Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

RootKit [Solved]

Started by soggywaffles , May 03 2012 01:18 AM

  • This topic is locked This topic is locked

#1
soggywaffles
Posted 03 May 2012 - 01:18 AM

soggywaffles

    Member

  • Member
  • PipPip
  • 45 posts
Hello,

I have just ran Malwarebytes and discovered RootKit.0access.H. I also have been experiencing typical rootkit symptoms like redirecting my Google searches to a website named Happili.

I would appreciate any help towards fixing this issue.

Thank you.

OTL logfile created on: 5/3/2012 2:13:33 AM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Owner\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.89 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 53.23% Memory free
5.78 Gb Paging File | 4.01 Gb Available in Paging File | 69.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119.14 Gb Total Space | 17.92 Gb Free Space | 15.04% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - \\.\globalroot\SystemRoot\system32\svchost.exe ()
PRC - C:\Windows\System32\PING.EXE (Microsoft Corporation)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cbfdbf9ed05f520f449102c086841ac4\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8e47bcd69923f39c010b285d0681b795\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\cdc38572fd6c34cb3033fb419eff3639\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\c06a0517281bb4a9c7fcaeb58d38cd63\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll ()
MOD - \\?\globalroot\systemroot\system32\mswsock.DLL ()
MOD - \\.\globalroot\systemroot\system32\mswsock.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()


========== Win32 Services (SafeList) ==========

SRV - (zpnodecollector) -- %systemroot%\system32\atikmdag.dll File not found
SRV - (z800bus) -- %systemroot%\system32\HPFXBULK.dll File not found
SRV - (WmaCDriverV32) -- %systemroot%\system32\odserv.dll File not found
SRV - (WLAN_USB) -- %systemroot%\system32\audstub.dll File not found
SRV - (wintab32) -- %systemroot%\system32\sr_watchdog.dll File not found
SRV - (websenserealtimeanalyzer) -- %systemroot%\system32\PBADRV.dll File not found
SRV - (W55U01) -- %systemroot%\system32\fsbwsys.dll File not found
SRV - (umxfwhlp) -- %systemroot%\system32\sshrmd.dll File not found
SRV - (TMBMServer) -- %systemroot%\system32\USBDeviceService.dll File not found
SRV - (SRS_SSCFilter) -- %systemroot%\system32\NTIDrvr.dll File not found
SRV - (snoopfreesvc) -- %systemroot%\system32\wpdusb.dll File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (s117unic) -- %systemroot%\system32\smservaz.dll File not found
SRV - (puscsrvc) -- %systemroot%\system32\W8335XP.dll File not found
SRV - (pepifilter) -- %systemroot%\system32\FETNDIS.dll File not found
SRV - (pdscheduler) -- %systemroot%\system32\starwindservice.dll File not found
SRV - (OpcEnum) -- C:\Windows\system32\OpcEnum.exe File not found
SRV - (NWHOST) -- %systemroot%\system32\PhilCam8116_XP.dll File not found
SRV - (naveng) -- %systemroot%\system32\PGPdisk.dll File not found
SRV - (MSFWHLPR) -- %systemroot%\system32\kservice.dll File not found
SRV - (mcp) -- %systemroot%\system32\tvtpktfilter.dll File not found
SRV - (MASPINT) -- %systemroot%\system32\tbhsd.dll File not found
SRV - (LHidFilt) -- %systemroot%\system32\vgasave.dll File not found
SRV - (hibernation) -- %systemroot%\system32\nipsvc.dll File not found
SRV - (GVCplDrv) -- %systemroot%\system32\GTWModem.dll File not found
SRV - (GoBack2K) -- %systemroot%\system32\tsscoreservice.dll File not found
SRV - (djsnetcn) -- %systemroot%\system32\w810obex.dll File not found
SRV - (CX88ENC) -- %systemroot%\system32\cfosspeed.dll File not found
SRV - (CTDevice_Srv) -- %systemroot%\system32\w200bus.dll File not found
SRV - (CTAudSvcService) -- %systemroot%\system32\marvinbus.dll File not found
SRV - (cqmgstor) -- %systemroot%\system32\VRcore.dll File not found
SRV - (backupexecnotificationserver) -- %systemroot%\system32\roxupnpserver.dll File not found
SRV - (aswmon2) -- %systemroot%\system32\eskerlicensecontrol.dll File not found
SRV - (armoucfltr) -- %systemroot%\system32\hsvcmod.dll File not found
SRV - (alertservice) -- %systemroot%\system32\asp.net_2.0.50727.dll File not found
SRV - (acnusvc) -- %systemroot%\system32\marvinbus.dll File not found
SRV - (ac97intc) -- %systemroot%\system32\WBHWDOCT.dll File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SNPSTD3) -- C:\Windows\System32\pdlndldl.dll (Oak Technology Inc.)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)


========== Driver Services (SafeList) ==========

DRV - (mcdbus) -- system32\DRIVERS\mcdbus.sys File not found
DRV - (cpuz132) -- C:\Users\Owner\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (XilinxPC4Driver) -- C:\Windows\System32\drivers\xpc4drvr.sys (Xilinx, Inc.)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (dmodusb) -- C:\Windows\System32\drivers\dmodusb.sys (Windows ® Codename Longhorn DDK provider)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vbx.my-web-search.com/?hp=df
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 0A B2 5A D9 E9 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=BBLN&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/27 20:30:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/10 01:18:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/07 02:20:10 | 000,000,000 | ---D | M]

[2010/03/12 03:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2012/01/08 23:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\fsbo4cgu.default\extensions
[2010/10/02 01:35:05 | 000,001,832 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fsbo4cgu.default\searchplugins\bing.xml
[2011/03/26 11:10:09 | 000,001,581 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fsbo4cgu.default\searchplugins\web-search.xml
[2012/04/11 18:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/11 18:55:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/27 20:30:37 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FSBO4CGU.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012/01/10 01:18:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/11 18:55:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 04:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011/10/03 02:55:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/13 14:22:42 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: vshare plugin = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [fklogger.exe] C:\Program Files\FKRMonitor\fklogger.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [NIRegistrationWizard] C:\Program Files\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 1033 File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000051 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000052 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000053 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000054 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000055 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000056 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000057 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000058 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000059 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000060 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000061 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000062 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000063 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000064 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000065 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000066 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000067 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000068 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000069 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000070 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000071 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000072 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000073 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000074 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000075 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000076 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000077 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000078 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000079 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000080 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000081 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000082 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000083 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000084 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000085 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000086 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000087 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000088 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000089 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000090 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000091 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000092 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000093 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000094 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000095 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000096 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000097 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000098 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000099 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000100 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000101 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000102 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000103 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000104 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000105 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000106 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000107 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000108 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000109 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000110 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000111 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000112 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000113 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000114 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000115 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000116 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000117 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000118 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000119 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000120 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000121 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000122 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000123 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000124 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000125 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000126 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000127 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000128 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000129 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000130 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000131 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000132 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000133 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000134 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000135 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000136 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000137 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000138 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000139 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000140 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000141 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000142 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000143 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000144 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000145 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000146 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000147 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000148 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000149 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000150 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000151 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000152 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000153 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000154 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000155 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000156 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000157 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000158 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000159 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000160 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000161 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000162 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000163 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000164 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000165 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000166 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000167 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000168 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000169 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000170 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000171 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000172 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000173 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000174 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000175 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000176 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000177 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000178 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000179 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000180 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000181 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000182 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000183 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000184 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000185 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000186 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000187 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000188 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000189 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000190 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000191 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000192 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000193 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000194 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000195 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000196 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000197 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000198 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000199 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000200 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000201 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000202 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000203 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000204 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000205 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000206 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000207 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000208 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000209 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000210 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000211 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000212 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000213 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000214 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000215 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000216 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000217 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000218 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000219 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000220 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000221 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000222 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000223 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000224 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000225 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000226 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000227 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000228 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000229 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000230 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000231 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000232 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000233 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000234 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000235 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000236 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000237 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000238 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000239 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000240 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000241 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000242 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000243 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000244 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000245 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000246 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000247 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000248 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000249 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000250 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000251 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000252 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000253 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000254 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000255 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000256 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000257 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000258 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30E4E763-A1D6-456B-A86F-BBC36437D97F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{397601E4-C76C-4088-AAB4-55D628077666}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8e102722-2d9f-11e0-b6cf-d5b371c26b71}\Shell - "" = AutoRun
O33 - MountPoints2\{8e102722-2d9f-11e0-b6cf-d5b371c26b71}\Shell\AutoRun\command - "" = E:\autorun.bat
O33 - MountPoints2\{b953d2a5-2dab-11df-b83f-0024e8d7ee92}\Shell - "" = AutoRun
O33 - MountPoints2\{b953d2a5-2dab-11df-b83f-0024e8d7ee92}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/05/03 01:53:33 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/05/02 00:55:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\XBMC
[2012/05/02 00:54:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
[2012/05/02 00:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\XBMC
[2012/04/26 00:54:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/26 00:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/26 00:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/14 02:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/14 02:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/14 02:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/04/14 02:37:38 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/04/11 18:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/09 12:42:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\project2
[2012/04/08 23:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OrCAD 16.2
[2012/04/08 22:23:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\mfcdlls
[2012/04/08 22:22:00 | 000,000,000 | ---D | C] -- C:\OrCAD
[2012/04/08 22:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Business Objects
[2012/04/08 22:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2012/04/08 22:14:09 | 000,000,000 | ---D | C] -- C:\OrCAD_Data
[2012/04/08 22:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cadence
[2012/04/08 22:07:09 | 000,000,000 | ---D | C] -- C:\Cadence
[2012/04/08 21:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\OUP
[2012/04/03 23:31:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\digitalwatch
[2012/04/03 23:30:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\digitalclock
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/03 02:00:02 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/03 02:00:02 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/03 01:59:21 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/05/03 01:59:03 | 000,632,462 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/03 01:59:03 | 000,110,410 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/03 01:52:42 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/03 01:52:41 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/05/03 01:52:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/03 01:52:33 | 2327,760,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/03 01:23:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2100668513-2013100433-1882734447-1000UA.job
[2012/05/02 23:42:08 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2100668513-2013100433-1882734447-1000Core.job
[2012/05/01 01:43:44 | 000,020,389 | ---- | M] () -- C:\Users\Owner\Desktop\puzzle2.pdf
[2012/05/01 01:43:25 | 000,023,812 | ---- | M] () -- C:\Users\Owner\Desktop\key2.pdf
[2012/05/01 01:26:46 | 000,022,176 | ---- | M] () -- C:\Users\Owner\Desktop\puzzle.pdf
[2012/05/01 01:24:48 | 000,026,138 | ---- | M] () -- C:\Users\Owner\Desktop\key.pdf
[2012/04/30 22:58:03 | 000,152,911 | ---- | M] () -- C:\Users\Owner\Desktop\RelativeResourceManager.pdf
[2012/04/26 09:56:45 | 000,002,503 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/04/26 09:56:45 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/04/26 00:54:56 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/18 22:25:07 | 000,310,901 | ---- | M] () -- C:\Users\Owner\Desktop\lm386.pdf
[2012/04/18 22:25:01 | 000,245,349 | ---- | M] () -- C:\Users\Owner\Desktop\lm741.pdf
[2012/04/15 12:24:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/04/15 12:24:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/04/14 03:34:41 | 000,000,093 | ---- | M] () -- C:\Windows\wininit.ini
[2012/04/14 02:37:41 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/04/08 23:17:13 | 000,000,258 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/01 01:43:44 | 000,020,389 | ---- | C] () -- C:\Users\Owner\Desktop\puzzle2.pdf
[2012/05/01 01:43:25 | 000,023,812 | ---- | C] () -- C:\Users\Owner\Desktop\key2.pdf
[2012/05/01 01:24:48 | 000,026,138 | ---- | C] () -- C:\Users\Owner\Desktop\key.pdf
[2012/05/01 01:23:40 | 000,022,176 | ---- | C] () -- C:\Users\Owner\Desktop\puzzle.pdf
[2012/04/30 22:58:03 | 000,152,911 | ---- | C] () -- C:\Users\Owner\Desktop\RelativeResourceManager.pdf
[2012/04/26 09:56:45 | 000,002,479 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/04/26 00:54:56 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/18 22:25:07 | 000,310,901 | ---- | C] () -- C:\Users\Owner\Desktop\lm386.pdf
[2012/04/18 22:25:01 | 000,245,349 | ---- | C] () -- C:\Users\Owner\Desktop\lm741.pdf
[2012/04/15 12:24:34 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/04/15 12:24:34 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/04/14 03:34:41 | 000,000,093 | ---- | C] () -- C:\Windows\wininit.ini
[2012/04/08 23:17:13 | 000,000,258 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/10 14:17:32 | 000,000,038 | ---- | C] () -- C:\ProgramData\ukm10t.uc
[2011/11/25 19:16:19 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2011/03/31 09:01:41 | 000,010,244 | -HS- | C] () -- C:\Users\Owner\AppData\Local\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub
[2011/03/31 09:01:41 | 000,010,244 | -HS- | C] () -- C:\ProgramData\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub
[2011/03/23 17:43:25 | 000,005,377 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\23AC.1E4
[2011/03/20 04:16:53 | 000,000,179 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\default.rss
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

========== LOP Check ==========

[2011/02/01 01:31:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2012/03/05 00:49:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Digilent
[2012/05/03 01:53:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2010/10/21 03:20:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FKRMonitor
[2011/12/04 00:16:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FK_Monitor
[2010/08/15 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FreeAudioPack
[2011/10/18 21:59:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Logic Minimizer
[2011/06/28 01:59:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2010/06/17 08:30:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Research In Motion
[2011/12/09 18:37:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ShurikSoft
[2012/05/01 18:14:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
[2012/04/15 08:04:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2010/03/12 03:08:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Western Digital
[2012/05/02 00:55:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\XBMC
[2012/03/05 00:54:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Xilinx
[2012/01/19 19:26:42 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Edited by soggywaffles, 03 May 2012 - 01:19 AM.

  • 0

Advertisements

#2
maliprog
Posted 03 May 2012 - 06:09 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello soggywaffles and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: You have very nasty infection! I would strongly advice you to backup all your important data from your system before you begin with the fix.

This malware tends to disable you whole system and let you with nothing. Please backup your data.

Step 2

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

MIA::
C:\Windows\System32\pdlndldl.dll

Folder::

Registry::

Driver::
SNPSTD3

NetSvc::
SNPSTD3


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Step 3

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 4

Please don't forget to include these items in your reply:

  • Combofix log
  • TDSSKiller log
It would be helpful if you could post each log in separate post
  • 0

#3
soggywaffles
Posted 05 May 2012 - 06:53 PM

soggywaffles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Thank you for the help. I ran both of the programs and the logs are given below. After I ran Combofix I was no longer able to connect to the internet. I tried the direct cable as well as several wi-fi connections. Other computers were able to connect to these routers.

