Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sec essentials wouldnt start, scans slow, everything crashes


  • This topic is locked This topic is locked
20 replies to this topic

#1 PRprince

PRprince

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 30 November 2012 - 02:22 PM

security essentials wouldnt start, went to starup programs list and found something named 'ujjicv" i didnt recognize (C:\Users\Ines\AppData\Roaming\unimdmi.dll
) (couldnt find/see/delete it even though i have hidden files view, set to visible) disabled and rebotted and then essentials started, ran the full scan of ms essentials plus s&d and malwarebytes,they didnt find anything, and pc is still slow, and scans are sluggish and everything i run stops responding. also I got complaints of browser redirects on iexplorer and firefox.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/9/2007 1:30:53 AM
System Uptime: 11/30/2012 12:09:08 PM (1 hours ago)
.
Motherboard: Quanta | | 30CB
Processor: Intel® Core™2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1000/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 103 GiB total, 37.548 GiB free.
E: is FIXED (NTFS) - 8 GiB total, 1.796 GiB free.
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP118: 11/30/2012 12:00:01 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.5
Advanced SystemCare 3
AppGraffiti
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
AuthenTec Fingerprint Sensor Minimum Install
Batch Update
Bejeweled 2 Deluxe 1.0
Bible Data Type System Files
Bing Rewards Client Installer
Bonjour
CCleaner
Cisco NAC Agent
Clause Visualizer
Combined Community Codec Pack 2009-09-09
Common System Files
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
ERUNT 1.1j
ESET Online Scanner v3
ESU for Microsoft Vista
ffdshow [rev 3154] [2009-12-09]
FLAC 1.2.1b (remove only)
Folder Size for Windows
Free WMA to MP3 Converter 1.16
Game Booster 3
GIMP 2.6.8
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GPL MPEG-1/2 DirectShow Decoder Filter
Graphical Query Editor
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Photo Creations
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Quick Launch Buttons
HP QuickPlay 3.2
HP Total Care Advisor
HP Update
HP User Guides 0056
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
iCloud
Intel Matrix Storage Manager
ISO Recorder
iTunes
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java™ 6 Update 35
Jing
Junk Mail filter update
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
Libronix Update
LightScribe 1.4.136.1
LLS Resource Driver
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office XP Professional with FrontPage
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
Motorola SM56 Speakerphone Modem
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer
muvee autoProducer 6.0
My HP Games
NVIDIA Drivers
OEB Resource Driver
OGA Notifier 2.0.0048.0
PDF Resource Driver
Port Forwarding Wizard 4.5
Primo
PSSWCORE
PVSonyDll
QLBCASL
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller Pro 2.5.0
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Runtime
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Segoe UI
Sentence Diagramming
Simple Port Forwarding
Smart Defrag 2
Sony Picture Utility
Spybot - Search & Destroy
SpywareBlaster 4.4
SpywareGuard v2.2
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
VeriSoft Access Manager
VitalSource Bookshelf
VLC media player 1.1.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
Xvid 1.2.1 final uninstall
Z 39.50 Library
.
==== Event Viewer Messages From Past Week ========
.
11/30/2012 12:11:34 PM, Error: Service Control Manager [7022] - The CyberLink Background Capture Service (CBCS) service hung on starting.
11/30/2012 12:11:34 PM, Error: Service Control Manager [7001] - The CyberLink Task Scheduler (CTS) service depends on the CyberLink Background Capture Service (CBCS) service which failed to start because of the following error: After starting, the service hung in a start-pending state.
11/30/2012 12:11:09 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/30/2012 12:09:28 PM, Error: volmgr [46] - Crash dump initialization failed!
11/29/2012 8:36:28 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
11/29/2012 8:36:28 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/29/2012 8:36:28 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/29/2012 8:36:27 PM, Error: Service Control Manager [7031] - The Wired AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/29/2012 8:36:27 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/29/2012 8:36:27 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/29/2012 8:36:27 PM, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/29/2012 8:36:27 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/29/2012 8:36:27 PM, Error: Service Control Manager [7031] - The PnP-X IP Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/29/2012 8:36:27 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/29/2012 8:36:27 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/29/2012 8:36:27 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/29/2012 8:36:27 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/29/2012 5:33:58 PM, Error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
11/29/2012 11:01:18 PM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
11/28/2012 6:32:58 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer AMANDA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{385A36C3-A54F-497D-9031-C14D66FA. The master browser is stopping or an election is being forced.
11/23/2012 11:55:42 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.180.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================








DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16448 BrowserJavaVersion: 1.6.0_35
Run by Ines at 13:27:26 on 2012-11-30
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.871 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\system32\dllhost.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
TB: Fast Browser Search Toolbar: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - LocalServer32 - <no file>
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - LocalServer32 - <no file>
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{385A36C3-A54F-497D-9031-C14D66FA1840} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3B7CFB30-E8FE-4504-9442-9BFF8E17FEF9} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\windows\system32\APSHook.dll
SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - c:\program files\spywareguard\spywareguard.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ines\appdata\roaming\mozilla\firefox\profiles\pt2ehi8w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2049-12-31 14:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\users\ines\appdata\roaming\mozilla\firefox\profiles\pt2ehi8w.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF - ExtSQL: !HIDDEN! 2009-07-08 22:33; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 171064]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-9-20 15672]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2009-1-12 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2009-1-12 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-1-12 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-16 363344]
R2 NACAgent;Cisco NAC Agent;c:\program files\cisco\cisco nac agent\NACAgent.exe [2011-9-1 1233848]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-27 1153368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-16 20952]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2012-4-30 227896]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-5-26 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-1-28 27192]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-9-16 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WordPad.exe="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~3\office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2012-11-30 05:44:09 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{956a420c-c3d5-42df-85fd-7843843baca4}\mpengine.dll
2012-11-29 17:10:57 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-11-28 16:22:01 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d04aeadc-6041-4488-ac12-95eddda7bcb6}\gapaengine.dll
2012-11-28 01:41:21 135168 --sha-r- c:\users\ines\appdata\roaming\unimdmi.dll
.
==================== Find3M ====================
.
2012-11-28 19:09:18 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-28 19:09:17 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-09-06 04:15:14 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-06 04:15:13 473072 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 13:28:58.77 ===============









Farbar recovery log (hope this speeds things up)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2012 (ATTENTION: FRST version is 7 days old)
Ran by Ines at 30-11-2012 14:07:20
Running from G:\
Service Pack 2 (X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2012-11-30 13:35 - 2012-11-30 13:40 - 00002509 ____A C:\Users\Ines\Desktop\FSS.txt
2012-11-30 13:34 - 2012-11-30 13:34 - 00694235 ____A (Farbar) C:\Users\Ines\Desktop\FSS.exe
2012-11-30 13:29 - 2012-11-30 13:46 - 00015447 ____A C:\Users\Ines\Desktop\attach.txt
2012-11-30 13:29 - 2012-11-30 13:46 - 00014476 ____A C:\Users\Ines\Desktop\dds.txt
2012-11-30 13:16 - 2012-11-30 13:16 - 00688992 ____R (Swearware) C:\Users\Ines\Desktop\dds.com
2012-11-30 00:40 - 2012-11-30 12:09 - 00000692 ____A C:\Windows\PFRO.log
2012-11-29 18:04 - 2012-11-29 18:10 - 00000000 ____D C:\Users\Ines\Desktop\CCleaner Professional 3.25.1872
2012-11-29 17:48 - 2012-11-29 17:48 - 00000655 ____A C:\Users\Ines\Desktop\Downloads - Shortcut.lnk
2012-11-28 20:58 - 2012-11-28 20:58 - 00000558 ____A C:\Users\Ines\Desktop\Health and Physical Ass - Shortcut.lnk
2012-11-28 14:12 - 2012-11-28 14:12 - 00000104 ____A C:\Users\Ines\Desktop\Control Panel - Shortcut.lnk
2012-11-27 20:41 - 2012-11-27 20:41 - 00135168 _RASH C:\Users\Ines\AppData\Roaming\unimdmi.dll
2012-11-09 19:54 - 2012-11-09 19:55 - 00000000 ____D C:\Program Files\QuickTime


==================== One Month Modified Files and Folders ========

2012-11-30 13:54 - 2011-02-12 12:59 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-30 13:54 - 2011-02-12 12:59 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-30 13:53 - 2006-11-02 07:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-30 13:53 - 2006-11-02 07:47 - 00003168 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-30 13:46 - 2012-11-30 13:29 - 00015447 ____A C:\Users\Ines\Desktop\attach.txt
2012-11-30 13:46 - 2012-11-30 13:29 - 00014476 ____A C:\Users\Ines\Desktop\dds.txt
2012-11-30 13:44 - 2012-09-25 18:53 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-30 13:41 - 2011-10-27 18:13 - 00000336 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job
2012-11-30 13:40 - 2012-11-30 13:35 - 00002509 ____A C:\Users\Ines\Desktop\FSS.txt
2012-11-30 13:34 - 2012-11-30 13:34 - 00694235 ____A (Farbar) C:\Users\Ines\Desktop\FSS.exe
2012-11-30 13:16 - 2012-11-30 13:16 - 00688992 ____R (Swearware) C:\Users\Ines\Desktop\dds.com
2012-11-30 12:15 - 2006-11-02 05:33 - 00759342 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-30 12:14 - 2010-01-28 18:06 - 01229418 ____A C:\Windows\WindowsUpdate.log
2012-11-30 12:10 - 2009-01-11 17:59 - 00469730 ____A C:\Users\All Users\nvModes.001
2012-11-30 12:10 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Registration
2012-11-30 12:09 - 2012-11-30 00:40 - 00000692 ____A C:\Windows\PFRO.log
2012-11-30 12:09 - 2009-01-11 17:56 - 00469730 ____A C:\Users\All Users\nvModes.dat
2012-11-30 12:09 - 2006-11-02 08:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-30 12:08 - 2006-11-02 08:01 - 00032638 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-11-29 20:45 - 2012-05-26 09:06 - 00000000 ____D C:\Users\Ines\Tracing
2012-11-29 20:45 - 2010-08-11 15:24 - 00000000 ____D C:\Users\Ines\AppData\Roaming\Media Player Classic
2012-11-29 20:45 - 2010-01-27 18:40 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-11-29 20:45 - 2007-06-19 03:41 - 00000000 ____D C:\Windows\panther
2012-11-29 20:45 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\System32\LogFiles
2012-11-29 20:43 - 2010-01-11 19:00 - 00000000 ____D C:\Program Files\CCleaner
2012-11-29 19:00 - 2011-01-28 21:26 - 00000398 ____A C:\Windows\Tasks\At1.job
2012-11-29 18:10 - 2012-11-29 18:04 - 00000000 ____D C:\Users\Ines\Desktop\CCleaner Professional
2012-11-29 17:48 - 2012-11-29 17:48 - 00000655 ____A C:\Users\Ines\Desktop\Downloads - Shortcut.lnk
2012-11-29 17:48 - 2009-01-09 19:01 - 00000000 ____D C:\users\Ines
2012-11-29 17:30 - 2007-06-19 06:11 - 00000000 ____D C:\Program Files\HP Games
2012-11-29 17:28 - 2011-05-31 18:05 - 00000000 ____D C:\Program Files\WildTangent Games
2012-11-29 17:25 - 2007-06-19 06:11 - 00000000 ____D C:\Users\All Users\WildTangent
2012-11-29 17:24 - 2012-09-05 20:36 - 00000000 ____D C:\Users\Ines\AppData\Roaming\WildTangent
2012-11-29 10:46 - 2011-02-12 12:59 - 00000000 ____D C:\Users\Ines\AppData\Local\Google
2012-11-29 10:46 - 2011-02-12 12:59 - 00000000 ____D C:\Program Files\Google
2012-11-28 20:58 - 2012-11-28 20:58 - 00000558 ____A C:\Users\Ines\Desktop\Health and Physical Ass - Shortcut.lnk
2012-11-28 19:31 - 2012-09-29 13:47 - 00000000 ____D C:\Users\Ines\Documents\PEDS
2012-11-28 14:12 - 2012-11-28 14:12 - 00000104 ____A C:\Users\Ines\Desktop\Control Panel - Shortcut.lnk
2012-11-28 14:11 - 2007-06-19 06:07 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-28 14:09 - 2012-09-20 01:48 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-11-28 14:09 - 2012-09-20 01:48 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-11-28 13:20 - 2012-09-29 13:43 - 00000000 ____D C:\Users\Ines\Documents\GRAD PROJ NSG6999
2012-11-27 21:20 - 2012-07-05 20:35 - 00000000 ____D C:\Users\Ines\Documents\WOMEN HEALTH 6430
2012-11-27 20:41 - 2012-11-27 20:41 - 00135168 _RASH C:\Users\Ines\AppData\Roaming\unimdmi.dll
2012-11-26 01:16 - 2010-11-24 19:08 - 00000382 ____A C:\Windows\Tasks\SmartDefrag.job
2012-11-24 21:35 - 2011-05-14 08:38 - 00000000 ____D C:\Users\Ines\Documents\Advance Practice II
2012-11-21 21:44 - 2009-01-12 21:32 - 00000318 ____A C:\Windows\Tasks\HPCeeScheduleForInes.job
2012-11-14 15:53 - 2011-06-27 22:10 - 00000000 ____D C:\Users\Ines\Documents\Patho physiology
2012-11-14 15:52 - 2011-10-02 17:56 - 00000000 ____D C:\Users\Ines\Documents\Advance Practice 1
2012-11-14 15:50 - 2012-04-11 20:15 - 00000000 ____D C:\Users\Ines\Documents\Practicum 1 -6320
2012-11-09 19:55 - 2012-11-09 19:54 - 00000000 ____D C:\Program Files\QuickTime


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Memory info ===========================

Percentage of memory in use: 57%
Total physical RAM: 2045.68 MB
Available physical RAM: 871.85 MB
Total Pagefile: 4328.64 MB
Available Pagefile: 3031.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.93 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:103.45 GB) (Free:37.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (HP_RECOVERY) (Fixed) (Total:8.33 GB) (Free:1.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (USB20FD) (Removable) (Total:3.76 GB) (Free:3.7 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 112 GB 0 B
Disk 1 Online 75 GB 0 B
Disk 2 Online 3854 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 103 GB 32 KB
Partition 2 Primary 8 GB 103 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 103 GB Healthy System (partition with boot components)

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E HP_RECOVERY NTFS Partition 8 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 75 GB 32 KB

=========================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D RAW Partition 75 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3854 MB 32 KB

=========================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G USB20FD FAT32 Removable 3854 MB Healthy

=========================================================

Last Boot: 2012-11-30 12:17

==================== End Of Log ============================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:23 PM

Posted 30 November 2012 - 09:26 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 PRprince

PRprince
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 01 December 2012 - 01:43 PM

thx 4 responding so fast, this is my mothers computer and she had complained of browser reditects but i havent experienced any myself, however the browsers and the system is sluggish, and most of the windows stop responding, and freeze.

also sometimes it tells me i dont have permission to save any logs to the desktop, i saved the first log (after a few trys) but couldnt save the second log so i copy/pasted adwcleaner's log into security-check's log ^_^ even though i ran adwclean as admin (for what little good that does) the third log roguekiller, saved without issue to the desktop.
my mother complained that while she was giving a presentation at school, some porn ads popped up on the screen lol; naturally i played dumb and asked why she had been going to those sites in the first place :P


Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Out of date HijackThis installed!
SpywareBlaster 4.4
SpywareGuard v2.2
Spybot - Search & Destroy
HijackThis 2.0.2
CCleaner
Java™ 6 Update 35
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 15.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````









# AdwCleaner v2.010 - Logfile created 12/01/2012 at 13:13:16
# Updated 29/11/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Ines - INES-PC
# Boot Mode : Normal
# Running from : C:\Users\Ines\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\fast.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\searchplugins\search-here.xml
File Deleted : C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\searchplugins\SearchResults.xml
Folder Deleted : C:\Program Files\AppGraffiti
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
Folder Deleted : C:\Users\Ines\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Ines\AppData\LocalLow\AppGraffiti
Folder Deleted : C:\Users\Ines\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Ines\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Ines\AppData\Roaming\cacaoweb
Folder Deleted : C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\extensions\AppGraffiti@AppGraffiti.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\cacaoweb
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus Updater
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AppGraffiti
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D59156-647B-4B06-B20E-0E297A1077BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EBB289A-2D7B-465B-825F-1530B813E95A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BE990A32-C2EC-4654-8FD0-26FECEA81998}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CD5C92AE-97B0-4BC3-BA65-BA0308D543BF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1BB22D38-A411-4B13-A746-C2A4F4EC7344}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\prefs.js

C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://toolbar.inbox.com/search/dispatcher.as[...]
Deleted : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);
Deleted : user_pref("searchreset.backup.browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("searchreset.backup.keyword.URL", "hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&t[...]

