData\Roaming\Urne
2012-11-15 08:38 . 2012-11-21 23:05 -------- d-----w- c:\users\hp\AppData\Roaming\Ymahxo
2012-11-15 08:20 . 2012-11-15 08:20 -------- d-----w- c:\users\hp\AppData\Local\Sophos
2012-11-15 08:12 . 2012-11-15 08:12 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems
2012-11-15 08:12 . 2012-11-15 08:06 37400 ----a-w- c:\windows\system32\SophosBootTasks.exe
2012-11-15 08:09 . 2012-11-15 08:09 36640 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2012-11-15 08:06 . 2012-11-15 08:06 144672 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2012-11-15 08:05 . 2012-11-15 08:05 183024 ----a-w- c:\windows\system32\sdccoinstaller.dll
2012-11-15 08:03 . 2012-11-15 08:03 25608 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2012-11-15 08:01 . 2012-11-15 08:13 -------- d-----w- c:\programdata\Sophos
2012-11-15 08:01 . 2012-11-15 08:12 -------- d-----w- c:\program files (x86)\Sophos
2012-11-15 07:59 . 2012-11-15 07:59 -------- d-----w- c:\users\hp\AppData\Roaming\e-academy Inc
2012-11-15 07:59 . 2012-11-15 07:59 -------- d-----w- c:\users\hp\AppData\Local\e-academy Inc
2012-11-14 10:06 . 2012-11-17 21:23 -------- d-----w- c:\users\hp\AppData\Roaming\Pausa
2012-11-14 07:37 . 2012-11-17 21:24 -------- d-----w- c:\users\hp\AppData\Roaming\Kebuec
2012-11-14 05:37 . 2012-11-17 21:24 -------- d-----w- c:\users\hp\AppData\Roaming\Ohxoza
2012-11-14 03:37 . 2012-11-17 21:24 -------- d-----w- c:\users\hp\AppData\Roaming\Poygz
2012-11-13 20:39 . 2012-11-17 21:24 -------- d-----w- c:\users\hp\AppData\Roaming\Apic
2012-11-13 17:31 . 2012-11-17 21:24 -------- d-----w- c:\users\hp\AppData\Roaming\Ecadem
2012-11-13 15:28 . 2012-11-17 21:24 -------- d-----w- c:\users\hp\AppData\Roaming\Azak
2012-11-13 08:02 . 2012-11-17 21:24 -------- d-----w- c:\users\hp\AppData\Roaming\Ucevob
2012-11-13 06:01 . 2012-11-17 21:23 -------- d-----w- c:\users\hp\AppData\Roaming\Uvwa
2012-11-13 04:00 . 2012-11-17 21:23 -------- d-----w- c:\users\hp\AppData\Roaming\Buhoam
2012-11-13 02:00 . 2012-11-17 21:23 -------- d-----w- c:\users\hp\AppData\Roaming\Biiz
2012-11-13 00:00 . 2012-11-17 21:24 -------- d-----w- c:\users\hp\AppData\Roaming\Akyql
2012-11-12 22:00 . 2012-11-17 21:23 -------- d-----w- c:\users\hp\AppData\Roaming\Ytmeg
2012-11-12 20:00 . 2012-11-17 21:25 -------- d-----w- c:\users\hp\AppData\Roaming\Wouna
2012-11-12 17:59 . 2012-11-17 21:24 -------- d-----w- c:\users\hp\AppData\Roaming\Utnii
2012-11-12 15:59 . 2012-11-17 21:24 -------- d-----w- c:\users\hp\AppData\Roaming\Ohroun
2012-11-12 08:28 . 2012-11-17 21:24 -------- d-----w- c:\users\hp\AppData\Roaming\Uhfy
2012-11-12 07:17 . 2012-11-12 07:17 -------- d-----w- c:\users\hp\AppData\Local\Macromedia
2012-11-12 06:28 . 2012-11-17 21:24 -------- d-----w- c:\users\hp\AppData\Roaming\Atyc
2012-11-12 04:29 . 2012-11-17 21:25 -------- d-----w- c:\users\hp\AppData\Roaming\Domym
2012-11-12 02:29 . 2012-11-17 21:24 -------- d-----w- c:\users\hp\AppData\Roaming\Abte
2012-11-12 00:28 . 2012-11-17 21:24 -------- d-----w- c:\users\hp\AppData\Roaming\Egpyy
2012-11-11 22:28 . 2012-11-17 21:24 -------- d-----w- c:\users\hp\AppData\Roaming\Caud
2012-11-11 20:27 . 2012-11-17 21:24 -------- d-----w- c:\users\hp\AppData\Roaming\Ixzy
2012-11-11 18:27 . 2012-11-17 21:23 -------- d-----w- c:\users\hp\AppData\Roaming\Xume
2012-11-11 18:21 . 2012-11-17 21:25 -------- d-----w- c:\users\hp\AppData\Roaming\Hoaxce
2012-11-11 18:19 . 2012-11-15 17:14 -------- d-----w- c:\users\hp\AppData\Roaming\Souhug
2012-11-11 18:19 . 2012-11-15 06:45 -------- d-----w- c:\users\hp\AppData\Roaming\Evxy
2012-11-04 19:42 . 2012-11-04 19:42 -------- d-----w- c:\users\hp\AppData\Local\Adobe_Systems_Incorporate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-23 04:30 . 2012-10-23 04:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-23 04:30 . 2011-06-21 18:44 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-16 98304]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-11-15 900160]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [2012-11-15 2009664]
R3 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-09-10 1436424]
R3 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2012-11-15 36640]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2012-11-15 25608]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2012-11-15 144672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-06-18 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-16 202752]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2012-11-15 216640]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2012-11-15 139840]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2012-11-15 357400]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-11-15 2869824]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-06-05 32880]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 08:03]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 08:03]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3594923890-1071736509-2284832241-1000Core.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-23 17:49]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3594923890-1071736509-2284832241-1000UA.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-23 17:49]
.
2012-11-22 c:\windows\Tasks\HPCeeScheduleFordave!.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
2012-11-20 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-10-31 18:06]
.
2012-11-23 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]
.
2012-11-18 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-18 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Supplementary Scan -------
.
uStart Page = https://secure.ingdirect.ca/InitialINGDirect.html?command=displayLogin&device=web&locale=en_CA
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\hp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 75.153.176.9 75.153.176.1
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\mkgiyaaz.default\
FF - prefs.js: browser.startup.homepage - hxxps://servicing.capitalone.com/c1/login.aspx?CountryCode=CA
FF - ExtSQL: !HIDDEN! 2011-09-30 21:02; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-23 00:39:50
ComboFix-quarantined-files.txt 2012-11-23 08:39
.
Pre-Run: 348,622,520,320 bytes free
Post-Run: 348,254,064,640 bytes free
.
- - End Of File - - ED73A3F6A9E10F704C00443AFBB9F94D

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 AM

Posted 24 November 2012 - 09:50 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 dapater

dapater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 25 November 2012 - 09:42 PM

Things seem to be running fine on my computer. Those ran smoothly and here are those two logs...