14:44:12.0965 0496 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
14:44:12.0981 0496 ============================================================
14:44:12.0981 0496 Current date / time: 2012/05/05 14:44:12.0981
14:44:12.0981 0496 SystemInfo:
14:44:12.0981 0496
14:44:12.0981 0496 OS Version: 6.1.7600 ServicePack: 0.0
14:44:12.0981 0496 Product type: Workstation
14:44:12.0981 0496 ComputerName: OWNER-PC
14:44:12.0981 0496 UserName: Owner
14:44:12.0981 0496 Windows directory: C:\Windows
14:44:12.0981 0496 System windows directory: C:\Windows
14:44:12.0981 0496 Processor architecture: Intel x86
14:44:12.0981 0496 Number of processors: 2
14:44:12.0981 0496 Page size: 0x1000
14:44:12.0981 0496 Boot type: Normal boot
14:44:12.0981 0496 ============================================================
14:44:13.0854 0496 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:44:13.0854 0496 ============================================================
14:44:13.0854 0496 \Device\Harddisk0\DR0:
14:44:13.0854 0496 MBR partitions:
14:44:13.0854 0496 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:44:13.0854 0496 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
14:44:13.0854 0496 ============================================================
14:44:13.0854 0496 C: <-> \Device\Harddisk0\DR0\Partition1
14:44:13.0854 0496 ============================================================
14:44:13.0854 0496 Initialize success
14:44:13.0854 0496 ============================================================
14:44:35.0039 3152 ============================================================
14:44:35.0039 3152 Scan started
14:44:35.0039 3152 Mode: Manual; SigCheck; TDLFS;
14:44:35.0039 3152 ============================================================
14:44:35.0351 3152 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
14:44:35.0445 3152 1394ohci - ok
14:44:35.0460 3152 ac97intc - ok
14:44:35.0460 3152 acnusvc - ok
14:44:35.0492 3152 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
14:44:35.0507 3152 ACPI - ok
14:44:35.0523 3152 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
14:44:35.0585 3152 AcpiPmi - ok
14:44:35.0601 3152 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:44:35.0616 3152 AdobeFlashPlayerUpdateSvc - ok
14:44:35.0648 3152 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
14:44:35.0679 3152 adp94xx - ok
14:44:35.0694 3152 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
14:44:35.0726 3152 adpahci - ok
14:44:35.0741 3152 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
14:44:35.0757 3152 adpu320 - ok
14:44:35.0772 3152 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
14:44:35.0788 3152 AeLookupSvc - ok
14:44:35.0804 3152 AFD (3399ba25b53de355c41f30e5b74f11cf) C:\Windows\system32\drivers\afd.sys
14:44:35.0819 3152 AFD ( Virus.Win32.ZAccess.c ) - infected
14:44:35.0819 3152 AFD - detected Virus.Win32.ZAccess.c (0)
14:44:35.0819 3152 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
14:44:35.0835 3152 agp440 - ok
14:44:35.0850 3152 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
14:44:35.0866 3152 aic78xx - ok
14:44:35.0882 3152 alertservice - ok
14:44:35.0897 3152 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
14:44:35.0913 3152 ALG - ok
14:44:35.0928 3152 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
14:44:35.0944 3152 aliide - ok
14:44:35.0944 3152 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
14:44:35.0975 3152 amdagp - ok
14:44:35.0975 3152 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
14:44:35.0991 3152 amdide - ok
14:44:35.0991 3152 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
14:44:36.0038 3152 AmdK8 - ok
14:44:36.0038 3152 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
14:44:36.0100 3152 AmdPPM - ok
14:44:36.0100 3152 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
14:44:36.0131 3152 amdsata - ok
14:44:36.0147 3152 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
14:44:36.0162 3152 amdsbs - ok
14:44:36.0178 3152 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
14:44:36.0194 3152 amdxata - ok
14:44:36.0194 3152 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
14:44:36.0225 3152 AppID - ok
14:44:36.0240 3152 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
14:44:36.0334 3152 AppIDSvc - ok
14:44:36.0334 3152 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
14:44:36.0381 3152 Appinfo - ok
14:44:36.0396 3152 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:44:36.0412 3152 Apple Mobile Device - ok
14:44:36.0428 3152 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
14:44:36.0443 3152 arc - ok
14:44:36.0459 3152 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
14:44:36.0474 3152 arcsas - ok
14:44:36.0490 3152 armoucfltr - ok
14:44:36.0490 3152 aswmon2 - ok
14:44:36.0506 3152 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:44:36.0584 3152 AsyncMac - ok
14:44:36.0599 3152 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
14:44:36.0615 3152 atapi - ok
14:44:36.0646 3152 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
14:44:36.0724 3152 AudioEndpointBuilder - ok
14:44:36.0740 3152 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
14:44:36.0818 3152 Audiosrv - ok
14:44:36.0833 3152 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
14:44:36.0880 3152 AxInstSV - ok
14:44:36.0927 3152 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
14:44:36.0958 3152 b06bdrv - ok
14:44:36.0974 3152 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:44:37.0036 3152 b57nd60x - ok
14:44:37.0052 3152 backupexecnotificationserver - ok
14:44:37.0098 3152 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
14:44:37.0114 3152 BBSvc - ok
14:44:37.0130 3152 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
14:44:37.0208 3152 BDESVC - ok
14:44:37.0223 3152 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:44:37.0286 3152 Beep - ok
14:44:37.0301 3152 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
14:44:37.0395 3152 BFE - ok
14:44:37.0426 3152 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
14:44:37.0488 3152 BITS - ok
14:44:37.0488 3152 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
14:44:37.0520 3152 blbdrive - ok
14:44:37.0551 3152 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:44:37.0566 3152 Bonjour Service - ok
14:44:37.0582 3152 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
14:44:37.0613 3152 bowser - ok
14:44:37.0613 3152 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:44:37.0644 3152 BrFiltLo - ok
14:44:37.0660 3152 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:44:37.0707 3152 BrFiltUp - ok
14:44:37.0722 3152 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
14:44:37.0785 3152 BridgeMP - ok
14:44:37.0800 3152 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
14:44:37.0863 3152 Browser - ok
14:44:37.0894 3152 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:44:37.0925 3152 Brserid - ok
14:44:37.0925 3152 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:44:37.0956 3152 BrSerWdm - ok
14:44:37.0972 3152 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:44:38.0003 3152 BrUsbMdm - ok
14:44:38.0003 3152 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:44:38.0050 3152 BrUsbSer - ok
14:44:38.0066 3152 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
14:44:38.0081 3152 BTHMODEM - ok
14:44:38.0097 3152 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
14:44:38.0159 3152 bthserv - ok
14:44:38.0175 3152 catchme - ok
14:44:38.0190 3152 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:44:38.0237 3152 cdfs - ok
14:44:38.0253 3152 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
14:44:38.0300 3152 cdrom - ok
14:44:38.0315 3152 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
14:44:38.0362 3152 CertPropSvc - ok
14:44:38.0362 3152 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
14:44:38.0393 3152 circlass - ok
14:44:38.0424 3152 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:44:38.0440 3152 CLFS - ok
14:44:38.0456 3152 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:44:38.0471 3152 clr_optimization_v2.0.50727_32 - ok
14:44:38.0487 3152 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:44:38.0502 3152 clr_optimization_v4.0.30319_32 - ok
14:44:38.0518 3152 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
14:44:38.0565 3152 CmBatt - ok
14:44:38.0565 3152 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
14:44:38.0580 3152 cmdide - ok
14:44:38.0612 3152 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
14:44:38.0643 3152 CNG - ok
14:44:38.0643 3152 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
14:44:38.0658 3152 Compbatt - ok
14:44:38.0674 3152 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:44:38.0721 3152 CompositeBus - ok
14:44:38.0721 3152 COMSysApp - ok
14:44:38.0736 3152 cpuz132 - ok
14:44:38.0752 3152 cqmgstor - ok
14:44:38.0752 3152 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
14:44:38.0768 3152 crcdisk - ok
14:44:38.0783 3152 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
14:44:38.0846 3152 CryptSvc - ok
14:44:38.0861 3152 CTAudSvcService - ok
14:44:38.0861 3152 CTDevice_Srv - ok
14:44:38.0877 3152 CX88ENC - ok
14:44:38.0908 3152 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
14:44:38.0986 3152 DcomLaunch - ok
14:44:39.0002 3152 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
14:44:39.0080 3152 defragsvc - ok
14:44:39.0080 3152 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
14:44:39.0126 3152 DfsC - ok
14:44:39.0173 3152 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
14:44:39.0220 3152 Dhcp - ok
14:44:39.0220 3152 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:44:39.0282 3152 discache - ok
14:44:39.0282 3152 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
14:44:39.0298 3152 Disk - ok
14:44:39.0314 3152 djsnetcn - ok
14:44:39.0329 3152 dmodusb (c075bb113693fa7b00cb25bfd1d824c7) C:\Windows\system32\DRIVERS\dmodusb.sys
14:44:39.0376 3152 dmodusb - ok
14:44:39.0376 3152 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
14:44:39.0407 3152 Dnscache - ok
14:44:39.0423 3152 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
14:44:39.0501 3152 dot3svc - ok
14:44:39.0516 3152 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
14:44:39.0579 3152 DPS - ok
14:44:39.0579 3152 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:44:39.0626 3152 drmkaud - ok
14:44:39.0672 3152 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
14:44:39.0704 3152 DXGKrnl - ok
14:44:39.0719 3152 e1yexpress (8eef52ad831471e323ee7364a8656d35) C:\Windows\system32\DRIVERS\e1y6032.sys
14:44:39.0766 3152 e1yexpress - ok
14:44:39.0782 3152 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
14:44:39.0844 3152 EapHost - ok
14:44:39.0969 3152 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
14:44:40.0078 3152 ebdrv - ok
14:44:40.0140 3152 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
14:44:40.0187 3152 EFS - ok
14:44:40.0218 3152 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
14:44:40.0250 3152 ehRecvr - ok
14:44:40.0265 3152 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
14:44:40.0312 3152 ehSched - ok
14:44:40.0328 3152 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
14:44:40.0359 3152 elxstor - ok
14:44:40.0359 3152 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
14:44:40.0390 3152 ErrDev - ok
14:44:40.0421 3152 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
14:44:40.0484 3152 EventSystem - ok
14:44:40.0499 3152 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:44:40.0562 3152 exfat - ok
14:44:40.0562 3152 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:44:40.0624 3152 fastfat - ok
14:44:40.0655 3152 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
14:44:40.0718 3152 Fax - ok
14:44:40.0718 3152 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
14:44:40.0764 3152 fdc - ok
14:44:40.0764 3152 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
14:44:40.0842 3152 fdPHost - ok
14:44:40.0858 3152 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
14:44:40.0936 3152 FDResPub - ok
14:44:40.0936 3152 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:44:40.0952 3152 FileInfo - ok
14:44:40.0967 3152 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:44:41.0014 3152 Filetrace - ok
14:44:41.0030 3152 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
14:44:41.0076 3152 flpydisk - ok
14:44:41.0092 3152 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:44:41.0108 3152 FltMgr - ok
14:44:41.0139 3152 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
14:44:41.0217 3152 FontCache - ok
14:44:41.0232 3152 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:44:41.0248 3152 FontCache3.0.0.0 - ok
14:44:41.0248 3152 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:44:41.0264 3152 FsDepends - ok
14:44:41.0279 3152 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
14:44:41.0295 3152 Fs_Rec - ok
14:44:41.0310 3152 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
14:44:41.0326 3152 fvevol - ok
14:44:41.0342 3152 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:44:41.0357 3152 gagp30kx - ok
14:44:41.0373 3152 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:44:41.0388 3152 GEARAspiWDM - ok
14:44:41.0388 3152 GoBack2K - ok
14:44:41.0420 3152 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
14:44:41.0482 3152 gpsvc - ok
14:44:41.0498 3152 GVCplDrv - ok
14:44:41.0498 3152 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:44:41.0560 3152 hcw85cir - ok
14:44:41.0591 3152 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
14:44:41.0638 3152 HdAudAddService - ok
14:44:41.0669 3152 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:44:41.0700 3152 HDAudBus - ok
14:44:41.0716 3152 hibernation - ok
14:44:41.0716 3152 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
14:44:41.0794 3152 HidBatt - ok
14:44:41.0794 3152 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
14:44:41.0825 3152 HidBth - ok
14:44:41.0841 3152 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
14:44:41.0872 3152 HidIr - ok
14:44:41.0872 3152 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
14:44:41.0950 3152 hidserv - ok
14:44:41.0966 3152 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
14:44:42.0012 3152 HidUsb - ok
14:44:42.0028 3152 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
14:44:42.0090 3152 hkmsvc - ok
14:44:42.0122 3152 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
14:44:42.0153 3152 HomeGroupListener - ok
14:44:42.0480 3152 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
14:44:42.0527 3152 HomeGroupProvider - ok
14:44:42.0527 3152 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:44:42.0543 3152 HpSAMD - ok
14:44:42.0574 3152 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
14:44:42.0636 3152 HTTP - ok
14:44:42.0652 3152 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
14:44:42.0668 3152 hwpolicy - ok
14:44:42.0683 3152 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
14:44:42.0714 3152 i8042prt - ok
14:44:42.0730 3152 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
14:44:42.0761 3152 iaStorV - ok
14:44:42.0824 3152 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:44:42.0855 3152 idsvc - ok
14:44:43.0416 3152 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:44:43.0666 3152 igfx - ok
14:44:43.0744 3152 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
14:44:43.0760 3152 iirsp - ok
14:44:43.0806 3152 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
14:44:43.0869 3152 IKEEXT - ok
14:44:43.0884 3152 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
14:44:43.0900 3152 intelide - ok
14:44:43.0900 3152 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:44:43.0931 3152 intelppm - ok
14:44:43.0931 3152 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
14:44:44.0009 3152 IPBusEnum - ok
14:44:44.0025 3152 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:44:44.0056 3152 IpFilterDriver - ok
14:44:44.0087 3152 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
14:44:44.0150 3152 iphlpsvc - ok
14:44:44.0165 3152 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:44:44.0212 3152 IPMIDRV - ok
14:44:44.0228 3152 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:44:44.0274 3152 IPNAT - ok
14:44:44.0321 3152 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
14:44:44.0352 3152 iPod Service - ok
14:44:44.0368 3152 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:44:44.0415 3152 IRENUM - ok
14:44:44.0415 3152 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
14:44:44.0446 3152 isapnp - ok
14:44:44.0462 3152 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
14:44:44.0477 3152 iScsiPrt - ok
14:44:44.0493 3152 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:44:44.0508 3152 kbdclass - ok
14:44:44.0524 3152 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
14:44:44.0571 3152 kbdhid - ok
14:44:44.0586 3152 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
14:44:44.0618 3152 KeyIso - ok
14:44:44.0618 3152 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
14:44:44.0633 3152 KSecDD - ok
14:44:44.0649 3152 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
14:44:44.0680 3152 KSecPkg - ok
14:44:44.0696 3152 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
14:44:44.0774 3152 KtmRm - ok
14:44:44.0789 3152 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
14:44:44.0836 3152 LanmanServer - ok
14:44:44.0852 3152 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
14:44:44.0898 3152 LanmanWorkstation - ok
14:44:44.0914 3152 LHidFilt - ok
14:44:44.0930 3152 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:44:44.0976 3152 lltdio - ok
14:44:44.0992 3152 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
14:44:45.0039 3152 lltdsvc - ok
14:44:45.0070 3152 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
14:44:45.0132 3152 lmhosts - ok
14:44:45.0164 3152 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:44:45.0179 3152 LSI_FC - ok
14:44:45.0195 3152 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:44:45.0210 3152 LSI_SAS - ok
14:44:45.0226 3152 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:44:45.0242 3152 LSI_SAS2 - ok
14:44:45.0257 3152 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:44:45.0273 3152 LSI_SCSI - ok
14:44:45.0288 3152 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:44:45.0366 3152 luafv - ok
14:44:45.0382 3152 MASPINT - ok
14:44:45.0398 3152 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
14:44:45.0429 3152 MBAMProtector - ok
14:44:45.0460 3152 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:44:45.0491 3152 MBAMService - ok
14:44:45.0507 3152 mcdbus - ok
14:44:45.0507 3152 mcp - ok
14:44:45.0522 3152 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
14:44:45.0554 3152 Mcx2Svc - ok
14:44:45.0569 3152 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
14:44:45.0585 3152 megasas - ok
14:44:45.0600 3152 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
14:44:45.0616 3152 MegaSR - ok
14:44:45.0632 3152 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:44:45.0663 3152 Microsoft Office Groove Audit Service - ok
14:44:45.0663 3152 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:44:45.0756 3152 MMCSS - ok
14:44:45.0756 3152 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:44:45.0834 3152 Modem - ok
14:44:45.0834 3152 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:44:45.0897 3152 monitor - ok
14:44:45.0912 3152 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
14:44:45.0928 3152 mouclass - ok
14:44:45.0944 3152 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:44:45.0975 3152 mouhid - ok
14:44:45.0990 3152 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
14:44:46.0006 3152 mountmgr - ok
14:44:46.0022 3152 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
14:44:46.0037 3152 mpio - ok
14:44:46.0053 3152 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:44:46.0115 3152 mpsdrv - ok
14:44:46.0146 3152 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
14:44:46.0224 3152 MpsSvc - ok
14:44:46.0240 3152 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
14:44:46.0287 3152 MRxDAV - ok
14:44:46.0302 3152 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:44:46.0365 3152 mrxsmb - ok
14:44:46.0396 3152 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:44:46.0443 3152 mrxsmb10 - ok
14:44:46.0458 3152 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:44:46.0490 3152 mrxsmb20 - ok
14:44:46.0505 3152 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
14:44:46.0521 3152 msahci - ok
14:44:46.0521 3152 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
14:44:46.0552 3152 msdsm - ok
14:44:46.0568 3152 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
14:44:46.0614 3152 MSDTC - ok
14:44:46.0630 3152 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:44:46.0677 3152 Msfs - ok
14:44:46.0692 3152 MSFWHLPR - ok
14:44:46.0692 3152 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:44:46.0755 3152 mshidkmdf - ok
14:44:46.0755 3152 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
14:44:46.0770 3152 msisadrv - ok
14:44:46.0786 3152 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
14:44:46.0864 3152 MSiSCSI - ok
14:44:46.0864 3152 msiserver - ok
14:44:46.0880 3152 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:44:46.0926 3152 MSKSSRV - ok
14:44:46.0942 3152 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:44:46.0973 3152 MSPCLOCK - ok
14:44:46.0989 3152 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:44:47.0051 3152 MSPQM - ok
14:44:47.0067 3152 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:44:47.0082 3152 MsRPC - ok
14:44:47.0098 3152 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
14:44:47.0114 3152 mssmbios - ok
14:44:47.0114 3152 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:44:47.0192 3152 MSTEE - ok
14:44:47.0192 3152 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
14:44:47.0238 3152 MTConfig - ok
14:44:47.0254 3152 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:44:47.0270 3152 Mup - ok
14:44:47.0285 3152 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
14:44:47.0348 3152 napagent - ok
14:44:47.0363 3152 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:44:47.0410 3152 NativeWifiP - ok
14:44:47.0426 3152 naveng - ok
14:44:47.0472 3152 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
14:44:47.0504 3152 NDIS - ok
14:44:47.0504 3152 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:44:47.0566 3152 NdisCap - ok
14:44:47.0582 3152 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:44:47.0644 3152 NdisTapi - ok
14:44:47.0644 3152 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
14:44:47.0706 3152 Ndisuio - ok
14:44:47.0706 3152 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
14:44:47.0769 3152 NdisWan - ok
14:44:47.0784 3152 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
14:44:47.0862 3152 NDProxy - ok
14:44:47.0909 3152 Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
14:44:47.0940 3152 Nero BackItUp Scheduler 4.0 - ok
14:44:47.0940 3152 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:44:48.0018 3152 NetBIOS - ok
14:44:48.0050 3152 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
14:44:48.0096 3152 NetBT - ok
14:44:48.0112 3152 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
14:44:48.0128 3152 Netlogon - ok
14:44:48.0143 3152 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
14:44:48.0190 3152 Netman - ok
14:44:48.0221 3152 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
14:44:48.0284 3152 netprofm - ok
