Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Horse Generic 29.AJGE


  • This topic is locked This topic is locked
18 replies to this topic

#1 olopezpi

olopezpi

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 23 May 2013 - 04:25 PM

 Results of screen317's Security Check version 0.99.64 
 Windows Vista Service Pack 2 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Out of date HijackThis  installed!
 Malwarebytes Anti-Malware version 1.75.0.1300 
 HijackThis 2.0.2   
 JavaFX 2.1.1   
 Java 7 Update 7 
 Java version out of Date!
 Adobe Reader 9 
 Google Chrome 26.0.1410.64 
 Google Chrome 27.0.1453.94 
````````Process Check: objlist.exe by Laurent```````` 
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 olopezpi

olopezpi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 23 May 2013 - 04:27 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16483  BrowserJavaVersion: 10.7.2
Run by TPG at 17:25:16 on 2013-05-23
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6133.2311 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Workspace\offSyncService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\ehome\ehtray.exe
C:\Users\TPG\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Users\TPG\AppData\Local\Workspace\workspaceupdate.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\TPG\AppData\Local\Akamai\netsession_win.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASC.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\AutoUpdate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Windows\System32\mspaint.exe
C:\Users\TPG\Desktop\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\notepad.exe
C:\PROGRA~2\MICROS~4\Office12\OIS.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Google Update] "C:\Users\TPG\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\TPG\AppData\Local\Akamai\netsession_win.exe"
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
uRun: [Starfield Updater] "C:\Users\TPG\AppData\Local\Workspace\WorkspaceUpdate.exe"
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files\WinZip\WZQKPICK32.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\TPG\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{00BF2D6E-FC3C-4B2F-870E-BB1FA4733CED} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{734DE52E-B846-469C-9829-ECA6A6EA0303} : DHCPNameServer = 192.168.1.254
Handler: linkscanner - <Clsid value has no data>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: linkscanner - <Clsid value has no data>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2011-4-18 18232]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-11-13 574272]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 27648]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2013-2-28 1183456]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2009-10-20 47632]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R3 netr7364;Netopia RT73 Wireless Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2010-2-24 635168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\System32\drivers\athrxusb.sys [2009-11-12 1021440]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-31 82112]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-2-2 23536]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SndTAudio;SndTAudio;C:\Windows\System32\drivers\SndTAudio.sys [2011-12-7 33848]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-7-31 202560]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-8-28 49152]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-8 89920]
SUnknown samvobln;samvobln; [x]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-05-15 20:44:44 75016696 ----a-w- C:\Windows\System32\mrt.exe
2013-05-15 15:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-15 15:25:54 17818624 ----a-w- C:\Windows\System32\mshtml.dll
2013-05-15 15:25:54 12324864 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-05-15 15:25:53 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-15 14:17:12 901496 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-13 03:34:30 47104 ----a-w- C:\Windows\System32\cdd.dll
2013-04-09 01:55:57 2774016 ----a-w- C:\Windows\System32\win32k.sys
2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-29 06:53:48 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-03-21 07:08:24 240952 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2013-03-11 13:33:42 4691304 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-09 04:16:35 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-09 01:48:36 75264 ----a-w- C:\Windows\System32\smss.exe
2013-03-08 04:18:52 451072 ----a-w- C:\Windows\System32\winsrv.dll
2013-03-08 04:17:12 2425344 ----a-w- C:\Windows\System32\mstscax.dll
2013-03-08 03:52:22 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-03-03 19:13:14 1513320 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
============= FINISH: 17:25:42.91 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/11/2009 6:53:32 PM
System Uptime: 5/20/2013 2:59:19 PM (75 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | Benicia
Processor: Pentium® Dual-Core  CPU      E5300  @ 2.60GHz | CPU 1 | 2600/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 582 GiB total, 185.724 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.94 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP886: 4/15/2013 9:50:34 PM - Scheduled Checkpoint
RP887: 4/17/2013 - Scheduled Checkpoint
RP888: 4/18/2013 12:00:01 AM - Scheduled Checkpoint
RP889: 4/19/2013 12:00:01 AM - Scheduled Checkpoint
RP890: 4/20/2013 12:00:01 AM - Scheduled Checkpoint
RP891: 4/21/2013 5:10:43 AM - Scheduled Checkpoint
RP892: 4/22/2013 12:00:01 AM - Scheduled Checkpoint
RP893: 4/23/2013 7:04:36 AM - Scheduled Checkpoint
RP894: 4/24/2013 - Scheduled Checkpoint
RP895: 4/24/2013 3:00:11 AM - Windows Update
RP896: 4/25/2013 12:00:02 AM - Scheduled Checkpoint
RP897: 4/26/2013 12:00:01 AM - Scheduled Checkpoint
RP898: 4/27/2013 - Scheduled Checkpoint
RP899: 4/28/2013 12:00:01 AM - Scheduled Checkpoint
RP900: 5/4/2013 10:38:11 AM - Scheduled Checkpoint
RP901: 5/5/2013 - Scheduled Checkpoint
RP902: 5/6/2013 3:34:39 PM - Removed HTC Driver Installer.
RP903: 5/6/2013 3:40:39 PM - Removed HTC Sync.
RP904: 5/6/2013 3:43:36 PM - Removed VirtualDJ Home FREE
RP905: 5/11/2013 8:09:26 AM - Scheduled Checkpoint
RP906: 5/12/2013 - Scheduled Checkpoint
RP907: 5/15/2013 11:22:21 AM - Windows Modules Installer
RP908: 5/15/2013 4:43:32 PM - Windows Update
RP909: 5/15/2013 4:54:11 PM - Removed Adobe Reader 9.5.5.
RP910: 5/17/2013 12:06:03 PM - Scheduled Checkpoint
RP911: 5/19/2013 12:00:01 AM - Scheduled Checkpoint
RP912: 5/20/2013 1:57:20 PM - Scheduled Checkpoint
RP913: 5/22/2013 12:00:01 AM - Scheduled Checkpoint
RP914: 5/23/2013 12:00:01 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
123 Free Solitaire 2011 v8.0
2WIREUSBWLANInstaller
64 Bit HP CIO Components Installer
6500_E709_eDocs
6500_E709_Help
6500_E709a
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Reader 9.5.5
Advanced SystemCare 6
Agere Systems PCI-SV92EX Soft Modem
Akamai NetSession Interface
Akamai NetSession Interface Service
Any Video Converter 3.2.7
AoA Audio Extractor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2013
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CCleaner
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
D3DX10
Destination Component
DeviceDiscovery
DirectX for Managed Code Update (Summer 2004)
DivX Codec
DivX Player
DivX Plus DirectShow Filters
DocMgr
DocProc
EASEUS Data Recovery Wizard Professional 4.3.6
Family Tree Maker 2011
Fax
FileZilla Client 3.7.0.1
Free 3GP Video Converter version 3.7.24.426
Free M4a to MP3 Converter 7.0
Free Mp3 Wma Converter V 1.93
Free Video Flip and Rotate version 1.8
Free YouTube to MP3 Converter version 3.11.24.608
Glary Utilities 2.50.0.1632
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hardware Diagnostic Tools
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 12.0
HP Document Manager 2.0
HP Imaging Device Functions 12.0
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Officejet 6500 E709 Series
HP Photosmart Essential 3.5
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Remote Software
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java 7 Update 7
Java Auto Updater
JavaFX 2.1.1
Knoll Light Factory EZ Studio
Knoll Light Factory EZ Studio 15
LabelPrint
LightScribe System Software
LSI PCI-SV92EX Soft Modem
Magic Bullet Looks Studio
Magic Bullet Looks Studio 15
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 60 day trial
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
OCR Software by I.R.I.S. 12.0
PictureMover
Pinnacle Studio 15
Pinnacle Studio 15 Ultimate Collection Plugins
Pinnacle Studio Bonus Content
Pinnacle Studio Ultimate Collection Plugins
Pinnacle Video Driver
PMB
Power2Go
PowerDirector
PrintingPress
ProductContext
Python 2.6 pywin32-212
Python 2.6.1
QuickTime
Realtek High Definition Audio Driver
Red Giant ToonIt Studio
Red Giant ToonIt Studio 15
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Segoe UI
Smart Defrag 2
SmartDraw 7
SmartWebPrinting
Smilebox
SolutionCenter
Status
Toolbox
Trapcode 3DStroke Studio
Trapcode 3DStroke Studio 15
Trapcode Particular Studio
Trapcode Shine Studio
Trapcode Shine Studio 15
TrayApp
Uninstall 1.0.0.1
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual DJ - Atomix Productions
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.6
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Encoder 9 Series
WinPcap 4.1.1
WinRAR 4.20 (32-bit)
WinX Free AVI to MPEG Converter 4.0.10
WinZip 17.0
Wireless USB Card
WM Recorder 14
Workspace Desktop
YTD Video Downloader 3.9.3
.