17:35:13.0759 2056 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:35:14.0414 2056 ============================================================
17:35:14.0414 2056 Current date / time: 2012/11/25 17:35:14.0414
17:35:14.0414 2056 SystemInfo:
17:35:14.0414 2056
17:35:14.0414 2056 OS Version: 6.1.7600 ServicePack: 0.0
17:35:14.0414 2056 Product type: Workstation
17:35:14.0414 2056 ComputerName: HP-HP
17:35:14.0414 2056 UserName: dave!
17:35:14.0414 2056 Windows directory: C:\Windows
17:35:14.0414 2056 System windows directory: C:\Windows
17:35:14.0414 2056 Running under WOW64
17:35:14.0414 2056 Processor architecture: Intel x64
17:35:14.0414 2056 Number of processors: 4
17:35:14.0414 2056 Page size: 0x1000
17:35:14.0414 2056 Boot type: Normal boot
17:35:14.0414 2056 ============================================================
17:35:15.0654 2056 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:35:15.0664 2056 ============================================================
17:35:15.0664 2056 \Device\Harddisk0\DR0:
17:35:15.0664 2056 MBR partitions:
17:35:15.0664 2056 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:35:15.0664 2056 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x47E8E000
17:35:15.0664 2056 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x47EF2000, BlocksNum 0x2932000
17:35:15.0664 2056 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
17:35:15.0664 2056 ============================================================
17:35:15.0684 2056 C: <-> \Device\Harddisk0\DR0\Partition2
17:35:15.0729 2056 D: <-> \Device\Harddisk0\DR0\Partition3
17:35:15.0804 2056 G: <-> \Device\Harddisk0\DR0\Partition4
17:35:15.0804 2056 ============================================================
17:35:15.0804 2056 Initialize success
17:35:15.0804 2056 ============================================================
17:35:17.0849 1672 ============================================================
17:35:17.0849 1672 Scan started
17:35:17.0849 1672 Mode: Manual;
17:35:17.0849 1672 ============================================================
17:35:18.0409 1672 ================ Scan system memory ========================
17:35:18.0409 1672 System memory - ok
17:35:18.0409 1672 ================ Scan services =============================
17:35:18.0594 1672 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
17:35:18.0599 1672 1394ohci - ok
17:35:18.0629 1672 [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
17:35:18.0634 1672 Accelerometer - ok
17:35:18.0669 1672 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
17:35:18.0674 1672 ACPI - ok
17:35:18.0709 1672 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
17:35:18.0709 1672 AcpiPmi - ok
17:35:18.0754 1672 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:35:18.0759 1672 adp94xx - ok
17:35:18.0789 1672 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:35:18.0794 1672 adpahci - ok
17:35:18.0829 1672 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:35:18.0834 1672 adpu320 - ok
17:35:18.0864 1672 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:35:18.0869 1672 AeLookupSvc - ok
17:35:18.0949 1672 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
17:35:18.0949 1672 AESTFilters - ok
17:35:18.0994 1672 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
17:35:19.0004 1672 AFD - ok
17:35:19.0029 1672 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
17:35:19.0029 1672 agp440 - ok
17:35:19.0074 1672 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:35:19.0079 1672 ALG - ok
17:35:19.0099 1672 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
17:35:19.0104 1672 aliide - ok
17:35:19.0144 1672 [ F233AFD413A378E54A41F115C4D7B45A ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:35:19.0144 1672 AMD External Events Utility - ok
17:35:19.0164 1672 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
17:35:19.0164 1672 amdide - ok
17:35:19.0194 1672 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:35:19.0194 1672 AmdK8 - ok
17:35:19.0399 1672 [ 4EFCAD891762E4620DADBCC0D8B0CC08 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
17:35:19.0454 1672 amdkmdag - ok
17:35:19.0484 1672 [ 38B1E1ACD54D7671A6A3E96E6BBF2BFF ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
17:35:19.0484 1672 amdkmdap - ok
17:35:19.0514 1672 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:35:19.0514 1672 AmdPPM - ok
17:35:19.0564 1672 [ AB3166C09438A161FBDE13099A72E0AF ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
17:35:19.0569 1672 amdsata - ok
17:35:19.0619 1672 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:35:19.0624 1672 amdsbs - ok
17:35:19.0634 1672 [ 5118DCD2065D8C8D752AD5EC0B2D6AA6 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
17:35:19.0639 1672 amdxata - ok
17:35:19.0684 1672 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
17:35:19.0684 1672 AppID - ok
17:35:19.0719 1672 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:35:19.0719 1672 AppIDSvc - ok
17:35:19.0739 1672 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
17:35:19.0744 1672 Appinfo - ok
17:35:19.0804 1672 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:35:19.0804 1672 arc - ok
17:35:19.0839 1672 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:35:19.0844 1672 arcsas - ok
17:35:19.0959 1672 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:35:19.0959 1672 aspnet_state - ok
17:35:19.0999 1672 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:35:19.0999 1672 AsyncMac - ok
17:35:20.0034 1672 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
17:35:20.0034 1672 atapi - ok
17:35:20.0099 1672 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
17:35:20.0104 1672 AtiHdmiService - ok
17:35:20.0139 1672 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
17:35:20.0139 1672 AtiPcie - ok
17:35:20.0194 1672 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:35:20.0204 1672 AudioEndpointBuilder - ok
17:35:20.0239 1672 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:35:20.0249 1672 AudioSrv - ok
17:35:20.0274 1672 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:35:20.0274 1672 AxInstSV - ok
17:35:20.0324 1672 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:35:20.0329 1672 b06bdrv - ok
17:35:20.0379 1672 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:35:20.0384 1672 b57nd60a - ok
17:35:20.0494 1672 [ 810BE94A9E42309B3F74217AC28BC6AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
17:35:20.0529 1672 BCM43XX - ok
17:35:20.0574 1672 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:35:20.0574 1672 BDESVC - ok
17:35:20.0614 1672 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:35:20.0614 1672 Beep - ok
17:35:20.0659 1672 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
17:35:20.0674 1672 BFE - ok
17:35:20.0724 1672 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
17:35:20.0739 1672 BITS - ok
17:35:20.0784 1672 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:35:20.0784 1672 blbdrive - ok
17:35:20.0864 1672 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:35:20.0874 1672 Bonjour Service - ok
17:35:20.0899 1672 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:35:20.0904 1672 bowser - ok
17:35:20.0939 1672 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:35:20.0939 1672 BrFiltLo - ok
17:35:20.0959 1672 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:35:20.0959 1672 BrFiltUp - ok
17:35:21.0014 1672 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:35:21.0019 1672 BridgeMP - ok
17:35:21.0049 1672 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
17:35:21.0054 1672 Browser - ok
17:35:21.0129 1672 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:35:21.0134 1672 Brserid - ok
17:35:21.0194 1672 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:35:21.0199 1672 BrSerWdm - ok
17:35:21.0274 1672 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:35:21.0274 1672 BrUsbMdm - ok
17:35:21.0299 1672 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:35:21.0304 1672 BrUsbSer - ok
17:35:21.0324 1672 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:35:21.0324 1672 BTHMODEM - ok
17:35:21.0364 1672 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:35:21.0364 1672 bthserv - ok
17:35:21.0409 1672 catchme - ok
17:35:21.0459 1672 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:35:21.0459 1672 cdfs - ok
17:35:21.0509 1672 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:35:21.0509 1672 cdrom - ok
17:35:21.0544 1672 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
17:35:21.0544 1672 CertPropSvc - ok
17:35:21.0584 1672 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:35:21.0584 1672 circlass - ok
17:35:21.0619 1672 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:35:21.0624 1672 CLFS - ok
17:35:21.0699 1672 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:35:21.0704 1672 clr_optimization_v2.0.50727_32 - ok
17:35:21.0744 1672 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:35:21.0744 1672 clr_optimization_v2.0.50727_64 - ok
17:35:21.0819 1672 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:35:21.0824 1672 clr_optimization_v4.0.30319_32 - ok
17:35:21.0844 1672 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:35:21.0844 1672 clr_optimization_v4.0.30319_64 - ok
17:35:21.0889 1672 [ 9573E8C7C3B3D1625FD941841FD0859C ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
17:35:21.0889 1672 clwvd - ok
17:35:21.0929 1672 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:35:21.0929 1672 CmBatt - ok
17:35:21.0959 1672 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
17:35:21.0959 1672 cmdide - ok
17:35:21.0999 1672 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
17:35:21.0999 1672 CNG - ok
17:35:22.0029 1672 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:35:22.0029 1672 Compbatt - ok
17:35:22.0064 1672 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:35:22.0064 1672 CompositeBus - ok
17:35:22.0079 1672 COMSysApp - ok
17:35:22.0109 1672 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:35:22.0109 1672 crcdisk - ok
17:35:22.0159 1672 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:35:22.0159 1672 CryptSvc - ok
17:35:22.0209 1672 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:35:22.0219 1672 DcomLaunch - ok
17:35:22.0259 1672 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:35:22.0264 1672 defragsvc - ok
17:35:22.0294 1672 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:35:22.0294 1672 DfsC - ok
17:35:22.0324 1672 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
17:35:22.0329 1672 Dhcp - ok
17:35:22.0359 1672 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:35:22.0364 1672 discache - ok
17:35:22.0399 1672 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:35:22.0399 1672 Disk - ok
17:35:22.0439 1672 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:35:22.0444 1672 Dnscache - ok
17:35:22.0469 1672 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
17:35:22.0474 1672 dot3svc - ok
17:35:22.0519 1672 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
17:35:22.0519 1672 Dot4 - ok
17:35:22.0544 1672 [ 85135AD27E79B689335C08167D917CDE ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
17:35:22.0544 1672 Dot4Print - ok
17:35:22.0574 1672 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
17:35:22.0579 1672 dot4usb - ok
17:35:22.0644 1672 [ EAC9D9868D37C8785D12475A9BB65A11 ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe
17:35:22.0649 1672 DpHost - ok
17:35:22.0684 1672 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
17:35:22.0689 1672 DPS - ok
17:35:22.0729 1672 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:35:22.0729 1672 drmkaud - ok
17:35:22.0784 1672 [ EBCE0B0924835F635F620D19F0529DCE ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:35:22.0799 1672 DXGKrnl - ok
17:35:22.0839 1672 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:35:22.0844 1672 EapHost - ok
17:35:22.0944 1672 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:35:22.0969 1672 ebdrv - ok
17:35:23.0009 1672 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
17:35:23.0009 1672 EFS - ok
17:35:23.0079 1672 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:35:23.0089 1672 ehRecvr - ok
17:35:23.0114 1672 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:35:23.0114 1672 ehSched - ok
17:35:23.0174 1672 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:35:23.0184 1672 elxstor - ok
17:35:23.0219 1672 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
17:35:23.0219 1672 ErrDev - ok
17:35:23.0274 1672 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:35:23.0279 1672 EventSystem - ok
17:35:23.0314 1672 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:35:23.0319 1672 exfat - ok
17:35:23.0344 1672 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:35:23.0344 1672 fastfat - ok