14:44:48.0299 3152 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:44:48.0315 3152 NetTcpPortSharing - ok
14:44:48.0486 3152 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
14:44:48.0580 3152 netw5v32 - ok
14:44:48.0642 3152 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
14:44:48.0658 3152 nfrd960 - ok
14:44:48.0674 3152 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
14:44:48.0720 3152 NlaSvc - ok
14:44:48.0736 3152 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:44:48.0798 3152 Npfs - ok
14:44:48.0798 3152 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
14:44:48.0876 3152 nsi - ok
14:44:48.0892 3152 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:44:48.0939 3152 nsiproxy - ok
14:44:49.0001 3152 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
14:44:49.0048 3152 Ntfs - ok
14:44:49.0095 3152 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:44:49.0173 3152 Null - ok
14:44:49.0188 3152 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
14:44:49.0220 3152 nvraid - ok
14:44:49.0235 3152 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
14:44:49.0251 3152 nvstor - ok
14:44:49.0266 3152 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
14:44:49.0282 3152 nv_agp - ok
14:44:49.0282 3152 NWHOST - ok
14:44:49.0313 3152 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:44:49.0329 3152 odserv - ok
14:44:49.0344 3152 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
14:44:49.0391 3152 ohci1394 - ok
14:44:49.0407 3152 OpcEnum - ok
14:44:49.0422 3152 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:44:49.0438 3152 ose - ok
14:44:49.0454 3152 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:44:49.0500 3152 p2pimsvc - ok
14:44:49.0532 3152 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
14:44:49.0578 3152 p2psvc - ok
14:44:49.0594 3152 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
14:44:49.0656 3152 Parport - ok
14:44:49.0656 3152 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
14:44:49.0672 3152 partmgr - ok
14:44:49.0688 3152 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
14:44:49.0719 3152 Parvdm - ok
14:44:49.0734 3152 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
14:44:49.0781 3152 PcaSvc - ok
14:44:49.0812 3152 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
14:44:49.0828 3152 pci - ok
14:44:49.0844 3152 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
14:44:49.0859 3152 pciide - ok
14:44:49.0875 3152 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
14:44:49.0906 3152 pcmcia - ok
14:44:49.0906 3152 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:44:49.0937 3152 pcw - ok
14:44:49.0937 3152 pdscheduler - ok
14:44:50.0000 3152 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:44:50.0046 3152 PEAUTH - ok
14:44:50.0062 3152 pepifilter - ok
14:44:50.0140 3152 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
14:44:50.0265 3152 pla - ok
14:44:50.0312 3152 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
14:44:50.0358 3152 PlugPlay - ok
14:44:50.0374 3152 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
14:44:50.0405 3152 PNRPAutoReg - ok
14:44:50.0421 3152 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:44:50.0452 3152 PNRPsvc - ok
14:44:50.0483 3152 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
14:44:50.0546 3152 PolicyAgent - ok
14:44:50.0577 3152 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
14:44:50.0624 3152 Power - ok
14:44:50.0639 3152 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:44:50.0686 3152 PptpMiniport - ok
14:44:50.0702 3152 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
14:44:50.0748 3152 Processor - ok
14:44:50.0764 3152 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
14:44:50.0826 3152 ProfSvc - ok
14:44:50.0826 3152 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
14:44:50.0858 3152 ProtectedStorage - ok
14:44:50.0873 3152 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:44:50.0920 3152 Psched - ok
14:44:50.0920 3152 puscsrvc - ok
14:44:50.0982 3152 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
14:44:51.0029 3152 ql2300 - ok
14:44:51.0092 3152 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
14:44:51.0107 3152 ql40xx - ok
14:44:51.0123 3152 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
14:44:51.0170 3152 QWAVE - ok
14:44:51.0185 3152 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:44:51.0216 3152 QWAVEdrv - ok
14:44:51.0232 3152 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:44:51.0279 3152 RasAcd - ok
14:44:51.0294 3152 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:44:51.0341 3152 RasAgileVpn - ok
14:44:51.0357 3152 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
14:44:51.0404 3152 RasAuto - ok
14:44:51.0435 3152 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:44:51.0482 3152 Rasl2tp - ok
14:44:51.0497 3152 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
14:44:51.0560 3152 RasMan - ok
14:44:51.0575 3152 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:44:51.0622 3152 RasPppoe - ok
14:44:51.0638 3152 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:44:51.0700 3152 RasSstp - ok
14:44:51.0716 3152 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
14:44:51.0778 3152 rdbss - ok
14:44:51.0794 3152 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
14:44:51.0809 3152 rdpbus - ok
14:44:51.0825 3152 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:44:51.0872 3152 RDPCDD - ok
14:44:51.0887 3152 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:44:51.0950 3152 RDPENCDD - ok
14:44:51.0965 3152 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:44:51.0996 3152 RDPREFMP - ok
14:44:52.0012 3152 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
14:44:52.0074 3152 RDPWD - ok
14:44:52.0090 3152 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
14:44:52.0106 3152 rdyboost - ok
14:44:52.0121 3152 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
14:44:52.0184 3152 RemoteAccess - ok
14:44:52.0199 3152 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
14:44:52.0262 3152 RemoteRegistry - ok
14:44:52.0277 3152 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
14:44:52.0293 3152 RimUsb - ok
14:44:52.0308 3152 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
14:44:52.0324 3152 RimVSerPort - ok
14:44:52.0340 3152 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
14:44:52.0371 3152 ROOTMODEM - ok
14:44:52.0386 3152 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
14:44:52.0449 3152 RpcEptMapper - ok
14:44:52.0449 3152 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
14:44:52.0480 3152 RpcLocator - ok
14:44:52.0511 3152 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\System32\rpcss.dll
14:44:52.0558 3152 RpcSs - ok
14:44:52.0574 3152 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:44:52.0636 3152 rspndr - ok
14:44:52.0636 3152 s117unic - ok
14:44:52.0652 3152 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
14:44:52.0683 3152 SamSs - ok
14:44:52.0698 3152 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
14:44:52.0714 3152 sbp2port - ok
14:44:52.0792 3152 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
14:44:52.0823 3152 SBSDWSCService - ok
14:44:52.0870 3152 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
14:44:52.0917 3152 SCardSvr - ok
14:44:52.0932 3152 SCDEmu - ok
14:44:52.0948 3152 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
14:44:52.0995 3152 scfilter - ok
14:44:53.0042 3152 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
14:44:53.0073 3152 Schedule - ok
14:44:53.0088 3152 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
14:44:53.0135 3152 SCPolicySvc - ok
14:44:53.0151 3152 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
14:44:53.0198 3152 sdbus - ok
14:44:53.0213 3152 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
14:44:53.0244 3152 SDRSVC - ok
14:44:53.0260 3152 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
14:44:53.0276 3152 SeaPort - ok
14:44:53.0291 3152 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:44:53.0354 3152 secdrv - ok
14:44:53.0369 3152 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
14:44:53.0432 3152 seclogon - ok
14:44:53.0432 3152 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
14:44:53.0494 3152 SENS - ok
14:44:53.0510 3152 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
14:44:53.0541 3152 SensrSvc - ok
14:44:53.0556 3152 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:44:53.0588 3152 Serenum - ok
14:44:53.0603 3152 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
14:44:53.0634 3152 Serial - ok
14:44:53.0650 3152 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
14:44:53.0681 3152 sermouse - ok
14:44:53.0712 3152 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
14:44:53.0744 3152 SessionEnv - ok
14:44:53.0759 3152 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
14:44:53.0790 3152 sffdisk - ok
14:44:53.0806 3152 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:44:53.0853 3152 sffp_mmc - ok
14:44:53.0853 3152 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:44:53.0900 3152 sffp_sd - ok
14:44:53.0915 3152 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
14:44:53.0931 3152 sfloppy - ok
14:44:53.0978 3152 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
14:44:54.0024 3152 SharedAccess - ok
14:44:54.0040 3152 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
14:44:54.0087 3152 ShellHWDetection - ok
14:44:54.0102 3152 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
14:44:54.0118 3152 sisagp - ok
14:44:54.0134 3152 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:44:54.0149 3152 SiSRaid2 - ok
14:44:54.0165 3152 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
14:44:54.0180 3152 SiSRaid4 - ok
14:44:54.0196 3152 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:44:54.0243 3152 Smb - ok
14:44:54.0258 3152 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
14:44:54.0290 3152 SNMPTRAP - ok
14:44:54.0305 3152 snoopfreesvc - ok
14:44:54.0305 3152 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:44:54.0321 3152 spldr - ok
14:44:54.0352 3152 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
14:44:54.0383 3152 Spooler - ok
14:44:54.0555 3152 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
14:44:54.0648 3152 sppsvc - ok
14:44:54.0695 3152 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
14:44:54.0742 3152 sppuinotify - ok
14:44:54.0742 3152 SRS_SSCFilter - ok
14:44:54.0773 3152 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
14:44:54.0820 3152 srv - ok
14:44:54.0851 3152 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
14:44:54.0867 3152 srv2 - ok
14:44:54.0882 3152 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
14:44:54.0929 3152 srvnet - ok
14:44:54.0945 3152 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
14:44:55.0007 3152 SSDPSRV - ok
14:44:55.0007 3152 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
14:44:55.0054 3152 SstpSvc - ok
14:44:55.0070 3152 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
14:44:55.0085 3152 stexstor - ok
14:44:55.0101 3152 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
14:44:55.0132 3152 StiSvc - ok
14:44:55.0148 3152 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
14:44:55.0163 3152 swenum - ok
14:44:55.0194 3152 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
14:44:55.0241 3152 swprv - ok
14:44:55.0319 3152 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
14:44:55.0366 3152 SysMain - ok
14:44:55.0382 3152 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
14:44:55.0413 3152 TabletInputService - ok
14:44:55.0428 3152 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
14:44:55.0522 3152 TapiSrv - ok
14:44:55.0538 3152 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
14:44:55.0600 3152 TBS - ok
14:44:55.0678 3152 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
14:44:55.0740 3152 Tcpip - ok
14:44:55.0850 3152 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
14:44:55.0896 3152 TCPIP6 - ok
14:44:55.0959 3152 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
14:44:56.0006 3152 tcpipreg - ok
14:44:56.0021 3152 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
14:44:56.0052 3152 TDPIPE - ok
14:44:56.0052 3152 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
14:44:56.0084 3152 TDTCP - ok
14:44:56.0099 3152 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
14:44:56.0177 3152 tdx - ok
14:44:56.0177 3152 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
14:44:56.0193 3152 TermDD - ok
14:44:56.0224 3152 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
14:44:56.0349 3152 TermService - ok
14:44:56.0364 3152 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
14:44:56.0396 3152 Themes - ok
14:44:56.0411 3152 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:44:56.0442 3152 THREADORDER - ok
14:44:56.0458 3152 TMBMServer - ok
14:44:56.0474 3152 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
14:44:56.0583 3152 TrkWks - ok
14:44:56.0598 3152 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
14:44:56.0614 3152 TrustedInstaller - ok
14:44:56.0630 3152 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:44:56.0739 3152 tssecsrv - ok
14:44:56.0754 3152 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
14:44:56.0817 3152 tunnel - ok
14:44:56.0832 3152 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
14:44:56.0848 3152 uagp35 - ok
14:44:56.0879 3152 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
14:44:56.0926 3152 udfs - ok
14:44:56.0942 3152 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
14:44:56.0988 3152 UI0Detect - ok
14:44:57.0004 3152 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:44:57.0020 3152 uliagpkx - ok
14:44:57.0035 3152 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
14:44:57.0051 3152 umbus - ok
14:44:57.0066 3152 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
14:44:57.0113 3152 UmPass - ok
14:44:57.0129 3152 umxfwhlp - ok
14:44:57.0144 3152 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
14:44:57.0207 3152 upnphost - ok
14:44:57.0238 3152 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:44:57.0269 3152 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
14:44:57.0269 3152 USBAAPL - detected UnsignedFile.Multi.Generic (1)
14:44:57.0285 3152 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
14:44:57.0316 3152 usbccgp - ok
14:44:57.0332 3152 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
14:44:57.0378 3152 usbcir - ok
14:44:57.0394 3152 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
14:44:57.0456 3152 usbehci - ok
14:44:57.0472 3152 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
14:44:57.0534 3152 usbhub - ok
14:44:57.0550 3152 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
14:44:57.0581 3152 usbohci - ok
14:44:57.0597 3152 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
14:44:57.0628 3152 usbprint - ok
14:44:57.0644 3152 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:44:57.0690 3152 USBSTOR - ok
14:44:57.0706 3152 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
14:44:57.0768 3152 usbuhci - ok
14:44:57.0768 3152 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
14:44:57.0831 3152 UxSms - ok
14:44:57.0846 3152 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
14:44:57.0862 3152 VaultSvc - ok
14:44:57.0878 3152 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:44:57.0893 3152 vdrvroot - ok
14:44:57.0909 3152 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
14:44:57.0987 3152 vds - ok
14:44:58.0002 3152 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:44:58.0065 3152 vga - ok
14:44:58.0080 3152 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:44:58.0143 3152 VgaSave - ok
14:44:58.0174 3152 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
14:44:58.0190 3152 vhdmp - ok
14:44:58.0205 3152 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
14:44:58.0221 3152 viaagp - ok
14:44:58.0236 3152 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
14:44:58.0283 3152 ViaC7 - ok
14:44:58.0283 3152 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
14:44:58.0299 3152 viaide - ok
14:44:58.0314 3152 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
14:44:58.0330 3152 volmgr - ok
14:44:58.0361 3152 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:44:58.0377 3152 volmgrx - ok
14:44:58.0392 3152 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
14:44:58.0424 3152 volsnap - ok
14:44:58.0439 3152 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
14:44:58.0455 3152 vsmraid - ok
14:44:58.0533 3152 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
14:44:58.0595 3152 VSS - ok
14:44:58.0595 3152 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
14:44:58.0642 3152 vwifibus - ok
14:44:58.0673 3152 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
14:44:58.0736 3152 W32Time - ok
14:44:58.0736 3152 W55U01 - ok
14:44:58.0751 3152 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
14:44:58.0782 3152 WacomPen - ok
14:44:58.0798 3152 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:58.0845 3152 WANARP - ok
14:44:58.0860 3152 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
14:44:58.0907 3152 Wanarpv6 - ok
14:44:58.0985 3152 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
14:44:59.0032 3152 WatAdminSvc - ok
14:44:59.0172 3152 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
14:44:59.0235 3152 wbengine - ok
14:44:59.0250 3152 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
14:44:59.0282 3152 WbioSrvc - ok
14:44:59.0313 3152 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
14:44:59.0360 3152 wcncsvc - ok
14:44:59.0375 3152 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
14:44:59.0469 3152 WcsPlugInService - ok
14:44:59.0484 3152 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
14:44:59.0484 3152 Wd - ok
14:44:59.0500 3152 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
14:44:59.0562 3152 WDC_SAM - ok
14:44:59.0578 3152 WDDMService (7d1e301e2eeaf6d3730887de933413e6) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
14:44:59.0625 3152 WDDMService ( UnsignedFile.Multi.Generic ) - warning
14:44:59.0625 3152 WDDMService - detected UnsignedFile.Multi.Generic (1)
14:44:59.0640 3152 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:44:59.0672 3152 Wdf01000 - ok
14:44:59.0687 3152 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:44:59.0703 3152 WdiServiceHost - ok
14:44:59.0718 3152 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:44:59.0750 3152 WdiSystemHost - ok
14:44:59.0765 3152 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
14:44:59.0812 3152 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
14:44:59.0812 3152 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
14:44:59.0828 3152 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
14:44:59.0874 3152 WebClient - ok
14:44:59.0874 3152 websenserealtimeanalyzer - ok
14:44:59.0906 3152 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
14:44:59.0968 3152 Wecsvc - ok
14:44:59.0968 3152 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
14:45:00.0046 3152 wercplsupport - ok
14:45:00.0062 3152 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
14:45:00.0108 3152 WerSvc - ok
14:45:00.0108 3152 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:45:00.0186 3152 WfpLwf - ok
14:45:00.0202 3152 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:45:00.0218 3152 WIMMount - ok
14:45:00.0264 3152 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
14:45:00.0296 3152 WinDefend - ok
14:45:00.0311 3152 WinHttpAutoProxySvc - ok
14:45:00.0342 3152 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
14:45:00.0389 3152 Winmgmt - ok
14:45:00.0436 3152 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
14:45:00.0498 3152 WinRM - ok
14:45:00.0530 3152 wintab32 - ok
14:45:00.0530 3152 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
14:45:00.0561 3152 WinUsb - ok
14:45:00.0608 3152 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
14:45:00.0686 3152 Wlansvc - ok
14:45:00.0686 3152 WLAN_USB - ok
14:45:00.0779 3152 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:45:00.0810 3152 wlidsvc - ok
14:45:00.0873 3152 WmaCDriverV32 - ok
14:45:00.0873 3152 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:45:00.0904 3152 WmiAcpi - ok
14:45:00.0935 3152 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
14:45:00.0966 3152 wmiApSrv - ok
14:45:01.0029 3152 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:45:01.0076 3152 WMPNetworkSvc - ok
14:45:01.0107 3152 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
14:45:01.0154 3152 WPCSvc - ok
14:45:01.0169 3152 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
14:45:01.0200 3152 WPDBusEnum - ok
14:45:01.0200 3152 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:45:01.0263 3152 ws2ifsl - ok
14:45:01.0278 3152 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
14:45:01.0325 3152 wscsvc - ok
14:45:01.0341 3152 WSearch - ok
14:45:01.0450 3152 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
14:45:01.0512 3152 wuauserv - ok
14:45:01.0575 3152 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
14:45:01.0653 3152 WudfPf - ok
14:45:01.0668 3152 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:45:01.0731 3152 WUDFRd - ok
14:45:01.0731 3152 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
14:45:01.0809 3152 wudfsvc - ok
14:45:01.0824 3152 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
14:45:01.0856 3152 WwanSvc - ok
14:45:01.0871 3152 XilinxPC4Driver (6104f397127feeccce16bd16cd3843a6) C:\Windows\System32\drivers\xpc4drvr.sys
14:45:01.0887 3152 XilinxPC4Driver ( UnsignedFile.Multi.Generic ) - warning
14:45:01.0887 3152 XilinxPC4Driver - detected UnsignedFile.Multi.Generic (1)
14:45:01.0902 3152 z800bus - ok
14:45:01.0918 3152 zpnodecollector - ok
14:45:01.0934 3152 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:45:01.0965 3152 \Device\Harddisk0\DR0 - ok
14:45:01.0965 3152 Boot (0x1200) (32dd58855755ee2ca18a8c61cc51637b) \Device\Harddisk0\DR0\Partition0
14:45:01.0965 3152 \Device\Harddisk0\DR0\Partition0 - ok
14:45:01.0980 3152 Boot (0x1200) (8f0738f899459fa9d708b4aaf70a8d14) \Device\Harddisk0\DR0\Partition1
14:45:01.0980 3152 \Device\Harddisk0\DR0\Partition1 - ok
14:45:01.0980 3152 ============================================================
14:45:01.0980 3152 Scan finished
14:45:01.0980 3152 ============================================================
14:45:01.0996 2932 Detected object count: 5
14:45:01.0996 2932 Actual detected object count: 5
14:45:11.0543 2932 C:\Windows\system32\drivers\afd.sys - copied to quarantine
14:45:11.0559 2932 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\afd.sys) error 1813
14:45:11.0996 2932 Backup copy not found, trying to cure infected file..
14:45:11.0996 2932 C:\Windows\system32\drivers\afd.sys - Cure failed (FFFFFFFF)
14:45:11.0996 2932 C:\Windows\system32\drivers\afd.sys - processing error
14:45:12.0744 2932 AFD ( Virus.Win32.ZAccess.c ) - User select action: Cure
14:45:12.0744 2932 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:12.0744 2932 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:12.0744 2932 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:12.0744 2932 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:12.0744 2932 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:12.0744 2932 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:45:12.0744 2932 XilinxPC4Driver ( UnsignedFile.Multi.Generic ) - skipped by user
14:45:12.0744 2932 XilinxPC4Driver ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:46:20.0885 0568 Deinitialize success