*************************

AdwCleaner[S1].txt - [10894 octets] - [01/12/2012 13:13:16]

########## EOF - C:\AdwCleaner[S1].txt - [10955 octets] ##########



RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Ines [Admin rights]
Mode : Remove -- Date : 12/01/2012 13:29:23

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] At1.job : C:\Users\Ines\AppData\Local\Temp\1InfDefaultInstallb.exe -> DELETED
[TASK][SUSP PATH] At1 : C:\Users\Ines\AppData\Local\Temp\1InfDefaultInstallb.exe -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9120821AS +++++
--- User ---
[MBR] 47878f2e2676965459f36b241c4730b3
[BSP] c26bf3671914c3dbbbdf0a8e6506fcc1 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 105936 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 216957825 | Size: 8534 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST98823AS +++++
--- User ---
[MBR] 01b5a7697e185cae2306125345b4bee8
[BSP] f1ae30e0ca654af26f40c3754d16a910 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12012012_02d1329.txt >>
RKreport[1]_S_12012012_02d1326.txt ; RKreport[2]_D_12012012_02d1329.txt

Edited by PRprince, 01 December 2012 - 01:44 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:23 PM

Posted 01 December 2012 - 05:55 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 PRprince

PRprince
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 01 December 2012 - 09:06 PM

PC is running alot faster but internet speed isn't at normal speed yet, a URL look-up will stall and say loading loading and not go anywhere, then when you highlight the URL and press enter a second or third time then it loads instantly as it does normally. also I noticed one of the logs said that java was out of date so i uninstalled all the java i could find with Revo-Uninstaller which deletes java reg entry's and all leftover java files and re-installed a fresh java. and that weird thing i saw on the startup list that i couldn't recognize is gone now which i guess had something to do with c:\users\Ines\AppData\Roaming\unimdmi.dll
combofix i guess found and deleted it... Very kool. I will be defragmenting her pc while you respond again btw, with 'smart defrag 2.6'









ComboFix 12-12-01.02 - Ines 12/01/2012 20:07:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1127 [GMT -5:00]
Running from: c:\users\Ines\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\a
c:\a\023.dat
c:\a\023v.dat
c:\a\023w7.dat
c:\a\appinit.bad
c:\a\asp.str
c:\a\Assoc.cmd
c:\a\ATTRIB.cfxxe
c:\a\Auto-RC.cmd
c:\a\av.cmd
c:\a\av.vbs
c:\a\AWF.cmd
c:\a\badclsid.c
c:\a\Boot-Rk.cmd
c:\a\Boot.bat
c:\a\BootSect.dll
c:\a\c.bat
c:\a\Catch-sub.cmd
c:\a\catchme.cfxxe
c:\a\CCS.bat
c:\a\CF-Script.cmd
c:\a\CF30041.cfxxe
c:\a\CFVersionOld
c:\a\CHCP.bat
c:\a\clsid.c
c:\a\cmd.cfxxe
c:\a\Combobatch.bat
c:\a\ComboFix-Download.cfxxe
c:\a\Create.cmd
c:\a\Creg.dat
c:\a\CregC.cmd
c:\a\CregC.dat
c:\a\CSCRIPT.cfxxe
c:\a\CSet.cmd
c:\a\dd.cfxxe
c:\a\ddsDo.sed
c:\a\DelClsid.bat
c:\a\DelClsid64.bat
c:\a\desktop.ini
c:\a\DisclaimED.dat
c:\a\DPF.str
c:\a\dumphive.cfxxe
c:\a\embedded.sed
c:\a\en-US\ATTRIB.cfxxe.mui
c:\a\en-US\CF30041.cfxxe.mui
c:\a\en-US\cmd.cfxxe.mui
c:\a\en-US\CSCRIPT.cfxxe.mui
c:\a\en-US\PING.cfxxe.mui
c:\a\en-US\REGT.cfxxe.mui
c:\a\en-US\ROUTE.cfxxe.mui
c:\a\en-US\SORT.cfxxe.mui
c:\a\ERDNT.e_e
c:\a\ERDNTDOS.LOC
c:\a\ERDNTWIN.LOC
c:\a\ERUNT.cfxxe
c:\a\erunt.dat
c:\a\ERUNT.LOC
c:\a\Exe.reg
c:\a\extract.cfxxe
c:\a\FD-SV.cmd
c:\a\ffdefstr.dll
c:\a\FileKill.cfxxe
c:\a\files.pif
c:\a\Fin.dat
c:\a\FIND3M.bat
c:\a\FIXLSP.bat
c:\a\FKMGen.cmd
c:\a\ForeignWht
c:\a\GetHive.cmd
c:\a\grep.cfxxe
c:\a\gsar.cfxxe
c:\a\handle.cfxxe
c:\a\hidec.exe
c:\a\history.bat
c:\a\iexplore.exe
c:\a\image001.gif
c:\a\Install-RC.cmd
c:\a\katch.cmd
c:\a\Kill-All.cmd
c:\a\kmd.dat
c:\a\Lang.bat
c:\a\List-B.bat
c:\a\List-C.bat
c:\a\List-D.bat
c:\a\List.bat
c:\a\lnkread.vbs
c:\a\LocalService.dat
c:\a\LocalServiceNetworkRestricted.dat
c:\a\LocalSystemNetworkRestricted.dat
c:\a\mbr.cfxxe
c:\a\md5sum.pif
c:\a\Mirrors
c:\a\MoveIt.bat
c:\a\mtee.cfxxe
c:\a\MUI
c:\a\mynul.dat
c:\a\n.pif
c:\a\N_\13570
c:\a\N_\14343
c:\a\N_\15000
c:\a\N_\16591
c:\a\N_\22663
c:\a\N_\23223
c:\a\N_\24845
c:\a\N_\28476
c:\a\N_\286
c:\a\N_\30766
c:\a\N_\3627
c:\a\N_\6605
c:\a\N_\720
c:\a\N_\723
c:\a\N_\9252
c:\a\N_\pingtest
c:\a\ncmd.com
c:\a\ND_.bat
c:\a\ndis_combofix.dat
c:\a\netsvc.bad.dat
c:\a\netsvc.dat
c:\a\netsvc.vista.dat
c:\a\netsvc.xp.dat
c:\a\NetworkService.dat
c:\a\NewCFUser
c:\a\NirCmd.cfxxe
c:\a\NircmdB.exe
c:\a\NirCmdC.cfxxe
c:\a\NlsLanguageDefault
c:\a\NT-OS.cmd
c:\a\NULL
c:\a\OSid.vbs
c:\a\OsVer
c:\a\PEV.cfxxe
c:\a\pev.exe
c:\a\PING.cfxxe
c:\a\Policies.dat
c:\a\Prep.inf
c:\a\Purity.dat
c:\a\PV.cfxxe
c:\a\pv.com
c:\a\RCLink.dat
c:\a\REGDACL.sed
c:\a\RegDo.sed
c:\a\region.dat
c:\a\RegScan.cmd
c:\a\RegScan64.cmd
c:\a\Resident.txt
c:\a\restore_pt.vbs
c:\a\Rkey.cmd
c:\a\rogues.dat
c:\a\ROUTE.cfxxe
c:\a\run2.sed
c:\a\Rust.str
c:\a\safeboot.dat
c:\a\safeboot.def.dat
c:\a\safeboot.def.vista.dat
c:\a\Safeboot.def.w7.dat
c:\a\sed.cfxxe
c:\a\SetEnvmt.bat
c:\a\setpath.cfxxe
c:\a\SF.exe
c:\a\sfx.cmd
c:\a\SnapShot.cmd
c:\a\SRestore.cmd
c:\a\srizbi.md5
c:\a\Start_dat
c:\a\SuppScan.cmd
c:\a\svc_wht.dat
c:\a\SvcDrv.vbs
c:\a\svchost.dat
c:\a\svchost.vista.dat
c:\a\svchost.w7.dat
c:\a\svchost.w7.x64.dat
c:\a\SWREG.cfxxe
c:\a\swreg.exe
c:\a\swsc.cfxxe
c:\a\swxcacls.cfxxe
c:\a\system_ini.dat
c:\a\tail.cfxxe
c:\a\toolbar.sed
c:\a\Update-CF.cmd
c:\a\VerCF.bat
c:\a\version.txt
c:\a\VInfo
c:\a\Vista.krl
c:\a\Vista.mac
c:\a\vistareg.dat
c:\a\vun.dat
c:\a\w_sock.dll
c:\a\w2k_sock.dll
c:\a\w2kreg.dat
c:\a\w7reg.dat
c:\a\Wmi_rem.vbs
c:\a\xpreg.dat
c:\a\zDomain.dat
c:\a\zhsvc.dat
c:\a\zip.cfxxe
c:\users\Ines\AppData\Roaming\unimdmi.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))
.
.
2012-12-02 01:19 . 2012-12-02 01:19 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-02 01:19 . 2012-12-02 01:19 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-12-02 01:19 . 2012-12-02 01:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-01 21:28 . 2012-12-01 21:28 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-01 18:02 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3A14A7B-FD7B-4FAC-AA49-A2C6F8304EFA}\mpengine.dll
2012-11-30 18:45 . 2012-11-30 19:07 -------- d-----w- C:\FRST
2012-11-30 05:44 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-28 16:22 . 2012-11-28 16:18 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D04AEADC-6041-4488-AC12-95EDDDA7BCB6}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-01 21:28 . 2012-09-06 04:15 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-01 21:28 . 2011-05-08 02:33 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-28 19:09 . 2012-09-20 06:48 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-28 19:09 . 2012-09-20 06:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-19 20:05 . 2012-10-19 20:04 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 05:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-12 02:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-03-12 18:54 50696 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 00:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-03-20 22:23 1773568 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-03-01 20:18 472776 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-02-12 14:37 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 03:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 17:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2009-11-24 15:07 323640 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-04-24 01:11 176128 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 08:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 19:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-02-17 12:56 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-10-14 08:36 2299176 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-10 23:12 317128 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 19:09]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 17:59]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 17:59]
.
2012-12-02 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2012-09-22 08:48]
.
2012-11-22 c:\windows\Tasks\HPCeeScheduleForInes.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-06-19 21:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2049-12-31 14:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF - ExtSQL: !HIDDEN! 2009-07-08 22:33; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
MSConfigStartUp-cacaoweb - c:\users\Ines\AppData\Roaming\cacaoweb\cacaoweb.exe
MSConfigStartUp-ujjicv - c:\users\Ines\AppData\Roaming\unimdmi.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-01 20:24
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4056)
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe
c:\program files\Common Files\SureThing Shared\stllssvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-12-01 20:30:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-02 01:30
ComboFix2.txt 2010-01-21 14:30
ComboFix3.txt 2010-01-21 03:32
ComboFix4.txt 2009-10-28 05:37
.
Pre-Run: 40,916,152,320 bytes free
Post-Run: 40,762,388,480 bytes free
.
- - End Of File - - ACF07FFADBF512D1D2BDB6C275D2CF27

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:23 PM

Posted 01 December 2012 - 09:50 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 PRprince

PRprince
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 02 December 2012 - 01:20 AM

firefox wouldnt download tdss at first, the download window would say its downloading at 50kb per sec, after 3 times closing browser and retrying it finally download at about 3000kb per sec (3Mb per sec) almost instantly. also firefox apparently has a new updating feature in its help > about firefox, menu; on my clean pc, firefox updated and installed itself in about 2 minutes, and on this pc when i tried to update firefox it would say its still downloading updated 4 hours later, something is still wrong with internet on this infected one.