17:35:23.0394 1672 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
17:35:23.0404 1672 Fax - ok
17:35:23.0459 1672 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:35:23.0459 1672 fdc - ok
17:35:23.0489 1672 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:35:23.0489 1672 fdPHost - ok
17:35:23.0504 1672 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:35:23.0504 1672 FDResPub - ok
17:35:23.0514 1672 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:35:23.0519 1672 FileInfo - ok
17:35:23.0534 1672 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:35:23.0534 1672 Filetrace - ok
17:35:23.0629 1672 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:35:23.0634 1672 FLEXnet Licensing Service - ok
17:35:23.0719 1672 [ A4297244D4F817278A6AE45B1899CA9C ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
17:35:23.0729 1672 FLEXnet Licensing Service 64 - ok
17:35:23.0749 1672 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:35:23.0749 1672 flpydisk - ok
17:35:23.0789 1672 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:35:23.0789 1672 FltMgr - ok
17:35:23.0849 1672 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
17:35:23.0859 1672 FontCache - ok
17:35:23.0909 1672 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:35:23.0909 1672 FontCache3.0.0.0 - ok
17:35:23.0929 1672 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:35:23.0929 1672 FsDepends - ok
17:35:23.0954 1672 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:35:23.0959 1672 Fs_Rec - ok
17:35:23.0994 1672 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:35:23.0999 1672 fvevol - ok
17:35:24.0029 1672 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:35:24.0029 1672 gagp30kx - ok
17:35:24.0104 1672 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
17:35:24.0109 1672 GameConsoleService - ok
17:35:24.0154 1672 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
17:35:24.0164 1672 gpsvc - ok
17:35:24.0304 1672 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:35:24.0309 1672 gupdate - ok
17:35:24.0334 1672 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:35:24.0334 1672 gupdatem - ok
17:35:24.0359 1672 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:35:24.0359 1672 hcw85cir - ok
17:35:24.0389 1672 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:35:24.0394 1672 HdAudAddService - ok
17:35:24.0439 1672 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:35:24.0439 1672 HDAudBus - ok
17:35:24.0464 1672 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:35:24.0464 1672 HidBatt - ok
17:35:24.0484 1672 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:35:24.0489 1672 HidBth - ok
17:35:24.0499 1672 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:35:24.0504 1672 HidIr - ok
17:35:24.0539 1672 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:35:24.0539 1672 hidserv - ok
17:35:24.0584 1672 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:35:24.0584 1672 HidUsb - ok
17:35:24.0614 1672 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:35:24.0614 1672 hkmsvc - ok
17:35:24.0644 1672 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:35:24.0649 1672 HomeGroupListener - ok
17:35:24.0684 1672 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:35:24.0694 1672 HomeGroupProvider - ok
17:35:24.0794 1672 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:35:24.0799 1672 HP Support Assistant Service - ok
17:35:24.0884 1672 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
17:35:24.0889 1672 HP Wireless Assistant Service - ok
17:35:24.0954 1672 [ C958976C7DAAF47084A33EBBC6E28B84 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:35:24.0954 1672 HPDrvMntSvc.exe - ok
17:35:24.0989 1672 [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
17:35:24.0994 1672 hpdskflt - ok
17:35:25.0109 1672 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:35:25.0114 1672 hpqcxs08 - ok
17:35:25.0134 1672 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:35:25.0139 1672 hpqddsvc - ok
17:35:25.0229 1672 [ 09FBD4C4DB2FD84B9AB1C5BFDCC95559 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
17:35:25.0244 1672 hpqwmiex - ok
17:35:25.0289 1672 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
17:35:25.0294 1672 HpSAMD - ok
17:35:25.0369 1672 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:35:25.0384 1672 HPSLPSVC - ok
17:35:25.0409 1672 [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv C:\Windows\system32\Hpservice.exe
17:35:25.0414 1672 hpsrv - ok
17:35:25.0474 1672 [ 171000873EB522E5EA3DD4C4E0B689B2 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
17:35:25.0474 1672 HPWMISVC - ok
17:35:25.0529 1672 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:35:25.0539 1672 HTTP - ok
17:35:25.0559 1672 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:35:25.0559 1672 hwpolicy - ok
17:35:25.0599 1672 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:35:25.0604 1672 i8042prt - ok
17:35:25.0644 1672 [ 513DC087CFED7D2BB82F005385D3531F ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
17:35:25.0654 1672 iaStorV - ok
17:35:25.0709 1672 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:35:25.0724 1672 idsvc - ok
17:35:25.0889 1672 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:35:25.0929 1672 igfx - ok
17:35:25.0959 1672 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:35:25.0959 1672 iirsp - ok
17:35:26.0009 1672 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
17:35:26.0024 1672 IKEEXT - ok
17:35:26.0049 1672 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
17:35:26.0054 1672 intelide - ok
17:35:26.0084 1672 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:35:26.0084 1672 intelppm - ok
17:35:26.0114 1672 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:35:26.0114 1672 IPBusEnum - ok
17:35:26.0134 1672 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:35:26.0134 1672 IpFilterDriver - ok
17:35:26.0169 1672 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:35:26.0179 1672 iphlpsvc - ok
17:35:26.0199 1672 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:35:26.0199 1672 IPMIDRV - ok
17:35:26.0214 1672 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:35:26.0214 1672 IPNAT - ok
17:35:26.0234 1672 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:35:26.0234 1672 IRENUM - ok
17:35:26.0259 1672 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
17:35:26.0259 1672 isapnp - ok
17:35:26.0374 1672 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:35:26.0379 1672 iScsiPrt - ok
17:35:26.0459 1672 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:35:26.0459 1672 kbdclass - ok
17:35:26.0504 1672 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:35:26.0504 1672 kbdhid - ok
17:35:26.0529 1672 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
17:35:26.0534 1672 KeyIso - ok
17:35:26.0564 1672 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:35:26.0564 1672 KSecDD - ok
17:35:26.0594 1672 [ A8C63880EF6F4D3FEC7B616B9C060215 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:35:26.0599 1672 KSecPkg - ok
17:35:26.0614 1672 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:35:26.0614 1672 ksthunk - ok
17:35:26.0659 1672 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:35:26.0664 1672 KtmRm - ok
17:35:26.0729 1672 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:35:26.0734 1672 LanmanServer - ok
17:35:26.0764 1672 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:35:26.0769 1672 LanmanWorkstation - ok
17:35:26.0819 1672 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:35:26.0824 1672 LightScribeService - ok
17:35:26.0859 1672 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:35:26.0859 1672 lltdio - ok
17:35:26.0899 1672 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:35:26.0904 1672 lltdsvc - ok
17:35:26.0919 1672 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:35:26.0924 1672 lmhosts - ok
17:35:26.0964 1672 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:35:26.0964 1672 LSI_FC - ok
17:35:27.0009 1672 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:35:27.0009 1672 LSI_SAS - ok
17:35:27.0034 1672 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:35:27.0034 1672 LSI_SAS2 - ok
17:35:27.0074 1672 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:35:27.0074 1672 LSI_SCSI - ok
17:35:27.0114 1672 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:35:27.0114 1672 luafv - ok
17:35:27.0174 1672 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:35:27.0179 1672 MBAMProtector - ok
17:35:27.0274 1672 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:35:27.0284 1672 MBAMScheduler - ok
17:35:27.0339 1672 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:35:27.0354 1672 MBAMService - ok
17:35:27.0389 1672 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:35:27.0389 1672 Mcx2Svc - ok
17:35:27.0424 1672 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:35:27.0424 1672 megasas - ok
17:35:27.0454 1672 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:35:27.0459 1672 MegaSR - ok
17:35:27.0544 1672 Microsoft SharePoint Workspace Audit Service - ok
17:35:27.0584 1672 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:35:27.0589 1672 MMCSS - ok
17:35:27.0629 1672 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:35:27.0629 1672 Modem - ok
17:35:27.0659 1672 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:35:27.0659 1672 monitor - ok
17:35:27.0689 1672 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:35:27.0689 1672 mouclass - ok
17:35:27.0714 1672 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:35:27.0714 1672 mouhid - ok
17:35:27.0734 1672 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:35:27.0734 1672 mountmgr - ok
17:35:27.0789 1672 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:35:27.0794 1672 MozillaMaintenance - ok
17:35:27.0814 1672 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
17:35:27.0819 1672 mpio - ok
17:35:27.0844 1672 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:35:27.0849 1672 mpsdrv - ok
17:35:27.0894 1672 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:35:27.0909 1672 MpsSvc - ok
17:35:27.0939 1672 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:35:27.0939 1672 MRxDAV - ok
17:35:27.0969 1672 [ 767A4C3BCF9410C286CED15A2DB17108 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:35:27.0974 1672 mrxsmb - ok
17:35:27.0994 1672 [ 920EE0FF995FCFDEB08C41605A959E1C ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:35:27.0999 1672 mrxsmb10 - ok
17:35:28.0019 1672 [ 740D7EA9D72C981510A5292CF6ADC941 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:35:28.0024 1672 mrxsmb20 - ok
17:35:28.0044 1672 [ 5E939CF91EA4A841DBAFE4627E0292BB ] msahci C:\Windows\system32\DRIVERS\msahci.sys
17:35:28.0044 1672 msahci - ok
17:35:28.0084 1672 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
17:35:28.0084 1672 msdsm - ok
17:35:28.0129 1672 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:35:28.0134 1672 MSDTC - ok
17:35:28.0174 1672 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:35:28.0174 1672 Msfs - ok
17:35:28.0189 1672 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:35:28.0194 1672 mshidkmdf - ok
17:35:28.0229 1672 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
17:35:28.0229 1672 msisadrv - ok
17:35:28.0269 1672 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:35:28.0274 1672 MSiSCSI - ok
17:35:28.0284 1672 msiserver - ok
17:35:28.0319 1672 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:35:28.0319 1672 MSKSSRV - ok
17:35:28.0354 1672 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:35:28.0359 1672 MSPCLOCK - ok
17:35:28.0369 1672 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:35:28.0374 1672 MSPQM - ok
17:35:28.0399 1672 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:35:28.0404 1672 MsRPC - ok
17:35:28.0419 1672 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:35:28.0424 1672 mssmbios - ok
17:35:28.0454 1672 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:35:28.0454 1672 MSTEE - ok
17:35:28.0469 1672 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:35:28.0474 1672 MTConfig - ok
17:35:28.0499 1672 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:35:28.0499 1672 Mup - ok
17:35:28.0534 1672 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
17:35:28.0549 1672 napagent - ok
17:35:28.0604 1672 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:35:28.0609 1672 NativeWifiP - ok
17:35:28.0654 1672 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
17:35:28.0669 1672 NDIS - ok
17:35:28.0699 1672 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:35:28.0699 1672 NdisCap - ok
17:35:28.0719 1672 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:35:28.0719 1672 NdisTapi - ok