ComboFix 12-05-03.03 - Owner 05/05/2012 2:58.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2960.1864 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFscript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Owner\AppData\Roaming\23AC.1E4
c:\windows\$NtUninstallKB42299$\2004800069\@
c:\windows\$NtUninstallKB42299$\2004800069\cfg.ini
c:\windows\$NtUninstallKB42299$\2004800069\Desktop.ini
c:\windows\$NtUninstallKB42299$\2004800069\L\xadqgnnk
c:\windows\$NtUninstallKB42299$\2004800069\oemid
c:\windows\$NtUninstallKB42299$\2004800069\U\00000001.@
c:\windows\$NtUninstallKB42299$\2004800069\U\00000002.@
c:\windows\$NtUninstallKB42299$\2004800069\U\00000004.@
c:\windows\$NtUninstallKB42299$\2004800069\U\80000000.@
c:\windows\$NtUninstallKB42299$\2004800069\U\80000004.@
c:\windows\$NtUninstallKB42299$\2004800069\U\80000032.@
c:\windows\$NtUninstallKB42299$\2004800069\version
c:\windows\$NtUninstallKB42299$\2305980744
c:\windows\system32\dds_trash_log.cmd
c:\windows\$NtUninstallKB42299$ . . . . Failed to delete
.
Infected copy of c:\windows\system32\drivers\tdx.sys was found and disinfected
Restored copy from - The cat found it :)
c:\windows\System32\pdlndldl.dll . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 08:14 . 2012-05-05 08:17 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-05-05 08:14 . 2012-05-05 08:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-05 08:14 . 2012-05-05 08:14 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-05-04 17:47 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4750100C-816B-4A2E-969E-015232876F5B}\mpengine.dll
2012-05-04 06:33 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-05-02 05:55 . 2012-05-02 05:55 -------- d-----w- c:\users\Owner\AppData\Roaming\XBMC
2012-05-02 05:55 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-05-02 05:55 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-05-02 05:53 . 2012-05-02 05:54 -------- d-----w- c:\program files\XBMC
2012-04-26 05:49 . 2012-04-26 05:49 -------- d-----w- c:\program files\iPod
2012-04-26 05:49 . 2012-04-26 05:54 -------- d-----w- c:\program files\iTunes
2012-04-14 07:48 . 2012-04-14 08:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-14 07:48 . 2012-04-14 07:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-11 23:57 . 2012-04-11 23:57 -------- d-----w- c:\program files\Common Files\Java
2012-04-11 16:54 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 16:54 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 16:54 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 16:54 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 16:53 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 16:53 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-09 03:23 . 2012-04-09 03:23 -------- d-----w- c:\windows\system32\mfcdlls
2012-04-09 03:23 . 2000-07-21 14:23 570128 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO\mfcdlls\dao350.dll
2012-04-09 03:22 . 2012-04-09 03:22 -------- d-----w- C:\OrCAD
2012-04-09 03:15 . 2012-04-09 03:15 -------- d-----w- c:\program files\Common Files\Business Objects
2012-04-09 03:15 . 2012-04-09 03:15 -------- d-----w- c:\program files\Business Objects
2012-04-09 03:07 . 2012-04-09 03:07 -------- d-----w- C:\Cadence
2012-04-09 02:26 . 2012-04-09 02:26 -------- d-----w- c:\program files\OUP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 23:55 . 2010-12-11 06:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:56 . 2012-04-02 05:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-28 01:39 . 2012-03-28 01:39 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-28 01:39 . 2011-05-18 17:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 15:18 . 2010-03-12 08:07 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 17:16 . 2012-02-15 17:16 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-15 17:16 . 2012-02-15 17:16 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-15 17:16 . 2012-02-15 17:16 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-15 17:16 . 2012-02-15 17:16 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-15 17:16 . 2012-02-15 17:16 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-15 17:16 . 2012-02-15 17:16 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-15 17:16 . 2012-02-15 17:16 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-15 17:16 . 2012-02-15 17:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-15 17:16 . 2012-02-15 17:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-15 17:16 . 2012-02-15 17:16 367104 ----a-w- c:\windows\system32\html.iec
2012-02-15 17:16 . 2012-02-15 17:16 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-15 17:16 . 2012-02-15 17:16 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-15 17:16 . 2012-02-15 17:16 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-15 17:16 . 2012-02-15 17:16 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-15 17:16 . 2012-02-15 17:16 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-15 17:16 . 2012-02-15 17:16 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-15 17:16 . 2012-02-15 17:16 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-15 05:44 . 2012-03-13 18:02 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-13 18:02 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-13 18:02 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:41 . 2012-03-13 20:51 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-13 20:51 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-13 20:51 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-13 20:51 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-13 20:51 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-07 16:02 . 2012-02-07 16:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-01-10 06:18 . 2011-03-24 02:57 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fklogger.exe"="c:\program files\FKRMonitor\fklogger.exe" [2010-02-19 514560]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 253600]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 dmodusb;dmodusb;c:\windows\system32\DRIVERS\dmodusb.sys [2009-05-11 26240]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-28 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
snoopfreesvc
armoucfltr
ac97intc
GoBack2K
pdscheduler
alertservice
TMBMServer
puscsrvc
zpnodecollector
WLAN_USB
SRS_SSCFilter
acnusvc
MtxDma0
MASPINT
aswmon2
MSFWHLPR
NWHOST
wintab32
hibernation
naveng
mcp
z800bus
s117unic
NdisFilt
GVCplDrv
CX88ENC
LHidFilt
cqmgstor
pepifilter
CTDevice_Srv
backupexecnotificationserver
WmaCDriverV32
websenserealtimeanalyzer
umxfwhlp
W55U01
djsnetcn
CTAudSvcService
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 01:39]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2100668513-2013100433-1882734447-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-29 05:04]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2100668513-2013100433-1882734447-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-29 05:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://vbx.my-web-search.com/?hp=df
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fsbo4cgu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-NIRegistrationWizard - c:\program files\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3364)
c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-05-05 03:29:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-05 08:29
.
Pre-Run: 19,548,971,008 bytes free
Post-Run: 19,563,790,336 bytes free
.
- - End Of File - - B43D1750BD50BFBC67391407023459E3
  • 0