==== Event Viewer Messages From Past Week ========
.
5/20/2013 3:01:20 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  i8042prt SRTSP SRTSPX
5/20/2013 3:01:20 PM, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error 5 (0x5).
5/20/2013 3:01:20 PM, Error: Service Control Manager [7000]  - The MCSTRM service failed to start due to the following error:  The system cannot find the file specified.
5/20/2013 2:59:52 PM, Error: EventLog [6008]  - The previous system shutdown at 2:57:30 PM on 5/20/2013 was unexpected.
5/20/2013 2:59:45 PM, Error: volmgr [46]  - Crash dump initialization failed!
5/20/2013 1:19:48 PM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
5/20/2013 1:18:44 PM, Error: EventLog [6008]  - The previous system shutdown at 1:16:14 PM on 5/20/2013 was unexpected.
.
==== End Of File ===========================
 



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:06 PM

Posted 24 May 2013 - 01:17 AM


Hello olopezpi

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 olopezpi

olopezpi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 28 May 2013 - 09:07 AM

# AdwCleaner v2.301 - Logfile created 05/28/2013 at 10:02:34
# Updated 16/05/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : TPG - TPG-PC
# Boot Mode : Normal
# Running from : C:\Users\TPG\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Deleted on reboot : C:\Program Files (x86)\Common Files\Plasmoo
Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\Zynga
Deleted on reboot : C:\ProgramData\blekko toolbars
Deleted on reboot : C:\ProgramData\Tarma Installer
Deleted on reboot : C:\Users\TPG\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\TPG\AppData\LocalLow\Zynga
Deleted on reboot : C:\Users\TPG\AppData\Roaming\dvdvideosoftiehelpers

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\TPG\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3199 octets] - [28/05/2013 10:00:37]
AdwCleaner[S1].txt - [3031 octets] - [28/05/2013 10:02:34]

########## EOF - C:\AdwCleaner[S1].txt - [3091 octets] ##########

 



#5 olopezpi

olopezpi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 28 May 2013 - 09:31 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows ™ Vista Home Premium x64
Ran by TPG on Tue 05/28/2013 at 10:10:47.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0BCD5D28-DB6D-407E-8AE1-CFB7B1F95AC5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5A95BD3B-5332-4719-8F22-A003378E0ABD}

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\zynga"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{01079CA4-7BC0-428D-9A0E-B37E14DC0F42}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{034E5A36-CF95-4373-B5E9-AB0A4D95C4C4}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{05C244A8-4A55-403C-83CC-0182A04EF1BE}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{1794161B-642C-4A64-81CB-BCFA820C3C3B}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{180C7CA1-902D-4EE4-9CF1-FB69ADF7A5E9}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{1CB05371-35D0-4B37-BC64-077758A37DC1}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{1E066D40-102F-42DE-8252-CAE769280F15}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{1F7799F2-A8A2-4565-AF9A-15ACCE7DD6F0}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{20C2CEB8-F587-461D-ABC3-C671045EF95F}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{242AF402-3FF0-4079-ADE8-0172FDCA93C3}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{2EC8F6DC-7102-4E62-9532-DB0FA1FBDF01}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{34562345-5B75-435D-91E1-8B240867CA07}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{3EC5FABB-EAB0-4E4B-81E9-00CD3B304D25}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{42D7C6A7-117D-4613-B9AB-48A6B588F36F}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{45473316-81FD-42EB-B255-E7FD301188A3}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{4EC7D3FD-3071-430C-A39A-9E1C1B1F5DD6}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{51CCC5FE-74EE-4482-93FB-0D3986C17CBF}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{57E7BE2B-24EC-45C6-826B-552119614BB0}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{59E1587C-C2D1-45FE-8872-9589C982D3E9}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{63282B38-7918-42AA-8912-056A1BE28A01}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{6EE439B9-E47C-414C-869E-C58F0FE9E0D3}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{7220054F-15C6-4965-90D5-C9580CCB7265}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{759C876F-96D8-4C01-8F3C-A14EE603266B}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{75E2028E-4E85-40F0-B8D9-5E90F0EF2CA9}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{830509E8-489A-4A59-8B0E-4604FACFE472}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{83A2FC97-CF14-4DA1-A1C2-06208BAEE657}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{885F2300-CD97-41E6-B8B6-EDDDB6E75091}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{8C9FC9ED-B8CB-4F0B-B783-991B2BF4FF5D}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{8DC90292-D1CD-4F13-AB42-87135530DD1A}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{8FC6B478-7F8F-4D2E-BDC9-794D1562BAEB}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{9332CFBA-1347-42F7-B62A-BAD5FB8CF993}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{997E54D5-4C2A-47FE-BB50-831C042F5F4E}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{A26CCCE7-D44F-4F4C-B87B-F6AF5FDC2FB7}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{A3B91C1C-3E9D-4BDA-86AA-AAE94B8B4305}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{CF57DB8D-157C-43E8-B265-2C55B5CBE4A8}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{D2473904-2202-4F33-AD32-E15B852C3014}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{D3E49852-6D10-4F81-928F-37349DBF321F}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{DBB50DBA-7820-4AEB-BA21-E35D046A5D85}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{E9246FA5-B11D-4C85-80C9-41A1CE396794}
Successfully deleted: [Empty Folder] C:\Users\TPG\appdata\local\{F9F07B99-BC40-4591-A1B4-629C8A85E2FE}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/28/2013 at 10:14:50.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:06 PM

Posted 28 May 2013 - 12:50 PM


Hello olopezpi

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:06 PM

Posted 31 May 2013 - 12:59 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:06 PM

Posted 04 June 2013 - 09:24 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:06 PM

Posted 07 June 2013 - 05:19 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:06 PM

Posted 12 June 2013 - 01:05 AM

This topic has been re-opened at the request of the person who originally posted.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 olopezpi

olopezpi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 12 June 2013 - 01:59 AM

ComboFix 13-06-08.02 - TPG 06/12/2013   0:56.2.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6133.3864 [GMT -4:00]
Running from: c:\users\TPG\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\$recycle.bin\S-1-5-21-3798338263-726971438-3656014633-1000\$5a53359399ccca39912d1d22f6465400\@
c:\$recycle.bin\S-1-5-21-3798338263-726971438-3656014633-1000\$5a53359399ccca39912d1d22f6465400\n
c:\users\TPG\AppData\Roaming\98D0E2
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-12 to 2013-06-12  )))))))))))))))))))))))))))))))
.
.