17:35:28.0754 1672 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:35:28.0759 1672 Ndisuio - ok
17:35:28.0779 1672 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:35:28.0784 1672 NdisWan - ok
17:35:28.0804 1672 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:35:28.0804 1672 NDProxy - ok
17:35:28.0854 1672 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:35:28.0854 1672 Net Driver HPZ12 - ok
17:35:28.0889 1672 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:35:28.0889 1672 NetBIOS - ok
17:35:28.0924 1672 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:35:28.0929 1672 NetBT - ok
17:35:28.0939 1672 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
17:35:28.0944 1672 Netlogon - ok
17:35:28.0989 1672 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:35:28.0999 1672 Netman - ok
17:35:29.0039 1672 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:35:29.0039 1672 NetMsmqActivator - ok
17:35:29.0049 1672 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:35:29.0054 1672 NetPipeActivator - ok
17:35:29.0089 1672 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:35:29.0099 1672 netprofm - ok
17:35:29.0109 1672 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:35:29.0114 1672 NetTcpActivator - ok
17:35:29.0124 1672 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:35:29.0124 1672 NetTcpPortSharing - ok
17:35:29.0269 1672 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
17:35:29.0304 1672 netw5v64 - ok
17:35:29.0349 1672 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:35:29.0354 1672 nfrd960 - ok
17:35:29.0404 1672 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:35:29.0409 1672 NlaSvc - ok
17:35:29.0444 1672 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:35:29.0444 1672 Npfs - ok
17:35:29.0469 1672 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:35:29.0474 1672 nsi - ok
17:35:29.0494 1672 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:35:29.0494 1672 nsiproxy - ok
17:35:29.0569 1672 [ 1AD8FEF2D6AC7116B68B887A9782FD33 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:35:29.0584 1672 Ntfs - ok
17:35:29.0624 1672 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:35:29.0624 1672 Null - ok
17:35:29.0654 1672 [ DEAB10231CBDB0881FC25428EBE11506 ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
17:35:29.0659 1672 nvraid - ok
17:35:29.0694 1672 [ 0AF7B8136794E23E87BE138992880E64 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
17:35:29.0699 1672 nvstor - ok
17:35:29.0719 1672 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
17:35:29.0724 1672 nv_agp - ok
17:35:29.0759 1672 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:35:29.0764 1672 ohci1394 - ok
17:35:29.0829 1672 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:35:29.0829 1672 ose - ok
17:35:29.0994 1672 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:35:30.0044 1672 osppsvc - ok
17:35:30.0089 1672 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:35:30.0089 1672 p2pimsvc - ok
17:35:30.0114 1672 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:35:30.0119 1672 p2psvc - ok
17:35:30.0144 1672 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:35:30.0144 1672 Parport - ok
17:35:30.0164 1672 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:35:30.0164 1672 partmgr - ok
17:35:30.0189 1672 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:35:30.0199 1672 PcaSvc - ok
17:35:30.0219 1672 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
17:35:30.0219 1672 pci - ok
17:35:30.0239 1672 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
17:35:30.0244 1672 pciide - ok
17:35:30.0274 1672 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:35:30.0279 1672 pcmcia - ok
17:35:30.0314 1672 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:35:30.0314 1672 pcw - ok
17:35:30.0344 1672 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:35:30.0354 1672 PEAUTH - ok
17:35:30.0444 1672 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:35:30.0449 1672 PerfHost - ok
17:35:30.0529 1672 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
17:35:30.0549 1672 pla - ok
17:35:30.0574 1672 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:35:30.0579 1672 PlugPlay - ok
17:35:30.0654 1672 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:35:30.0659 1672 Pml Driver HPZ12 - ok
17:35:30.0694 1672 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:35:30.0699 1672 PNRPAutoReg - ok
17:35:30.0724 1672 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:35:30.0729 1672 PNRPsvc - ok
17:35:30.0774 1672 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:35:30.0784 1672 PolicyAgent - ok
17:35:30.0829 1672 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:35:30.0839 1672 Power - ok
17:35:30.0879 1672 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:35:30.0879 1672 PptpMiniport - ok
17:35:30.0909 1672 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:35:30.0914 1672 Processor - ok
17:35:30.0949 1672 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
17:35:30.0959 1672 ProfSvc - ok
17:35:30.0974 1672 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
17:35:30.0979 1672 ProtectedStorage - ok
17:35:31.0019 1672 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:35:31.0024 1672 Psched - ok
17:35:31.0084 1672 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:35:31.0084 1672 PSI_SVC_2 - ok
17:35:31.0159 1672 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:35:31.0179 1672 ql2300 - ok
17:35:31.0209 1672 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:35:31.0209 1672 ql40xx - ok
17:35:31.0244 1672 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:35:31.0254 1672 QWAVE - ok
17:35:31.0274 1672 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:35:31.0279 1672 QWAVEdrv - ok
17:35:31.0294 1672 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:35:31.0294 1672 RasAcd - ok
17:35:31.0329 1672 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:35:31.0329 1672 RasAgileVpn - ok
17:35:31.0364 1672 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:35:31.0369 1672 RasAuto - ok
17:35:31.0379 1672 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:35:31.0384 1672 Rasl2tp - ok
17:35:31.0404 1672 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
17:35:31.0414 1672 RasMan - ok
17:35:31.0429 1672 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:35:31.0434 1672 RasPppoe - ok
17:35:31.0454 1672 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:35:31.0454 1672 RasSstp - ok
17:35:31.0514 1672 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:35:31.0519 1672 rdbss - ok
17:35:31.0549 1672 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:35:31.0554 1672 rdpbus - ok
17:35:31.0574 1672 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:35:31.0579 1672 RDPCDD - ok
17:35:31.0614 1672 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:35:31.0614 1672 RDPENCDD - ok
17:35:31.0634 1672 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:35:31.0634 1672 RDPREFMP - ok
17:35:31.0669 1672 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:35:31.0669 1672 RDPWD - ok
17:35:31.0719 1672 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:35:31.0724 1672 rdyboost - ok
17:35:31.0759 1672 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:35:31.0764 1672 RemoteAccess - ok
17:35:31.0789 1672 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:35:31.0794 1672 RemoteRegistry - ok
17:35:31.0829 1672 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:35:31.0834 1672 RpcEptMapper - ok
17:35:31.0864 1672 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:35:31.0869 1672 RpcLocator - ok
17:35:31.0894 1672 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
17:35:31.0909 1672 RpcSs - ok
17:35:31.0954 1672 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:35:31.0954 1672 rspndr - ok
17:35:31.0994 1672 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
17:35:31.0999 1672 RSUSBSTOR - ok
17:35:32.0044 1672 [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:35:32.0049 1672 RTL8167 - ok
17:35:32.0064 1672 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
17:35:32.0069 1672 SamSs - ok
17:35:32.0169 1672 [ A0540477B5283DD06642A184756C63FF ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
17:35:32.0174 1672 SAVAdminService - ok
17:35:32.0209 1672 [ 2192AE4D310ADB821B38595150F5A384 ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys
17:35:32.0214 1672 SAVOnAccess - ok
17:35:32.0254 1672 [ B8A272D4E91EFB366E16BEA0FA42D7EE ] SAVService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
17:35:32.0254 1672 SAVService - ok
17:35:32.0279 1672 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
17:35:32.0284 1672 sbp2port - ok
17:35:32.0319 1672 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:35:32.0324 1672 SCardSvr - ok
17:35:32.0384 1672 [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
17:35:32.0389 1672 SCDEmu - ok
17:35:32.0409 1672 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:35:32.0414 1672 scfilter - ok
17:35:32.0464 1672 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll
17:35:32.0484 1672 Schedule - ok
17:35:32.0514 1672 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:35:32.0519 1672 SCPolicySvc - ok
17:35:32.0549 1672 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
17:35:32.0549 1672 sdbus - ok
17:35:32.0594 1672 [ 7D67AEABEB597C602EDB5B3AE316E96A ] sdcfilter C:\Windows\system32\DRIVERS\sdcfilter.sys
17:35:32.0594 1672 sdcfilter - ok
17:35:32.0629 1672 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:35:32.0639 1672 SDRSVC - ok
17:35:32.0664 1672 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:35:32.0664 1672 secdrv - ok
17:35:32.0689 1672 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
17:35:32.0694 1672 seclogon - ok
17:35:32.0714 1672 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:35:32.0719 1672 SENS - ok
17:35:32.0754 1672 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:35:32.0759 1672 SensrSvc - ok
17:35:32.0774 1672 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:35:32.0779 1672 Serenum - ok
17:35:32.0814 1672 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:35:32.0814 1672 Serial - ok
17:35:32.0844 1672 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:35:32.0844 1672 sermouse - ok
17:35:32.0894 1672 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
17:35:32.0899 1672 SessionEnv - ok
17:35:32.0944 1672 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:35:32.0944 1672 sffdisk - ok
17:35:32.0974 1672 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:35:32.0974 1672 sffp_mmc - ok
17:35:32.0999 1672 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:35:32.0999 1672 sffp_sd - ok
17:35:33.0039 1672 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:35:33.0039 1672 sfloppy - ok
17:35:33.0099 1672 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:35:33.0104 1672 SharedAccess - ok
17:35:33.0139 1672 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:35:33.0144 1672 ShellHWDetection - ok
17:35:33.0174 1672 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:35:33.0174 1672 SiSRaid2 - ok
17:35:33.0214 1672 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:35:33.0214 1672 SiSRaid4 - ok
17:35:33.0249 1672 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:35:33.0249 1672 Smb - ok
17:35:33.0299 1672 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:35:33.0304 1672 SNMPTRAP - ok
17:35:33.0374 1672 [ 8A12AB5DE877B8F97D5EE70E16A5C9B2 ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
17:35:33.0379 1672 Sophos AutoUpdate Service - ok
17:35:33.0454 1672 [ BD03374253F79CE7A716A870DC85BD84 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
17:35:33.0459 1672 Sophos Web Control Service - ok
17:35:33.0509 1672 [ 69FBE35A8165ADBC313AA7F64B868CA1 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
17:35:33.0514 1672 SophosBootDriver - ok
17:35:33.0534 1672 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:35:33.0534 1672 spldr - ok
17:35:33.0584 1672 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe
17:35:33.0594 1672 Spooler - ok
17:35:33.0674 1672 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
17:35:33.0704 1672 sppsvc - ok
17:35:33.0724 1672 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:35:33.0729 1672 sppuinotify - ok
17:35:33.0774 1672 [ 37C3ABC2338010E110D2A6A3930F3149 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:35:33.0779 1672 srv - ok
17:35:33.0819 1672 [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:35:33.0829 1672 srv2 - ok
17:35:33.0864 1672 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:35:33.0869 1672 SrvHsfHDA - ok
17:35:33.0924 1672 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:35:33.0939 1672 SrvHsfV92 - ok