#4
maliprog
Posted 06 May 2012 - 11:23 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. This malware sometimes ruins internet connection as we try to remove it. Let's see where we stand and try to repair it.

Step 1

Please run Combofix one more time. After the scan make sure to restart your system and check your Internet connection. Post Combofix log after the scan too.

Step 2

Please delete your version of OTL and download new one from Here

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3

Please don't forget to include these items in your reply:


  • New OTL scan log
  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#5
soggywaffles
Posted 07 May 2012 - 07:52 PM

soggywaffles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Still no internet. It connects, but just has limited connectivity. Sorry about posting both logs on on post. Here is the Combofix log first.

ComboFix 12-05-03.03 - Owner 05/07/2012 15:21:32.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2960.1995 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB42299$
.
.
((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 )))))))))))))))))))))))))))))))
.
.
2012-05-07 20:30 . 2012-05-07 20:32 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-05-07 20:30 . 2012-05-07 20:30 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-05-07 20:30 . 2012-05-07 20:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-06 01:26 . 2012-05-06 01:30 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-05-06 00:58 . 2012-05-06 00:58 -------- d-----w- c:\program files\Xirrus
2012-05-06 00:57 . 2012-05-06 00:57 -------- d-----w- c:\users\Owner\AppData\Roaming\Xirrus
2012-05-05 19:45 . 2012-05-05 19:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-04 17:47 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4750100C-816B-4A2E-969E-015232876F5B}\mpengine.dll
2012-05-04 06:33 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-05-02 05:55 . 2012-05-02 05:55 -------- d-----w- c:\users\Owner\AppData\Roaming\XBMC
2012-05-02 05:55 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-05-02 05:55 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-05-02 05:53 . 2012-05-02 05:54 -------- d-----w- c:\program files\XBMC
2012-04-26 05:49 . 2012-04-26 05:49 -------- d-----w- c:\program files\iPod
2012-04-26 05:49 . 2012-04-26 05:54 -------- d-----w- c:\program files\iTunes
2012-04-14 07:48 . 2012-04-14 08:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-14 07:48 . 2012-04-14 07:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-11 23:57 . 2012-04-11 23:57 -------- d-----w- c:\program files\Common Files\Java
2012-04-11 16:54 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 16:54 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 16:54 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 16:54 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 16:53 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 16:53 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-09 03:23 . 2012-04-09 03:23 -------- d-----w- c:\windows\system32\mfcdlls
2012-04-09 03:23 . 2000-07-21 14:23 570128 ----a-w- c:\program files\Common Files\Microsoft Shared\DAO\mfcdlls\dao350.dll
2012-04-09 03:22 . 2012-04-09 03:22 -------- d-----w- C:\OrCAD
2012-04-09 03:15 . 2012-04-09 03:15 -------- d-----w- c:\program files\Common Files\Business Objects
2012-04-09 03:15 . 2012-04-09 03:15 -------- d-----w- c:\program files\Business Objects
2012-04-09 03:07 . 2012-04-09 03:07 -------- d-----w- C:\Cadence
2012-04-09 02:26 . 2012-04-09 02:26 -------- d-----w- c:\program files\OUP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 23:55 . 2010-12-11 06:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:56 . 2012-04-02 05:32 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-28 01:39 . 2012-03-28 01:39 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-28 01:39 . 2011-05-18 17:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 15:18 . 2010-03-12 08:07 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 17:16 . 2012-02-15 17:16 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-15 17:16 . 2012-02-15 17:16 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-15 17:16 . 2012-02-15 17:16 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-15 17:16 . 2012-02-15 17:16 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-15 17:16 . 2012-02-15 17:16 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-15 17:16 . 2012-02-15 17:16 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-15 17:16 . 2012-02-15 17:16 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-15 17:16 . 2012-02-15 17:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-15 17:16 . 2012-02-15 17:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-15 17:16 . 2012-02-15 17:16 367104 ----a-w- c:\windows\system32\html.iec
2012-02-15 17:16 . 2012-02-15 17:16 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-15 17:16 . 2012-02-15 17:16 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-15 17:16 . 2012-02-15 17:16 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-15 17:16 . 2012-02-15 17:16 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-15 17:16 . 2012-02-15 17:16 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-15 17:16 . 2012-02-15 17:16 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-15 17:16 . 2012-02-15 17:16 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-15 05:44 . 2012-03-13 18:02 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22 . 2012-03-13 18:02 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22 . 2012-03-13 18:02 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:41 . 2012-03-13 20:51 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41 . 2012-03-13 20:51 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-13 20:51 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-13 20:51 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41 . 2012-03-13 20:51 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-01-10 06:18 . 2011-03-24 02:57 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-05_08.17.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-12 07:08 . 2012-05-06 01:34 45022 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-05-07 20:22 39342 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-08 20:03 . 2012-05-05 20:17 12146 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2100668513-2013100433-1882734447-1000_UserData.bin
+ 2009-07-14 04:34 . 2012-05-06 01:29 78720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:34 . 2012-05-03 06:04 78720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-05-06 00:58 . 2012-05-06 00:58 14534 c:\windows\Installer\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}\SystemFoldermsiexec.exe
- 2012-05-05 07:57 . 2012-05-05 08:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-07 20:20 . 2012-05-07 20:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-05 07:57 . 2012-05-05 08:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-07 20:20 . 2012-05-07 20:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-06 00:59 . 2012-05-06 00:59 102400 c:\windows\winsxs\x86_microsoft.vc80.debugopenmp_1fc8b3b9a1e18e3b_8.0.50727.6195_none_64bcaee736878917\vcompd.dll
+ 2012-05-06 00:59 . 2012-05-06 00:59 102912 c:\windows\winsxs\x86_microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_e9870308fd3b9210\mfcm80ud.dll
+ 2012-05-06 00:59 . 2012-05-06 00:59 114688 c:\windows\winsxs\x86_microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_e9870308fd3b9210\mfcm80d.dll
+ 2010-03-13 19:52 . 2012-05-06 20:40 401452 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-02-27 01:59 . 2012-05-06 23:56 412948 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:05 . 2012-05-05 08:03 632462 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2012-05-06 01:01 632462 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2012-05-06 01:01 110410 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2012-05-05 08:03 110410 c:\windows\System32\perfc009.dat
- 2010-02-26 23:59 . 2012-05-05 07:28 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-02-26 23:59 . 2012-05-07 20:26 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-02-27 01:07 . 2012-05-07 20:26 606208 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-27 01:07 . 2012-05-05 07:54 606208 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:47 . 2012-05-07 20:15 390336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2012-05-05 07:56 390336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-06 00:58 . 2012-05-06 00:58 292878 c:\windows\Installer\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}\xirruswifiinspectorguide.exe
+ 2012-05-06 00:58 . 2012-05-06 00:58 101104 c:\windows\Installer\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}\Xirrus_v1.exe
+ 2012-05-06 00:59 . 2012-05-06 00:59 2408448 c:\windows\winsxs\x86_microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_e9870308fd3b9210\mfc80ud.dll
+ 2012-05-06 00:59 . 2012-05-06 00:59 2404352 c:\windows\winsxs\x86_microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_e9870308fd3b9210\mfc80d.dll
+ 2012-05-06 00:59 . 2012-05-06 00:59 1175552 c:\windows\winsxs\x86_microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_e4a70117006762dd\msvcr80d.dll
+ 2012-05-06 00:59 . 2012-05-06 00:59 1036288 c:\windows\winsxs\x86_microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_e4a70117006762dd\msvcp80d.dll
+ 2012-05-06 00:59 . 2012-05-06 00:59 1015808 c:\windows\winsxs\x86_microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_e4a70117006762dd\msvcm80d.dll
- 2009-07-14 02:03 . 2012-05-04 17:57 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:03 . 2012-05-06 00:59 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2010-02-27 01:07 . 2012-05-05 07:54 4456448 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-27 01:07 . 2012-05-07 20:26 4456448 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:34 . 2012-05-02 21:44 3802445 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2012-05-06 01:20 3802445 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-04-03 07:23 . 2012-05-06 00:00 2035248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2100668513-2013100433-1882734447-1000-12288.dat
- 2009-07-14 04:41 . 2012-05-05 07:54 16187392 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2012-05-07 20:26 16187392 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-23 23:50 . 2012-05-05 07:56 59277616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2100668513-2013100433-1882734447-1000-8192.dat
+ 2011-03-23 23:50 . 2012-05-06 01:15 59277616 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2100668513-2013100433-1882734447-1000-8192.dat
+ 2012-05-06 00:57 . 2012-05-06 00:57 10356224 c:\windows\Installer\21e794.msi
+ 2011-05-20 17:57 . 2012-05-06 00:59 148609197 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fklogger.exe"="c:\program files\FKRMonitor\fklogger.exe" [2010-02-19 514560]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 253600]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 dmodusb;dmodusb;c:\windows\system32\DRIVERS\dmodusb.sys [2009-05-11 26240]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-28 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2009-07-13 214016]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
snoopfreesvc
armoucfltr
ac97intc
GoBack2K
pdscheduler
alertservice
TMBMServer
puscsrvc
zpnodecollector
WLAN_USB
SRS_SSCFilter
acnusvc
MtxDma0
MASPINT
aswmon2
MSFWHLPR
NWHOST
wintab32
hibernation
naveng
mcp
z800bus
s117unic
NdisFilt
GVCplDrv
CX88ENC
LHidFilt
cqmgstor
pepifilter
CTDevice_Srv
backupexecnotificationserver
WmaCDriverV32
websenserealtimeanalyzer
umxfwhlp
W55U01
djsnetcn
CTAudSvcService
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 01:39]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2100668513-2013100433-1882734447-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-29 05:04]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2100668513-2013100433-1882734447-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-29 05:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://vbx.my-web-search.com/?hp=df
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fsbo4cgu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3608)
c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-05-07 15:42:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-07 20:42
ComboFix2.txt 2012-05-05 08:29
.
Pre-Run: 19,982,090,240 bytes free
Post-Run: 19,862,585,344 bytes free
.
- - End Of File - - EEE4C411C50500AEC752CA184EEE55A4
  • 0

#6
soggywaffles
Posted 07 May 2012 - 07:53 PM

soggywaffles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
New OTL log

OTL logfile created on: 5/7/2012 8:45:36 PM - Run 3
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Owner\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.89 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 62.54% Memory free
5.78 Gb Paging File | 4.69 Gb Available in Paging File | 81.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119.14 Gb Total Space | 18.64 Gb Free Space | 15.65% Space Free | Partition Type: NTFS
Drive E: | 3.67 Gb Total Space | 2.98 Gb Free Space | 81.21% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cbfdbf9ed05f520f449102c086841ac4\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8e47bcd69923f39c010b285d0681b795\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\cdc38572fd6c34cb3033fb419eff3639\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\c06a0517281bb4a9c7fcaeb58d38cd63\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()


========== Win32 Services (SafeList) ==========

SRV - (zpnodecollector) -- %systemroot%\system32\atikmdag.dll File not found
SRV - (z800bus) -- %systemroot%\system32\HPFXBULK.dll File not found
SRV - (WmaCDriverV32) -- %systemroot%\system32\odserv.dll File not found
SRV - (WLAN_USB) -- %systemroot%\system32\audstub.dll File not found
SRV - (wintab32) -- %systemroot%\system32\sr_watchdog.dll File not found
SRV - (websenserealtimeanalyzer) -- %systemroot%\system32\PBADRV.dll File not found
SRV - (W55U01) -- %systemroot%\system32\fsbwsys.dll File not found
SRV - (umxfwhlp) -- %systemroot%\system32\sshrmd.dll File not found
SRV - (TMBMServer) -- %systemroot%\system32\USBDeviceService.dll File not found
SRV - (SRS_SSCFilter) -- %systemroot%\system32\NTIDrvr.dll File not found
SRV - (snoopfreesvc) -- %systemroot%\system32\wpdusb.dll File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (s117unic) -- %systemroot%\system32\smservaz.dll File not found
SRV - (puscsrvc) -- %systemroot%\system32\W8335XP.dll File not found
SRV - (pepifilter) -- %systemroot%\system32\FETNDIS.dll File not found
SRV - (pdscheduler) -- %systemroot%\system32\starwindservice.dll File not found
SRV - (OpcEnum) -- C:\Windows\system32\OpcEnum.exe File not found
SRV - (NWHOST) -- %systemroot%\system32\PhilCam8116_XP.dll File not found
SRV - (naveng) -- %systemroot%\system32\PGPdisk.dll File not found
SRV - (MSFWHLPR) -- %systemroot%\system32\kservice.dll File not found
SRV - (mcp) -- %systemroot%\system32\tvtpktfilter.dll File not found
SRV - (MASPINT) -- %systemroot%\system32\tbhsd.dll File not found
SRV - (LHidFilt) -- %systemroot%\system32\vgasave.dll File not found
SRV - (hibernation) -- %systemroot%\system32\nipsvc.dll File not found
SRV - (GVCplDrv) -- %systemroot%\system32\GTWModem.dll File not found
SRV - (GoBack2K) -- %systemroot%\system32\tsscoreservice.dll File not found
SRV - (djsnetcn) -- %systemroot%\system32\w810obex.dll File not found
SRV - (CX88ENC) -- %systemroot%\system32\cfosspeed.dll File not found
SRV - (CTDevice_Srv) -- %systemroot%\system32\w200bus.dll File not found
SRV - (CTAudSvcService) -- %systemroot%\system32\marvinbus.dll File not found
SRV - (cqmgstor) -- %systemroot%\system32\VRcore.dll File not found
SRV - (backupexecnotificationserver) -- %systemroot%\system32\roxupnpserver.dll File not found
SRV - (aswmon2) -- %systemroot%\system32\eskerlicensecontrol.dll File not found
SRV - (armoucfltr) -- %systemroot%\system32\hsvcmod.dll File not found
SRV - (alertservice) -- %systemroot%\system32\asp.net_2.0.50727.dll File not found
SRV - (acnusvc) -- %systemroot%\system32\marvinbus.dll File not found
SRV - (ac97intc) -- %systemroot%\system32\WBHWDOCT.dll File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)


========== Driver Services (SafeList) ==========

DRV - (mcdbus) -- system32\DRIVERS\mcdbus.sys File not found
DRV - (cpuz132) -- C:\Users\Owner\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (catchme) -- C:\Users\Owner\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (XilinxPC4Driver) -- C:\Windows\System32\drivers\xpc4drvr.sys (Xilinx, Inc.)
DRV - (AFD) -- C:\Windows\System32\drivers\afd.sys ()
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (dmodusb) -- C:\Windows\System32\drivers\dmodusb.sys (Windows ® Codename Longhorn DDK provider)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vbx.my-web-search.com/?hp=df
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 0A B2 5A D9 E9 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=BBLN&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/27 20:30:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/10 01:18:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/07 02:20:10 | 000,000,000 | ---D | M]

[2010/03/12 03:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2012/01/08 23:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\fsbo4cgu.default\extensions
[2010/10/02 01:35:05 | 000,001,832 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fsbo4cgu.default\searchplugins\bing.xml
[2011/03/26 11:10:09 | 000,001,581 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fsbo4cgu.default\searchplugins\web-search.xml
[2012/04/11 18:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/11 18:55:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/27 20:30:37 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/01/08 23:24:19 | 000,377,600 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FSBO4CGU.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012/01/10 01:18:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/11 18:55:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 04:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011/10/03 02:55:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/13 14:22:42 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: vshare plugin = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/07 15:32:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [fklogger.exe] C:\Program Files\FKRMonitor\fklogger.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/07 20:43:52 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/05/07 15:40:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/07 15:30:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/07 15:30:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/05/07 15:09:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New folder
[2012/05/05 20:26:55 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/05/05 19:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\Xirrus
[2012/05/05 19:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
[2012/05/05 19:57:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Xirrus
[2012/05/05 14:45:11 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/05 02:17:46 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/05/04 01:03:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/04 01:01:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/04 01:01:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/04 01:01:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/04 01:01:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/04 00:59:49 | 004,483,323 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/05/02 00:55:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\XBMC
[2012/05/02 00:54:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
[2012/05/02 00:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\XBMC
[2012/04/26 00:54:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/26 00:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/26 00:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/14 02:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/14 02:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/14 02:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/04/11 18:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/08 23:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OrCAD 16.2
[2012/04/08 22:23:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\mfcdlls
[2012/04/08 22:22:00 | 000,000,000 | ---D | C] -- C:\OrCAD
[2012/04/08 22:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Business Objects
[2012/04/08 22:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2012/04/08 22:14:09 | 000,000,000 | ---D | C] -- C:\OrCAD_Data
[2012/04/08 22:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cadence
[2012/04/08 22:07:09 | 000,000,000 | ---D | C] -- C:\Cadence
[2012/04/08 21:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\OUP

========== Files - Modified Within 30 Days ==========

[2012/05/07 20:42:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/05/07 20:41:05 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 20:41:05 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 20:40:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/07 15:44:45 | 2327,760,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/07 15:32:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/07 15:20:14 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/05/05 20:31:44 | 000,000,042 | ---- | M] () -- C:\repairs_running.dat
[2012/05/05 20:01:24 | 000,632,462 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/05 20:01:24 | 000,110,410 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/05 19:58:57 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2012/05/05 19:58:57 | 000,001,202 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Xirrus Wi-Fi Inspector.lnk
[2012/05/05 02:57:12 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/05 02:23:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2100668513-2013100433-1882734447-1000UA.job
[2012/05/05 02:18:20 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/05/04 20:36:08 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2100668513-2013100433-1882734447-1000Core.job
[2012/05/04 01:00:08 | 004,483,323 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/04/26 09:56:45 | 000,002,503 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/04/15 12:24:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/04/15 12:24:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/04/14 03:34:41 | 000,000,093 | ---- | M] () -- C:\Windows\wininit.ini
[2012/04/08 23:17:13 | 000,000,258 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/04/08 22:17:09 | 000,017,486 | ---- | M] () -- C:\Windows\System32\drivers\etc\services

========== Files Created - No Company Name ==========

[2012/05/07 15:20:14 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/05/05 20:31:17 | 000,000,042 | ---- | C] () -- C:\repairs_running.dat
[2012/05/05 19:58:57 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2012/05/05 19:58:57 | 000,001,202 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Xirrus Wi-Fi Inspector.lnk
[2012/05/04 01:01:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/04 01:01:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/04 01:01:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/04 01:01:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/04 01:01:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/15 12:24:34 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/04/15 12:24:34 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/04/14 03:34:41 | 000,000,093 | ---- | C] () -- C:\Windows\wininit.ini
[2012/04/08 23:17:13 | 000,000,258 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/10 14:17:32 | 000,000,038 | ---- | C] () -- C:\ProgramData\ukm10t.uc
[2011/11/25 19:16:19 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2011/06/16 12:20:07 | 000,338,944 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2011/03/31 09:01:41 | 000,010,244 | -HS- | C] () -- C:\Users\Owner\AppData\Local\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub
[2011/03/31 09:01:41 | 000,010,244 | -HS- | C] () -- C:\ProgramData\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub
[2011/03/20 04:16:53 | 000,000,179 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\default.rss
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

========== LOP Check ==========

[2011/02/01 01:31:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2012/03/05 00:49:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Digilent
[2012/05/07 15:45:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2010/10/21 03:20:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FKRMonitor
[2011/12/04 00:16:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FK_Monitor
[2010/08/15 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FreeAudioPack
[2011/10/18 21:59:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Logic Minimizer
[2011/06/28 01:59:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2010/06/17 08:30:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Research In Motion
[2011/12/09 18:37:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ShurikSoft
[2012/05/04 00:17:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
[2012/04/15 08:04:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2010/03/12 03:08:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Western Digital
[2012/05/02 00:55:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\XBMC
[2012/03/05 00:54:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Xilinx
[2012/05/05 19:57:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Xirrus
[2012/05/07 15:44:55 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#7
maliprog
Posted 07 May 2012 - 11:28 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You have two infected drivers on your system. We'll try to find backup and restore them.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/03/31 09:01:41 | 000,010,244 | -HS- | C] () -- C:\Users\Owner\AppData\Local\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub
    [2011/03/31 09:01:41 | 000,010,244 | -HS- | C] () -- C:\ProgramData\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub

    :Files
    ipconfig /flushdns /c
    netsh winsock reset /c
    netsh winsock reset catalog /c
    netsh int ip reset reset.log /c

    :Commands
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Make sure to restart your system after this step and see if you get your internet connection back.