2013-06-06 12:48 . 2013-06-06 12:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-06 12:48 . 2013-06-06 12:48 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-28 14:10 . 2013-05-28 14:10 -------- d-----w- c:\windows\ERUNT
2013-05-28 14:10 . 2013-05-28 14:10 -------- d-----w- C:\JRT
2013-05-28 14:02 . 2013-05-28 14:02 530 ----a-w- c:\windows\DeleteOnReboot.bat
2013-05-15 15:25 . 2013-05-15 15:25 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-15 15:25 . 2013-05-15 15:25 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-15 15:25 . 2013-05-15 15:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 07:23 . 2013-04-15 14:17 901496 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 07:23 . 2013-04-09 01:55 2774016 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 07:23 . 2013-04-13 03:34 47104 ----a-w- c:\windows\system32\cdd.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 05:02 . 2008-01-21 02:49 79672 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS
2013-05-15 20:44 . 2006-11-02 12:35 75016696 ----a-w- c:\windows\system32\mrt.exe
2013-05-15 15:00 . 2011-11-17 23:05 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-04 18:50 . 2009-11-12 17:23 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-29 06:53 . 2013-03-29 06:53 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-03-21 07:08 . 2013-03-21 07:08 240952 ----a-w- c:\windows\system32\drivers\avgtdia.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Akamai NetSession Interface"="c:\users\TPG\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-19 491840]
"Starfield Updater"="c:\users\TPG\AppData\Local\Workspace\workspaceupdate.exe" [2013-04-17 35008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2013-1-15 685936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe"
.
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPNAT
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ    Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-06 12:48]
.
2013-06-12 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-03-22 17:45]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 15:32]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 15:32]
.
2013-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3798338263-726971438-3656014633-1000Core.job
- c:\users\TPG\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-04 22:10]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3798338263-726971438-3656014633-1000UA.job
- c:\users\TPG\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-04 22:10]
.
2009-09-10 c:\windows\Tasks\HPCeeScheduleForAdministrator.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-07-24 01:17]
.
2013-05-28 c:\windows\Tasks\HPCeeScheduleForTPG.job
- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-07-24 01:17]
.
2013-06-12 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2010-01-20 16:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2013-04-06 21:50 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2013-04-06 21:50 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 202264]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\TPG\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72,
   1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
   07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
   35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
   fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
   51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:00,e0,2c,15,b5,45,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,03,7e,b3,ce,ba,c0,43,a4,ca,65,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,03,7e,b3,ce,ba,c0,43,a4,ca,65,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG2013\avgidsagent.exe
c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe
c:\program files (x86)\Workspace\offSyncService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2013-06-12  01:10:30 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-12 05:10
.
Pre-Run: 189,038,911,488 bytes free
Post-Run: 189,377,150,976 bytes free
.
- - End Of File - - 37CADD398B622BB43FAD28F29A0DD8F0
81CD5EC01DB0CE57EDD853F82462EF27
 



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:06 PM

Posted 12 June 2013 - 02:01 AM


Hello olopezpi

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 olopezpi

olopezpi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 14 June 2013 - 03:15 AM

04:10:52.0744 5168  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
04:10:53.0235 5168  ============================================================
04:10:53.0235 5168  Current date / time: 2013/06/14 04:10:53.0235
04:10:53.0235 5168  SystemInfo:
04:10:53.0235 5168 
04:10:53.0235 5168  OS Version: 6.0.6002 ServicePack: 2.0
04:10:53.0235 5168  Product type: Workstation
04:10:53.0235 5168  ComputerName: TPG-PC
04:10:53.0235 5168  UserName: TPG
04:10:53.0235 5168  Windows directory: C:\Windows
04:10:53.0235 5168  System windows directory: C:\Windows
04:10:53.0235 5168  Running under WOW64
04:10:53.0235 5168  Processor architecture: Intel x64
04:10:53.0235 5168  Number of processors: 2
04:10:53.0235 5168  Page size: 0x1000
04:10:53.0235 5168  Boot type: Normal boot
04:10:53.0235 5168  ============================================================
04:10:53.0693 5168  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:10:53.0715 5168  ============================================================
04:10:53.0715 5168  \Device\Harddisk0\DR0:
04:10:53.0715 5168  MBR partitions:
04:10:53.0715 5168  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48CB7537
04:10:53.0715 5168  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48CB7576, BlocksNum 0x1B9F94B
04:10:53.0715 5168  ============================================================
04:10:53.0753 5168  C: <-> \Device\Harddisk0\DR0\Partition1
04:10:53.0823 5168  D: <-> \Device\Harddisk0\DR0\Partition2
04:10:53.0823 5168  ============================================================
04:10:53.0823 5168  Initialize success
04:10:53.0823 5168  ============================================================
04:11:18.0812 6552  ============================================================
04:11:18.0812 6552  Scan started
04:11:18.0812 6552  Mode: Manual; SigCheck; TDLFS;
04:11:18.0812 6552  ============================================================
04:11:19.0238 6552  ================ Scan system memory ========================
04:11:19.0238 6552  System memory - ok
04:11:19.0238 6552  ================ Scan services =============================
04:11:19.0357 6552  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
04:11:19.0494 6552  ACPI - ok
04:11:19.0627 6552  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
04:11:19.0644 6552  AdobeFlashPlayerUpdateSvc - ok
04:11:19.0690 6552  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
04:11:19.0718 6552  adp94xx - ok
04:11:19.0759 6552  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
04:11:19.0781 6552  adpahci - ok
04:11:19.0813 6552  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
04:11:19.0831 6552  adpu160m - ok
04:11:19.0870 6552  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
04:11:19.0888 6552  adpu320 - ok
04:11:20.0035 6552  [ 9243229DFCCC99B5441750EBA49F1B14 ] AdvancedSystemCareService6 C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
04:11:20.0065 6552  AdvancedSystemCareService6 - ok
04:11:20.0105 6552  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
04:11:20.0154 6552  AeLookupSvc - ok
04:11:20.0205 6552  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD             C:\Windows\system32\drivers\afd.sys
04:11:20.0298 6552  AFD - ok
04:11:20.0389 6552  [ 48008D4EA73C1058F36D323A644410D4 ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
04:11:20.0415 6552  AgereModemAudio - ok
04:11:20.0491 6552  [ DDF52C4C92D831A4CDB7788B37585E36 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
04:11:20.0586 6552  AgereSoftModem - ok
04:11:20.0646 6552  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
04:11:20.0665 6552  agp440 - ok
04:11:20.0711 6552  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
04:11:20.0731 6552  aic78xx - ok
04:11:20.0875 6552  [ C7074BD8D4B8F564859ED373433030AE ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
04:11:20.0876 6552  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
04:11:20.0887 6552  Akamai ( HiddenFile.Multi.Generic ) - warning
04:11:20.0887 6552  Akamai - detected HiddenFile.Multi.Generic (1)
04:11:20.0913 6552  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
04:11:20.0974 6552  ALG - ok
04:11:20.0994 6552  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
04:11:21.0017 6552  aliide - ok
04:11:21.0034 6552  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
04:11:21.0058 6552  amdide - ok
04:11:21.0073 6552  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
04:11:21.0126 6552  AmdK8 - ok
04:11:21.0153 6552  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
04:11:21.0180 6552  Appinfo - ok
04:11:21.0281 6552  [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:11:21.0296 6552  Apple Mobile Device - ok
04:11:21.0327 6552  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
04:11:21.0347 6552  arc - ok
04:11:21.0369 6552  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
04:11:21.0389 6552  arcsas - ok