17:35:33.0969 1672 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:35:33.0974 1672 SrvHsfWinac - ok
17:35:34.0014 1672 [ CCE32BB223E9FF55D241099A858FA889 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:35:34.0019 1672 srvnet - ok
17:35:34.0059 1672 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:35:34.0064 1672 SSDPSRV - ok
17:35:34.0084 1672 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:35:34.0089 1672 SstpSvc - ok
17:35:34.0199 1672 [ B00068BA94F5F306911B14B425AAEB56 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
17:35:34.0204 1672 STacSV - ok
17:35:34.0234 1672 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:35:34.0234 1672 stexstor - ok
17:35:34.0284 1672 [ DA40D9C9CCB9836D6ABD1706935A2277 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
17:35:34.0294 1672 STHDA - ok
17:35:34.0334 1672 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
17:35:34.0339 1672 stisvc - ok
17:35:34.0374 1672 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:35:34.0374 1672 swenum - ok
17:35:34.0494 1672 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
17:35:34.0499 1672 SwitchBoard - ok
17:35:34.0624 1672 [ ED5C98B3642744BA819002B983E9D2DF ] swi_service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
17:35:34.0644 1672 swi_service - ok
17:35:34.0799 1672 [ C9CEDA9CA43A533942ACDEEB0AAF72F0 ] swi_update_64 C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
17:35:34.0814 1672 swi_update_64 - ok
17:35:34.0869 1672 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:35:34.0879 1672 swprv - ok
17:35:34.0929 1672 [ 3A706A967295E16511E40842B1A2761D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:35:34.0934 1672 SynTP - ok
17:35:35.0014 1672 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
17:35:35.0044 1672 SysMain - ok
17:35:35.0069 1672 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:35:35.0069 1672 TabletInputService - ok
17:35:35.0094 1672 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
17:35:35.0099 1672 TapiSrv - ok
17:35:35.0114 1672 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:35:35.0114 1672 TBS - ok
17:35:35.0209 1672 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:35:35.0229 1672 Tcpip - ok
17:35:35.0284 1672 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:35:35.0299 1672 TCPIP6 - ok
17:35:35.0324 1672 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:35:35.0329 1672 tcpipreg - ok
17:35:35.0369 1672 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:35:35.0369 1672 TDPIPE - ok
17:35:35.0379 1672 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:35:35.0379 1672 TDTCP - ok
17:35:35.0414 1672 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:35:35.0414 1672 tdx - ok
17:35:35.0454 1672 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:35:35.0454 1672 TermDD - ok
17:35:35.0494 1672 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
17:35:35.0509 1672 TermService - ok
17:35:35.0544 1672 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:35:35.0544 1672 Themes - ok
17:35:35.0574 1672 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:35:35.0579 1672 THREADORDER - ok
17:35:35.0599 1672 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:35:35.0604 1672 TrkWks - ok
17:35:35.0659 1672 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:35:35.0664 1672 TrustedInstaller - ok
17:35:35.0694 1672 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:35:35.0694 1672 tssecsrv - ok
17:35:35.0729 1672 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:35:35.0734 1672 tunnel - ok
17:35:35.0769 1672 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:35:35.0774 1672 uagp35 - ok
17:35:35.0814 1672 [ C06E6F4679CEB8F430B90A51D76D8D3C ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:35:35.0819 1672 udfs - ok
17:35:35.0874 1672 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:35:35.0879 1672 UI0Detect - ok
17:35:35.0919 1672 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
17:35:35.0924 1672 uliagpkx - ok
17:35:35.0959 1672 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:35:35.0959 1672 umbus - ok
17:35:35.0999 1672 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:35:36.0004 1672 UmPass - ok
17:35:36.0029 1672 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:35:36.0039 1672 upnphost - ok
17:35:36.0064 1672 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:35:36.0064 1672 usbccgp - ok
17:35:36.0089 1672 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
17:35:36.0094 1672 usbcir - ok
17:35:36.0124 1672 [ CB490987A7F6928A04BB838E3BD8A936 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:35:36.0124 1672 usbehci - ok
17:35:36.0154 1672 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
17:35:36.0154 1672 usbfilter - ok
17:35:36.0204 1672 [ 18124EF0A881A00EE222D02A3EE30270 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:35:36.0209 1672 usbhub - ok
17:35:36.0234 1672 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:35:36.0234 1672 usbohci - ok
17:35:36.0264 1672 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:35:36.0269 1672 usbprint - ok
17:35:36.0309 1672 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:35:36.0309 1672 usbscan - ok
17:35:36.0334 1672 [ A60E7E0FA88FF067D049D525547CD5E9 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:35:36.0334 1672 USBSTOR - ok
17:35:36.0364 1672 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:35:36.0364 1672 usbuhci - ok
17:35:36.0409 1672 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:35:36.0409 1672 usbvideo - ok
17:35:36.0449 1672 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:35:36.0454 1672 UxSms - ok
17:35:36.0474 1672 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
17:35:36.0479 1672 VaultSvc - ok
17:35:36.0569 1672 [ 2662F24C7AEE2A32CEBDEC907A5366F1 ] vcsFPService C:\Windows\system32\vcsFPService.exe
17:35:36.0584 1672 vcsFPService - ok
17:35:36.0619 1672 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
17:35:36.0624 1672 vdrvroot - ok
17:35:36.0669 1672 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
17:35:36.0679 1672 vds - ok
17:35:36.0714 1672 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:35:36.0719 1672 vga - ok
17:35:36.0749 1672 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:35:36.0754 1672 VgaSave - ok
17:35:36.0779 1672 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
17:35:36.0784 1672 vhdmp - ok
17:35:36.0819 1672 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
17:35:36.0819 1672 viaide - ok
17:35:36.0849 1672 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
17:35:36.0849 1672 volmgr - ok
17:35:36.0894 1672 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:35:36.0899 1672 volmgrx - ok
17:35:36.0929 1672 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
17:35:36.0934 1672 volsnap - ok
17:35:36.0964 1672 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:35:36.0964 1672 vsmraid - ok
17:35:37.0044 1672 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
17:35:37.0064 1672 VSS - ok
17:35:37.0094 1672 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:35:37.0094 1672 vwifibus - ok
17:35:37.0124 1672 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:35:37.0129 1672 vwififlt - ok
17:35:37.0149 1672 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:35:37.0149 1672 vwifimp - ok
17:35:37.0179 1672 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:35:37.0189 1672 W32Time - ok
17:35:37.0224 1672 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:35:37.0224 1672 WacomPen - ok
17:35:37.0274 1672 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:35:37.0274 1672 WANARP - ok
17:35:37.0294 1672 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:35:37.0294 1672 Wanarpv6 - ok
17:35:37.0359 1672 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
17:35:37.0384 1672 wbengine - ok
17:35:37.0419 1672 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:35:37.0419 1672 WbioSrvc - ok
17:35:37.0444 1672 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:35:37.0449 1672 wcncsvc - ok
17:35:37.0469 1672 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:35:37.0474 1672 WcsPlugInService - ok
17:35:37.0504 1672 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:35:37.0509 1672 Wd - ok
17:35:37.0554 1672 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:35:37.0564 1672 Wdf01000 - ok
17:35:37.0584 1672 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:35:37.0589 1672 WdiServiceHost - ok
17:35:37.0599 1672 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:35:37.0604 1672 WdiSystemHost - ok
17:35:37.0639 1672 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
17:35:37.0644 1672 WebClient - ok
17:35:37.0659 1672 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:35:37.0669 1672 Wecsvc - ok
17:35:37.0684 1672 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:35:37.0689 1672 wercplsupport - ok
17:35:37.0729 1672 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:35:37.0734 1672 WerSvc - ok
17:35:37.0774 1672 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:35:37.0774 1672 WfpLwf - ok
17:35:37.0799 1672 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:35:37.0799 1672 WIMMount - ok
17:35:37.0829 1672 WinDefend - ok
17:35:37.0844 1672 WinHttpAutoProxySvc - ok
17:35:37.0919 1672 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:35:37.0924 1672 Winmgmt - ok
17:35:37.0989 1672 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
17:35:38.0004 1672 WinRM - ok
17:35:38.0054 1672 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
17:35:38.0054 1672 WinUSB - ok
17:35:38.0099 1672 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:35:38.0114 1672 Wlansvc - ok
17:35:38.0239 1672 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:35:38.0264 1672 wlidsvc - ok
17:35:38.0279 1672 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:35:38.0279 1672 WmiAcpi - ok
17:35:38.0319 1672 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:35:38.0324 1672 wmiApSrv - ok
17:35:38.0364 1672 WMPNetworkSvc - ok
17:35:38.0389 1672 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:35:38.0394 1672 WPCSvc - ok
17:35:38.0419 1672 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:35:38.0424 1672 WPDBusEnum - ok
17:35:38.0459 1672 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:35:38.0459 1672 ws2ifsl - ok
17:35:38.0479 1672 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:35:38.0484 1672 wscsvc - ok
17:35:38.0494 1672 WSearch - ok
17:35:38.0579 1672 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll
17:35:38.0599 1672 wuauserv - ok
17:35:38.0619 1672 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:35:38.0624 1672 WudfPf - ok
17:35:38.0659 1672 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:35:38.0659 1672 WUDFRd - ok
17:35:38.0689 1672 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:35:38.0694 1672 wudfsvc - ok
17:35:38.0724 1672 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:35:38.0729 1672 WwanSvc - ok
17:35:38.0779 1672 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
17:35:38.0784 1672 yukonw7 - ok
17:35:38.0819 1672 ================ Scan global ===============================
17:35:38.0854 1672 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:35:38.0879 1672 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
17:35:38.0904 1672 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
17:35:38.0929 1672 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:35:38.0954 1672 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:35:38.0959 1672 [Global] - ok
17:35:38.0959 1672 ================ Scan MBR ==================================
17:35:38.0974 1672 [ EB28A4D51854D24179DE8D1D0EFA1FE7 ] \Device\Harddisk0\DR0
17:35:39.0334 1672 \Device\Harddisk0\DR0 - ok
17:35:39.0334 1672 ================ Scan VBR ==================================
17:35:39.0344 1672 [ CE8892E8CC6C308DC5C644EC06A577F0 ] \Device\Harddisk0\DR0\Partition1
17:35:39.0344 1672 \Device\Harddisk0\DR0\Partition1 - ok
17:35:39.0374 1672 [ AF0C538974C5F7AB5B5D6E75841FEC88 ] \Device\Harddisk0\DR0\Partition2
17:35:39.0374 1672 \Device\Harddisk0\DR0\Partition2 - ok
17:35:39.0404 1672 [ A9AB2B15CCF461E7AB85E6DAAD77A582 ] \Device\Harddisk0\DR0\Partition3
17:35:39.0409 1672 \Device\Harddisk0\DR0\Partition3 - ok
17:35:39.0424 1672 [ 2608AB4F33DAC3F5A6CEBD0D997DE4A0 ] \Device\Harddisk0\DR0\Partition4
17:35:39.0424 1672 \Device\Harddisk0\DR0\Partition4 - ok
17:35:39.0429 1672 ============================================================
17:35:39.0429 1672 Scan finished
17:35:39.0429 1672 ============================================================
17:35:39.0454 3428 Detected object count: 0
17:35:39.0454 3428 Actual detected object count: 0








aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-25 18:05:21
-----------------------------
18:05:21.366 OS Version: Windows x64 6.1.7600
18:05:21.366 Number of processors: 4 586 0x503
18:05:21.371 ComputerName: HP-HP UserName: dave!
18:05:23.721 Initialize success
18:05:36.766 AVAST engine defs: 12112501
18:05:39.756 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:05:39.761 Disk 0 Vendor: WDC_WD6400BEVT-60A0RT0 01.01A01 Size: 610480MB BusType: 11
18:05:39.826 Disk 0 MBR read successfully
18:05:39.831 Disk 0 MBR scan
18:05:39.841 Disk 0 unknown MBR code
18:05:39.861 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:05:39.886 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 589084 MB offset 409600
18:05:39.926 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21092 MB offset 1206853632
18:05:39.961 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
18:05:40.016 Disk 0 scanning C:\Windows\system32\drivers
18:06:10.181 Service scanning
18:07:14.466 Modules scanning
18:07:14.486 Disk 0 trace - called modules:
18:07:14.546 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:07:14.556 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004002790]
18:07:14.566 3 CLASSPNP.SYS[fffff88000fc443f] -> nt!IofCallDriver -> [0xfffffa800467ab10]
18:07:14.571 5 hpdskflt.sys[fffff880015f2289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004716680]
18:07:17.031 AVAST engine scan C:\Windows
18:07:26.686 AVAST engine scan C:\Windows\system32
18:14:24.827 AVAST engine scan C:\Windows\system32\drivers
18:14:53.857 AVAST engine scan C:\Users\hp
18:30:28.933 AVAST engine scan C:\ProgramData
18:37:37.804 Scan finished successfully
18:39:24.099 Disk 0 MBR has been saved successfully to "C:\Users\hp\Desktop\MBR.dat"
18:39:24.109 The log file has been saved successfully to "C:\Users\hp\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 AM