Step 2

Run OTL again

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

/md5start
pdlndldl.*
afd.*
/md5stop

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me
Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply
Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • OTL new scan log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#8
soggywaffles
Posted 08 May 2012 - 05:19 PM

soggywaffles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
First OTL log. Internet is still connecting, but limited activity.

========== OTL ==========
C:\Users\Owner\AppData\Local\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub moved successfully.
C:\ProgramData\1pu4igwom771p2571ra12y7fk5447qc4010k6c3cbv2p5ub moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< netsh winsock reset /c >
The system cannot find the file specified.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< netsh winsock reset catalog /c >
The system cannot find the file specified.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
< netsh int ip reset reset.log /c >
Reseting Interface, OK!
Restart the computer to complete this action.
C:\Users\Owner\Desktop\cmd.bat deleted successfully.
C:\Users\Owner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.42.3 log created on 05082012_175449

Edited by soggywaffles, 08 May 2012 - 05:19 PM.

  • 0

#9
soggywaffles
Posted 08 May 2012 - 05:20 PM

soggywaffles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Second OTL log.

OTL logfile created on: 5/8/2012 6:04:48 PM - Run 4
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Owner\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.89 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 64.10% Memory free
5.78 Gb Paging File | 4.74 Gb Available in Paging File | 82.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119.14 Gb Total Space | 18.65 Gb Free Space | 15.65% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cbfdbf9ed05f520f449102c086841ac4\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8e47bcd69923f39c010b285d0681b795\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\cdc38572fd6c34cb3033fb419eff3639\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\0794d7af09099432ebfb51af1d7f15ae\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\c06a0517281bb4a9c7fcaeb58d38cd63\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll ()
MOD - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll ()
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (zpnodecollector) -- %systemroot%\system32\atikmdag.dll File not found
SRV - (z800bus) -- %systemroot%\system32\HPFXBULK.dll File not found
SRV - (WmaCDriverV32) -- %systemroot%\system32\odserv.dll File not found
SRV - (WLAN_USB) -- %systemroot%\system32\audstub.dll File not found
SRV - (wintab32) -- %systemroot%\system32\sr_watchdog.dll File not found
SRV - (websenserealtimeanalyzer) -- %systemroot%\system32\PBADRV.dll File not found
SRV - (W55U01) -- %systemroot%\system32\fsbwsys.dll File not found
SRV - (umxfwhlp) -- %systemroot%\system32\sshrmd.dll File not found
SRV - (TMBMServer) -- %systemroot%\system32\USBDeviceService.dll File not found
SRV - (SRS_SSCFilter) -- %systemroot%\system32\NTIDrvr.dll File not found
SRV - (snoopfreesvc) -- %systemroot%\system32\wpdusb.dll File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (s117unic) -- %systemroot%\system32\smservaz.dll File not found
SRV - (puscsrvc) -- %systemroot%\system32\W8335XP.dll File not found
SRV - (pepifilter) -- %systemroot%\system32\FETNDIS.dll File not found
SRV - (pdscheduler) -- %systemroot%\system32\starwindservice.dll File not found
SRV - (OpcEnum) -- C:\Windows\system32\OpcEnum.exe File not found
SRV - (NWHOST) -- %systemroot%\system32\PhilCam8116_XP.dll File not found
SRV - (naveng) -- %systemroot%\system32\PGPdisk.dll File not found
SRV - (MSFWHLPR) -- %systemroot%\system32\kservice.dll File not found
SRV - (mcp) -- %systemroot%\system32\tvtpktfilter.dll File not found
SRV - (MASPINT) -- %systemroot%\system32\tbhsd.dll File not found
SRV - (LHidFilt) -- %systemroot%\system32\vgasave.dll File not found
SRV - (hibernation) -- %systemroot%\system32\nipsvc.dll File not found
SRV - (GVCplDrv) -- %systemroot%\system32\GTWModem.dll File not found
SRV - (GoBack2K) -- %systemroot%\system32\tsscoreservice.dll File not found
SRV - (djsnetcn) -- %systemroot%\system32\w810obex.dll File not found
SRV - (CX88ENC) -- %systemroot%\system32\cfosspeed.dll File not found
SRV - (CTDevice_Srv) -- %systemroot%\system32\w200bus.dll File not found
SRV - (CTAudSvcService) -- %systemroot%\system32\marvinbus.dll File not found
SRV - (cqmgstor) -- %systemroot%\system32\VRcore.dll File not found
SRV - (backupexecnotificationserver) -- %systemroot%\system32\roxupnpserver.dll File not found
SRV - (aswmon2) -- %systemroot%\system32\eskerlicensecontrol.dll File not found
SRV - (armoucfltr) -- %systemroot%\system32\hsvcmod.dll File not found
SRV - (alertservice) -- %systemroot%\system32\asp.net_2.0.50727.dll File not found
SRV - (acnusvc) -- %systemroot%\system32\marvinbus.dll File not found
SRV - (ac97intc) -- %systemroot%\system32\WBHWDOCT.dll File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)


========== Driver Services (SafeList) ==========

DRV - (mcdbus) -- system32\DRIVERS\mcdbus.sys File not found
DRV - (cpuz132) -- C:\Users\Owner\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (catchme) -- C:\Users\Owner\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (XilinxPC4Driver) -- C:\Windows\System32\drivers\xpc4drvr.sys (Xilinx, Inc.)
DRV - (AFD) -- C:\Windows\System32\drivers\afd.sys ()
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (dmodusb) -- C:\Windows\System32\drivers\dmodusb.sys (Windows ® Codename Longhorn DDK provider)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vbx.my-web-search.com/?hp=df
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 0A B2 5A D9 E9 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/...TDF&PC=BBLN&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/27 20:30:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/10 01:18:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/07 02:20:10 | 000,000,000 | ---D | M]

[2010/03/12 03:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2012/01/08 23:24:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\fsbo4cgu.default\extensions
[2010/10/02 01:35:05 | 000,001,832 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fsbo4cgu.default\searchplugins\bing.xml
[2011/03/26 11:10:09 | 000,001,581 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fsbo4cgu.default\searchplugins\web-search.xml
[2012/04/11 18:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/11 18:55:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/27 20:30:37 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/01/08 23:24:19 | 000,377,600 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FSBO4CGU.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012/01/10 01:18:24 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/11 18:55:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 04:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011/10/03 02:55:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/13 14:22:42 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: vshare plugin = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/07 15:32:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [fklogger.exe] C:\Program Files\FKRMonitor\fklogger.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/08 17:54:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/07 20:43:52 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/05/07 15:40:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/07 15:30:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/07 15:30:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/05/07 15:09:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\New folder
[2012/05/05 20:26:55 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/05/05 19:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\Xirrus
[2012/05/05 19:58:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus
[2012/05/05 19:57:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Xirrus
[2012/05/05 14:45:11 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/05 02:17:46 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/05/04 01:03:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/04 01:01:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/04 01:01:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/04 01:01:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/04 01:01:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/04 00:59:49 | 004,483,323 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/05/02 00:55:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\XBMC
[2012/05/02 00:54:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
[2012/05/02 00:53:30 | 000,000,000 | ---D | C] -- C:\Program Files\XBMC
[2012/04/26 00:54:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/26 00:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/26 00:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/14 02:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/14 02:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/14 02:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/04/11 18:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/08 23:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OrCAD 16.2
[2012/04/08 22:23:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\mfcdlls
[2012/04/08 22:22:00 | 000,000,000 | ---D | C] -- C:\OrCAD
[2012/04/08 22:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Business Objects
[2012/04/08 22:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2012/04/08 22:14:09 | 000,000,000 | ---D | C] -- C:\OrCAD_Data
[2012/04/08 22:07:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cadence
[2012/04/08 22:07:09 | 000,000,000 | ---D | C] -- C:\Cadence
[2012/04/08 21:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\OUP

========== Files - Modified Within 30 Days ==========

[2012/05/08 18:02:54 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 18:02:54 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/08 17:55:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/08 17:55:40 | 2327,760,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/07 20:42:24 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/05/07 15:32:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/07 15:20:14 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/05/05 20:31:44 | 000,000,042 | ---- | M] () -- C:\repairs_running.dat
[2012/05/05 20:01:24 | 000,632,462 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/05 20:01:24 | 000,110,410 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/05 19:58:57 | 000,001,224 | ---- | M] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2012/05/05 19:58:57 | 000,001,202 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Xirrus Wi-Fi Inspector.lnk
[2012/05/05 02:57:12 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/05 02:23:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2100668513-2013100433-1882734447-1000UA.job
[2012/05/05 02:18:20 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Owner\Desktop\tdsskiller.exe
[2012/05/04 20:36:08 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2100668513-2013100433-1882734447-1000Core.job
[2012/05/04 01:00:08 | 004,483,323 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
[2012/04/26 09:56:45 | 000,002,503 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/04/15 12:24:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/04/15 12:24:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/04/14 03:34:41 | 000,000,093 | ---- | M] () -- C:\Windows\wininit.ini
[2012/04/08 23:17:13 | 000,000,258 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/04/08 22:17:09 | 000,017,486 | ---- | M] () -- C:\Windows\System32\drivers\etc\services

========== Files Created - No Company Name ==========

[2012/05/07 15:20:14 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/05/05 20:31:17 | 000,000,042 | ---- | C] () -- C:\repairs_running.dat
[2012/05/05 19:58:57 | 000,001,224 | ---- | C] () -- C:\Users\Public\Desktop\Xirrus Wi-Fi Inspector.lnk
[2012/05/05 19:58:57 | 000,001,202 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Xirrus Wi-Fi Inspector.lnk
[2012/05/04 01:01:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/04 01:01:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/04 01:01:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/04 01:01:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/04 01:01:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/15 12:24:34 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/04/15 12:24:34 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/04/14 03:34:41 | 000,000,093 | ---- | C] () -- C:\Windows\wininit.ini
[2012/04/08 23:17:13 | 000,000,258 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/10 14:17:32 | 000,000,038 | ---- | C] () -- C:\ProgramData\ukm10t.uc
[2011/11/25 19:16:19 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2011/06/16 12:20:07 | 000,338,944 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2011/03/20 04:16:53 | 000,000,179 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\default.rss
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

========== LOP Check ==========

[2011/02/01 01:31:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2012/03/05 00:49:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Digilent
[2012/05/08 17:56:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2010/10/21 03:20:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FKRMonitor
[2011/12/04 00:16:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FK_Monitor
[2010/08/15 15:09:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FreeAudioPack
[2011/10/18 21:59:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Logic Minimizer
[2011/06/28 01:59:39 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2010/06/17 08:30:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Research In Motion
[2011/12/09 18:37:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ShurikSoft
[2012/05/04 00:17:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Spotify
[2012/04/15 08:04:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2010/03/12 03:08:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Western Digital
[2012/05/02 00:55:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\XBMC
[2012/03/05 00:54:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Xilinx
[2012/05/05 19:57:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Xirrus
[2012/05/08 17:55:48 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: AFD.SVS >
[2011/04/24 22:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\System32\drivers\afd.svs

< MD5 for: AFD.SYS >
[2010/11/20 03:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011/04/24 21:35:40 | 000,338,944 | ---- | M] () MD5=3399BA25B53DE355C41F30E5B74F11CF -- C:\Windows\System32\drivers\afd.sys
[2011/04/24 21:35:40 | 000,338,944 | ---- | M] () MD5=3399BA25B53DE355C41F30E5B74F11CF -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2011/04/24 21:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011/04/24 21:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011/04/24 22:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009/07/13 18:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys

< MD5 for: AFD.SYS.MUI >
[2009/07/13 21:08:38 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=2F1E1E5CE5927E156F0B30163119960D -- C:\Windows\System32\drivers\en-US\afd.sys.mui
[2009/07/13 21:08:38 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=2F1E1E5CE5927E156F0B30163119960D -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4bbf167edfba3058\afd.sys.mui

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#10
soggywaffles
Posted 08 May 2012 - 05:27 PM

soggywaffles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-08 18:14:36
-----------------------------
18:14:36.732 OS Version: Windows 6.1.7600
18:14:36.732 Number of processors: 2 586 0x170A
18:14:36.748 ComputerName: OWNER-PC UserName: Owner
18:14:39.665 Initialize success
18:14:57.090 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:14:57.090 Disk 0 Vendor: SAMSUNG_ VBM1 Size: 122104MB BusType: 8
18:14:57.106 Disk 0 MBR read successfully
18:14:57.106 Disk 0 MBR scan
18:14:57.106 Disk 0 Windows 7 default MBR code
18:14:57.106 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:14:57.121 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
18:14:57.121 Disk 0 scanning sectors +250066944
18:14:57.137 Disk 0 scanning C:\Windows\system32\drivers
18:14:59.539 Service scanning
18:15:05.748 Modules scanning
18:15:11.395 Disk 0 trace - called modules:
18:15:11.426 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorV.sys halmacpi.dll
18:15:11.426 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87680030]
18:15:11.442 3 CLASSPNP.SYS[8bfa659e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86c60028]
18:15:11.458 Scan finished successfully
18:17:06.399 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
18:17:06.414 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   560bytes   97 downloads

Edited by soggywaffles, 08 May 2012 - 05:31 PM.

  • 0

Advertisements

#11
maliprog
Posted 08 May 2012 - 11:33 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
We still have work to do. Restart your system after all steps and check your internet connection. Let me know results.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Files
    C:\Windows\System32\drivers\afd.sys|C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys /replace

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please run TDSSKiller one more time and post log as you did first time.