04:11:21.0406 6552  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
04:11:21.0450 6552  AsyncMac - ok
04:11:21.0467 6552  [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi           C:\Windows\system32\drivers\atapi.sys
04:11:21.0484 6552  atapi - ok
04:11:21.0537 6552  [ 6C342CE58E8F4A847E407833D6536CE3 ] athrusb         C:\Windows\system32\DRIVERS\athrxusb.sys
04:11:21.0626 6552  athrusb - ok
04:11:21.0673 6552  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
04:11:21.0747 6552  AudioEndpointBuilder - ok
04:11:21.0780 6552  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
04:11:21.0833 6552  AudioSrv - ok
04:11:22.0017 6552  [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
04:11:22.0226 6552  AVGIDSAgent - ok
04:11:22.0287 6552  [ 139BD30C32BEE830D0CF39C5324D79DE ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
04:11:22.0311 6552  AVGIDSDriver - ok
04:11:22.0362 6552  [ 2940FACB6EF92BD1936E4A1E2502468E ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
04:11:22.0379 6552  AVGIDSHA - ok
04:11:22.0442 6552  [ 54B66C4AEEC6C4F742F3569EBA03EBB8 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
04:11:22.0462 6552  Avgldx64 - ok
04:11:22.0479 6552  [ 13667B5D6310228A9FEF2BA5FCD9081F ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
04:11:22.0504 6552  Avgloga - ok
04:11:22.0535 6552  [ BE82F9A1F2CCF4CE746D0C645D94079E ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
04:11:22.0553 6552  Avgmfx64 - ok
04:11:22.0581 6552  [ 5D11620DEF66F9DC9468FEE385A8429B ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
04:11:22.0599 6552  Avgrkx64 - ok
04:11:22.0616 6552  [ 69BD90E337625F96C718CACE7A9C9E29 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
04:11:22.0639 6552  Avgtdia - ok
04:11:22.0714 6552  [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
04:11:22.0733 6552  avgwd - ok
04:11:22.0760 6552  Beep - ok
04:11:22.0816 6552  [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE             C:\Windows\System32\bfe.dll
04:11:22.0856 6552  BFE - ok
04:11:22.0908 6552  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\system32\qmgr.dll
04:11:22.0967 6552  BITS - ok
04:11:23.0004 6552  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
04:11:23.0043 6552  blbdrive - ok
04:11:23.0108 6552  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
04:11:23.0132 6552  Bonjour Service - ok
04:11:23.0183 6552  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
04:11:23.0217 6552  bowser - ok
04:11:23.0237 6552  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
04:11:23.0278 6552  BrFiltLo - ok
04:11:23.0297 6552  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
04:11:23.0325 6552  BrFiltUp - ok
04:11:23.0354 6552  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
04:11:23.0392 6552  Browser - ok
04:11:23.0413 6552  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
04:11:23.0469 6552  Brserid - ok
04:11:23.0490 6552  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
04:11:23.0547 6552  BrSerWdm - ok
04:11:23.0566 6552  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
04:11:23.0623 6552  BrUsbMdm - ok
04:11:23.0648 6552  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
04:11:23.0704 6552  BrUsbSer - ok
04:11:23.0719 6552  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
04:11:23.0782 6552  BTHMODEM - ok
04:11:23.0792 6552  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
04:11:23.0825 6552  cdfs - ok
04:11:23.0844 6552  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
04:11:23.0868 6552  cdrom - ok
04:11:23.0915 6552  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc     C:\Windows\System32\certprop.dll
04:11:23.0937 6552  CertPropSvc - ok
04:11:23.0953 6552  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
04:11:23.0984 6552  circlass - ok
04:11:24.0039 6552  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
04:11:24.0059 6552  CLFS - ok
04:11:24.0170 6552  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:11:24.0182 6552  clr_optimization_v2.0.50727_32 - ok
04:11:24.0237 6552  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:11:24.0254 6552  clr_optimization_v2.0.50727_64 - ok
04:11:24.0363 6552  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:11:24.0379 6552  clr_optimization_v4.0.30319_32 - ok
04:11:24.0408 6552  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:11:24.0423 6552  clr_optimization_v4.0.30319_64 - ok
04:11:24.0438 6552  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
04:11:24.0452 6552  cmdide - ok
04:11:24.0469 6552  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
04:11:24.0483 6552  Compbatt - ok
04:11:24.0489 6552  COMSysApp - ok
04:11:24.0499 6552  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
04:11:24.0515 6552  crcdisk - ok
04:11:24.0572 6552  [ 1B22BC0B71F65001479DAB792C3F626C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
04:11:24.0604 6552  CryptSvc - ok
04:11:24.0632 6552  [ B1C55A95006D621D04FE4A23F86C0A54 ] DCamUSBEMPIA    C:\Windows\system32\DRIVERS\emDevice64.sys
04:11:24.0663 6552  DCamUSBEMPIA - ok
04:11:24.0732 6552  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
04:11:24.0782 6552  DcomLaunch - ok
04:11:24.0842 6552  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
04:11:24.0874 6552  DfsC - ok
04:11:24.0979 6552  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
04:11:25.0112 6552  DFSR - ok
04:11:25.0157 6552  [ A64CC0B5D93F25BF5D052A1FEBE71E68 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
04:11:25.0174 6552  dg_ssudbus - ok
04:11:25.0236 6552  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
04:11:25.0278 6552  Dhcp - ok
04:11:25.0306 6552  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
04:11:25.0326 6552  disk - ok
04:11:25.0356 6552  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
04:11:25.0376 6552  Dnscache - ok
04:11:25.0432 6552  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc         C:\Windows\System32\dot3svc.dll
04:11:25.0469 6552  dot3svc - ok
04:11:25.0494 6552  [ 74C02B1717740C3B8039539E23E4B53F ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
04:11:25.0544 6552  Dot4 - ok
04:11:25.0553 6552  [ 08321D1860235BF42CF2854234337AEA ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
04:11:25.0604 6552  Dot4Print - ok
04:11:25.0633 6552  [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
04:11:25.0672 6552  dot4usb - ok
04:11:25.0701 6552  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
04:11:25.0742 6552  DPS - ok
04:11:25.0775 6552  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
04:11:25.0812 6552  drmkaud - ok
04:11:25.0853 6552  [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
04:11:25.0897 6552  DXGKrnl - ok
04:11:25.0953 6552  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
04:11:25.0995 6552  E1G60 - ok
04:11:26.0021 6552  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
04:11:26.0058 6552  EapHost - ok
04:11:26.0114 6552  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
04:11:26.0134 6552  Ecache - ok
04:11:26.0180 6552  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
04:11:26.0206 6552  ehRecvr - ok
04:11:26.0247 6552  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
04:11:26.0267 6552  ehSched - ok
04:11:26.0276 6552  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
04:11:26.0305 6552  ehstart - ok
04:11:26.0335 6552  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
04:11:26.0360 6552  elxstor - ok
04:11:26.0402 6552  [ 8543BB84CD5872CD1619183F5CBBE3F9 ] emAudio         C:\Windows\system32\drivers\emAudio64.sys
04:11:26.0426 6552  emAudio - ok
04:11:26.0483 6552  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
04:11:26.0507 6552  EMDMgmt - ok
04:11:26.0537 6552  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
04:11:26.0562 6552  ErrDev - ok
04:11:26.0633 6552  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem     C:\Windows\system32\es.dll
04:11:26.0668 6552  EventSystem - ok
04:11:26.0703 6552  [ 486844F47B6636044A42454614ED4523 ] exfat           C:\Windows\system32\drivers\exfat.sys
04:11:26.0740 6552  exfat - ok
04:11:26.0802 6552  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
04:11:26.0839 6552  fastfat - ok
04:11:26.0862 6552  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
04:11:26.0922 6552  fdc - ok
04:11:26.0959 6552  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
04:11:27.0014 6552  fdPHost - ok
04:11:27.0106 6552  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
04:11:27.0167 6552  FDResPub - ok
04:11:27.0235 6552  [ 654A537CF7FE15A41373E85D1167040B ] File Backup     C:\Program Files (x86)\Workspace\offSyncService.exe
04:11:27.0313 6552  File Backup - ok
04:11:27.0336 6552  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
04:11:27.0350 6552  FileInfo - ok
04:11:27.0384 6552  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
04:11:27.0421 6552  Filetrace - ok
04:11:27.0454 6552  [ 73FBB50C4D92ADC30A9D57A269489A0B ] FiltUSBEMPIA    C:\Windows\system32\DRIVERS\emFilter64.sys
04:11:27.0468 6552  FiltUSBEMPIA - ok
04:11:27.0483 6552  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
04:11:27.0518 6552  flpydisk - ok
04:11:27.0559 6552  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
04:11:27.0578 6552  FltMgr - ok