00:04:44.0659 5404 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:04:45.0455 5404 ============================================================
00:04:45.0455 5404 Current date / time: 2012/12/02 00:04:45.0455
00:04:45.0455 5404 SystemInfo:
00:04:45.0455 5404
00:04:45.0455 5404 OS Version: 6.0.6002 ServicePack: 2.0
00:04:45.0455 5404 Product type: Workstation
00:04:45.0456 5404 ComputerName: INES-PC
00:04:45.0456 5404 UserName: Ines
00:04:45.0456 5404 Windows directory: C:\Windows
00:04:45.0456 5404 System windows directory: C:\Windows
00:04:45.0456 5404 Processor architecture: Intel x86
00:04:45.0456 5404 Number of processors: 2
00:04:45.0456 5404 Page size: 0x1000
00:04:45.0456 5404 Boot type: Normal boot
00:04:45.0456 5404 ============================================================
00:04:46.0084 5404 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:04:46.0088 5404 ============================================================
00:04:46.0088 5404 \Device\Harddisk0\DR0:
00:04:46.0088 5404 MBR partitions:
00:04:46.0088 5404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCEE8342
00:04:46.0088 5404 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCEE8381, BlocksNum 0x10AB440
00:04:46.0088 5404 ============================================================
00:04:46.0106 5404 C: <-> \Device\Harddisk0\DR0\Partition1
00:04:46.0238 5404 E: <-> \Device\Harddisk0\DR0\Partition2
00:04:46.0238 5404 ============================================================
00:04:46.0238 5404 Initialize success
00:04:46.0238 5404 ============================================================
00:05:05.0093 5832 ============================================================
00:05:05.0093 5832 Scan started
00:05:05.0093 5832 Mode: Manual;
00:05:05.0093 5832 ============================================================
00:05:05.0354 5832 ================ Scan system memory ========================
00:05:05.0354 5832 System memory - ok
00:05:05.0358 5832 ================ Scan services =============================
00:05:07.0052 5832 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
00:05:07.0058 5832 ACPI - ok
00:05:07.0238 5832 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:05:07.0240 5832 AdobeARMservice - ok
00:05:07.0418 5832 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:05:07.0421 5832 AdobeFlashPlayerUpdateSvc - ok
00:05:07.0490 5832 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
00:05:07.0499 5832 adp94xx - ok
00:05:07.0523 5832 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
00:05:07.0530 5832 adpahci - ok
00:05:07.0562 5832 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
00:05:07.0565 5832 adpu160m - ok
00:05:07.0592 5832 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
00:05:07.0596 5832 adpu320 - ok
00:05:07.0663 5832 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:05:07.0678 5832 AeLookupSvc - ok
00:05:07.0742 5832 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
00:05:07.0745 5832 AFD - ok
00:05:07.0794 5832 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:05:07.0795 5832 agp440 - ok
00:05:07.0822 5832 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
00:05:07.0837 5832 aic78xx - ok
00:05:07.0883 5832 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
00:05:07.0885 5832 ALG - ok
00:05:07.0904 5832 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
00:05:07.0906 5832 aliide - ok
00:05:07.0929 5832 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
00:05:07.0930 5832 amdagp - ok
00:05:07.0965 5832 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
00:05:07.0966 5832 amdide - ok
00:05:08.0006 5832 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
00:05:08.0007 5832 AmdK7 - ok
00:05:08.0039 5832 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
00:05:08.0041 5832 AmdK8 - ok
00:05:08.0099 5832 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
00:05:08.0118 5832 Appinfo - ok
00:05:08.0447 5832 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:05:08.0449 5832 Apple Mobile Device - ok
00:05:08.0508 5832 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
00:05:08.0525 5832 arc - ok
00:05:08.0570 5832 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
00:05:08.0572 5832 arcsas - ok
00:05:08.0812 5832 [ 2EEDA27C19259C2340324EF7180D086B ] ASBroker c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll
00:05:08.0866 5832 ASBroker - ok
00:05:08.0910 5832 [ BB3C0521ECCA4BB17AC55EB640DF0FA5 ] ASChannel c:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll
00:05:08.0914 5832 ASChannel - ok
00:05:09.0414 5832 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:05:09.0416 5832 aspnet_state - ok
00:05:09.0461 5832 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:05:09.0463 5832 AsyncMac - ok
00:05:09.0504 5832 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
00:05:09.0505 5832 atapi - ok
00:05:09.0596 5832 [ FB2162AFF83D519CD77431A1BC5EE0ED ] ATSWPDRV C:\Windows\system32\DRIVERS\ATSwpDrv.sys
00:05:09.0598 5832 ATSWPDRV - ok
00:05:09.0724 5832 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:05:09.0758 5832 AudioEndpointBuilder - ok
00:05:09.0770 5832 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
00:05:09.0774 5832 Audiosrv - ok
00:05:09.0868 5832 [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
00:05:09.0890 5832 BCM43XV - ok
00:05:09.0955 5832 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
00:05:09.0969 5832 Beep - ok
00:05:10.0102 5832 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
00:05:10.0147 5832 BFE - ok
00:05:10.0233 5832 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
00:05:10.0278 5832 BITS - ok
00:05:10.0287 5832 blbdrive - ok
00:05:10.0408 5832 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:05:10.0414 5832 Bonjour Service - ok
00:05:10.0496 5832 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:05:10.0498 5832 bowser - ok
00:05:10.0542 5832 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
00:05:10.0543 5832 BrFiltLo - ok
00:05:10.0570 5832 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
00:05:10.0571 5832 BrFiltUp - ok
00:05:10.0605 5832 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
00:05:10.0622 5832 Browser - ok
00:05:10.0662 5832 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
00:05:10.0664 5832 Brserid - ok
00:05:10.0698 5832 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
00:05:10.0700 5832 BrSerWdm - ok
00:05:10.0728 5832 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
00:05:10.0740 5832 BrUsbMdm - ok
00:05:10.0766 5832 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
00:05:10.0767 5832 BrUsbSer - ok
00:05:10.0793 5832 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
00:05:10.0794 5832 BTHMODEM - ok
00:05:10.0815 5832 catchme - ok
00:05:10.0868 5832 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:05:10.0870 5832 cdfs - ok
00:05:10.0912 5832 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:05:10.0914 5832 cdrom - ok
00:05:10.0988 5832 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
00:05:10.0990 5832 CertPropSvc - ok
00:05:11.0028 5832 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
00:05:11.0047 5832 circlass - ok
00:05:11.0426 5832 [ DBAFC6734C054FEEF9087754BD80F847 ] CLCapSvc C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
00:05:11.0429 5832 CLCapSvc - ok
00:05:11.0508 5832 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
00:05:11.0537 5832 CLFS - ok
00:05:11.0619 5832 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:05:11.0631 5832 clr_optimization_v2.0.50727_32 - ok
00:05:11.0686 5832 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:05:11.0697 5832 clr_optimization_v4.0.30319_32 - ok
00:05:11.0743 5832 [ E67F8F036FD882E4AB62501C0D45B536 ] CLSched C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
00:05:11.0745 5832 CLSched - ok
00:05:11.0803 5832 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:05:11.0804 5832 CmBatt - ok
00:05:11.0864 5832 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:05:11.0879 5832 cmdide - ok
00:05:12.0208 5832 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
00:05:12.0272 5832 Com4QLBEx - ok
00:05:12.0297 5832 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:05:12.0299 5832 Compbatt - ok
00:05:12.0308 5832 COMSysApp - ok
00:05:12.0358 5832 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
00:05:12.0359 5832 crcdisk - ok
00:05:12.0411 5832 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
00:05:12.0438 5832 Crusoe - ok
00:05:12.0519 5832 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:05:12.0523 5832 CryptSvc - ok
00:05:12.0679 5832 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:05:12.0756 5832 DcomLaunch - ok
00:05:12.0784 5832 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:05:12.0786 5832 DfsC - ok
00:05:13.0427 5832 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
00:05:13.0516 5832 DFSR - ok
00:05:13.0614 5832 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
00:05:13.0618 5832 Dhcp - ok
00:05:13.0670 5832 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
00:05:13.0672 5832 disk - ok
00:05:13.0726 5832 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:05:13.0729 5832 Dnscache - ok
00:05:13.0772 5832 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:05:13.0778 5832 dot3svc - ok
00:05:13.0823 5832 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
00:05:13.0828 5832 DPS - ok
00:05:13.0870 5832 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:05:13.0871 5832 drmkaud - ok
00:05:13.0932 5832 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:05:13.0947 5832 DXGKrnl - ok
00:05:14.0009 5832 [ C0B00E55CF82D122D25983C7A6A53DEA ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
00:05:14.0013 5832 E100B - ok
00:05:14.0045 5832 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
00:05:14.0048 5832 E1G60 - ok
00:05:14.0115 5832 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
00:05:14.0119 5832 EapHost - ok
00:05:14.0164 5832 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
00:05:14.0168 5832 Ecache - ok
00:05:14.0243 5832 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:05:14.0250 5832 ehRecvr - ok
00:05:14.0304 5832 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
00:05:14.0308 5832 ehSched - ok
00:05:14.0323 5832 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
00:05:14.0325 5832 ehstart - ok
00:05:14.0389 5832 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
00:05:14.0396 5832 elxstor - ok
00:05:14.0473 5832 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
00:05:14.0487 5832 EMDMgmt - ok
00:05:14.0562 5832 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
00:05:14.0566 5832 EventSystem - ok
00:05:14.0606 5832 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
00:05:14.0610 5832 exfat - ok
00:05:14.0660 5832 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:05:14.0664 5832 fastfat - ok
00:05:14.0709 5832 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:05:14.0710 5832 fdc - ok
00:05:14.0747 5832 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
00:05:14.0749 5832 fdPHost - ok
00:05:14.0792 5832 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
00:05:14.0795 5832 FDResPub - ok
00:05:14.0828 5832 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:05:14.0830 5832 FileInfo - ok
00:05:14.0860 5832 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:05:14.0862 5832 Filetrace - ok
00:05:14.0879 5832 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:05:14.0880 5832 flpydisk - ok
00:05:14.0928 5832 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:05:14.0933 5832 FltMgr - ok
00:05:15.0005 5832 [ 5043F0D9A22AABF550508B3165C5B0FD ] FolderSize C:\Program Files\FolderSize\FolderSizeSvc.exe
00:05:15.0006 5832 FolderSize - ok
00:05:15.0098 5832 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
00:05:15.0165 5832 FontCache - ok
00:05:15.0251 5832 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:05:15.0253 5832 FontCache3.0.0.0 - ok
00:05:15.0324 5832 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
00:05:15.0326 5832 fssfltr - ok
00:05:15.0493 5832 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
00:05:15.0546 5832 fsssvc - ok
00:05:15.0591 5832 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:05:15.0593 5832 Fs_Rec - ok
00:05:15.0626 5832 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
00:05:15.0627 5832 gagp30kx - ok
00:05:15.0678 5832 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:05:15.0679 5832 GEARAspiWDM - ok
00:05:15.0727 5832 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
00:05:15.0742 5832 gpsvc - ok
00:05:15.0868 5832 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
00:05:15.0871 5832 gupdate - ok
00:05:15.0888 5832 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
00:05:15.0890 5832 gupdatem - ok
00:05:15.0944 5832 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:05:15.0949 5832 gusvc - ok
00:05:15.0986 5832 [ 93AEE3434935FC2F805FEFD8DC5ED1B4 ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
00:05:15.0987 5832 HBtnKey - ok
00:05:16.0052 5832 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:05:16.0058 5832 HdAudAddService - ok
00:05:16.0121 5832 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:05:16.0133 5832 HDAudBus - ok
00:05:16.0163 5832 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
00:05:16.0165 5832 HidBth - ok
00:05:16.0186 5832 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
00:05:16.0187 5832 HidIr - ok
00:05:16.0223 5832 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
00:05:16.0225 5832 hidserv - ok
00:05:16.0271 5832 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:05:16.0272 5832 HidUsb - ok
00:05:16.0312 5832 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:05:16.0317 5832 hkmsvc - ok
00:05:16.0391 5832 [ 2CEEB349216FEBD91A907013D4ABCFF7 ] HP Health Check Service C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
00:05:16.0393 5832 HP Health Check Service - ok
00:05:16.0434 5832 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
00:05:16.0436 5832 HpCISSs - ok
00:05:16.0468 5832 [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
00:05:16.0469 5832 HpqKbFiltr - ok
00:05:16.0543 5832 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
00:05:16.0548 5832 hpqwmiex - ok
00:05:16.0597 5832 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
00:05:16.0602 5832 HSFHWAZL - ok
00:05:16.0669 5832 [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
00:05:16.0725 5832 HSF_DPV - ok
00:05:16.0784 5832 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:05:16.0794 5832 HTTP - ok
00:05:16.0838 5832 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
00:05:16.0839 5832 i2omp - ok
00:05:16.0914 5832 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:05:16.0916 5832 i8042prt - ok
00:05:17.0004 5832 [ 582F2D900A3AC34C98FBDC2C0ABEF6B9 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
00:05:17.0008 5832 IAANTMON - ok
00:05:17.0103 5832 [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
00:05:17.0158 5832 ialm - ok
00:05:17.0215 5832 [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
00:05:17.0218 5832 iaStor - ok
00:05:17.0246 5832 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
00:05:17.0252 5832 iaStorV - ok
00:05:17.0312 5832 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
00:05:17.0314 5832 IDriverT - ok
00:05:17.0412 5832 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:05:17.0446 5832 idsvc - ok
00:05:17.0462 5832 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
00:05:17.0464 5832 iirsp - ok
00:05:17.0514 5832 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
00:05:17.0525 5832 IKEEXT - ok
00:05:17.0703 5832 [ 1F10ED6F98C57EFB4E7FB9972B2DBB71 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
00:05:17.0730 5832 IntcAzAudAddService - ok
00:05:17.0785 5832 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
00:05:17.0786 5832 intelide - ok
00:05:17.0826 5832 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:05:17.0827 5832 intelppm - ok
00:05:17.0883 5832 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:05:17.0887 5832 IPBusEnum - ok
00:05:17.0932 5832 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:05:17.0934 5832 IpFilterDriver - ok
00:05:17.0976 5832 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:05:17.0983 5832 iphlpsvc - ok
00:05:17.0993 5832 IpInIp - ok
00:05:18.0022 5832 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
00:05:18.0023 5832 IPMIDRV - ok
00:05:18.0064 5832 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
00:05:18.0067 5832 IPNAT - ok
00:05:18.0180 5832 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:05:18.0190 5832 iPod Service - ok
00:05:18.0225 5832 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:05:18.0226 5832 IRENUM - ok
00:05:18.0248 5832 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:05:18.0249 5832 isapnp - ok
00:05:18.0286 5832 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
00:05:18.0289 5832 iScsiPrt - ok
00:05:18.0315 5832 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
00:05:18.0317 5832 iteatapi - ok
00:05:18.0349 5832 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
00:05:18.0350 5832 iteraid - ok
00:05:18.0384 5832 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:05:18.0386 5832 kbdclass - ok
00:05:18.0429 5832 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:05:18.0431 5832 kbdhid - ok
00:05:18.0451 5832 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
00:05:18.0454 5832 KeyIso - ok
00:05:18.0488 5832 [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
00:05:18.0490 5832 KMWDFILTER - ok
00:05:18.0536 5832 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:05:18.0546 5832 KSecDD - ok
00:05:18.0632 5832 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
00:05:18.0642 5832 KtmRm - ok
00:05:18.0687 5832 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
00:05:18.0695 5832 LanmanServer - ok
00:05:18.0754 5832 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:05:18.0763 5832 LanmanWorkstation - ok
00:05:18.0824 5832 [ 559C9B7800FAC92FC515CD0003D7C631 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
00:05:18.0826 5832 LightScribeService - ok
00:05:18.0860 5832 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:05:18.0862 5832 lltdio - ok
00:05:18.0912 5832 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:05:18.0919 5832 lltdsvc - ok
00:05:18.0970 5832 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:05:18.0973 5832 lmhosts - ok
00:05:19.0013 5832 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
00:05:19.0015 5832 LSI_FC - ok
00:05:19.0039 5832 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
00:05:19.0041 5832 LSI_SAS - ok
00:05:19.0058 5832 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
00:05:19.0060 5832 LSI_SCSI - ok
00:05:19.0104 5832 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
00:05:19.0107 5832 luafv - ok
00:05:19.0148 5832 [ 836E0E09CA9869BE7EB39EF2CF3602C7 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
00:05:19.0149 5832 MBAMProtector - ok
00:05:19.0226 5832 [ 246AF5A08B0339231BDD7437AB6FF6B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:05:19.0231 5832 MBAMService - ok
00:05:19.0296 5832 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:05:19.0301 5832 Mcx2Svc - ok
00:05:19.0350 5832 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
00:05:19.0351 5832 megasas - ok
00:05:19.0381 5832 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
00:05:19.0385 5832 MMCSS - ok
00:05:19.0421 5832 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
00:05:19.0423 5832 Modem - ok
00:05:19.0468 5832 [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys
00:05:19.0469 5832 MODEMCSA - ok
00:05:19.0523 5832 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:05:19.0524 5832 monitor - ok
00:05:19.0543 5832 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:05:19.0545 5832 mouclass - ok
00:05:19.0596 5832 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:05:19.0597 5832 mouhid - ok
00:05:19.0632 5832 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
00:05:19.0634 5832 MountMgr - ok
00:05:19.0704 5832 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:05:19.0705 5832 MozillaMaintenance - ok
00:05:19.0791 5832 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
00:05:19.0796 5832 MpFilter - ok
00:05:19.0848 5832 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
00:05:19.0851 5832 mpio - ok
00:05:19.0898 5832 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:05:19.0901 5832 mpsdrv - ok
00:05:19.0942 5832 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
00:05:19.0953 5832 MpsSvc - ok
00:05:19.0990 5832 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
00:05:19.0992 5832 Mraid35x - ok
00:05:20.0038 5832 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:05:20.0041 5832 MRxDAV - ok
00:05:20.0079 5832 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:05:20.0082 5832 mrxsmb - ok
00:05:20.0119 5832 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:05:20.0124 5832 mrxsmb10 - ok
00:05:20.0142 5832 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:05:20.0145 5832 mrxsmb20 - ok
00:05:20.0198 5832 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
00:05:20.0199 5832 msahci - ok
00:05:20.0223 5832 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:05:20.0226 5832 msdsm - ok
00:05:20.0268 5832 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
00:05:20.0274 5832 MSDTC - ok
00:05:20.0328 5832 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:05:20.0329 5832 Msfs - ok
00:05:20.0375 5832 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:05:20.0376 5832 msisadrv - ok
00:05:20.0423 5832 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:05:20.0428 5832 MSiSCSI - ok
00:05:20.0435 5832 msiserver - ok
00:05:20.0488 5832 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:05:20.0490 5832 MSKSSRV - ok
00:05:20.0580 5832 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
00:05:20.0581 5832 MsMpSvc - ok
00:05:20.0623 5832 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:05:20.0624 5832 MSPCLOCK - ok
00:05:20.0646 5832 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:05:20.0648 5832 MSPQM - ok
00:05:20.0694 5832 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:05:20.0698 5832 MsRPC - ok
00:05:20.0744 5832 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:05:20.0745 5832 mssmbios - ok
00:05:20.0763 5832 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:05:20.0764 5832 MSTEE - ok
00:05:20.0799 5832 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
00:05:20.0801 5832 Mup - ok
00:05:20.0916 5832 [ 72DD381229BCA8961E826BA73AFE60BC ] NACAgent C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
00:05:20.0931 5832 NACAgent - ok
00:05:20.0983 5832 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
00:05:20.0993 5832 napagent - ok
00:05:21.0055 5832 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:05:21.0059 5832 NativeWifiP - ok
00:05:21.0129 5832 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:05:21.0151 5832 NDIS - ok