Posted 26 November 2012 - 07:06 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\hp\AppData\Roaming\SpeedyPC Software
c:\users\hp\AppData\Roaming\DriverCure
c:\program files (x86)\Common Files\SpeedyPC Software
c:\programdata\SpeedyPC Software
c:\program files (x86)\SpeedyPC Software
c:\users\hp\AppData\Roaming\Umyt
c:\users\hp\AppData\Roaming\Urne
c:\users\hp\AppData\Roaming\Ymahxo
c:\users\hp\AppData\Roaming\Pausa
c:\users\hp\AppData\Roaming\Kebuec
c:\users\hp\AppData\Roaming\Ohxoza
c:\users\hp\AppData\Roaming\Poygz
c:\users\hp\AppData\Roaming\Apic
c:\users\hp\AppData\Roaming\Ecadem
c:\users\hp\AppData\Roaming\Azak
c:\users\hp\AppData\Roaming\Ucevob
c:\users\hp\AppData\Roaming\Uvwa
c:\users\hp\AppData\Roaming\Buhoam
c:\users\hp\AppData\Roaming\Biiz
c:\users\hp\AppData\Roaming\Akyql
c:\users\hp\AppData\Roaming\Ytmeg
c:\users\hp\AppData\Roaming\Wouna
c:\users\hp\AppData\Roaming\Utnii
c:\users\hp\AppData\Roaming\Ohroun
c:\users\hp\AppData\Roaming\Uhfy
c:\users\hp\AppData\Local\Macromedia
c:\users\hp\AppData\Roaming\Atyc
c:\users\hp\AppData\Roaming\Domym
c:\users\hp\AppData\Roaming\Abte
c:\users\hp\AppData\Roaming\Egpyy
c:\users\hp\AppData\Roaming\Caud
c:\users\hp\AppData\Roaming\Ixzy
c:\users\hp\AppData\Roaming\Xume
c:\users\hp\AppData\Roaming\Hoaxce
c:\users\hp\AppData\Roaming\Souhug
c:\users\hp\AppData\Roaming\Evxy