04:11:27.0632 6552  [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache       C:\Windows\system32\FntCache.dll
04:11:27.0685 6552  FontCache - ok
04:11:27.0754 6552  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:11:27.0764 6552  FontCache3.0.0.0 - ok
04:11:27.0786 6552  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
04:11:27.0822 6552  Fs_Rec - ok
04:11:27.0842 6552  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
04:11:27.0863 6552  gagp30kx - ok
04:11:27.0882 6552  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:11:27.0891 6552  GEARAspiWDM - ok
04:11:27.0953 6552  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc           C:\Windows\System32\gpsvc.dll
04:11:27.0986 6552  gpsvc - ok
04:11:28.0113 6552  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:11:28.0126 6552  gupdate - ok
04:11:28.0138 6552  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:11:28.0150 6552  gupdatem - ok
04:11:28.0209 6552  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
04:11:28.0222 6552  gusvc - ok
04:11:28.0265 6552  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
04:11:28.0313 6552  HDAudBus - ok
04:11:28.0330 6552  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
04:11:28.0381 6552  HidBth - ok
04:11:28.0399 6552  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
04:11:28.0454 6552  HidIr - ok
04:11:28.0479 6552  [ 59361D38A297755D46A540E450202B2A ] hidserv         C:\Windows\System32\hidserv.dll
04:11:28.0507 6552  hidserv - ok
04:11:28.0531 6552  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
04:11:28.0558 6552  HidUsb - ok
04:11:28.0594 6552  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
04:11:28.0635 6552  hkmsvc - ok
04:11:28.0683 6552  [ AA9EF0B395097F24D289F64445B2FD2E ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
04:11:28.0692 6552  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
04:11:28.0692 6552  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
04:11:28.0711 6552  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
04:11:28.0724 6552  HpCISSs - ok
04:11:28.0820 6552  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
04:11:28.0827 6552  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
04:11:28.0827 6552  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
04:11:28.0860 6552  [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
04:11:28.0866 6552  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
04:11:28.0866 6552  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
04:11:28.0898 6552  [ 298A6890A7AC415DABB35047D168F13B ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
04:11:28.0921 6552  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
04:11:28.0921 6552  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
04:11:28.0930 6552  HTCAND64 - ok
04:11:28.0977 6552  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
04:11:29.0037 6552  HTTP - ok
04:11:29.0052 6552  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
04:11:29.0068 6552  i2omp - ok
04:11:29.0088 6552  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
04:11:29.0121 6552  i8042prt - ok
04:11:29.0167 6552  [ F79525634B192F5A18DE503568F94EF3 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
04:11:29.0184 6552  IAANTMON - ok
04:11:29.0230 6552  [ 8EACF469269FB1509561961A3188F670 ] iaStor          C:\Windows\system32\drivers\iastor.sys
04:11:29.0252 6552  iaStor - ok
04:11:29.0285 6552  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
04:11:29.0305 6552  iaStorV - ok
04:11:29.0385 6552  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:11:29.0426 6552  idsvc - ok
04:11:29.0646 6552  [ A124C87CD0B39C9E510E138534468383 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
04:11:30.0032 6552  igfx - ok
04:11:30.0066 6552  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
04:11:30.0083 6552  iirsp - ok
04:11:30.0137 6552  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
04:11:30.0169 6552  IKEEXT - ok
04:11:30.0233 6552  [ 1EDAB7F9B9DE4424BECCDEF950CE2FF0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
04:11:30.0322 6552  IntcAzAudAddService - ok
04:11:30.0345 6552  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
04:11:30.0358 6552  intelide - ok
04:11:30.0379 6552  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
04:11:30.0417 6552  intelppm - ok
04:11:30.0439 6552  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
04:11:30.0496 6552  IPBusEnum - ok
04:11:30.0549 6552  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:11:30.0614 6552  IpFilterDriver - ok
04:11:30.0671 6552  [ BF0DBFA9792C5C14FA00F61C75116C1B ] IpHlpSvc        C:\Windows\System32\iphlpsvc.dll
04:11:30.0700 6552  IpHlpSvc - ok
04:11:30.0705 6552  IpInIp - ok
04:11:30.0731 6552  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
04:11:30.0768 6552  IPMIDRV - ok
04:11:30.0794 6552  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
04:11:30.0841 6552  IPNAT - ok
04:11:30.0893 6552  [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
04:11:30.0924 6552  iPod Service - ok
04:11:30.0937 6552  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
04:11:30.0970 6552  IRENUM - ok
04:11:30.0994 6552  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
04:11:31.0006 6552  isapnp - ok
04:11:31.0040 6552  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
04:11:31.0060 6552  iScsiPrt - ok
04:11:31.0073 6552  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
04:11:31.0087 6552  iteatapi - ok
04:11:31.0110 6552  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
04:11:31.0125 6552  iteraid - ok
04:11:31.0149 6552  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
04:11:31.0162 6552  kbdclass - ok
04:11:31.0189 6552  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
04:11:31.0216 6552  kbdhid - ok
04:11:31.0251 6552  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
04:11:31.0268 6552  KeyIso - ok
04:11:31.0325 6552  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
04:11:31.0362 6552  KSecDD - ok
04:11:31.0371 6552  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
04:11:31.0413 6552  ksthunk - ok
04:11:31.0452 6552  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
04:11:31.0497 6552  KtmRm - ok
04:11:31.0567 6552  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\System32\srvsvc.dll
04:11:31.0588 6552  LanmanServer - ok
04:11:31.0619 6552  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
04:11:31.0651 6552  LanmanWorkstation - ok
04:11:31.0700 6552  [ DFEFF67508D3A9AEB1A85D7B0F513B24 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
04:11:31.0708 6552  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
04:11:31.0708 6552  LightScribeService - detected UnsignedFile.Multi.Generic (1)
04:11:31.0722 6552  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
04:11:31.0758 6552  lltdio - ok
04:11:31.0792 6552  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
04:11:31.0891 6552  lltdsvc - ok
04:11:31.0932 6552  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
04:11:31.0975 6552  lmhosts - ok
04:11:31.0995 6552  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
04:11:32.0016 6552  LSI_FC - ok
04:11:32.0073 6552  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
04:11:32.0089 6552  LSI_SAS - ok
04:11:32.0136 6552  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
04:11:32.0153 6552  LSI_SCSI - ok
04:11:32.0184 6552  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
04:11:32.0224 6552  luafv - ok
04:11:32.0253 6552  [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus       C:\Windows\system32\DRIVERS\MarvinBus64.sys
04:11:32.0290 6552  MarvinBus - ok
04:11:32.0297 6552  MCSTRM - ok
04:11:32.0312 6552  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2svc.dll
04:11:32.0333 6552  Mcx2Svc - ok
04:11:32.0355 6552  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
04:11:32.0371 6552  megasas - ok
04:11:32.0411 6552  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
04:11:32.0445 6552  MegaSR - ok
04:11:32.0465 6552  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
04:11:32.0504 6552  MMCSS - ok
04:11:32.0516 6552  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
04:11:32.0553 6552  Modem - ok
04:11:32.0569 6552  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
04:11:32.0611 6552  monitor - ok
04:11:32.0627 6552  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
04:11:32.0644 6552  mouclass - ok
04:11:32.0651 6552  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
04:11:32.0693 6552  mouhid - ok
04:11:32.0703 6552  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
04:11:32.0721 6552  MountMgr - ok
04:11:32.0749 6552  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
04:11:32.0765 6552  mpio - ok
04:11:32.0812 6552  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
04:11:32.0843 6552  mpsdrv - ok
04:11:32.0916 6552  [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc          C:\Windows\system32\mpssvc.dll
04:11:32.0964 6552  MpsSvc - ok
04:11:32.0987 6552  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
04:11:33.0000 6552  Mraid35x - ok
04:11:33.0054 6552  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
04:11:33.0081 6552  MRxDAV - ok
04:11:33.0119 6552  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
04:11:33.0152 6552  mrxsmb - ok