00:05:21.0190 5832 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:05:21.0192 5832 NdisTapi - ok
00:05:21.0234 5832 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:05:21.0235 5832 Ndisuio - ok
00:05:21.0278 5832 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:05:21.0281 5832 NdisWan - ok
00:05:21.0313 5832 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:05:21.0315 5832 NDProxy - ok
00:05:21.0338 5832 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:05:21.0340 5832 NetBIOS - ok
00:05:21.0386 5832 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
00:05:21.0391 5832 netbt - ok
00:05:21.0412 5832 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
00:05:21.0415 5832 Netlogon - ok
00:05:21.0466 5832 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
00:05:21.0476 5832 Netman - ok
00:05:21.0517 5832 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:05:21.0521 5832 NetMsmqActivator - ok
00:05:21.0529 5832 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:05:21.0532 5832 NetPipeActivator - ok
00:05:21.0582 5832 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
00:05:21.0591 5832 netprofm - ok
00:05:21.0601 5832 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:05:21.0604 5832 NetTcpActivator - ok
00:05:21.0612 5832 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:05:21.0615 5832 NetTcpPortSharing - ok
00:05:21.0741 5832 [ 1D73499A6664B4DA05D750FF83FDB274 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
00:05:21.0818 5832 NETw4v32 - ok
00:05:22.0032 5832 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
00:05:22.0073 5832 NETw5v32 - ok
00:05:22.0128 5832 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
00:05:22.0129 5832 nfrd960 - ok
00:05:22.0175 5832 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:05:22.0178 5832 NisDrv - ok
00:05:22.0218 5832 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
00:05:22.0223 5832 NisSrv - ok
00:05:22.0266 5832 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:05:22.0273 5832 NlaSvc - ok
00:05:22.0315 5832 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:05:22.0317 5832 Npfs - ok
00:05:22.0355 5832 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
00:05:22.0359 5832 nsi - ok
00:05:22.0390 5832 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:05:22.0391 5832 nsiproxy - ok
00:05:22.0472 5832 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:05:22.0516 5832 Ntfs - ok
00:05:22.0564 5832 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
00:05:22.0566 5832 ntrigdigi - ok
00:05:22.0596 5832 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
00:05:22.0598 5832 Null - ok
00:05:23.0045 5832 [ 24000B817CC84AC1555F41929879AF5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:05:23.0160 5832 nvlddmkm - ok
00:05:23.0195 5832 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:05:23.0198 5832 nvraid - ok
00:05:23.0221 5832 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:05:23.0223 5832 nvstor - ok
00:05:23.0269 5832 [ C4D17F11526F87BC762F31DA5BD2580B ] nvsvc C:\Windows\system32\nvvsvc.exe
00:05:23.0275 5832 nvsvc - ok
00:05:23.0307 5832 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:05:23.0310 5832 nv_agp - ok
00:05:23.0318 5832 NwlnkFlt - ok
00:05:23.0328 5832 NwlnkFwd - ok
00:05:23.0398 5832 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
00:05:23.0400 5832 ohci1394 - ok
00:05:23.0503 5832 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:05:23.0506 5832 ose - ok
00:05:23.0762 5832 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:05:23.0938 5832 osppsvc - ok
00:05:24.0022 5832 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
00:05:24.0055 5832 p2pimsvc - ok
00:05:24.0099 5832 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
00:05:24.0110 5832 p2psvc - ok
00:05:24.0156 5832 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
00:05:24.0159 5832 Parport - ok
00:05:24.0193 5832 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:05:24.0195 5832 partmgr - ok
00:05:24.0213 5832 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
00:05:24.0214 5832 Parvdm - ok
00:05:24.0256 5832 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
00:05:24.0262 5832 PcaSvc - ok
00:05:24.0305 5832 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
00:05:24.0309 5832 pci - ok
00:05:24.0339 5832 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\DRIVERS\pciide.sys
00:05:24.0340 5832 pciide - ok
00:05:24.0374 5832 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
00:05:24.0379 5832 pcmcia - ok
00:05:24.0437 5832 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:05:24.0482 5832 PEAUTH - ok
00:05:24.0599 5832 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
00:05:24.0666 5832 pla - ok
00:05:24.0719 5832 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:05:24.0729 5832 PlugPlay - ok
00:05:24.0776 5832 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
00:05:24.0787 5832 PNRPAutoReg - ok
00:05:24.0807 5832 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
00:05:24.0818 5832 PNRPsvc - ok
00:05:24.0853 5832 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:05:24.0863 5832 PolicyAgent - ok
00:05:24.0891 5832 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:05:24.0894 5832 PptpMiniport - ok
00:05:24.0941 5832 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
00:05:24.0943 5832 Processor - ok
00:05:24.0975 5832 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
00:05:24.0983 5832 ProfSvc - ok
00:05:25.0005 5832 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
00:05:25.0007 5832 ProtectedStorage - ok
00:05:25.0049 5832 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
00:05:25.0051 5832 PSched - ok
00:05:25.0076 5832 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
00:05:25.0077 5832 PxHelp20 - ok
00:05:25.0142 5832 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
00:05:25.0175 5832 ql2300 - ok
00:05:25.0213 5832 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
00:05:25.0216 5832 ql40xx - ok
00:05:25.0263 5832 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
00:05:25.0273 5832 QWAVE - ok
00:05:25.0313 5832 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:05:25.0315 5832 QWAVEdrv - ok
00:05:25.0355 5832 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:05:25.0356 5832 RasAcd - ok
00:05:25.0396 5832 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
00:05:25.0403 5832 RasAuto - ok
00:05:25.0444 5832 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:05:25.0446 5832 Rasl2tp - ok
00:05:25.0496 5832 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
00:05:25.0506 5832 RasMan - ok
00:05:25.0560 5832 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:05:25.0562 5832 RasPppoe - ok
00:05:25.0596 5832 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:05:25.0599 5832 RasSstp - ok
00:05:25.0641 5832 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:05:25.0647 5832 rdbss - ok
00:05:25.0707 5832 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:05:25.0708 5832 RDPCDD - ok
00:05:25.0761 5832 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
00:05:25.0767 5832 rdpdr - ok
00:05:25.0776 5832 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:05:25.0777 5832 RDPENCDD - ok
00:05:25.0842 5832 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:05:25.0846 5832 RDPWD - ok
00:05:25.0922 5832 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:05:25.0927 5832 RemoteAccess - ok
00:05:25.0976 5832 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:05:25.0983 5832 RemoteRegistry - ok
00:05:26.0035 5832 [ B9BB8E2093C1615AD6EA55AD96214354 ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
00:05:26.0037 5832 Revoflt - ok
00:05:26.0104 5832 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
00:05:26.0106 5832 rimmptsk - ok
00:05:26.0142 5832 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
00:05:26.0143 5832 rimsptsk - ok
00:05:26.0188 5832 [ C663AF77E2F4EABF8EB08B388D2F1F36 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
00:05:26.0189 5832 rismxdp - ok
00:05:26.0305 5832 [ 08FB7D968805001C7ADCBB14B0651FA2 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
00:05:26.0316 5832 RoxMediaDB9 - ok
00:05:26.0359 5832 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
00:05:26.0362 5832 RpcLocator - ok
00:05:26.0417 5832 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
00:05:26.0427 5832 RpcSs - ok
00:05:26.0470 5832 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:05:26.0472 5832 rspndr - ok
00:05:26.0523 5832 [ A1ADC7B4C074744662207DA6EDCDFBB0 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
00:05:26.0526 5832 RTL8169 - ok
00:05:26.0568 5832 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
00:05:26.0571 5832 SamSs - ok
00:05:26.0607 5832 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:05:26.0610 5832 sbp2port - ok
00:05:26.0756 5832 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
00:05:26.0770 5832 SBSDWSCService - ok
00:05:26.0816 5832 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:05:26.0823 5832 SCardSvr - ok
00:05:26.0904 5832 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
00:05:26.0923 5832 Schedule - ok
00:05:26.0944 5832 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
00:05:26.0945 5832 SCPolicySvc - ok
00:05:26.0992 5832 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
00:05:26.0995 5832 sdbus - ok
00:05:27.0035 5832 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:05:27.0042 5832 SDRSVC - ok
00:05:27.0091 5832 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:05:27.0093 5832 secdrv - ok
00:05:27.0127 5832 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
00:05:27.0132 5832 seclogon - ok
00:05:27.0171 5832 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
00:05:27.0177 5832 SENS - ok
00:05:27.0197 5832 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
00:05:27.0198 5832 Serenum - ok
00:05:27.0227 5832 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
00:05:27.0229 5832 Serial - ok
00:05:27.0258 5832 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
00:05:27.0259 5832 sermouse - ok
00:05:27.0314 5832 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
00:05:27.0321 5832 SessionEnv - ok
00:05:27.0339 5832 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:05:27.0341 5832 sffdisk - ok
00:05:27.0362 5832 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:05:27.0363 5832 sffp_mmc - ok
00:05:27.0371 5832 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:05:27.0373 5832 sffp_sd - ok
00:05:27.0389 5832 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
00:05:27.0390 5832 sfloppy - ok
00:05:27.0445 5832 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:05:27.0451 5832 SharedAccess - ok
00:05:27.0489 5832 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:05:27.0499 5832 ShellHWDetection - ok
00:05:27.0536 5832 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
00:05:27.0538 5832 sisagp - ok
00:05:27.0555 5832 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
00:05:27.0557 5832 SiSRaid2 - ok
00:05:27.0594 5832 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
00:05:27.0597 5832 SiSRaid4 - ok
00:05:27.0771 5832 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
00:05:27.0903 5832 slsvc - ok
00:05:27.0965 5832 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
00:05:27.0971 5832 SLUINotify - ok
00:05:28.0021 5832 [ 46B40982AF166BF89C3F51FB13E60D6D ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
00:05:28.0022 5832 SmartDefragDriver - ok
00:05:28.0061 5832 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:05:28.0064 5832 Smb - ok
00:05:28.0152 5832 [ 859E3ADC59D1C89A66AA6492C14D379E ] smserial C:\Windows\system32\DRIVERS\smserial.sys
00:05:28.0166 5832 smserial - ok
00:05:28.0225 5832 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:05:28.0230 5832 SNMPTRAP - ok
00:05:28.0270 5832 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
00:05:28.0272 5832 spldr - ok
00:05:28.0316 5832 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
00:05:28.0323 5832 Spooler - ok
00:05:28.0368 5832 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
00:05:28.0375 5832 srv - ok
00:05:28.0412 5832 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:05:28.0416 5832 srv2 - ok
00:05:28.0443 5832 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:05:28.0447 5832 srvnet - ok
00:05:28.0497 5832 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:05:28.0506 5832 SSDPSRV - ok
00:05:28.0550 5832 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:05:28.0558 5832 SstpSvc - ok
00:05:28.0610 5832 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
00:05:28.0625 5832 stisvc - ok
00:05:28.0688 5832 [ A9A23C8AF361F7A93FD632E91A8C346F ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
00:05:28.0689 5832 stllssvr - ok
00:05:28.0705 5832 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:05:28.0707 5832 swenum - ok
00:05:28.0757 5832 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
00:05:28.0769 5832 swprv - ok
00:05:28.0812 5832 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
00:05:28.0814 5832 Symc8xx - ok
00:05:28.0837 5832 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
00:05:28.0839 5832 Sym_hi - ok
00:05:28.0862 5832 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
00:05:28.0864 5832 Sym_u3 - ok
00:05:28.0918 5832 [ 6DD49E1A5FA0F01824652F1A0A8866FB ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
00:05:28.0926 5832 SynTP - ok
00:05:28.0984 5832 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
00:05:29.0017 5832 SysMain - ok
00:05:29.0059 5832 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:05:29.0066 5832 TabletInputService - ok
00:05:29.0110 5832 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:05:29.0120 5832 TapiSrv - ok
00:05:29.0167 5832 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
00:05:29.0173 5832 TBS - ok
00:05:29.0245 5832 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:05:29.0256 5832 Tcpip - ok
00:05:29.0300 5832 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
00:05:29.0311 5832 Tcpip6 - ok
00:05:29.0333 5832 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:05:29.0334 5832 tcpipreg - ok
00:05:29.0379 5832 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:05:29.0381 5832 TDPIPE - ok
00:05:29.0415 5832 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:05:29.0417 5832 TDTCP - ok
00:05:29.0451 5832 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:05:29.0453 5832 tdx - ok
00:05:29.0499 5832 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:05:29.0502 5832 TermDD - ok
00:05:29.0547 5832 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
00:05:29.0562 5832 TermService - ok
00:05:29.0596 5832 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
00:05:29.0603 5832 Themes - ok
00:05:29.0626 5832 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
00:05:29.0630 5832 THREADORDER - ok
00:05:29.0675 5832 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
00:05:29.0682 5832 TrkWks - ok
00:05:29.0738 5832 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:05:29.0740 5832 TrustedInstaller - ok
00:05:29.0782 5832 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:05:29.0784 5832 tssecsrv - ok
00:05:29.0822 5832 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
00:05:29.0824 5832 tunmp - ok
00:05:29.0861 5832 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:05:29.0863 5832 tunnel - ok
00:05:29.0905 5832 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
00:05:29.0907 5832 uagp35 - ok
00:05:29.0951 5832 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:05:29.0956 5832 udfs - ok
00:05:30.0003 5832 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:05:30.0009 5832 UI0Detect - ok
00:05:30.0035 5832 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:05:30.0036 5832 uliagpkx - ok
00:05:30.0066 5832 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
00:05:30.0073 5832 uliahci - ok
00:05:30.0093 5832 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
00:05:30.0096 5832 UlSata - ok
00:05:30.0114 5832 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
00:05:30.0117 5832 ulsata2 - ok
00:05:30.0150 5832 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:05:30.0152 5832 umbus - ok
00:05:30.0202 5832 [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
00:05:30.0203 5832 UMPass - ok
00:05:30.0271 5832 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
00:05:30.0281 5832 upnphost - ok
00:05:30.0331 5832 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
00:05:30.0332 5832 USBAAPL - ok
00:05:30.0365 5832 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:05:30.0367 5832 usbccgp - ok
00:05:30.0412 5832 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:05:30.0414 5832 usbcir - ok
00:05:30.0461 5832 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:05:30.0463 5832 usbehci - ok
00:05:30.0487 5832 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:05:30.0492 5832 usbhub - ok
00:05:30.0536 5832 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:05:30.0537 5832 usbohci - ok
00:05:30.0573 5832 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:05:30.0574 5832 usbprint - ok
00:05:30.0627 5832 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:05:30.0629 5832 usbscan - ok
00:05:30.0646 5832 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:05:30.0649 5832 USBSTOR - ok
00:05:30.0690 5832 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:05:30.0692 5832 usbuhci - ok
00:05:30.0746 5832 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
00:05:30.0749 5832 usbvideo - ok
00:05:30.0803 5832 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
00:05:30.0810 5832 UxSms - ok
00:05:30.0860 5832 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
00:05:30.0873 5832 vds - ok
00:05:30.0934 5832 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:05:30.0936 5832 vga - ok
00:05:30.0974 5832 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
00:05:30.0975 5832 VgaSave - ok
00:05:31.0002 5832 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
00:05:31.0004 5832 viaagp - ok
00:05:31.0029 5832 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
00:05:31.0031 5832 ViaC7 - ok
00:05:31.0058 5832 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
00:05:31.0059 5832 viaide - ok
00:05:31.0099 5832 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:05:31.0101 5832 volmgr - ok
00:05:31.0150 5832 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:05:31.0157 5832 volmgrx - ok
00:05:31.0214 5832 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:05:31.0217 5832 volsnap - ok
00:05:31.0262 5832 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
00:05:31.0266 5832 vsmraid - ok
00:05:31.0337 5832 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
00:05:31.0393 5832 VSS - ok
00:05:31.0418 5832 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
00:05:31.0430 5832 W32Time - ok
00:05:31.0475 5832 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
00:05:31.0476 5832 WacomPen - ok
00:05:31.0514 5832 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
00:05:31.0516 5832 Wanarp - ok
00:05:31.0523 5832 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:05:31.0524 5832 Wanarpv6 - ok
00:05:31.0582 5832 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:05:31.0596 5832 wcncsvc - ok
00:05:31.0637 5832 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:05:31.0643 5832 WcsPlugInService - ok
00:05:31.0667 5832 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
00:05:31.0669 5832 Wd - ok
00:05:31.0716 5832 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:05:31.0727 5832 Wdf01000 - ok
00:05:31.0771 5832 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:05:31.0778 5832 WdiServiceHost - ok
00:05:31.0785 5832 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:05:31.0791 5832 WdiSystemHost - ok
00:05:31.0836 5832 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
00:05:31.0845 5832 WebClient - ok
00:05:31.0893 5832 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:05:31.0901 5832 Wecsvc - ok
00:05:31.0936 5832 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:05:31.0943 5832 wercplsupport - ok
00:05:31.0994 5832 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
00:05:32.0002 5832 WerSvc - ok
00:05:32.0077 5832 [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
00:05:32.0092 5832 winachsf - ok
00:05:32.0142 5832 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
00:05:32.0148 5832 WinDefend - ok
00:05:32.0163 5832 WinHttpAutoProxySvc - ok
00:05:32.0238 5832 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:05:32.0242 5832 Winmgmt - ok
00:05:32.0328 5832 [ 845AF1BA23C8D5E64DEF61BCC441604C ] WinRing0_1_2_0 C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys
00:05:32.0329 5832 WinRing0_1_2_0 - ok
00:05:32.0409 5832 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
00:05:32.0464 5832 WinRM - ok
00:05:32.0539 5832 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
00:05:32.0584 5832 Wlansvc - ok
00:05:32.0690 5832 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:05:32.0692 5832 wlcrasvc - ok
00:05:32.0839 5832 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:05:32.0861 5832 wlidsvc - ok
00:05:32.0908 5832 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
00:05:32.0910 5832 WmiAcpi - ok
00:05:32.0956 5832 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:05:32.0960 5832 wmiApSrv - ok
00:05:33.0053 5832 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
00:05:33.0097 5832 WMPNetworkSvc - ok
00:05:33.0147 5832 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:05:33.0156 5832 WPCSvc - ok
00:05:33.0191 5832 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:05:33.0199 5832 WPDBusEnum - ok
00:05:33.0237 5832 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
00:05:33.0239 5832 WpdUsb - ok
00:05:33.0349 5832 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:05:33.0383 5832 WPFFontCache_v0400 - ok
00:05:33.0424 5832 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:05:33.0426 5832 ws2ifsl - ok
00:05:33.0461 5832 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
00:05:33.0468 5832 wscsvc - ok
00:05:33.0476 5832 WSearch - ok
00:05:33.0613 5832 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
00:05:33.0713 5832 wuauserv - ok
00:05:33.0769 5832 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:05:33.0771 5832 WUDFRd - ok
00:05:33.0813 5832 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:05:33.0820 5832 wudfsvc - ok
00:05:33.0845 5832 ================ Scan global ===============================
00:05:33.0885 5832 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
00:05:33.0940 5832 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
00:05:33.0973 5832 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
00:05:34.0028 5832 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
00:05:34.0035 5832 [Global] - ok
00:05:34.0036 5832 ================ Scan MBR ==================================