Step 3

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • TDSSKiller log
  • FSS log
It would be helpful if you could post each log in separate post
  • 0

#12
soggywaffles
Posted 09 May 2012 - 01:34 PM

soggywaffles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
New OTL

========== OTL ==========
========== FILES ==========
Unable to replace file: C:\Windows\System32\drivers\afd.sys with C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys without a reboot.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.42.3 log created on 05092012_142732

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#13
soggywaffles
Posted 09 May 2012 - 01:39 PM

soggywaffles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
14:37:29.0823 1468 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
14:37:29.0838 1468 ============================================================
14:37:29.0838 1468 Current date / time: 2012/05/09 14:37:29.0838
14:37:29.0838 1468 SystemInfo:
14:37:29.0838 1468
14:37:29.0838 1468 OS Version: 6.1.7600 ServicePack: 0.0
14:37:29.0838 1468 Product type: Workstation
14:37:29.0838 1468 ComputerName: OWNER-PC
14:37:29.0838 1468 UserName: Owner
14:37:29.0838 1468 Windows directory: C:\Windows
14:37:29.0838 1468 System windows directory: C:\Windows
14:37:29.0838 1468 Processor architecture: Intel x86
14:37:29.0838 1468 Number of processors: 2
14:37:29.0838 1468 Page size: 0x1000
14:37:29.0838 1468 Boot type: Normal boot
14:37:29.0838 1468 ============================================================
14:37:30.0774 1468 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:37:30.0774 1468 ============================================================
14:37:30.0774 1468 \Device\Harddisk0\DR0:
14:37:30.0774 1468 MBR partitions:
14:37:30.0774 1468 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:37:30.0774 1468 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
14:37:30.0774 1468 ============================================================
14:37:30.0774 1468 C: <-> \Device\Harddisk0\DR0\Partition1
14:37:30.0774 1468 ============================================================
14:37:30.0774 1468 Initialize success
14:37:30.0774 1468 ============================================================
14:37:41.0804 1652 ============================================================
14:37:41.0804 1652 Scan started
14:37:41.0804 1652 Mode: Manual; SigCheck; TDLFS;
14:37:41.0804 1652 ============================================================
14:37:43.0879 1652 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
14:37:43.0957 1652 1394ohci - ok
14:37:44.0362 1652 ac97intc - ok
14:37:44.0378 1652 acnusvc - ok
14:37:44.0409 1652 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
14:37:44.0440 1652 ACPI - ok
14:37:44.0456 1652 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
14:37:44.0503 1652 AcpiPmi - ok
14:37:44.0518 1652 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:37:44.0549 1652 AdobeFlashPlayerUpdateSvc - ok
14:37:44.0581 1652 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
14:37:44.0627 1652 adp94xx - ok
14:37:44.0659 1652 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
14:37:44.0690 1652 adpahci - ok
14:37:44.0705 1652 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
14:37:44.0752 1652 adpu320 - ok
14:37:44.0768 1652 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
14:37:44.0799 1652 AeLookupSvc - ok
14:37:44.0830 1652 AFD (3399ba25b53de355c41f30e5b74f11cf) C:\Windows\system32\drivers\afd.sys
14:37:44.0830 1652 AFD ( Virus.Win32.ZAccess.c ) - infected
14:37:44.0830 1652 AFD - detected Virus.Win32.ZAccess.c (0)
14:37:44.0846 1652 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
14:37:44.0877 1652 agp440 - ok
14:37:44.0893 1652 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
14:37:44.0924 1652 aic78xx - ok
14:37:44.0924 1652 alertservice - ok
14:37:44.0939 1652 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
14:37:44.0971 1652 ALG - ok
14:37:44.0986 1652 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
14:37:45.0017 1652 aliide - ok
14:37:45.0017 1652 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
14:37:45.0049 1652 amdagp - ok
14:37:45.0064 1652 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
14:37:45.0095 1652 amdide - ok
14:37:45.0111 1652 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
14:37:45.0142 1652 AmdK8 - ok
14:37:45.0158 1652 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
14:37:45.0205 1652 AmdPPM - ok
14:37:45.0205 1652 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
14:37:45.0251 1652 amdsata - ok
14:37:45.0267 1652 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
14:37:45.0298 1652 amdsbs - ok
14:37:45.0298 1652 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
14:37:45.0314 1652 amdxata - ok
14:37:45.0329 1652 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
14:37:45.0345 1652 AppID - ok
14:37:45.0361 1652 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
14:37:45.0392 1652 AppIDSvc - ok
14:37:45.0407 1652 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
14:37:45.0423 1652 Appinfo - ok
14:37:45.0439 1652 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:37:45.0454 1652 Apple Mobile Device - ok
14:37:45.0470 1652 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
14:37:45.0485 1652 arc - ok
14:37:45.0501 1652 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
14:37:45.0532 1652 arcsas - ok
14:37:45.0532 1652 armoucfltr - ok
14:37:45.0548 1652 aswmon2 - ok
14:37:45.0548 1652 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:37:45.0626 1652 AsyncMac - ok
14:37:45.0626 1652 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
14:37:45.0641 1652 atapi - ok
14:37:45.0673 1652 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
14:37:45.0719 1652 AudioEndpointBuilder - ok
14:37:45.0735 1652 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
14:37:45.0782 1652 Audiosrv - ok
14:37:45.0797 1652 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
14:37:45.0829 1652 AxInstSV - ok
14:37:45.0844 1652 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
14:37:45.0875 1652 b06bdrv - ok
14:37:45.0875 1652 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:37:45.0907 1652 b57nd60x - ok
14:37:45.0907 1652 backupexecnotificationserver - ok
14:37:45.0938 1652 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
14:37:45.0953 1652 BBSvc - ok
14:37:45.0969 1652 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
14:37:45.0985 1652 BDESVC - ok
14:37:46.0000 1652 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:37:46.0047 1652 Beep - ok
14:37:46.0063 1652 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
14:37:46.0125 1652 BFE - ok
14:37:46.0156 1652 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
14:37:46.0219 1652 BITS - ok
14:37:46.0234 1652 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
14:37:46.0250 1652 blbdrive - ok
14:37:46.0281 1652 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:37:46.0297 1652 Bonjour Service - ok
14:37:46.0297 1652 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
14:37:46.0328 1652 bowser - ok
14:37:46.0328 1652 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:37:46.0343 1652 BrFiltLo - ok
14:37:46.0343 1652 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:37:46.0375 1652 BrFiltUp - ok
14:37:46.0390 1652 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
14:37:46.0421 1652 BridgeMP - ok
14:37:46.0421 1652 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
14:37:46.0468 1652 Browser - ok
14:37:46.0468 1652 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:37:46.0499 1652 Brserid - ok
14:37:46.0499 1652 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:37:46.0515 1652 BrSerWdm - ok
14:37:46.0531 1652 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:37:46.0546 1652 BrUsbMdm - ok
14:37:46.0546 1652 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:37:46.0562 1652 BrUsbSer - ok
14:37:46.0577 1652 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
14:37:46.0593 1652 BTHMODEM - ok
14:37:46.0593 1652 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
14:37:46.0640 1652 bthserv - ok
14:37:46.0640 1652 catchme - ok
14:37:46.0655 1652 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:37:46.0687 1652 cdfs - ok
14:37:46.0702 1652 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
14:37:46.0718 1652 cdrom - ok
14:37:46.0718 1652 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
14:37:46.0749 1652 CertPropSvc - ok
14:37:46.0765 1652 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
14:37:46.0780 1652 circlass - ok
14:37:46.0796 1652 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:37:46.0811 1652 CLFS - ok
14:37:46.0827 1652 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:37:46.0843 1652 clr_optimization_v2.0.50727_32 - ok
14:37:46.0843 1652 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:37:46.0858 1652 clr_optimization_v4.0.30319_32 - ok
14:37:46.0874 1652 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
14:37:46.0889 1652 CmBatt - ok
14:37:46.0889 1652 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
14:37:46.0905 1652 cmdide - ok
14:37:46.0921 1652 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
14:37:46.0952 1652 CNG - ok
14:37:46.0952 1652 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
14:37:46.0967 1652 Compbatt - ok
14:37:46.0983 1652 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:37:46.0999 1652 CompositeBus - ok
14:37:46.0999 1652 COMSysApp - ok
14:37:47.0014 1652 cpuz132 - ok
14:37:47.0014 1652 cqmgstor - ok
14:37:47.0030 1652 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
14:37:47.0030 1652 crcdisk - ok
14:37:47.0045 1652 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
14:37:47.0092 1652 CryptSvc - ok
14:37:47.0092 1652 CTAudSvcService - ok
14:37:47.0108 1652 CTDevice_Srv - ok
14:37:47.0108 1652 CX88ENC - ok
14:37:47.0123 1652 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
14:37:47.0170 1652 DcomLaunch - ok
14:37:47.0186 1652 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
14:37:47.0217 1652 defragsvc - ok
14:37:47.0233 1652 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
14:37:47.0248 1652 DfsC - ok
14:37:47.0264 1652 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
14:37:47.0279 1652 Dhcp - ok
14:37:47.0295 1652 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:37:47.0326 1652 discache - ok
14:37:47.0326 1652 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
14:37:47.0342 1652 Disk - ok
14:37:47.0357 1652 djsnetcn - ok
14:37:47.0357 1652 dmodusb (c075bb113693fa7b00cb25bfd1d824c7) C:\Windows\system32\DRIVERS\dmodusb.sys
14:37:47.0404 1652 dmodusb - ok
14:37:47.0404 1652 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
14:37:47.0420 1652 Dnscache - ok
14:37:47.0435 1652 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
14:37:47.0467 1652 dot3svc - ok
14:37:47.0482 1652 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
14:37:47.0513 1652 DPS - ok
14:37:47.0529 1652 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:37:47.0545 1652 drmkaud - ok
14:37:47.0576 1652 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
14:37:47.0607 1652 DXGKrnl - ok
14:37:47.0623 1652 e1yexpress (8eef52ad831471e323ee7364a8656d35) C:\Windows\system32\DRIVERS\e1y6032.sys
14:37:47.0638 1652 e1yexpress - ok
14:37:47.0638 1652 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
14:37:47.0701 1652 EapHost - ok
14:37:47.0872 1652 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
14:37:47.0981 1652 ebdrv - ok
14:37:48.0028 1652 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
14:37:48.0059 1652 EFS - ok
14:37:48.0106 1652 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
14:37:48.0153 1652 ehRecvr - ok
14:37:48.0153 1652 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
14:37:48.0200 1652 ehSched - ok
14:37:48.0231 1652 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
14:37:48.0278 1652 elxstor - ok
14:37:48.0293 1652 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
14:37:48.0325 1652 ErrDev - ok
14:37:48.0356 1652 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
14:37:48.0418 1652 EventSystem - ok
14:37:48.0434 1652 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:37:48.0512 1652 exfat - ok
14:37:48.0527 1652 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:37:48.0590 1652 fastfat - ok
14:37:48.0637 1652 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
14:37:48.0683 1652 Fax - ok
14:37:48.0683 1652 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
14:37:48.0715 1652 fdc - ok
14:37:48.0730 1652 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
14:37:48.0793 1652 fdPHost - ok
14:37:48.0808 1652 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
14:37:48.0871 1652 FDResPub - ok
14:37:48.0886 1652 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:37:48.0902 1652 FileInfo - ok
14:37:48.0902 1652 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:37:48.0949 1652 Filetrace - ok
14:37:48.0964 1652 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
14:37:48.0980 1652 flpydisk - ok
14:37:48.0995 1652 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:37:49.0011 1652 FltMgr - ok
14:37:49.0073 1652 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
14:37:49.0105 1652 FontCache - ok
14:37:49.0105 1652 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:37:49.0120 1652 FontCache3.0.0.0 - ok
14:37:49.0136 1652 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:37:49.0151 1652 FsDepends - ok
14:37:49.0167 1652 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
14:37:49.0183 1652 Fs_Rec - ok
14:37:49.0198 1652 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
14:37:49.0229 1652 fvevol - ok
14:37:49.0245 1652 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:37:49.0261 1652 gagp30kx - ok
14:37:49.0261 1652 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:37:49.0276 1652 GEARAspiWDM - ok
14:37:49.0292 1652 GoBack2K - ok
14:37:49.0323 1652 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
14:37:49.0354 1652 gpsvc - ok
14:37:49.0354 1652 GVCplDrv - ok
14:37:49.0370 1652 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:37:49.0385 1652 hcw85cir - ok
14:37:49.0401 1652 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
14:37:49.0432 1652 HdAudAddService - ok
14:37:49.0448 1652 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:37:49.0463 1652 HDAudBus - ok
14:37:49.0479 1652 hibernation - ok
14:37:49.0495 1652 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
14:37:49.0510 1652 HidBatt - ok
14:37:49.0510 1652 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
14:37:49.0541 1652 HidBth - ok
14:37:49.0541 1652 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
14:37:49.0573 1652 HidIr - ok
14:37:49.0573 1652 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
14:37:49.0619 1652 hidserv - ok
14:37:49.0635 1652 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
14:37:49.0651 1652 HidUsb - ok
14:37:49.0666 1652 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
14:37:49.0713 1652 hkmsvc - ok
14:37:49.0713 1652 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
14:37:49.0744 1652 HomeGroupListener - ok
14:37:49.0760 1652 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
14:37:49.0775 1652 HomeGroupProvider - ok
14:37:49.0791 1652 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:37:49.0807 1652 HpSAMD - ok
14:37:49.0853 1652 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
14:37:49.0900 1652 HTTP - ok
14:37:49.0916 1652 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
14:37:49.0931 1652 hwpolicy - ok
14:37:49.0931 1652 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
14:37:49.0963 1652 i8042prt - ok
14:37:49.0978 1652 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
14:37:50.0009 1652 iaStorV - ok
14:37:50.0041 1652 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:37:50.0087 1652 idsvc - ok
14:37:50.0618 1652 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:37:50.0914 1652 igfx - ok
14:37:50.0961 1652 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
14:37:50.0992 1652 iirsp - ok
14:37:51.0039 1652 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
14:37:51.0133 1652 IKEEXT - ok
14:37:51.0148 1652 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
14:37:51.0179 1652 intelide - ok
14:37:51.0179 1652 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:37:51.0226 1652 intelppm - ok
14:37:51.0226 1652 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
14:37:51.0304 1652 IPBusEnum - ok
14:37:51.0320 1652 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:37:51.0382 1652 IpFilterDriver - ok
14:37:51.0429 1652 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
14:37:51.0897 1652 iphlpsvc - ok
14:37:51.0913 1652 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:37:51.0944 1652 IPMIDRV - ok
14:37:51.0959 1652 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:37:52.0037 1652 IPNAT - ok
14:37:52.0084 1652 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
14:37:52.0131 1652 iPod Service - ok
14:37:52.0147 1652 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:37:52.0178 1652 IRENUM - ok
14:37:52.0193 1652 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
14:37:52.0225 1652 isapnp - ok
14:37:52.0240 1652 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
14:37:52.0271 1652 iScsiPrt - ok
14:37:52.0287 1652 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:37:52.0318 1652 kbdclass - ok
14:37:52.0334 1652 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
14:37:52.0365 1652 kbdhid - ok
14:37:52.0365 1652 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
14:37:52.0396 1652 KeyIso - ok
14:37:52.0412 1652 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
14:37:52.0443 1652 KSecDD - ok
14:37:52.0459 1652 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
14:37:52.0490 1652 KSecPkg - ok
14:37:52.0521 1652 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
14:37:52.0599 1652 KtmRm - ok
14:37:52.0615 1652 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
14:37:52.0646 1652 LanmanServer - ok
14:37:52.0661 1652 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
14:37:52.0739 1652 LanmanWorkstation - ok
14:37:52.0755 1652 LHidFilt - ok
14:37:52.0771 1652 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:37:52.0833 1652 lltdio - ok
14:37:52.0849 1652 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
14:37:52.0911 1652 lltdsvc - ok
14:37:52.0911 1652 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
14:37:52.0958 1652 lmhosts - ok
14:37:52.0973 1652 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:37:52.0989 1652 LSI_FC - ok
14:37:53.0005 1652 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:37:53.0020 1652 LSI_SAS - ok
14:37:53.0020 1652 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:37:53.0051 1652 LSI_SAS2 - ok
14:37:53.0051 1652 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:37:53.0083 1652 LSI_SCSI - ok
14:37:53.0083 1652 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:37:53.0129 1652 luafv - ok