04:11:33.0222 6552  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:11:33.0241 6552  mrxsmb10 - ok
04:11:33.0257 6552  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:11:33.0283 6552  mrxsmb20 - ok
04:11:33.0299 6552  [ 1AC860612B85D8E85EE257D372E39F4D ] msahci          C:\Windows\system32\drivers\msahci.sys
04:11:33.0315 6552  msahci - ok
04:11:33.0340 6552  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
04:11:33.0356 6552  msdsm - ok
04:11:33.0401 6552  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
04:11:33.0452 6552  MSDTC - ok
04:11:33.0481 6552  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
04:11:33.0519 6552  Msfs - ok
04:11:33.0536 6552  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
04:11:33.0550 6552  msisadrv - ok
04:11:33.0590 6552  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
04:11:33.0624 6552  MSiSCSI - ok
04:11:33.0681 6552  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
04:11:33.0712 6552  MSKSSRV - ok
04:11:33.0726 6552  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
04:11:33.0756 6552  MSPCLOCK - ok
04:11:33.0762 6552  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
04:11:33.0793 6552  MSPQM - ok
04:11:33.0836 6552  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
04:11:33.0855 6552  MsRPC - ok
04:11:33.0868 6552  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
04:11:33.0880 6552  mssmbios - ok
04:11:33.0892 6552  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
04:11:33.0924 6552  MSTEE - ok
04:11:33.0940 6552  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup             C:\Windows\system32\Drivers\mup.sys
04:11:33.0953 6552  Mup - ok
04:11:33.0975 6552  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
04:11:34.0004 6552  napagent - ok
04:11:34.0032 6552  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
04:11:34.0053 6552  NativeWifiP - ok
04:11:34.0087 6552  NAVENG - ok
04:11:34.0093 6552  NAVEX15 - ok
04:11:34.0159 6552  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
04:11:34.0197 6552  NDIS - ok
04:11:34.0202 6552  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
04:11:34.0231 6552  NdisTapi - ok
04:11:34.0254 6552  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
04:11:34.0292 6552  Ndisuio - ok
04:11:34.0339 6552  [ F8158771905260982CE724076419EF19 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
04:11:34.0363 6552  NdisWan - ok
04:11:34.0369 6552  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
04:11:34.0399 6552  NDProxy - ok
04:11:34.0454 6552  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
04:11:34.0459 6552  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
04:11:34.0460 6552  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
04:11:34.0470 6552  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
04:11:34.0502 6552  NetBIOS - ok
04:11:34.0563 6552  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
04:11:34.0589 6552  netbt - ok
04:11:34.0595 6552  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
04:11:34.0616 6552  Netlogon - ok
04:11:34.0647 6552  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
04:11:34.0696 6552  Netman - ok
04:11:34.0731 6552  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
04:11:34.0768 6552  netprofm - ok
04:11:34.0790 6552  [ A011AC63B12FD7F7C022DF676CB01711 ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys
04:11:34.0824 6552  netr7364 - ok
04:11:34.0889 6552  [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:11:34.0903 6552  NetTcpPortSharing - ok
04:11:34.0931 6552  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
04:11:34.0944 6552  nfrd960 - ok
04:11:34.0965 6552  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
04:11:34.0998 6552  NlaSvc - ok
04:11:35.0050 6552  [ C31FA031335EFF434B2D94278E74BCCE ] NPF             C:\Windows\system32\drivers\npf.sys
04:11:35.0061 6552  NPF - ok
04:11:35.0104 6552  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
04:11:35.0126 6552  Npfs - ok
04:11:35.0132 6552  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
04:11:35.0164 6552  nsi - ok
04:11:35.0180 6552  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
04:11:35.0218 6552  nsiproxy - ok
04:11:35.0291 6552  [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
04:11:35.0345 6552  Ntfs - ok
04:11:35.0391 6552  [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
04:11:35.0404 6552  NuidFltr - ok
04:11:35.0418 6552  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
04:11:35.0457 6552  Null - ok
04:11:35.0482 6552  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
04:11:35.0499 6552  nvraid - ok
04:11:35.0518 6552  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
04:11:35.0530 6552  nvstor - ok
04:11:35.0546 6552  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
04:11:35.0560 6552  nv_agp - ok
04:11:35.0565 6552  NwlnkFlt - ok
04:11:35.0572 6552  NwlnkFwd - ok
04:11:35.0638 6552  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
04:11:35.0658 6552  odserv - ok
04:11:35.0708 6552  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
04:11:35.0732 6552  ohci1394 - ok
04:11:35.0785 6552  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:11:35.0799 6552  ose - ok
04:11:35.0858 6552  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
04:11:35.0938 6552  p2pimsvc - ok
04:11:35.0965 6552  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
04:11:35.0993 6552  p2psvc - ok
04:11:36.0045 6552  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
04:11:36.0102 6552  Parport - ok
04:11:36.0148 6552  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
04:11:36.0165 6552  partmgr - ok
04:11:36.0184 6552  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
04:11:36.0221 6552  PcaSvc - ok
04:11:36.0304 6552  [ 51209FBDB13A46E05C1B0077A9310264 ] PCDSRVC{F36B3A4C-F95654BD-06000000}_0 c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
04:11:36.0324 6552  PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
04:11:36.0342 6552  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci             C:\Windows\system32\drivers\pci.sys
04:11:36.0366 6552  pci - ok
04:11:36.0381 6552  [ 8D618C829034479985A9ED56106CC732 ] pciide          C:\Windows\system32\drivers\pciide.sys
04:11:36.0398 6552  pciide - ok
04:11:36.0422 6552  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
04:11:36.0459 6552  pcmcia - ok
04:11:36.0504 6552  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
04:11:36.0598 6552  PEAUTH - ok
04:11:36.0686 6552  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
04:11:36.0731 6552  PerfHost - ok
04:11:36.0785 6552  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
04:11:36.0859 6552  pla - ok
04:11:36.0921 6552  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
04:11:36.0947 6552  PlugPlay - ok
04:11:37.0083 6552  [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
04:11:37.0099 6552  PMBDeviceInfoProvider - ok
04:11:37.0169 6552  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
04:11:37.0174 6552  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
04:11:37.0175 6552  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
04:11:37.0234 6552  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
04:11:37.0262 6552  PNRPAutoReg - ok
04:11:37.0300 6552  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc         C:\Windows\system32\p2psvc.dll
04:11:37.0333 6552  PNRPsvc - ok
04:11:37.0396 6552  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
04:11:37.0431 6552  PolicyAgent - ok
04:11:37.0475 6552  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
04:11:37.0501 6552  PptpMiniport - ok
04:11:37.0525 6552  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\drivers\processr.sys
04:11:37.0577 6552  Processor - ok
04:11:37.0620 6552  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc         C:\Windows\system32\profsvc.dll
04:11:37.0645 6552  ProfSvc - ok
04:11:37.0675 6552  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
04:11:37.0688 6552  ProtectedStorage - ok
04:11:37.0740 6552  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
04:11:37.0763 6552  PSched - ok
04:11:37.0810 6552  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
04:11:37.0877 6552  ql2300 - ok
04:11:37.0900 6552  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
04:11:37.0916 6552  ql40xx - ok
04:11:37.0946 6552  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
04:11:37.0971 6552  QWAVE - ok
04:11:37.0991 6552  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
04:11:38.0014 6552  QWAVEdrv - ok
04:11:38.0024 6552  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
04:11:38.0068 6552  RasAcd - ok
04:11:38.0081 6552  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
04:11:38.0113 6552  RasAuto - ok
04:11:38.0128 6552  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
04:11:38.0182 6552  Rasl2tp - ok
04:11:38.0225 6552  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
04:11:38.0253 6552  RasMan - ok
04:11:38.0271 6552  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
04:11:38.0296 6552  RasPppoe - ok
04:11:38.0326 6552  [ C6A593B51F34C33E5474539544072527 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
04:11:38.0360 6552  RasSstp - ok
04:11:38.0401 6552  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
04:11:38.0434 6552  rdbss - ok