00:05:34.0063 5832 [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
00:05:34.0634 5832 \Device\Harddisk0\DR0 - ok
00:05:34.0635 5832 ================ Scan VBR ==================================
00:05:34.0640 5832 [ 927302970B2D5E528B20EAD4CBCEF2C5 ] \Device\Harddisk0\DR0\Partition1
00:05:34.0642 5832 \Device\Harddisk0\DR0\Partition1 - ok
00:05:34.0649 5832 [ 1A8B0DA98A264C143111E975FC95071B ] \Device\Harddisk0\DR0\Partition2
00:05:34.0652 5832 \Device\Harddisk0\DR0\Partition2 - ok
00:05:34.0653 5832 ============================================================
00:05:34.0653 5832 Scan finished
00:05:34.0653 5832 ============================================================
00:05:34.0671 5348 Detected object count: 0
00:05:34.0671 5348 Actual detected object count: 0
00:06:02.0800 5908 ============================================================
00:06:02.0800 5908 Scan started
00:06:02.0800 5908 Mode: Manual;
00:06:02.0800 5908 ============================================================
00:06:03.0013 5908 ================ Scan system memory ========================
00:06:03.0013 5908 System memory - ok
00:06:03.0014 5908 ================ Scan services =============================
00:06:03.0229 5908 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
00:06:03.0232 5908 ACPI - ok
00:06:03.0367 5908 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:06:03.0368 5908 AdobeARMservice - ok
00:06:03.0480 5908 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:06:03.0484 5908 AdobeFlashPlayerUpdateSvc - ok
00:06:03.0530 5908 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
00:06:03.0538 5908 adp94xx - ok
00:06:03.0585 5908 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
00:06:03.0590 5908 adpahci - ok
00:06:03.0624 5908 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
00:06:03.0625 5908 adpu160m - ok
00:06:03.0676 5908 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
00:06:03.0678 5908 adpu320 - ok
00:06:03.0747 5908 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:06:03.0748 5908 AeLookupSvc - ok
00:06:03.0792 5908 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
00:06:03.0796 5908 AFD - ok
00:06:03.0834 5908 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:06:03.0835 5908 agp440 - ok
00:06:03.0861 5908 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
00:06:03.0863 5908 aic78xx - ok
00:06:03.0911 5908 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
00:06:03.0913 5908 ALG - ok
00:06:03.0933 5908 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
00:06:03.0934 5908 aliide - ok
00:06:03.0957 5908 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
00:06:03.0959 5908 amdagp - ok
00:06:03.0983 5908 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
00:06:03.0983 5908 amdide - ok
00:06:04.0012 5908 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
00:06:04.0013 5908 AmdK7 - ok
00:06:04.0035 5908 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
00:06:04.0036 5908 AmdK8 - ok
00:06:04.0073 5908 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
00:06:04.0074 5908 Appinfo - ok
00:06:04.0176 5908 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:06:04.0178 5908 Apple Mobile Device - ok
00:06:04.0216 5908 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
00:06:04.0217 5908 arc - ok
00:06:04.0233 5908 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
00:06:04.0235 5908 arcsas - ok
00:06:04.0309 5908 [ 2EEDA27C19259C2340324EF7180D086B ] ASBroker c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll
00:06:04.0311 5908 ASBroker - ok
00:06:04.0329 5908 [ BB3C0521ECCA4BB17AC55EB640DF0FA5 ] ASChannel c:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll
00:06:04.0331 5908 ASChannel - ok
00:06:04.0445 5908 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:06:04.0447 5908 aspnet_state - ok
00:06:04.0481 5908 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:06:04.0482 5908 AsyncMac - ok
00:06:04.0524 5908 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
00:06:04.0525 5908 atapi - ok
00:06:04.0571 5908 [ FB2162AFF83D519CD77431A1BC5EE0ED ] ATSWPDRV C:\Windows\system32\DRIVERS\ATSwpDrv.sys
00:06:04.0574 5908 ATSWPDRV - ok
00:06:04.0622 5908 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:06:04.0627 5908 AudioEndpointBuilder - ok
00:06:04.0641 5908 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
00:06:04.0646 5908 Audiosrv - ok
00:06:04.0710 5908 [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
00:06:04.0716 5908 BCM43XV - ok
00:06:04.0764 5908 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
00:06:04.0764 5908 Beep - ok
00:06:04.0822 5908 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
00:06:04.0827 5908 BFE - ok
00:06:04.0898 5908 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
00:06:04.0911 5908 BITS - ok
00:06:04.0919 5908 blbdrive - ok
00:06:05.0039 5908 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:06:05.0043 5908 Bonjour Service - ok
00:06:05.0094 5908 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:06:05.0095 5908 bowser - ok
00:06:05.0141 5908 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
00:06:05.0141 5908 BrFiltLo - ok
00:06:05.0190 5908 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
00:06:05.0191 5908 BrFiltUp - ok
00:06:05.0236 5908 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
00:06:05.0238 5908 Browser - ok
00:06:05.0272 5908 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
00:06:05.0273 5908 Brserid - ok
00:06:05.0296 5908 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
00:06:05.0298 5908 BrSerWdm - ok
00:06:05.0327 5908 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
00:06:05.0328 5908 BrUsbMdm - ok
00:06:05.0342 5908 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
00:06:05.0343 5908 BrUsbSer - ok
00:06:05.0369 5908 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
00:06:05.0370 5908 BTHMODEM - ok
00:06:05.0381 5908 catchme - ok
00:06:05.0433 5908 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:06:05.0434 5908 cdfs - ok
00:06:05.0488 5908 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:06:05.0490 5908 cdrom - ok
00:06:05.0531 5908 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
00:06:05.0533 5908 CertPropSvc - ok
00:06:05.0571 5908 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
00:06:05.0572 5908 circlass - ok
00:06:05.0704 5908 [ DBAFC6734C054FEEF9087754BD80F847 ] CLCapSvc C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
00:06:05.0708 5908 CLCapSvc - ok
00:06:05.0763 5908 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
00:06:05.0767 5908 CLFS - ok
00:06:05.0840 5908 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:06:05.0842 5908 clr_optimization_v2.0.50727_32 - ok
00:06:05.0896 5908 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:06:05.0899 5908 clr_optimization_v4.0.30319_32 - ok
00:06:05.0932 5908 [ E67F8F036FD882E4AB62501C0D45B536 ] CLSched C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
00:06:05.0933 5908 CLSched - ok
00:06:05.0969 5908 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:06:05.0970 5908 CmBatt - ok
00:06:06.0019 5908 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:06:06.0020 5908 cmdide - ok
00:06:06.0141 5908 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
00:06:06.0144 5908 Com4QLBEx - ok
00:06:06.0186 5908 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:06:06.0187 5908 Compbatt - ok
00:06:06.0196 5908 COMSysApp - ok
00:06:06.0224 5908 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
00:06:06.0225 5908 crcdisk - ok
00:06:06.0255 5908 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
00:06:06.0256 5908 Crusoe - ok
00:06:06.0319 5908 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:06:06.0321 5908 CryptSvc - ok
00:06:06.0379 5908 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:06:06.0390 5908 DcomLaunch - ok
00:06:06.0418 5908 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:06:06.0419 5908 DfsC - ok
00:06:06.0539 5908 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
00:06:06.0567 5908 DFSR - ok
00:06:06.0626 5908 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
00:06:06.0630 5908 Dhcp - ok
00:06:06.0672 5908 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
00:06:06.0673 5908 disk - ok
00:06:06.0706 5908 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:06:06.0708 5908 Dnscache - ok
00:06:06.0752 5908 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:06:06.0755 5908 dot3svc - ok
00:06:06.0803 5908 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
00:06:06.0806 5908 DPS - ok
00:06:06.0849 5908 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:06:06.0850 5908 drmkaud - ok
00:06:06.0911 5908 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:06:06.0919 5908 DXGKrnl - ok
00:06:06.0977 5908 [ C0B00E55CF82D122D25983C7A6A53DEA ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
00:06:06.0979 5908 E100B - ok
00:06:07.0014 5908 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
00:06:07.0015 5908 E1G60 - ok
00:06:07.0061 5908 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
00:06:07.0064 5908 EapHost - ok
00:06:07.0122 5908 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
00:06:07.0124 5908 Ecache - ok
00:06:07.0200 5908 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:06:07.0204 5908 ehRecvr - ok
00:06:07.0240 5908 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
00:06:07.0242 5908 ehSched - ok
00:06:07.0259 5908 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
00:06:07.0260 5908 ehstart - ok
00:06:07.0313 5908 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
00:06:07.0317 5908 elxstor - ok
00:06:07.0386 5908 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
00:06:07.0395 5908 EMDMgmt - ok
00:06:07.0453 5908 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
00:06:07.0458 5908 EventSystem - ok
00:06:07.0497 5908 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
00:06:07.0499 5908 exfat - ok
00:06:07.0540 5908 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:06:07.0542 5908 fastfat - ok
00:06:07.0589 5908 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:06:07.0590 5908 fdc - ok
00:06:07.0626 5908 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
00:06:07.0628 5908 fdPHost - ok
00:06:07.0672 5908 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
00:06:07.0674 5908 FDResPub - ok
00:06:07.0708 5908 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:06:07.0709 5908 FileInfo - ok
00:06:07.0740 5908 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:06:07.0741 5908 Filetrace - ok
00:06:07.0758 5908 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:06:07.0760 5908 flpydisk - ok
00:06:07.0808 5908 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:06:07.0811 5908 FltMgr - ok
00:06:07.0873 5908 [ 5043F0D9A22AABF550508B3165C5B0FD ] FolderSize C:\Program Files\FolderSize\FolderSizeSvc.exe
00:06:07.0875 5908 FolderSize - ok
00:06:07.0945 5908 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
00:06:07.0955 5908 FontCache - ok
00:06:08.0053 5908 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:06:08.0055 5908 FontCache3.0.0.0 - ok
00:06:08.0104 5908 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
00:06:08.0105 5908 fssfltr - ok
00:06:08.0240 5908 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
00:06:08.0259 5908 fsssvc - ok
00:06:08.0305 5908 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:06:08.0306 5908 Fs_Rec - ok
00:06:08.0339 5908 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
00:06:08.0341 5908 gagp30kx - ok
00:06:08.0391 5908 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:06:08.0392 5908 GEARAspiWDM - ok
00:06:08.0441 5908 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
00:06:08.0451 5908 gpsvc - ok
00:06:08.0537 5908 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
00:06:08.0539 5908 gupdate - ok
00:06:08.0548 5908 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
00:06:08.0552 5908 gupdatem - ok
00:06:08.0602 5908 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:06:08.0605 5908 gusvc - ok
00:06:08.0644 5908 [ 93AEE3434935FC2F805FEFD8DC5ED1B4 ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
00:06:08.0645 5908 HBtnKey - ok
00:06:08.0699 5908 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:06:08.0702 5908 HdAudAddService - ok
00:06:08.0768 5908 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:06:08.0775 5908 HDAudBus - ok
00:06:08.0821 5908 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
00:06:08.0823 5908 HidBth - ok
00:06:08.0856 5908 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
00:06:08.0857 5908 HidIr - ok
00:06:08.0892 5908 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
00:06:08.0894 5908 hidserv - ok
00:06:08.0951 5908 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:06:08.0952 5908 HidUsb - ok
00:06:08.0992 5908 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:06:08.0996 5908 hkmsvc - ok
00:06:09.0071 5908 [ 2CEEB349216FEBD91A907013D4ABCFF7 ] HP Health Check Service C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
00:06:09.0072 5908 HP Health Check Service - ok
00:06:09.0103 5908 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
00:06:09.0104 5908 HpCISSs - ok
00:06:09.0137 5908 [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
00:06:09.0138 5908 HpqKbFiltr - ok
00:06:09.0212 5908 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
00:06:09.0215 5908 hpqwmiex - ok
00:06:09.0244 5908 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
00:06:09.0247 5908 HSFHWAZL - ok
00:06:09.0305 5908 [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
00:06:09.0318 5908 HSF_DPV - ok
00:06:09.0387 5908 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:06:09.0392 5908 HTTP - ok
00:06:09.0451 5908 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
00:06:09.0452 5908 i2omp - ok
00:06:09.0495 5908 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:06:09.0496 5908 i8042prt - ok
00:06:09.0563 5908 [ 582F2D900A3AC34C98FBDC2C0ABEF6B9 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
00:06:09.0567 5908 IAANTMON - ok
00:06:09.0651 5908 [ 496DB78E6A0C4C44023D9A92B4A7AC31 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
00:06:09.0669 5908 ialm - ok
00:06:09.0718 5908 [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
00:06:09.0721 5908 iaStor - ok
00:06:09.0760 5908 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
00:06:09.0763 5908 iaStorV - ok
00:06:09.0848 5908 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
00:06:09.0849 5908 IDriverT - ok
00:06:09.0937 5908 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:06:09.0948 5908 idsvc - ok
00:06:09.0965 5908 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
00:06:09.0966 5908 iirsp - ok
00:06:10.0016 5908 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
00:06:10.0024 5908 IKEEXT - ok
00:06:10.0151 5908 [ 1F10ED6F98C57EFB4E7FB9972B2DBB71 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
00:06:10.0181 5908 IntcAzAudAddService - ok
00:06:10.0210 5908 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
00:06:10.0211 5908 intelide - ok
00:06:10.0251 5908 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:06:10.0252 5908 intelppm - ok
00:06:10.0297 5908 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:06:10.0300 5908 IPBusEnum - ok
00:06:10.0346 5908 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:06:10.0347 5908 IpFilterDriver - ok
00:06:10.0390 5908 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:06:10.0395 5908 iphlpsvc - ok
00:06:10.0403 5908 IpInIp - ok
00:06:10.0436 5908 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
00:06:10.0437 5908 IPMIDRV - ok
00:06:10.0478 5908 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
00:06:10.0480 5908 IPNAT - ok
00:06:10.0572 5908 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:06:10.0583 5908 iPod Service - ok
00:06:10.0639 5908 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:06:10.0640 5908 IRENUM - ok
00:06:10.0673 5908 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:06:10.0674 5908 isapnp - ok
00:06:10.0711 5908 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
00:06:10.0714 5908 iScsiPrt - ok
00:06:10.0740 5908 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
00:06:10.0741 5908 iteatapi - ok
00:06:10.0774 5908 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
00:06:10.0775 5908 iteraid - ok
00:06:10.0809 5908 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:06:10.0810 5908 kbdclass - ok
00:06:10.0854 5908 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:06:10.0856 5908 kbdhid - ok
00:06:10.0888 5908 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
00:06:10.0891 5908 KeyIso - ok
00:06:10.0924 5908 [ 566C5FD480FDBCE3BA5CF9FBCFFAEA9A ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
00:06:10.0925 5908 KMWDFILTER - ok
00:06:10.0973 5908 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:06:10.0978 5908 KSecDD - ok
00:06:11.0034 5908 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
00:06:11.0041 5908 KtmRm - ok
00:06:11.0090 5908 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
00:06:11.0096 5908 LanmanServer - ok
00:06:11.0146 5908 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:06:11.0153 5908 LanmanWorkstation - ok
00:06:11.0216 5908 [ 559C9B7800FAC92FC515CD0003D7C631 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
00:06:11.0217 5908 LightScribeService - ok
00:06:11.0252 5908 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:06:11.0253 5908 lltdio - ok
00:06:11.0304 5908 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:06:11.0309 5908 lltdsvc - ok
00:06:11.0351 5908 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:06:11.0354 5908 lmhosts - ok
00:06:11.0394 5908 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
00:06:11.0395 5908 LSI_FC - ok
00:06:11.0420 5908 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
00:06:11.0422 5908 LSI_SAS - ok
00:06:11.0450 5908 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
00:06:11.0451 5908 LSI_SCSI - ok
00:06:11.0496 5908 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
00:06:11.0498 5908 luafv - ok
00:06:11.0529 5908 [ 836E0E09CA9869BE7EB39EF2CF3602C7 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
00:06:11.0530 5908 MBAMProtector - ok
00:06:11.0607 5908 [ 246AF5A08B0339231BDD7437AB6FF6B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:06:11.0613 5908 MBAMService - ok
00:06:11.0655 5908 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:06:11.0658 5908 Mcx2Svc - ok
00:06:11.0697 5908 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
00:06:11.0698 5908 megasas - ok
00:06:11.0739 5908 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
00:06:11.0743 5908 MMCSS - ok
00:06:11.0780 5908 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
00:06:11.0781 5908 Modem - ok
00:06:11.0827 5908 [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys
00:06:11.0828 5908 MODEMCSA - ok
00:06:11.0859 5908 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:06:11.0860 5908 monitor - ok
00:06:11.0879 5908 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:06:11.0880 5908 mouclass - ok
00:06:11.0921 5908 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:06:11.0922 5908 mouhid - ok
00:06:11.0957 5908 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
00:06:11.0958 5908 MountMgr - ok
00:06:12.0007 5908 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
00:06:12.0009 5908 MozillaMaintenance - ok
00:06:12.0061 5908 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
00:06:12.0064 5908 MpFilter - ok
00:06:12.0107 5908 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
00:06:12.0108 5908 mpio - ok
00:06:12.0157 5908 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:06:12.0159 5908 mpsdrv - ok
00:06:12.0200 5908 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
00:06:12.0208 5908 MpsSvc - ok
00:06:12.0238 5908 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
00:06:12.0239 5908 Mraid35x - ok
00:06:12.0285 5908 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:06:12.0287 5908 MRxDAV - ok
00:06:12.0327 5908 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:06:12.0329 5908 mrxsmb - ok
00:06:12.0367 5908 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:06:12.0370 5908 mrxsmb10 - ok
00:06:12.0390 5908 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:06:12.0391 5908 mrxsmb20 - ok
00:06:12.0412 5908 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
00:06:12.0414 5908 msahci - ok
00:06:12.0437 5908 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:06:12.0439 5908 msdsm - ok
00:06:12.0482 5908 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
00:06:12.0486 5908 MSDTC - ok
00:06:12.0542 5908 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:06:12.0543 5908 Msfs - ok
00:06:12.0578 5908 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:06:12.0579 5908 msisadrv - ok
00:06:12.0626 5908 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:06:12.0630 5908 MSiSCSI - ok
00:06:12.0638 5908 msiserver - ok
00:06:12.0669 5908 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:06:12.0670 5908 MSKSSRV - ok
00:06:12.0739 5908 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
00:06:12.0740 5908 MsMpSvc - ok
00:06:12.0782 5908 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:06:12.0783 5908 MSPCLOCK - ok
00:06:12.0805 5908 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:06:12.0806 5908 MSPQM - ok
00:06:12.0853 5908 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:06:12.0855 5908 MsRPC - ok
00:06:12.0903 5908 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:06:12.0904 5908 mssmbios - ok
00:06:12.0922 5908 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:06:12.0923 5908 MSTEE - ok
00:06:12.0958 5908 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
00:06:12.0960 5908 Mup - ok
00:06:13.0080 5908 [ 72DD381229BCA8961E826BA73AFE60BC ] NACAgent C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
00:06:13.0095 5908 NACAgent - ok
00:06:13.0142 5908 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
00:06:13.0150 5908 napagent - ok
00:06:13.0192 5908 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:06:13.0194 5908 NativeWifiP - ok
00:06:13.0255 5908 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:06:13.0262 5908 NDIS - ok
00:06:13.0305 5908 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:06:13.0306 5908 NdisTapi - ok
00:06:13.0348 5908 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:06:13.0349 5908 Ndisuio - ok
00:06:13.0392 5908 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:06:13.0394 5908 NdisWan - ok
00:06:13.0439 5908 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:06:13.0440 5908 NDProxy - ok
00:06:13.0464 5908 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:06:13.0465 5908 NetBIOS - ok
00:06:13.0511 5908 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
00:06:13.0514 5908 netbt - ok
00:06:13.0538 5908 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
00:06:13.0541 5908 Netlogon - ok