File::
c:\windows\Tasks\SpeedyPC Pro.job
c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
c:\windows\Tasks\SpeedyPC Update Version3.job

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 dapater

dapater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 27 November 2012 - 12:04 AM

Here is the log (below). Everything on my computer seems fine at this point. I'll let you know if that changes.

Additionally, I'd like to uninstall "SpeedyPC" since I'm not using it -- shall I do so, or not at this point? (I'll wait for your reply before doing anything).

ComboFix 12-11-26.02 - dave! 26/11/2012 19:24:19.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3835.2316 [GMT -8:00]
Running from: c:\users\hp\Desktop\ComboFix.exe
Command switches used :: c:\users\hp\Desktop\CFScript.txt
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\SpeedyPC Pro.job"
"c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job"
"c:\windows\Tasks\SpeedyPC Update Version3.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\SpeedyPC Software
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\ad_generic.jpg
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\close.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\close_md.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\close_mo.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\close_pu.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\close_pu_md.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\close_pu_mo.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\Logo.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\min.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\min_md.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\min_mo.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\progress_glow.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\Images\topbar_gradient.png
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\LiteUnzip.dll
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\settings.xml
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll
c:\program files (x86)\SpeedyPC Software
c:\program files (x86)\SpeedyPC Software\SpeedyPC\7ZipDLL.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\colors.xml
c:\program files (x86)\SpeedyPC Software\SpeedyPC\CommonLoggingExtension.pxt
c:\program files (x86)\SpeedyPC Software\SpeedyPC\CommonSpecialist.pxt
c:\program files (x86)\SpeedyPC Software\SpeedyPC\ExtensionManager.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\filecachedb.xml
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HandleUpdate.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\0_days.htm
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\1_days.htm
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\15_days.htm
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\2_days.htm
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\30_days.htm
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\5_days.htm
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\container_content_bkimg.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\container_content_leftimg.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\container_content_rightimg.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\error_connect.html
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\10x10.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\10x10tile.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\background.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\contentwrapper.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\error_internet.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\footerbarfill.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\info_bubble.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\tile_footerbarbase.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\tile_subheadbarbase.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\images\tile_titlebarbase.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\main.css
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\main_error.css
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\package_titlebar_bkimg.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\uninstall\box_screen.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\uninstall\default_button.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\uninstall\default_button_over.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\uninstall\header_background.jpg
c:\program files (x86)\SpeedyPC Software\SpeedyPC\HTML\uninstall\index.html
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Audio\cancel.wav
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Audio\complete.wav
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\btn.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\btn_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_bho.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_defrag.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_file.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_generalsettings.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_ignore.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_junk.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_privacy.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_process.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_registry.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_schedule.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\button_startup.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\register.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\register_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\register_over_small.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\register_small.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\renew.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\renew_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\settings_button.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\settings_button_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\start.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons\start_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\defrag\c_empty.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\defrag\c_frag.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\defrag\c_unfrag.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\defrag\c_unknown.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\defrag\c_unmove.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\bottom_logo.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\close.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\dlg_title.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\logo.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\max.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\min.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\register.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\register_close.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\register_close_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\register_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\renew.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\renew_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\restore.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\tab_bg.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\tabactive_bg.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\tabover_bg.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\tfn_bg.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\tfn_logo.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\title_bar.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\top_logo.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame\upper_divider.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\general\collapse.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\general\delete.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\general\expand.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\general\progress_glow.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\bho.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\dup_audio.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\dup_doc.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\dup_image.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\dup_other.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\dup_video.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\ig_drivers.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\ig_proc.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\ig_reg.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\junk.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_3rd.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_browser.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_email.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_fs.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_im.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_multi.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_office.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_other.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\priv_windows.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_apppath.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_com.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_dll.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_empty.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_extensions.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_filepath.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_font.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_help.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_shortcut.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_startup.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\reg_uninstall.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\group\startup.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_about.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_bho.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_clean.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_defrag.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_file.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_junk.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_junk_settings.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_malware.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_performance.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_privacy.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_process.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_registry.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_restore.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_settings.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_startup.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\header_tools.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\settings_general.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\settings_ignore.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\settings_privacy.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\settings_registry.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\headers\settings_schedule.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Icons\info.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Icons\warning.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\other.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\process\bho.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\process\process.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\process\startup.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_malware16.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_malware24.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_malware32.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_system16.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_system24.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_system32.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unknown16.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unknown24.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unknown32.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unwanted16.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unwanted24.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_unwanted32.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_userapp16.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_userapp24.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations\rec_userapp32.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\01.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\02.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\03.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\04.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\05.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\06.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\07.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\08.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation\09.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\check.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\damage1.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\damage2.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\damage3.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\damage4.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\damage5.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\damage6.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\error.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\error_large.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\Fix.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\Fix_over.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\junk.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\malware.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\md5.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\privacy.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\process-animation.gif
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_h.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_h_scan.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_l.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_l_scan.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_m.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_m_scan.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_mh.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_mh_scan.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_ml.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\rating_ml_scan.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\registry.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\security_high.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\security_low.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\warning.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Tabs\overview.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Tabs\restore.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Tabs\scan.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Tabs\settings.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Images\Tabs\tools.png
c:\program files (x86)\SpeedyPC Software\SpeedyPC\LiteUnzip.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\LiteZip.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\LogSettings.xml
c:\program files (x86)\SpeedyPC Software\SpeedyPC\MyResources.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\privacy.db
c:\program files (x86)\SpeedyPC Software\SpeedyPC\RegHookSpecialist.pxt
c:\program files (x86)\SpeedyPC Software\SpeedyPC\SandBoxer.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\settings.xml
c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe
c:\program files (x86)\SpeedyPC Software\SpeedyPC\sqlite3.dll
c:\program files (x86)\SpeedyPC Software\SpeedyPC\tfn.xml
c:\program files (x86)\SpeedyPC Software\SpeedyPC\uninstall.exe
c:\program files (x86)\SpeedyPC Software\SpeedyPC\UNS.xml
c:\program files (x86)\SpeedyPC Software\SpeedyPC\Utility.pxt
c:\program files (x86)\SpeedyPC Software\SpeedyPC\whitelist.dat
c:\programdata\SpeedyPC Software
c:\programdata\SpeedyPC Software\SpeedyPC Pro\dc_db.db
c:\programdata\SpeedyPC Software\UUS3\Master.xml
c:\programdata\SpeedyPC Software\UUS3\Patch.xml
c:\programdata\SpeedyPC Software\UUS3\SpeedyPC\Database.xml
c:\programdata\SpeedyPC Software\UUS3\SpeedyPC\Master.xml
c:\programdata\SpeedyPC Software\UUS3\SpeedyPC\Patch.xml
c:\programdata\SpeedyPC Software\UUS3\SpeedyPC\Update.xml
c:\programdata\SpeedyPC Software\UUS3\Update.xml
c:\users\hp\AppData\Local\Macromedia
c:\users\hp\AppData\Roaming\Abte
c:\users\hp\AppData\Roaming\Akyql
c:\users\hp\AppData\Roaming\Apic
c:\users\hp\AppData\Roaming\Atyc
c:\users\hp\AppData\Roaming\Azak
c:\users\hp\AppData\Roaming\Biiz
c:\users\hp\AppData\Roaming\Buhoam
c:\users\hp\AppData\Roaming\Caud
c:\users\hp\AppData\Roaming\Domym
c:\users\hp\AppData\Roaming\DriverCure
c:\users\hp\AppData\Roaming\DriverCure\LogFile.txt
c:\users\hp\AppData\Roaming\Ecadem
c:\users\hp\AppData\Roaming\Egpyy
c:\users\hp\AppData\Roaming\Evxy
c:\users\hp\AppData\Roaming\Evxy\obca.dat
c:\users\hp\AppData\Roaming\Hoaxce
c:\users\hp\AppData\Roaming\Ixzy
c:\users\hp\AppData\Roaming\Kebuec
c:\users\hp\AppData\Roaming\Ohroun
c:\users\hp\AppData\Roaming\Ohxoza
c:\users\hp\AppData\Roaming\Pausa
c:\users\hp\AppData\Roaming\Poygz
c:\users\hp\AppData\Roaming\Souhug
c:\users\hp\AppData\Roaming\SpeedyPC Software
c:\users\hp\AppData\Roaming\Ucevob
c:\users\hp\AppData\Roaming\Uhfy
c:\users\hp\AppData\Roaming\Umyt
c:\users\hp\AppData\Roaming\Urne
c:\users\hp\AppData\Roaming\Utnii
c:\users\hp\AppData\Roaming\Uvwa
c:\users\hp\AppData\Roaming\Wouna
c:\users\hp\AppData\Roaming\Xume
c:\users\hp\AppData\Roaming\Ymahxo
c:\users\hp\AppData\Roaming\Ytmeg
.
.
((((((((((((((((((((((((( Files Created from 2012-10-27 to 2012-11-27 )))))))))))))))))))))))))))))))
.
.
2012-11-27 03:36 . 2012-11-27 03:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-27 03:36 . 2012-11-27 03:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-25 06:21 . 2012-11-25 06:21 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-11-25 06:21 . 2012-11-25 06:21 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-11-22 16:15 . 2012-11-22 16:15 -------- d-----w- c:\program files\CCleaner
2012-11-20 07:31 . 2012-11-20 07:31 -------- d-----w- c:\users\hp\AppData\Roaming\Malwarebytes
2012-11-20 07:30 . 2012-11-20 07:30 -------- d-----w- c:\programdata\Malwarebytes
2012-11-20 07:30 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-20 07:30 . 2012-11-20 07:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-16 05:23 . 2012-11-16 05:23 18912 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2012-11-15 08:20 . 2012-11-15 08:20 -------- d-----w- c:\users\hp\AppData\Local\Sophos
2012-11-15 08:12 . 2012-11-15 08:12 -------- d-----w- c:\program files (x86)\Common Files\Cisco Systems
2012-11-15 08:12 . 2012-11-15 08:06 37400 ----a-w- c:\windows\system32\SophosBootTasks.exe
2012-11-15 08:09 . 2012-11-15 08:09 36640 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2012-11-15 08:06 . 2012-11-15 08:06 144672 ----a-w- c:\windows\system32\drivers\savonaccess.sys
2012-11-15 08:05 . 2012-11-15 08:05 183024 ----a-w- c:\windows\system32\sdccoinstaller.dll
2012-11-15 08:03 . 2012-11-15 08:03 25608 ----a-w- c:\windows\system32\drivers\SophosBootDriver.sys
2012-11-15 08:01 . 2012-11-15 08:13 -------- d-----w- c:\programdata\Sophos
2012-11-15 08:01 . 2012-11-15 08:12 -------- d-----w- c:\program files (x86)\Sophos
2012-11-15 07:59 . 2012-11-15 07:59 -------- d-----w- c:\users\hp\AppData\Roaming\e-academy Inc
2012-11-15 07:59 . 2012-11-15 07:59 -------- d-----w- c:\users\hp\AppData\Local\e-academy Inc
2012-11-04 19:42 . 2012-11-04 19:42 -------- d-----w- c:\users\hp\AppData\Local\Adobe_Systems_Incorporate
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-23 04:30 . 2012-10-23 04:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-23 04:30 . 2011-06-21 18:44 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-16 98304]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2012-11-15 900160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [2012-11-15 2009664]
R3 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-09-10 1436424]
R3 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2012-11-15 36640]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2012-11-15 25608]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2012-11-15 144672]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-06-18 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-16 202752]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2012-11-15 216640]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2012-11-15 139840]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2012-11-15 357400]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2012-11-15 2869824]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-06-05 32880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 08:03]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-28 08:03]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3594923890-1071736509-2284832241-1000Core.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-23 17:49]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3594923890-1071736509-2284832241-1000UA.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-23 17:49]
.
2012-11-22 c:\windows\Tasks\HPCeeScheduleFordave!.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
2012-11-27 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-18 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Supplementary Scan -------
.
uStart Page = https://secure.ingdirect.ca/InitialINGDirect.html?command=displayLogin&device=web&locale=en_CA
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\hp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 75.153.176.9 75.153.176.1
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\mkgiyaaz.default\
FF - prefs.js: browser.startup.homepage - hxxps://servicing.capitalone.com/c1/login.aspx?CountryCode=CA
FF - ExtSQL: !HIDDEN! 2011-09-30 21:02; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{604CD5A1-4520-4844-B064-A3D884B77E91} - c:\program files (x86)\SpeedyPC Software\SpeedyPC\uninstall.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-26 19:40:31
ComboFix-quarantined-files.txt 2012-11-27 03:40
ComboFix2.txt 2012-11-23 08:39
.
Pre-Run: 348,793,356,288 bytes free
Post-Run: 348,585,148,416 bytes free
.
- - End Of File - - AA77A478228A7AB2651A96A9C1716F79

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 AM

Posted 27 November 2012 - 07:12 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.3 MUI
µTorrent
Java™ 6 Update 20 (64-bit)
Java™ 7 Update 5
JavaFX 2.1.1
SpeedyPC Pro
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 dapater

dapater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 27 November 2012 - 04:07 PM

Hi Gringo, everything currently seems smooth on my computer. Here are the two log files:

Here is the log from MBAM:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.27.09

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
dave! :: HP-HP [administrator]

Protection: Enabled

27/11/2012 10:48:53 AM
mbam-log-2012-11-27 (10-48-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232794
Time elapsed: 6 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)









Here is the log from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:05:31 PM, on 27/11/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\hp\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\hp\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://secure.ingdirect.ca/InitialINGDirect.html?command=displayLogin&device=web&locale=en_CA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\hp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O10 - Unknown file in Winsock LSP: c:\programdata\sophos\web intelligence\swi_ifslsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll
O18 - Protocol: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files (x86)\LizardTech\ExpressView\expressview.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\sophos_detoured.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sophos AutoUpdate Service - Sophos Limited - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Sophos Web Control Service - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Software Protection (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
O23 - Service: Sophos Web Intelligence Update (swi_update_64) - Sophos Limited - C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16739 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 AM

Posted 27 November 2012 - 09:07 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:24 AM

Posted 30 November 2012 - 09:23 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 dapater

dapater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 01 December 2012 - 03:58 AM

Hi,

I'm sorry for being absent -- It has been a busy past few days. Many thanks for your attention. I am now scanning with ESET online scanner and so I should be able to post the log from that in the morning (9 hours from now).

#15 dapater

dapater
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 01 December 2012 - 12:15 PM

Hi Gringo, here is the report from ESET. It found one threat:

C:\Qoobox\Quarantine\C\Users\hp\AppData\Local\hretola.dll.vir a variant of Win32/TrojanProxy.Agent.NJL trojan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users