04:11:38.0451 6552  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
04:11:38.0498 6552  RDPCDD - ok
04:11:38.0531 6552  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
04:11:38.0566 6552  rdpdr - ok
04:11:38.0571 6552  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
04:11:38.0604 6552  RDPENCDD - ok
04:11:38.0639 6552  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
04:11:38.0663 6552  RDPWD - ok
04:11:38.0686 6552  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
04:11:38.0718 6552  RemoteAccess - ok
04:11:38.0780 6552  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
04:11:38.0806 6552  RemoteRegistry - ok
04:11:38.0876 6552  [ A780D3EAA74582EA1DEB6BD9C7A3D9C9 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
04:11:38.0887 6552  rpcapd - ok
04:11:38.0913 6552  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
04:11:38.0937 6552  RpcLocator - ok
04:11:39.0005 6552  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs           C:\Windows\system32\rpcss.dll
04:11:39.0044 6552  RpcSs - ok
04:11:39.0078 6552  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
04:11:39.0120 6552  rspndr - ok
04:11:39.0146 6552  [ D53C84EC99AB4D78A90001E5CE5386EC ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
04:11:39.0194 6552  RTL8169 - ok
04:11:39.0217 6552  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs           C:\Windows\system32\lsass.exe
04:11:39.0239 6552  SamSs - ok
04:11:39.0256 6552  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
04:11:39.0271 6552  sbp2port - ok
04:11:39.0295 6552  [ EECBBF7D76300E5558D316983961FFC1 ] ScanUSBEMPIA    C:\Windows\system32\DRIVERS\emScan64.sys
04:11:39.0315 6552  ScanUSBEMPIA - ok
04:11:39.0374 6552  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
04:11:39.0411 6552  SCardSvr - ok
04:11:39.0482 6552  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
04:11:39.0563 6552  Schedule - ok
04:11:39.0590 6552  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc     C:\Windows\System32\certprop.dll
04:11:39.0625 6552  SCPolicySvc - ok
04:11:39.0658 6552  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
04:11:39.0732 6552  SDRSVC - ok
04:11:39.0745 6552  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
04:11:39.0806 6552  secdrv - ok
04:11:39.0816 6552  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
04:11:39.0860 6552  seclogon - ok
04:11:39.0869 6552  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\system32\sens.dll
04:11:39.0919 6552  SENS - ok
04:11:39.0933 6552  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum         C:\Windows\system32\drivers\serenum.sys
04:11:39.0996 6552  Serenum - ok
04:11:40.0014 6552  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
04:11:40.0079 6552  Serial - ok
04:11:40.0098 6552  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
04:11:40.0145 6552  sermouse - ok
04:11:40.0177 6552  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
04:11:40.0225 6552  SessionEnv - ok
04:11:40.0247 6552  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
04:11:40.0295 6552  sffdisk - ok
04:11:40.0313 6552  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
04:11:40.0347 6552  sffp_mmc - ok
04:11:40.0370 6552  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
04:11:40.0437 6552  sffp_sd - ok
04:11:40.0463 6552  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
04:11:40.0533 6552  sfloppy - ok
04:11:40.0579 6552  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
04:11:40.0628 6552  SharedAccess - ok
04:11:40.0696 6552  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
04:11:40.0742 6552  ShellHWDetection - ok
04:11:40.0763 6552  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
04:11:40.0778 6552  SiSRaid2 - ok
04:11:40.0799 6552  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
04:11:40.0814 6552  SiSRaid4 - ok
04:11:40.0910 6552  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc           C:\Windows\system32\SLsvc.exe
04:11:40.0998 6552  slsvc - ok
04:11:41.0036 6552  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
04:11:41.0073 6552  SLUINotify - ok
04:11:41.0095 6552  [ 327383124D31AC398B98F4AE300421E8 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
04:11:41.0106 6552  SmartDefragDriver - ok
04:11:41.0128 6552  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
04:11:41.0160 6552  Smb - ok
04:11:41.0209 6552  [ 9E1A0615CE9B0C418E6D473D205D9A67 ] SndTAudio       C:\Windows\system32\drivers\SndTAudio.sys
04:11:41.0219 6552  SndTAudio - ok
04:11:41.0246 6552  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
04:11:41.0270 6552  SNMPTRAP - ok
04:11:41.0298 6552  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr           C:\Windows\system32\drivers\spldr.sys
04:11:41.0311 6552  spldr - ok
04:11:41.0350 6552  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler         C:\Windows\System32\spoolsv.exe
04:11:41.0385 6552  Spooler - ok
04:11:41.0389 6552  SRTSP - ok
04:11:41.0397 6552  SRTSPX - ok
04:11:41.0433 6552  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv             C:\Windows\system32\DRIVERS\srv.sys
04:11:41.0478 6552  srv - ok
04:11:41.0531 6552  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
04:11:41.0557 6552  srv2 - ok
04:11:41.0619 6552  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
04:11:41.0643 6552  srvnet - ok
04:11:41.0663 6552  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
04:11:41.0703 6552  SSDPSRV - ok
04:11:41.0719 6552  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
04:11:41.0744 6552  SstpSvc - ok
04:11:41.0780 6552  [ A3DB02B3FE0884E9167E457D167C8A73 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
04:11:41.0794 6552  ssudmdm - ok
04:11:41.0846 6552  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
04:11:41.0879 6552  stisvc - ok
04:11:41.0912 6552  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
04:11:41.0923 6552  swenum - ok
04:11:41.0974 6552  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv           C:\Windows\System32\swprv.dll
04:11:42.0023 6552  swprv - ok
04:11:42.0048 6552  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
04:11:42.0065 6552  Symc8xx - ok
04:11:42.0091 6552  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
04:11:42.0106 6552  Sym_hi - ok
04:11:42.0130 6552  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
04:11:42.0144 6552  Sym_u3 - ok
04:11:42.0216 6552  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain         C:\Windows\system32\sysmain.dll
04:11:42.0275 6552  SysMain - ok
04:11:42.0299 6552  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
04:11:42.0315 6552  TabletInputService - ok
04:11:42.0365 6552  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv         C:\Windows\System32\tapisrv.dll
04:11:42.0392 6552  TapiSrv - ok
04:11:42.0407 6552  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
04:11:42.0437 6552  TBS - ok
04:11:42.0504 6552  [ C7C60777592EEF169A11647AAE7A91C3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
04:11:42.0580 6552  Tcpip - ok
04:11:42.0621 6552  [ C7C60777592EEF169A11647AAE7A91C3 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
04:11:42.0666 6552  Tcpip6 - ok
04:11:42.0726 6552  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
04:11:42.0749 6552  tcpipreg - ok
04:11:42.0768 6552  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
04:11:42.0818 6552  TDPIPE - ok
04:11:42.0838 6552  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
04:11:42.0884 6552  TDTCP - ok
04:11:42.0931 6552  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
04:11:42.0955 6552  tdx - ok
04:11:42.0984 6552  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
04:11:42.0998 6552  TermDD - ok
04:11:43.0051 6552  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService     C:\Windows\System32\termsrv.dll
04:11:43.0103 6552  TermService - ok
04:11:43.0138 6552  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
04:11:43.0165 6552  Themes - ok
04:11:43.0189 6552  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
04:11:43.0221 6552  THREADORDER - ok
04:11:43.0227 6552  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
04:11:43.0263 6552  TrkWks - ok
04:11:43.0313 6552  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
04:11:43.0336 6552  TrustedInstaller - ok
04:11:43.0357 6552  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
04:11:43.0388 6552  tssecsrv - ok
04:11:43.0405 6552  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
04:11:43.0419 6552  tunmp - ok
04:11:43.0469 6552  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
04:11:43.0483 6552  tunnel - ok
04:11:43.0503 6552  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
04:11:43.0524 6552  uagp35 - ok
04:11:43.0569 6552  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
04:11:43.0598 6552  udfs - ok
04:11:43.0611 6552  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
04:11:43.0669 6552  UI0Detect - ok
04:11:43.0689 6552  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
04:11:43.0705 6552  uliagpkx - ok
04:11:43.0739 6552  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
04:11:43.0758 6552  uliahci - ok
04:11:43.0780 6552  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
04:11:43.0802 6552  UlSata - ok
04:11:43.0823 6552  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