00:06:13.0592 5908 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
00:06:13.0598 5908 Netman - ok
00:06:13.0654 5908 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:06:13.0657 5908 NetMsmqActivator - ok
00:06:13.0665 5908 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:06:13.0668 5908 NetPipeActivator - ok
00:06:13.0708 5908 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
00:06:13.0714 5908 netprofm - ok
00:06:13.0724 5908 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:06:13.0727 5908 NetTcpActivator - ok
00:06:13.0735 5908 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:06:13.0739 5908 NetTcpPortSharing - ok
00:06:13.0856 5908 [ 1D73499A6664B4DA05D750FF83FDB274 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
00:06:13.0883 5908 NETw4v32 - ok
00:06:14.0075 5908 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
00:06:14.0120 5908 NETw5v32 - ok
00:06:14.0176 5908 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
00:06:14.0177 5908 nfrd960 - ok
00:06:14.0212 5908 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:06:14.0215 5908 NisDrv - ok
00:06:14.0244 5908 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
00:06:14.0247 5908 NisSrv - ok
00:06:14.0292 5908 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:06:14.0297 5908 NlaSvc - ok
00:06:14.0341 5908 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:06:14.0342 5908 Npfs - ok
00:06:14.0381 5908 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
00:06:14.0385 5908 nsi - ok
00:06:14.0427 5908 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:06:14.0428 5908 nsiproxy - ok
00:06:14.0509 5908 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:06:14.0523 5908 Ntfs - ok
00:06:14.0579 5908 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
00:06:14.0581 5908 ntrigdigi - ok
00:06:14.0611 5908 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
00:06:14.0612 5908 Null - ok
00:06:15.0060 5908 [ 24000B817CC84AC1555F41929879AF5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:06:15.0184 5908 nvlddmkm - ok
00:06:15.0210 5908 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:06:15.0212 5908 nvraid - ok
00:06:15.0236 5908 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:06:15.0237 5908 nvstor - ok
00:06:15.0272 5908 [ C4D17F11526F87BC762F31DA5BD2580B ] nvsvc C:\Windows\system32\nvvsvc.exe
00:06:15.0278 5908 nvsvc - ok
00:06:15.0310 5908 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:06:15.0312 5908 nv_agp - ok
00:06:15.0321 5908 NwlnkFlt - ok
00:06:15.0330 5908 NwlnkFwd - ok
00:06:15.0380 5908 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
00:06:15.0381 5908 ohci1394 - ok
00:06:15.0463 5908 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:06:15.0465 5908 ose - ok
00:06:15.0711 5908 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:06:15.0769 5908 osppsvc - ok
00:06:15.0848 5908 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
00:06:15.0861 5908 p2pimsvc - ok
00:06:15.0904 5908 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
00:06:15.0915 5908 p2psvc - ok
00:06:15.0960 5908 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
00:06:15.0962 5908 Parport - ok
00:06:15.0998 5908 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:06:15.0999 5908 partmgr - ok
00:06:16.0017 5908 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
00:06:16.0018 5908 Parvdm - ok
00:06:16.0061 5908 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
00:06:16.0065 5908 PcaSvc - ok
00:06:16.0121 5908 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
00:06:16.0123 5908 pci - ok
00:06:16.0143 5908 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\DRIVERS\pciide.sys
00:06:16.0144 5908 pciide - ok
00:06:16.0178 5908 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
00:06:16.0181 5908 pcmcia - ok
00:06:16.0242 5908 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:06:16.0252 5908 PEAUTH - ok
00:06:16.0372 5908 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
00:06:16.0392 5908 pla - ok
00:06:16.0446 5908 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:06:16.0453 5908 PlugPlay - ok
00:06:16.0502 5908 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
00:06:16.0514 5908 PNRPAutoReg - ok
00:06:16.0569 5908 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
00:06:16.0580 5908 PNRPsvc - ok
00:06:16.0613 5908 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:06:16.0619 5908 PolicyAgent - ok
00:06:16.0673 5908 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:06:16.0675 5908 PptpMiniport - ok
00:06:16.0712 5908 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
00:06:16.0714 5908 Processor - ok
00:06:16.0746 5908 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
00:06:16.0752 5908 ProfSvc - ok
00:06:16.0775 5908 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
00:06:16.0779 5908 ProtectedStorage - ok
00:06:16.0820 5908 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
00:06:16.0821 5908 PSched - ok
00:06:16.0858 5908 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
00:06:16.0860 5908 PxHelp20 - ok
00:06:16.0924 5908 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
00:06:16.0935 5908 ql2300 - ok
00:06:16.0973 5908 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
00:06:16.0975 5908 ql40xx - ok
00:06:17.0023 5908 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
00:06:17.0030 5908 QWAVE - ok
00:06:17.0073 5908 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:06:17.0074 5908 QWAVEdrv - ok
00:06:17.0115 5908 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:06:17.0116 5908 RasAcd - ok
00:06:17.0156 5908 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
00:06:17.0161 5908 RasAuto - ok
00:06:17.0203 5908 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:06:17.0205 5908 Rasl2tp - ok
00:06:17.0245 5908 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
00:06:17.0252 5908 RasMan - ok
00:06:17.0298 5908 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:06:17.0299 5908 RasPppoe - ok
00:06:17.0334 5908 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:06:17.0335 5908 RasSstp - ok
00:06:17.0379 5908 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:06:17.0382 5908 rdbss - ok
00:06:17.0422 5908 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:06:17.0423 5908 RDPCDD - ok
00:06:17.0466 5908 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
00:06:17.0469 5908 rdpdr - ok
00:06:17.0478 5908 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:06:17.0479 5908 RDPENCDD - ok
00:06:17.0535 5908 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:06:17.0538 5908 RDPWD - ok
00:06:17.0582 5908 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:06:17.0586 5908 RemoteAccess - ok
00:06:17.0647 5908 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:06:17.0653 5908 RemoteRegistry - ok
00:06:17.0684 5908 [ B9BB8E2093C1615AD6EA55AD96214354 ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
00:06:17.0685 5908 Revoflt - ok
00:06:17.0731 5908 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
00:06:17.0732 5908 rimmptsk - ok
00:06:17.0757 5908 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
00:06:17.0759 5908 rimsptsk - ok
00:06:17.0781 5908 [ C663AF77E2F4EABF8EB08B388D2F1F36 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
00:06:17.0782 5908 rismxdp - ok
00:06:17.0899 5908 [ 08FB7D968805001C7ADCBB14B0651FA2 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
00:06:17.0910 5908 RoxMediaDB9 - ok
00:06:17.0952 5908 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
00:06:17.0955 5908 RpcLocator - ok
00:06:18.0010 5908 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
00:06:18.0021 5908 RpcSs - ok
00:06:18.0063 5908 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:06:18.0065 5908 rspndr - ok
00:06:18.0117 5908 [ A1ADC7B4C074744662207DA6EDCDFBB0 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
00:06:18.0120 5908 RTL8169 - ok
00:06:18.0139 5908 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
00:06:18.0142 5908 SamSs - ok
00:06:18.0178 5908 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:06:18.0180 5908 sbp2port - ok
00:06:18.0294 5908 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
00:06:18.0308 5908 SBSDWSCService - ok
00:06:18.0354 5908 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:06:18.0360 5908 SCardSvr - ok
00:06:18.0442 5908 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
00:06:18.0453 5908 Schedule - ok
00:06:18.0471 5908 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
00:06:18.0473 5908 SCPolicySvc - ok
00:06:18.0508 5908 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
00:06:18.0510 5908 sdbus - ok
00:06:18.0551 5908 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:06:18.0556 5908 SDRSVC - ok
00:06:18.0607 5908 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:06:18.0608 5908 secdrv - ok
00:06:18.0642 5908 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
00:06:18.0647 5908 seclogon - ok
00:06:18.0687 5908 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
00:06:18.0692 5908 SENS - ok
00:06:18.0735 5908 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
00:06:18.0736 5908 Serenum - ok
00:06:18.0765 5908 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
00:06:18.0766 5908 Serial - ok
00:06:18.0796 5908 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
00:06:18.0797 5908 sermouse - ok
00:06:18.0852 5908 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
00:06:18.0858 5908 SessionEnv - ok
00:06:18.0888 5908 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:06:18.0889 5908 sffdisk - ok
00:06:18.0911 5908 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:06:18.0912 5908 sffp_mmc - ok
00:06:18.0920 5908 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:06:18.0922 5908 sffp_sd - ok
00:06:18.0938 5908 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
00:06:18.0939 5908 sfloppy - ok
00:06:18.0983 5908 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:06:18.0988 5908 SharedAccess - ok
00:06:19.0027 5908 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:06:19.0034 5908 ShellHWDetection - ok
00:06:19.0063 5908 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
00:06:19.0065 5908 sisagp - ok
00:06:19.0082 5908 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
00:06:19.0083 5908 SiSRaid2 - ok
00:06:19.0121 5908 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
00:06:19.0123 5908 SiSRaid4 - ok
00:06:19.0298 5908 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
00:06:19.0340 5908 slsvc - ok
00:06:19.0381 5908 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
00:06:19.0386 5908 SLUINotify - ok
00:06:19.0437 5908 [ 46B40982AF166BF89C3F51FB13E60D6D ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
00:06:19.0438 5908 SmartDefragDriver - ok
00:06:19.0477 5908 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:06:19.0479 5908 Smb - ok
00:06:19.0568 5908 [ 859E3ADC59D1C89A66AA6492C14D379E ] smserial C:\Windows\system32\DRIVERS\smserial.sys
00:06:19.0582 5908 smserial - ok
00:06:19.0630 5908 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:06:19.0635 5908 SNMPTRAP - ok
00:06:19.0686 5908 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
00:06:19.0687 5908 spldr - ok
00:06:19.0732 5908 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
00:06:19.0738 5908 Spooler - ok
00:06:19.0784 5908 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
00:06:19.0788 5908 srv - ok
00:06:19.0817 5908 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:06:19.0819 5908 srv2 - ok
00:06:19.0837 5908 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:06:19.0839 5908 srvnet - ok
00:06:19.0891 5908 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:06:19.0897 5908 SSDPSRV - ok
00:06:19.0933 5908 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:06:19.0939 5908 SstpSvc - ok
00:06:19.0993 5908 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
00:06:20.0003 5908 stisvc - ok
00:06:20.0070 5908 [ A9A23C8AF361F7A93FD632E91A8C346F ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
00:06:20.0072 5908 stllssvr - ok
00:06:20.0088 5908 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:06:20.0089 5908 swenum - ok
00:06:20.0140 5908 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
00:06:20.0148 5908 swprv - ok
00:06:20.0184 5908 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
00:06:20.0185 5908 Symc8xx - ok
00:06:20.0208 5908 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
00:06:20.0210 5908 Sym_hi - ok
00:06:20.0234 5908 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
00:06:20.0235 5908 Sym_u3 - ok
00:06:20.0279 5908 [ 6DD49E1A5FA0F01824652F1A0A8866FB ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
00:06:20.0283 5908 SynTP - ok
00:06:20.0333 5908 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
00:06:20.0344 5908 SysMain - ok
00:06:20.0386 5908 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:06:20.0392 5908 TabletInputService - ok
00:06:20.0437 5908 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:06:20.0444 5908 TapiSrv - ok
00:06:20.0483 5908 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
00:06:20.0489 5908 TBS - ok
00:06:20.0583 5908 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:06:20.0594 5908 Tcpip - ok
00:06:20.0650 5908 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
00:06:20.0661 5908 Tcpip6 - ok
00:06:20.0682 5908 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:06:20.0683 5908 tcpipreg - ok
00:06:20.0729 5908 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:06:20.0730 5908 TDPIPE - ok
00:06:20.0776 5908 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:06:20.0777 5908 TDTCP - ok
00:06:20.0811 5908 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:06:20.0813 5908 tdx - ok
00:06:20.0860 5908 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:06:20.0862 5908 TermDD - ok
00:06:20.0908 5908 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
00:06:20.0918 5908 TermService - ok
00:06:20.0968 5908 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
00:06:20.0975 5908 Themes - ok
00:06:20.0998 5908 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
00:06:21.0002 5908 THREADORDER - ok
00:06:21.0047 5908 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
00:06:21.0053 5908 TrkWks - ok
00:06:21.0110 5908 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:06:21.0111 5908 TrustedInstaller - ok
00:06:21.0154 5908 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:06:21.0155 5908 tssecsrv - ok
00:06:21.0172 5908 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
00:06:21.0173 5908 tunmp - ok
00:06:21.0210 5908 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:06:21.0211 5908 tunnel - ok
00:06:21.0255 5908 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
00:06:21.0256 5908 uagp35 - ok
00:06:21.0300 5908 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:06:21.0303 5908 udfs - ok
00:06:21.0353 5908 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:06:21.0358 5908 UI0Detect - ok
00:06:21.0384 5908 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:06:21.0386 5908 uliagpkx - ok
00:06:21.0427 5908 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
00:06:21.0430 5908 uliahci - ok
00:06:21.0443 5908 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
00:06:21.0445 5908 UlSata - ok
00:06:21.0463 5908 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
00:06:21.0465 5908 ulsata2 - ok
00:06:21.0500 5908 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:06:21.0501 5908 umbus - ok
00:06:21.0551 5908 [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
00:06:21.0553 5908 UMPass - ok
00:06:21.0609 5908 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
00:06:21.0617 5908 upnphost - ok
00:06:21.0680 5908 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
00:06:21.0682 5908 USBAAPL - ok
00:06:21.0725 5908 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:06:21.0727 5908 usbccgp - ok
00:06:21.0761 5908 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:06:21.0763 5908 usbcir - ok
00:06:21.0800 5908 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:06:21.0801 5908 usbehci - ok
00:06:21.0848 5908 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:06:21.0851 5908 usbhub - ok
00:06:21.0897 5908 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:06:21.0898 5908 usbohci - ok
00:06:21.0933 5908 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:06:21.0935 5908 usbprint - ok
00:06:21.0976 5908 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:06:21.0978 5908 usbscan - ok
00:06:21.0996 5908 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:06:21.0997 5908 USBSTOR - ok
00:06:22.0040 5908 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:06:22.0041 5908 usbuhci - ok
00:06:22.0084 5908 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
00:06:22.0086 5908 usbvideo - ok
00:06:22.0142 5908 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
00:06:22.0147 5908 UxSms - ok
00:06:22.0198 5908 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
00:06:22.0207 5908 vds - ok
00:06:22.0239 5908 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:06:22.0240 5908 vga - ok
00:06:22.0279 5908 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
00:06:22.0280 5908 VgaSave - ok
00:06:22.0307 5908 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
00:06:22.0308 5908 viaagp - ok
00:06:22.0323 5908 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
00:06:22.0325 5908 ViaC7 - ok
00:06:22.0352 5908 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
00:06:22.0353 5908 viaide - ok
00:06:22.0404 5908 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:06:22.0406 5908 volmgr - ok
00:06:22.0455 5908 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:06:22.0459 5908 volmgrx - ok
00:06:22.0530 5908 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:06:22.0534 5908 volsnap - ok
00:06:22.0567 5908 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
00:06:22.0570 5908 vsmraid - ok
00:06:22.0653 5908 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
00:06:22.0671 5908 VSS - ok
00:06:22.0712 5908 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
00:06:22.0721 5908 W32Time - ok
00:06:22.0758 5908 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
00:06:22.0759 5908 WacomPen - ok
00:06:22.0797 5908 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
00:06:22.0798 5908 Wanarp - ok
00:06:22.0807 5908 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:06:22.0809 5908 Wanarpv6 - ok
00:06:22.0876 5908 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:06:22.0886 5908 wcncsvc - ok
00:06:22.0931 5908 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:06:22.0937 5908 WcsPlugInService - ok
00:06:22.0962 5908 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
00:06:22.0963 5908 Wd - ok
00:06:23.0033 5908 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:06:23.0038 5908 Wdf01000 - ok
00:06:23.0087 5908 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:06:23.0093 5908 WdiServiceHost - ok
00:06:23.0100 5908 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:06:23.0106 5908 WdiSystemHost - ok
00:06:23.0163 5908 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
00:06:23.0170 5908 WebClient - ok
00:06:23.0242 5908 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:06:23.0249 5908 Wecsvc - ok
00:06:23.0297 5908 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:06:23.0303 5908 wercplsupport - ok
00:06:23.0343 5908 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
00:06:23.0350 5908 WerSvc - ok
00:06:23.0404 5908 [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
00:06:23.0412 5908 winachsf - ok
00:06:23.0469 5908 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
00:06:23.0472 5908 WinDefend - ok
00:06:23.0486 5908 WinHttpAutoProxySvc - ok
00:06:23.0565 5908 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:06:23.0568 5908 Winmgmt - ok
00:06:23.0655 5908 [ 845AF1BA23C8D5E64DEF61BCC441604C ] WinRing0_1_2_0 C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys
00:06:23.0656 5908 WinRing0_1_2_0 - ok
00:06:23.0736 5908 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
00:06:23.0755 5908 WinRM - ok
00:06:23.0822 5908 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
00:06:23.0833 5908 Wlansvc - ok
00:06:23.0918 5908 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:06:23.0919 5908 wlcrasvc - ok
00:06:24.0044 5908 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:06:24.0064 5908 wlidsvc - ok
00:06:24.0103 5908 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
00:06:24.0104 5908 WmiAcpi - ok
00:06:24.0161 5908 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:06:24.0163 5908 wmiApSrv - ok
00:06:24.0258 5908 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
00:06:24.0269 5908 WMPNetworkSvc - ok
00:06:24.0319 5908 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:06:24.0326 5908 WPCSvc - ok
00:06:24.0364 5908 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:06:24.0370 5908 WPDBusEnum - ok
00:06:24.0409 5908 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
00:06:24.0411 5908 WpdUsb - ok
00:06:24.0521 5908 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:06:24.0530 5908 WPFFontCache_v0400 - ok
00:06:24.0563 5908 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:06:24.0564 5908 ws2ifsl - ok
00:06:24.0600 5908 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
00:06:24.0606 5908 wscsvc - ok
00:06:24.0613 5908 WSearch - ok
00:06:24.0752 5908 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
00:06:24.0779 5908 wuauserv - ok
00:06:24.0819 5908 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:06:24.0821 5908 WUDFRd - ok
00:06:24.0852 5908 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:06:24.0859 5908 wudfsvc - ok
00:06:24.0880 5908 ================ Scan global ===============================
00:06:24.0924 5908 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
00:06:24.0979 5908 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
00:06:25.0012 5908 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
00:06:25.0067 5908 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
00:06:25.0074 5908 [Global] - ok
00:06:25.0075 5908 ================ Scan MBR ==================================
00:06:25.0102 5908 [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
00:06:25.0680 5908 \Device\Harddisk0\DR0 - ok
00:06:25.0681 5908 ================ Scan VBR ==================================
00:06:25.0686 5908 [ 927302970B2D5E528B20EAD4CBCEF2C5 ] \Device\Harddisk0\DR0\Partition1
00:06:25.0688 5908 \Device\Harddisk0\DR0\Partition1 - ok
00:06:25.0695 5908 [ 1A8B0DA98A264C143111E975FC95071B ] \Device\Harddisk0\DR0\Partition2
00:06:25.0698 5908 \Device\Harddisk0\DR0\Partition2 - ok
00:06:25.0699 5908 ============================================================
00:06:25.0699 5908 Scan finished
00:06:25.0699 5908 ============================================================
00:06:25.0717 5288 Detected object count: 0
00:06:25.0717 5288 Actual detected object count: 0







aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-02 00:12:21
-----------------------------
00:12:21.976 OS Version: Windows 6.0.6002 Service Pack 2
00:12:21.977 Number of processors: 2 586 0xF0D
00:12:21.978 ComputerName: INES-PC UserName: Ines
00:12:22.543 Initialize success
00:12:36.670 AVAST engine defs: 12120100
00:12:50.478 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:12:50.483 Disk 0 Vendor: ST912082 7.24 Size: 114473MB BusType: 3
00:12:50.487 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
00:12:50.492 Disk 1 Vendor: ST98823A 7.24 Size: 76319MB BusType: 3
00:12:50.518 Disk 0 MBR read successfully
00:12:50.523 Disk 0 MBR scan
00:12:50.568 Disk 0 unknown MBR code
00:12:50.575 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 105936 MB offset 63
00:12:50.604 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8534 MB offset 216957825
00:12:50.616 Disk 0 scanning sectors +234436545
00:12:50.700 Disk 0 scanning C:\Windows\system32\drivers
00:13:06.283 Service scanning
00:13:44.593 Modules scanning
00:13:53.016 Disk 0 trace - called modules:
00:13:53.044 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
00:13:53.053 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861ae210]
00:13:53.062 3 CLASSPNP.SYS[885a58b3] -> nt!IofCallDriver -> [0x85763688]
00:13:53.071 5 acpi.sys[826876bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8521f030]
00:13:53.777 AVAST engine scan C:\Windows
00:13:57.292 AVAST engine scan C:\Windows\system32
00:18:24.793 AVAST engine scan C:\Windows\system32\drivers
00:18:43.005 AVAST engine scan C:\Users\Ines
00:22:59.920 Disk 0 MBR has been saved successfully to "C:\Users\Ines\Desktop\MBR.dat"
00:22:59.934 The log file has been saved successfully to "C:\Users\Ines\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-02 00:28:25
-----------------------------
00:28:25.812 OS Version: Windows 6.0.6002 Service Pack 2
00:28:25.812 Number of processors: 2 586 0xF0D
00:28:25.812 ComputerName: INES-PC UserName: Ines
00:29:22.586 Initialize success
00:29:43.802 AVAST engine defs: 12120100
00:31:28.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
00:31:28.972 Disk 0 Vendor: ST912082 7.24 Size: 114473MB BusType: 3
00:31:28.978 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1
00:31:28.982 Disk 1 Vendor: ST98823A 7.24 Size: 76319MB BusType: 3
00:31:29.024 Disk 0 MBR read successfully
00:31:29.030 Disk 0 MBR scan
00:31:29.039 Disk 0 unknown MBR code
00:31:29.063 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 105936 MB offset 63
00:31:29.105 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8534 MB offset 216957825
00:31:29.133 Disk 0 scanning sectors +234436545
00:31:29.223 Disk 0 scanning C:\Windows\system32\drivers
00:31:45.826 Service scanning
00:32:24.070 Modules scanning
00:32:38.683 Disk 0 trace - called modules:
00:32:38.719 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
00:32:38.728 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d222b8]
00:32:38.737 3 CLASSPNP.SYS[885a98b3] -> nt!IofCallDriver -> [0x85763728]
00:32:38.746 5 acpi.sys[826906bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85223030]
00:32:39.453 AVAST engine scan C:\Windows
00:32:43.048 AVAST engine scan C:\Windows\system32
00:37:23.389 AVAST engine scan C:\Windows\system32\drivers
00:38:08.931 AVAST engine scan C:\Users\Ines
00:53:15.760 AVAST engine scan C:\ProgramData
00:56:00.024 Scan finished successfully
01:08:58.287 Disk 0 MBR has been saved successfully to "C:\Users\Ines\Desktop\MBR.dat"
01:08:58.320 The log file has been saved successfully to "C:\Users\Ines\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:23 PM

Posted 02 December 2012 - 01:35 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 PRprince

PRprince
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 02 December 2012 - 03:26 PM

OTL logfile created on: 12/2/2012 10:07:57 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ines\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.57% Memory free
4.23 Gb Paging File | 3.39 Gb Available in Paging File | 80.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 103.45 Gb Total Space | 37.11 Gb Free Space | 35.87% Space Free | Partition Type: NTFS
Drive E: | 8.33 Gb Total Space | 1.80 Gb Free Space | 21.55% Space Free | Partition Type: NTFS

Computer Name: INES-PC | User Name: Ines | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ines\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - c:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe (Cognizance Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Combined Community Codec Pack\Filters\Haali\splitter.ax ()
MOD - C:\Program Files\Combined Community Codec Pack\Filters\Haali\mkzlib.dll ()
MOD - C:\Program Files\Combined Community Codec Pack\Filters\Haali\mkunicode.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()


========== Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (NACAgent) -- C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe (Cisco Systems, Inc.)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (FolderSize) -- C:\Program Files\FolderSize\FolderSizeSvc.exe (Brio)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLSched) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ASBroker) -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (ASChannel) -- c:\Program Files\Bioscrypt\VeriSoft\Bin\ASChnl.dll (Cognizance Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (NisDrv) -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SmartDefragDriver) -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys ()
DRV - (WinRing0_1_2_0) -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys (OpenLibSys.org)
DRV - (HBtnKey) -- C:\WINDOWS\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company)
DRV - (Revoflt) -- C:\WINDOWS\System32\drivers\revoflt.sys (VS Revo Group)
DRV - (smserial) -- C:\WINDOWS\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek )
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw5v32) -- C:\WINDOWS\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (KMWDFILTER) -- C:\WINDOWS\System32\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV - (ATSWPDRV) -- C:\WINDOWS\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (NETw4v32) -- C:\WINDOWS\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\System32\drivers\rimsptsk.sys (REDC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{5C1CA796-A2A3-40FE-A7BC-022541BE6BF3}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
IE - HKLM\..\SearchScopes\{867842BB-555F-44A8-A1D9-4E9F1F850D8E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{B6780795-4B5F-493C-8E43-4F61E0ABEB23}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3306987689-1346429272-3060805736-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-3306987689-1346429272-3060805736-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3306987689-1346429272-3060805736-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3306987689-1346429272-3060805736-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3306987689-1346429272-3060805736-1000\..\SearchScopes\{210B885E-660A-43C2-A0B3-899D8556FB3F}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-3306987689-1346429272-3060805736-1000\..\SearchScopes\{4E04C5A5-FC23-4281-AD5B-327289F3D027}: "URL" = http://search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484
IE - HKU\S-1-5-21-3306987689-1346429272-3060805736-1000\..\SearchScopes\{92FFFB8B-20BD-45FB-B0D6-479A1F8E2829}: "URL" = http://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=19&tid={1AAA53DD-9C64-4ec1-A4B3-8127AC4BB581}
IE - HKU\S-1-5-21-3306987689-1346429272-3060805736-1000\..\SearchScopes\{B6780795-4B5F-493C-8E43-4F61E0ABEB23}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120519,17118,0,18,0
IE - HKU\S-1-5-21-3306987689-1346429272-3060805736-1000\..\SearchScopes\{FCCFF549-4C19-4EAA-B6E9-9B52C1EEB39C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=7E968F34-819D-46D0-8F78-EEC382DB9379&apn_sauid=3728A3D9-ED35-48E1-A3D9-63045C0319A6
IE - HKU\S-1-5-21-3306987689-1346429272-3060805736-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3306987689-1346429272-3060805736-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: quickdrag@mozilla.ktechcomputing.com:2.1.3.21
FF - prefs.js..extensions.enabledAddons: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: urlflipper@mozilla.ktechcomputing.com:3.1.1.20
FF - prefs.js..extensions.enabledAddons: {62b958b4-9962-4fc2-9983-01a9a42d6f2d}:0.4.2
FF - prefs.js..extensions.enabledAddons: {6cffc2d6-aea4-4032-b8c6-d211fe6ded4e}:1.0.1
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.5
FF - prefs.js..extensions.enabledAddons: {fffe0eac-3819-4561-8aa9-178a68450d4f}:1.91
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {62b958b4-9962-4fc2-9983-01a9a42d6f2d}:0.4.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.3
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.1.3.21
FF - prefs.js..extensions.enabledItems: {6cffc2d6-aea4-4032-b8c6-d211fe6ded4e}:1.0.1
FF - prefs.js..extensions.enabledItems: urlflipper@mozilla.ktechcomputing.com:3.1.1.20
FF - prefs.js..extensions.enabledItems: {fffe0eac-3819-4561-8aa9-178a68450d4f}:1.91
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledItems: AppGraffiti@AppGraffiti.com:1.0.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/09 19:55:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/09 19:55:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/09 19:55:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/09 19:55:29 | 000,000,000 | ---D | M]

[2011/08/06 21:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ines\AppData\Roaming\Mozilla\Extensions
[2012/12/01 13:13:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\extensions
[2010/05/02 19:55:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/08 11:21:20 | 000,000,000 | ---D | M] (Thumbs) -- C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\extensions\{6cffc2d6-aea4-4032-b8c6-d211fe6ded4e}
[2012/04/12 16:35:42 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/06/15 15:04:10 | 000,000,000 | ---D | M] (firefusk) -- C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\extensions\{fffe0eac-3819-4561-8aa9-178a68450d4f}
[2010/11/16 00:18:32 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\extensions\illimitux@illimitux.net
[2011/04/02 08:22:34 | 000,000,000 | ---D | M] (QuickDrag) -- C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\extensions\quickdrag@mozilla.ktechcomputing.com
[2011/02/18 16:24:32 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\extensions\tineye@ideeinc.com
[2011/04/02 08:22:35 | 000,000,000 | ---D | M] (URL Flipper) -- C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\extensions\urlflipper@mozilla.ktechcomputing.com
[2011/10/28 21:18:56 | 000,143,049 | ---- | M] () (No name found) -- C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\extensions\{62b958b4-9962-4fc2-9983-01a9a42d6f2d}.xpi
[2011/10/28 20:48:13 | 000,254,273 | ---- | M] () (No name found) -- C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2012/01/06 23:52:28 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/04/12 16:35:42 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2011/03/23 19:36:39 | 000,001,832 | ---- | M] () -- C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\searchplugins\bing.xml
[2011/04/28 22:36:08 | 000,002,292 | ---- | M] () -- C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\searchplugins\inbox-search.xml
[2012/12/01 16:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/19 15:05:16 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2012/09/17 19:22:50 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/21 09:13:42 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2012/10/19 15:04:25 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/12/01 20:20:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-3306987689-1346429272-3060805736-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Bioscrypt\VeriSoft\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-3306987689-1346429272-3060805736-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3306987689-1346429272-3060805736-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3306987689-1346429272-3060805736-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{385A36C3-A54F-497D-9031-C14D66FA1840}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B7CFB30-E8FE-4504-9442-9BFF8E17FEF9}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\System32\APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img20.jpg
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/19 06:19:31 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/02 10:04:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ines\Desktop\OTL.exe
[2012/12/02 00:03:53 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Ines\Desktop\aswMBR.exe
[2012/12/02 00:03:41 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ines\Desktop\tdsskiller.exe
[2012/12/01 20:48:22 | 000,029,528 | ---- | C] (IObit) -- C:\Windows\System32\SmartDefragBootTime.exe
[2012/12/01 20:30:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/12/01 20:20:57 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/12/01 20:00:31 | 005,009,347 | R--- | C] (Swearware) -- C:\Users\Ines\Desktop\ComboFix.exe
[2012/12/01 16:29:11 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/12/01 16:28:45 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/12/01 16:28:45 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/12/01 16:28:44 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/12/01 16:09:22 | 000,895,464 | ---- | C] (Oracle Corporation) -- C:\Users\Ines\Desktop\jxpiinstall.exe
[2012/12/01 13:22:22 | 000,000,000 | ---D | C] -- C:\Users\Ines\Desktop\RK_Quarantine
[2012/11/30 13:45:50 | 000,000,000 | ---D | C] -- C:\FRST
[2012/11/30 13:34:11 | 000,694,235 | ---- | C] (Farbar) -- C:\Users\Ines\Desktop\FSS.exe
[2012/11/30 13:16:15 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Ines\Desktop\dds.com
[2012/11/29 20:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/11/29 18:04:07 | 000,000,000 | ---D | C] -- C:\Users\Ines\Desktop\CCleaner Professional + Business Edition 3.25.1872
[2012/11/09 19:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/09 19:54:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 30 Days ==========

[2012/12/02 10:07:55 | 000,642,786 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/02 10:07:55 | 000,119,906 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/02 10:04:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ines\Desktop\OTL.exe
[2012/12/02 10:01:34 | 000,469,730 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/12/02 10:01:34 | 000,469,730 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/12/02 10:01:33 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/02 10:01:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/02 10:01:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/02 10:01:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/02 10:01:07 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/02 01:08:58 | 000,000,512 | ---- | M] () -- C:\Users\Ines\Desktop\MBR.dat
[2012/12/02 00:54:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/02 00:44:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/02 00:41:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/12/02 00:04:34 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Ines\Desktop\aswMBR.exe
[2012/12/02 00:03:43 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ines\Desktop\tdsskiller.exe
[2012/12/01 20:20:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/12/01 20:00:37 | 005,009,347 | R--- | M] (Swearware) -- C:\Users\Ines\Desktop\ComboFix.exe
[2012/12/01 16:28:24 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/12/01 16:28:17 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/12/01 16:28:17 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/12/01 16:28:16 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/12/01 16:28:15 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/12/01 16:28:15 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/12/01 16:09:59 | 000,895,464 | ---- | M] (Oracle Corporation) -- C:\Users\Ines\Desktop\jxpiinstall.exe
[2012/12/01 15:59:52 | 000,002,305 | ---- | M] () -- C:\Users\Ines\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/12/01 13:05:57 | 000,752,128 | ---- | M] () -- C:\Users\Ines\Desktop\RogueKiller.exe
[2012/11/30 17:50:33 | 000,000,026 | ---- | M] () -- C:\Windows\popcinfo.dat
[2012/11/30 13:34:22 | 000,694,235 | ---- | M] (Farbar) -- C:\Users\Ines\Desktop\FSS.exe
[2012/11/30 13:16:32 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Ines\Desktop\dds.com
[2012/11/29 17:48:03 | 000,000,655 | ---- | M] () -- C:\Users\Ines\Desktop\Downloads - Shortcut.lnk
[2012/11/29 10:56:29 | 000,001,111 | ---- | M] () -- C:\Users\Ines\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/11/28 20:58:52 | 000,000,558 | ---- | M] () -- C:\Users\Ines\Desktop\Health and Physical Ass - Shortcut.lnk
[2012/11/28 14:12:37 | 000,000,104 | ---- | M] () -- C:\Users\Ines\Desktop\Control Panel - Shortcut.lnk
[2012/11/28 14:09:18 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/28 14:09:17 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/11/21 21:44:03 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForInes.job

========== Files Created - No Company Name ==========

[2012/12/02 00:22:59 | 000,000,512 | ---- | C] () -- C:\Users\Ines\Desktop\MBR.dat
[2012/12/01 20:48:07 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys
[2012/12/01 13:05:38 | 000,752,128 | ---- | C] () -- C:\Users\Ines\Desktop\RogueKiller.exe
[2012/11/29 17:48:03 | 000,000,655 | ---- | C] () -- C:\Users\Ines\Desktop\Downloads - Shortcut.lnk
[2012/11/28 20:58:52 | 000,000,558 | ---- | C] () -- C:\Users\Ines\Desktop\Health and Physical Ass - Shortcut.lnk
[2012/11/28 14:12:37 | 000,000,104 | ---- | C] () -- C:\Users\Ines\Desktop\Control Panel - Shortcut.lnk
[2012/09/16 03:45:06 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/05/21 20:38:36 | 000,000,196 | ---- | C] () -- C:\Windows\wininit.ini
[2012/05/19 21:19:13 | 000,000,885 | ---- | C] () -- C:\Users\Ines\.recently-used.xbel
[2011/09/15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/04/23 22:22:20 | 000,000,118 | ---- | C] () -- C:\Users\Ines\AppData\Roaming\wklnhst.dat
[2011/01/19 17:53:06 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/19 17:53:05 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/04/28 10:25:18 | 000,002,133 | ---- | C] () -- C:\Users\Ines\Music Transfer.lnk
[2010/01/17 00:45:38 | 000,000,045 | ---- | C] () -- C:\Users\Ines\.gtk-bookmarks
[2009/10/28 08:29:47 | 000,000,680 | ---- | C] () -- C:\Users\Ines\AppData\Local\d3d9caps.dat
[2009/03/08 20:47:19 | 000,041,984 | ---- | C] () -- C:\Users\Ines\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/11 17:59:35 | 000,469,730 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/01/11 17:56:21 | 000,469,730 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:23 PM

Posted 02 December 2012 - 03:44 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    O3 - HKU\S-1-5-21-3306987689-1346429272-3060805736-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1  
    IE - HKLM\..\SearchScopes\{867842BB-555F-44A8-A1D9-4E9F1F850D8E}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-3306987689-1346429272-3060805736-1000\..\SearchScopes\{92FFFB8B-20BD-45FB-B0D6-479A1F8E2829}: "URL" = http://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=19&tid={1AAA53DD-9C64-4ec1-A4B3-8127AC4BB581}
    IE - HKU\S-1-5-21-3306987689-1346429272-3060805736-1000\..\SearchScopes\{FCCFF549-4C19-4EAA-B6E9-9B52C1EEB39C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=7E968F34-819D-46D0-8F78-EEC382DB9379&apn_sauid=3728A3D9-ED35-48E1-A3D9-63045C0319A6
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 PRprince

PRprince
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 02 December 2012 - 06:49 PM

the pc is running alot better thankyou so much






========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3306987689-1346429272-3060805736-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{867842BB-555F-44A8-A1D9-4E9F1F850D8E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{867842BB-555F-44A8-A1D9-4E9F1F850D8E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3306987689-1346429272-3060805736-1000\Software\Microsoft\Internet Explorer\SearchScopes\{92FFFB8B-20BD-45FB-B0D6-479A1F8E2829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92FFFB8B-20BD-45FB-B0D6-479A1F8E2829}\ not found.
Registry key HKEY_USERS\S-1-5-21-3306987689-1346429272-3060805736-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FCCFF549-4C19-4EAA-B6E9-9B52C1EEB39C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCCFF549-4C19-4EAA-B6E9-9B52C1EEB39C}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ines\Desktop\cmd.bat deleted successfully.
C:\Users\Ines\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Ines
->Java cache emptied: 5898099 bytes

User: Mcx1

User: Public

Total Java Files Cleaned = 6.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Ines
->Flash cache emptied: 42236 bytes

User: Mcx1

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12022012_183952

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:23 PM

Posted 02 December 2012 - 08:48 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 PRprince

PRprince
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 03 December 2012 - 12:40 AM

the pc is running normally here is the log for combofix


ComboFix 12-12-02.01 - Ines 12/03/2012 0:22.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1024 [GMT -5:00]
Running from: c:\users\Ines\Desktop\ComboFix.exe
Command switches used :: c:\users\Ines\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 05:33 . 2012-12-03 05:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-12-03 05:33 . 2012-12-03 05:33 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-12-03 05:33 . 2012-12-03 05:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-02 23:39 . 2012-12-02 23:39 -------- d-----w- C:\_OTL
2012-12-02 01:48 . 2012-05-08 23:35 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-12-02 01:48 . 2010-11-26 23:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-12-01 21:28 . 2012-12-01 21:28 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-01 18:02 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3A14A7B-FD7B-4FAC-AA49-A2C6F8304EFA}\mpengine.dll
2012-11-30 18:45 . 2012-11-30 19:07 -------- d-----w- C:\FRST
2012-11-30 05:44 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-28 16:22 . 2012-11-28 16:18 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D04AEADC-6041-4488-AC12-95EDDDA7BCB6}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-01 21:28 . 2012-09-06 04:15 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-01 21:28 . 2011-05-08 02:33 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-28 19:09 . 2012-09-20 06:48 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-28 19:09 . 2012-09-20 06:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-19 20:05 . 2012-10-19 20:04 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 05:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-12 02:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-03-12 18:54 50696 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 00:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-03-20 22:23 1773568 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-03-01 20:18 472776 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-02-12 14:37 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 03:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments]
2012-02-23 17:30 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2009-11-24 15:07 323640 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-04-24 01:11 176128 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 08:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 19:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-02-17 12:56 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-10-14 08:36 2299176 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-10 23:12 317128 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 19:09]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 17:59]
.
2012-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-12 17:59]
.
2012-12-02 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2012-09-22 08:48]
.
2012-11-22 c:\windows\Tasks\HPCeeScheduleForInes.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-06-19 21:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2049-12-31 14:00; {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}; c:\users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\pt2ehi8w.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF - ExtSQL: !HIDDEN! 2009-07-08 22:33; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-03 00:33
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3320)
c:\windows\system32\APSHook.dll
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2012-12-03 00:36:31
ComboFix-quarantined-files.txt 2012-12-03 05:36
ComboFix2.txt 2012-12-02 01:30
ComboFix3.txt 2010-01-21 14:30
ComboFix4.txt 2010-01-21 03:32
ComboFix5.txt 2012-12-03 05:20
.
Pre-Run: 36,930,703,360 bytes free
Post-Run: 37,029,634,048 bytes free
.
- - End Of File - - 0121DEF00CD07BA0A0AD9C3ABAF7D30B

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:23 PM

Posted 03 December 2012 - 12:46 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

AppGraffiti
Ask Toolbar
Ask Toolbar Updater
Bing Rewards Client Installer
Coupon Printer for Windows
Java™ 6 Update 35
Malwarebytes' Anti-Malware
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 PRprince

PRprince
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 03 December 2012 - 10:39 AM

firefox still loads up pages 'sometimes' with html only, then after the refresh button it loads up the page normally, i dint know if that related...

the first 5 things in the uninstal list are no longger on the ad/remove list or the revo list since the scrub programs, i did remeber seeing some of them in prevous logs though. and java, i had uninstalled and updated them yesterday (i think i mentioned in previous posts, dont know if you want me to uninstall again, and reinstall today. and i uninstalled malwerbytes with revo, and installed a new updated copy.



Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.03.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Ines :: INES-PC [administrator]

Protection: Enabled

12/3/2012 10:13:53 AM
mbam-log-2012-12-03 (10-13-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236735
Time elapsed: 10 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)






Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:31:44 AM, on 12/3/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskeng.exe
C:\Users\Ines\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\APSHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8528 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users