04:11:43.0838 6552  ulsata2 - ok
04:11:43.0860 6552  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
04:11:43.0896 6552  umbus - ok
04:11:43.0924 6552  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
04:11:43.0965 6552  upnphost - ok
04:11:44.0030 6552  [ 9E58997A211C8C9AC9E6CFFA53614A73 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
04:11:44.0037 6552  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
04:11:44.0037 6552  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
04:11:44.0069 6552  [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
04:11:44.0095 6552  usbaudio - ok
04:11:44.0115 6552  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
04:11:44.0149 6552  usbccgp - ok
04:11:44.0164 6552  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
04:11:44.0219 6552  usbcir - ok
04:11:44.0241 6552  [ 827E44DE934A736EA31E91D353EB126F ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
04:11:44.0265 6552  usbehci - ok
04:11:44.0286 6552  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
04:11:44.0317 6552  usbhub - ok
04:11:44.0332 6552  [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
04:11:44.0391 6552  usbohci - ok
04:11:44.0418 6552  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
04:11:44.0449 6552  usbprint - ok
04:11:44.0467 6552  [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
04:11:44.0492 6552  usbscan - ok
04:11:44.0504 6552  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:11:44.0534 6552  USBSTOR - ok
04:11:44.0554 6552  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
04:11:44.0578 6552  usbuhci - ok
04:11:44.0593 6552  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms           C:\Windows\System32\uxsms.dll
04:11:44.0617 6552  UxSms - ok
04:11:44.0670 6552  [ 294945381DFA7CE58CECF0A9896AF327 ] vds             C:\Windows\System32\vds.exe
04:11:44.0701 6552  vds - ok
04:11:44.0724 6552  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
04:11:44.0753 6552  vga - ok
04:11:44.0772 6552  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
04:11:44.0803 6552  VgaSave - ok
04:11:44.0815 6552  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
04:11:44.0829 6552  viaide - ok
04:11:44.0852 6552  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
04:11:44.0870 6552  volmgr - ok
04:11:44.0925 6552  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
04:11:44.0952 6552  volmgrx - ok
04:11:45.0004 6552  [ 582F710097B46140F5A89A19A6573D4B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
04:11:45.0028 6552  volsnap - ok
04:11:45.0050 6552  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
04:11:45.0068 6552  vsmraid - ok
04:11:45.0134 6552  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS             C:\Windows\system32\vssvc.exe
04:11:45.0211 6552  VSS - ok
04:11:45.0298 6552  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time         C:\Windows\system32\w32time.dll
04:11:45.0381 6552  W32Time - ok
04:11:45.0411 6552  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
04:11:45.0483 6552  WacomPen - ok
04:11:45.0530 6552  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
04:11:45.0564 6552  Wanarp - ok
04:11:45.0570 6552  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
04:11:45.0602 6552  Wanarpv6 - ok
04:11:45.0621 6552  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
04:11:45.0691 6552  wcncsvc - ok
04:11:45.0732 6552  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
04:11:45.0761 6552  WcsPlugInService - ok
04:11:45.0786 6552  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
04:11:45.0801 6552  Wd - ok
04:11:45.0828 6552  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
04:11:45.0849 6552  WDC_SAM - ok
04:11:45.0914 6552  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
04:11:45.0963 6552  Wdf01000 - ok
04:11:45.0971 6552  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
04:11:46.0022 6552  WdiServiceHost - ok
04:11:46.0028 6552  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
04:11:46.0078 6552  WdiSystemHost - ok
04:11:46.0110 6552  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient       C:\Windows\System32\webclnt.dll
04:11:46.0133 6552  WebClient - ok
04:11:46.0168 6552  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
04:11:46.0207 6552  Wecsvc - ok
04:11:46.0226 6552  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
04:11:46.0322 6552  wercplsupport - ok
04:11:46.0334 6552  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
04:11:46.0378 6552  WerSvc - ok
04:11:46.0415 6552  WinDefend - ok
04:11:46.0456 6552  WinHttpAutoProxySvc - ok
04:11:46.0535 6552  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
04:11:46.0569 6552  Winmgmt - ok
04:11:46.0633 6552  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM           C:\Windows\system32\WsmSvc.dll
04:11:46.0720 6552  WinRM - ok
04:11:46.0818 6552  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
04:11:46.0848 6552  WinUSB - ok
04:11:46.0876 6552  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc         C:\Windows\System32\wlansvc.dll
04:11:46.0928 6552  Wlansvc - ok
04:11:47.0042 6552  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
04:11:47.0119 6552  wlidsvc - ok
04:11:47.0155 6552  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
04:11:47.0167 6552  WmiAcpi - ok
04:11:47.0224 6552  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
04:11:47.0252 6552  wmiApSrv - ok
04:11:47.0268 6552  WMPNetworkSvc - ok
04:11:47.0305 6552  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
04:11:47.0419 6552  WPCSvc - ok
04:11:47.0479 6552  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
04:11:47.0499 6552  WPDBusEnum - ok
04:11:47.0525 6552  [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
04:11:47.0539 6552  WpdUsb - ok
04:11:47.0665 6552  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
04:11:47.0721 6552  WPFFontCache_v0400 - ok
04:11:47.0754 6552  [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc          C:\Windows\system32\wscsvc.dll
04:11:47.0791 6552  wscsvc - ok
04:11:47.0796 6552  WSearch - ok
04:11:47.0858 6552  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
04:11:47.0971 6552  wuauserv - ok
04:11:48.0020 6552  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
04:11:48.0068 6552  WudfPf - ok
04:11:48.0114 6552  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
04:11:48.0135 6552  WUDFRd - ok
04:11:48.0165 6552  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
04:11:48.0183 6552  wudfsvc - ok
04:11:48.0226 6552  ================ Scan global ===============================
04:11:48.0256 6552  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
04:11:48.0312 6552  [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
04:11:48.0337 6552  [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
04:11:48.0390 6552  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
04:11:48.0406 6552  [Global] - ok
04:11:48.0410 6552  ================ Scan MBR ==================================
04:11:48.0421 6552  [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
04:11:48.0834 6552  \Device\Harddisk0\DR0 - ok
04:11:48.0834 6552  ================ Scan VBR ==================================
04:11:48.0840 6552  [ 2756B6634213B5946D6AECEEA6370F9A ] \Device\Harddisk0\DR0\Partition1
04:11:48.0842 6552  \Device\Harddisk0\DR0\Partition1 - ok
04:11:48.0873 6552  [ F3F30DDF057F9C3B52744952A80AC89E ] \Device\Harddisk0\DR0\Partition2
04:11:48.0874 6552  \Device\Harddisk0\DR0\Partition2 - ok
04:11:48.0875 6552  ============================================================
04:11:48.0875 6552  Scan finished
04:11:48.0875 6552  ============================================================
04:11:48.0899 6488  Detected object count: 9
04:11:48.0899 6488  Actual detected object count: 9
 



#14 olopezpi

olopezpi
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:06 PM

Posted 14 June 2013 - 03:20 AM

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : TPG [Admin rights]
Mode : Remove -- Date : 06/14/2013 04:19:04
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] workspaceupdate.exe -- C:\Users\TPG\AppData\Local\Workspace\workspaceupdate.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Starfield Updater ("C:\Users\TPG\AppData\Local\Workspace\WorkspaceUpdate.exe") [7] -> DELETED
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe  -> DELETED
[TASK][ROGUE ST] 4416 : wscript.exe C:\Users\TPG\AppData\Local\Temp\launchie.vbs //B -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] bc6543e7e53b75787d0a4900325c5aef
[BSP] 6bb57ef0c5124bec07baeba0129ed0bd : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 596334 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1221293430 | Size: 14143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1:  +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2:  +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3:  +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4:  +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_06142013_02d0419.txt >>
RKreport[1]_S_06142013_02d0417.txt ; RKreport[2]_D_06142013_02d0419.txt



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:06 PM

Posted 14 June 2013 - 08:53 AM


Hello olopezpi

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users