14:37:53.0129 1652 MASPINT - ok
14:37:53.0145 1652 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
14:37:53.0176 1652 MBAMProtector - ok
14:37:53.0207 1652 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:37:53.0239 1652 MBAMService - ok
14:37:53.0254 1652 mcdbus - ok
14:37:53.0254 1652 mcp - ok
14:37:53.0270 1652 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
14:37:53.0285 1652 Mcx2Svc - ok
14:37:53.0301 1652 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
14:37:53.0317 1652 megasas - ok
14:37:53.0332 1652 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
14:37:53.0348 1652 MegaSR - ok
14:37:53.0363 1652 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:37:53.0379 1652 Microsoft Office Groove Audit Service - ok
14:37:53.0395 1652 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:37:53.0441 1652 MMCSS - ok
14:37:53.0441 1652 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:37:53.0488 1652 Modem - ok
14:37:53.0504 1652 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:37:53.0519 1652 monitor - ok
14:37:53.0535 1652 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
14:37:53.0551 1652 mouclass - ok
14:37:53.0551 1652 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:37:53.0582 1652 mouhid - ok
14:37:53.0582 1652 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
14:37:53.0597 1652 mountmgr - ok
14:37:53.0613 1652 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
14:37:53.0629 1652 mpio - ok
14:37:53.0644 1652 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:37:53.0691 1652 mpsdrv - ok
14:37:53.0722 1652 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
14:37:53.0769 1652 MpsSvc - ok
14:37:53.0785 1652 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
14:37:53.0816 1652 MRxDAV - ok
14:37:53.0816 1652 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:37:53.0847 1652 mrxsmb - ok
14:37:53.0863 1652 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:37:53.0878 1652 mrxsmb10 - ok
14:37:53.0894 1652 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:37:53.0909 1652 mrxsmb20 - ok
14:37:53.0925 1652 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
14:37:53.0941 1652 msahci - ok
14:37:53.0956 1652 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
14:37:53.0972 1652 msdsm - ok
14:37:53.0987 1652 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
14:37:54.0003 1652 MSDTC - ok
14:37:54.0019 1652 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:37:54.0065 1652 Msfs - ok
14:37:54.0065 1652 MSFWHLPR - ok
14:37:54.0081 1652 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:37:54.0128 1652 mshidkmdf - ok
14:37:54.0128 1652 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
14:37:54.0143 1652 msisadrv - ok
14:37:54.0159 1652 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
14:37:54.0206 1652 MSiSCSI - ok
14:37:54.0206 1652 msiserver - ok
14:37:54.0221 1652 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:37:54.0268 1652 MSKSSRV - ok
14:37:54.0268 1652 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:37:54.0315 1652 MSPCLOCK - ok
14:37:54.0315 1652 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:37:54.0362 1652 MSPQM - ok
14:37:54.0377 1652 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:37:54.0393 1652 MsRPC - ok
14:37:54.0409 1652 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
14:37:54.0440 1652 mssmbios - ok
14:37:54.0440 1652 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:37:54.0487 1652 MSTEE - ok
14:37:54.0487 1652 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
14:37:54.0518 1652 MTConfig - ok
14:37:54.0518 1652 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:37:54.0533 1652 Mup - ok
14:37:54.0565 1652 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
14:37:54.0611 1652 napagent - ok
14:37:54.0627 1652 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:37:54.0658 1652 NativeWifiP - ok
14:37:54.0658 1652 naveng - ok
14:37:54.0705 1652 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
14:37:54.0752 1652 NDIS - ok
14:37:54.0752 1652 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:37:54.0799 1652 NdisCap - ok
14:37:54.0799 1652 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:37:54.0845 1652 NdisTapi - ok
14:37:54.0861 1652 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
14:37:54.0892 1652 Ndisuio - ok
14:37:54.0908 1652 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
14:37:54.0955 1652 NdisWan - ok
14:37:54.0970 1652 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
14:37:55.0001 1652 NDProxy - ok
14:37:55.0064 1652 Nero BackItUp Scheduler 4.0 (b90e093e7a7250906f1054418b5339c0) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
14:37:55.0126 1652 Nero BackItUp Scheduler 4.0 - ok
14:37:55.0126 1652 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:37:55.0204 1652 NetBIOS - ok
14:37:55.0220 1652 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
14:37:55.0298 1652 NetBT - ok
14:37:55.0298 1652 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
14:37:55.0329 1652 Netlogon - ok
14:37:55.0360 1652 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
14:37:55.0438 1652 Netman - ok
14:37:55.0469 1652 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
14:37:55.0547 1652 netprofm - ok
14:37:55.0563 1652 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:37:55.0579 1652 NetTcpPortSharing - ok
14:37:55.0797 1652 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
14:37:55.0953 1652 netw5v32 - ok
14:37:56.0015 1652 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
14:37:56.0047 1652 nfrd960 - ok
14:37:56.0062 1652 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
14:37:56.0140 1652 NlaSvc - ok
14:37:56.0140 1652 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:37:56.0218 1652 Npfs - ok
14:37:56.0218 1652 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
14:37:56.0296 1652 nsi - ok
14:37:56.0312 1652 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:37:56.0374 1652 nsiproxy - ok
14:37:56.0452 1652 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
14:37:56.0530 1652 Ntfs - ok
14:37:56.0577 1652 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:37:56.0639 1652 Null - ok
14:37:56.0655 1652 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
14:37:56.0686 1652 nvraid - ok
14:37:56.0702 1652 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
14:37:56.0733 1652 nvstor - ok
14:37:56.0749 1652 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
14:37:56.0780 1652 nv_agp - ok
14:37:56.0780 1652 NWHOST - ok
14:37:56.0827 1652 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:37:56.0858 1652 odserv - ok
14:37:56.0873 1652 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
14:37:56.0905 1652 ohci1394 - ok
14:37:56.0920 1652 OpcEnum - ok
14:37:56.0936 1652 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:37:56.0951 1652 ose - ok
14:37:56.0983 1652 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:37:57.0029 1652 p2pimsvc - ok
14:37:57.0045 1652 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
14:37:57.0092 1652 p2psvc - ok
14:37:57.0107 1652 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
14:37:57.0139 1652 Parport - ok
14:37:57.0154 1652 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
14:37:57.0185 1652 partmgr - ok
14:37:57.0201 1652 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
14:37:57.0232 1652 Parvdm - ok
14:37:57.0248 1652 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
14:37:57.0295 1652 PcaSvc - ok
14:37:57.0310 1652 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
14:37:57.0341 1652 pci - ok
14:37:57.0357 1652 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
14:37:57.0373 1652 pciide - ok
14:37:57.0404 1652 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
14:37:57.0435 1652 pcmcia - ok
14:37:57.0435 1652 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:37:57.0482 1652 pcw - ok
14:37:57.0482 1652 pdscheduler - ok
14:37:57.0529 1652 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:37:57.0607 1652 PEAUTH - ok
14:37:57.0622 1652 pepifilter - ok
14:37:57.0731 1652 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
14:37:57.0841 1652 pla - ok
14:37:57.0903 1652 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
14:37:58.0059 1652 PlugPlay - ok
14:37:58.0075 1652 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
14:37:58.0106 1652 PNRPAutoReg - ok
14:37:58.0137 1652 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:37:58.0168 1652 PNRPsvc - ok
14:37:58.0199 1652 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
14:37:58.0277 1652 PolicyAgent - ok
14:37:58.0293 1652 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
14:37:58.0371 1652 Power - ok
14:37:58.0387 1652 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:37:58.0449 1652 PptpMiniport - ok
14:37:58.0465 1652 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
14:37:58.0496 1652 Processor - ok
14:37:58.0511 1652 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
14:37:58.0589 1652 ProfSvc - ok
14:37:58.0589 1652 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
14:37:58.0636 1652 ProtectedStorage - ok
14:37:58.0636 1652 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:37:58.0714 1652 Psched - ok
14:37:58.0714 1652 puscsrvc - ok
14:37:58.0808 1652 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
14:37:58.0886 1652 ql2300 - ok
14:37:58.0948 1652 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
14:37:58.0979 1652 ql40xx - ok
14:37:58.0995 1652 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
14:37:59.0042 1652 QWAVE - ok
14:37:59.0057 1652 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:37:59.0089 1652 QWAVEdrv - ok
14:37:59.0104 1652 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:37:59.0167 1652 RasAcd - ok
14:37:59.0182 1652 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:37:59.0245 1652 RasAgileVpn - ok
14:37:59.0245 1652 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
14:37:59.0307 1652 RasAuto - ok
14:37:59.0307 1652 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:37:59.0354 1652 Rasl2tp - ok
14:37:59.0369 1652 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
14:37:59.0432 1652 RasMan - ok
14:37:59.0432 1652 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:37:59.0479 1652 RasPppoe - ok
14:37:59.0494 1652 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:37:59.0541 1652 RasSstp - ok
14:37:59.0557 1652 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
14:37:59.0603 1652 rdbss - ok
14:37:59.0603 1652 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
14:37:59.0635 1652 rdpbus - ok
14:37:59.0635 1652 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:37:59.0681 1652 RDPCDD - ok
14:37:59.0697 1652 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:37:59.0728 1652 RDPENCDD - ok
14:37:59.0744 1652 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:37:59.0775 1652 RDPREFMP - ok
14:37:59.0791 1652 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
14:37:59.0822 1652 RDPWD - ok
14:37:59.0822 1652 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
14:37:59.0853 1652 rdyboost - ok
14:37:59.0869 1652 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
14:37:59.0900 1652 RemoteAccess - ok
14:37:59.0915 1652 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
14:37:59.0962 1652 RemoteRegistry - ok
14:37:59.0978 1652 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
14:37:59.0993 1652 RimUsb - ok
14:37:59.0993 1652 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
14:38:00.0009 1652 RimVSerPort - ok
14:38:00.0009 1652 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
14:38:00.0056 1652 ROOTMODEM - ok
14:38:00.0071 1652 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
14:38:00.0118 1652 RpcEptMapper - ok
14:38:00.0118 1652 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
14:38:00.0149 1652 RpcLocator - ok
14:38:00.0165 1652 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\System32\rpcss.dll
14:38:00.0212 1652 RpcSs - ok
14:38:00.0227 1652 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:38:00.0274 1652 rspndr - ok
14:38:00.0274 1652 s117unic - ok
14:38:00.0290 1652 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
14:38:00.0305 1652 SamSs - ok
14:38:00.0321 1652 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
14:38:00.0337 1652 sbp2port - ok
14:38:00.0399 1652 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
14:38:00.0446 1652 SBSDWSCService - ok
14:38:00.0508 1652 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
14:38:00.0571 1652 SCardSvr - ok
14:38:00.0586 1652 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
14:38:00.0649 1652 scfilter - ok
14:38:00.0711 1652 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
14:38:00.0758 1652 Schedule - ok
14:38:00.0773 1652 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
14:38:00.0836 1652 SCPolicySvc - ok
14:38:00.0851 1652 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
14:38:00.0883 1652 sdbus - ok
14:38:00.0898 1652 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
14:38:00.0945 1652 SDRSVC - ok
14:38:00.0961 1652 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
14:38:00.0992 1652 SeaPort - ok
14:38:01.0007 1652 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:38:01.0070 1652 secdrv - ok
14:38:01.0085 1652 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
14:38:01.0148 1652 seclogon - ok
14:38:01.0163 1652 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
14:38:01.0241 1652 SENS - ok
14:38:01.0241 1652 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
14:38:01.0273 1652 SensrSvc - ok
14:38:01.0288 1652 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:38:01.0304 1652 Serenum - ok
14:38:01.0304 1652 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
14:38:01.0335 1652 Serial - ok
14:38:01.0335 1652 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
14:38:01.0351 1652 sermouse - ok
14:38:01.0382 1652 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
14:38:01.0429 1652 SessionEnv - ok
14:38:01.0429 1652 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
14:38:01.0460 1652 sffdisk - ok
14:38:01.0460 1652 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:38:01.0491 1652 sffp_mmc - ok
14:38:01.0491 1652 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:38:01.0507 1652 sffp_sd - ok
14:38:01.0522 1652 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
14:38:01.0538 1652 sfloppy - ok
14:38:01.0553 1652 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
14:38:01.0616 1652 SharedAccess - ok
14:38:01.0631 1652 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
14:38:01.0663 1652 ShellHWDetection - ok
14:38:01.0663 1652 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
14:38:01.0694 1652 sisagp - ok
14:38:01.0694 1652 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:38:01.0709 1652 SiSRaid2 - ok
14:38:01.0725 1652 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
14:38:01.0741 1652 SiSRaid4 - ok
14:38:01.0756 1652 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:38:01.0803 1652 Smb - ok
14:38:01.0819 1652 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
14:38:01.0834 1652 SNMPTRAP - ok
14:38:01.0850 1652 snoopfreesvc - ok
14:38:01.0850 1652 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:38:01.0865 1652 spldr - ok
14:38:01.0881 1652 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
14:38:01.0912 1652 Spooler - ok
14:38:02.0115 1652 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
14:38:02.0240 1652 sppsvc - ok
14:38:02.0302 1652 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
14:38:02.0365 1652 sppuinotify - ok
14:38:02.0380 1652 SRS_SSCFilter - ok
14:38:02.0427 1652 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
14:38:02.0458 1652 srv - ok
14:38:02.0489 1652 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
14:38:02.0521 1652 srv2 - ok
14:38:02.0536 1652 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
14:38:02.0567 1652 srvnet - ok
14:38:02.0583 1652 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
14:38:02.0661 1652 SSDPSRV - ok
14:38:02.0677 1652 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
14:38:02.0739 1652 SstpSvc - ok
14:38:02.0755 1652 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
14:38:02.0786 1652 stexstor - ok
14:38:02.0817 1652 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
14:38:02.0864 1652 StiSvc - ok
14:38:02.0879 1652 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
14:38:02.0911 1652 swenum - ok
14:38:02.0926 1652 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
14:38:03.0020 1652 swprv - ok
14:38:03.0098 1652 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
14:38:03.0160 1652 SysMain - ok
14:38:03.0176 1652 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
14:38:03.0223 1652 TabletInputService - ok
14:38:03.0238 1652 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
14:38:03.0316 1652 TapiSrv - ok
14:38:03.0332 1652 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
14:38:03.0410 1652 TBS - ok
14:38:03.0488 1652 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
14:38:03.0581 1652 Tcpip - ok
14:38:03.0691 1652 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
14:38:03.0769 1652 TCPIP6 - ok
14:38:03.0815 1652 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
14:38:03.0893 1652 tcpipreg - ok
14:38:03.0909 1652 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
14:38:03.0925 1652 TDPIPE - ok
14:38:03.0940 1652 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
14:38:03.0971 1652 TDTCP - ok
14:38:03.0987 1652 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
14:38:04.0049 1652 tdx - ok
14:38:04.0065 1652 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
14:38:04.0081 1652 TermDD - ok
14:38:04.0112 1652 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
14:38:04.0174 1652 TermService - ok
14:38:04.0174 1652 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
14:38:04.0205 1652 Themes - ok
14:38:04.0205 1652 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:38:04.0252 1652 THREADORDER - ok
14:38:04.0252 1652 TMBMServer - ok
14:38:04.0268 1652 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
14:38:04.0315 1652 TrkWks - ok
14:38:04.0330 1652 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
14:38:04.0361 1652 TrustedInstaller - ok
14:38:04.0361 1652 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:38:04.0408 1652 tssecsrv - ok
14:38:04.0424 1652 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
14:38:04.0471 1652 tunnel - ok
14:38:04.0471 1652 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
14:38:04.0502 1652 uagp35 - ok
14:38:04.0517 1652 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
14:38:04.0564 1652 udfs - ok
14:38:04.0580 1652 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
14:38:04.0595 1652 UI0Detect - ok
14:38:04.0611 1652 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:38:04.0627 1652 uliagpkx - ok
14:38:04.0627 1652 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
14:38:04.0658 1652 umbus - ok
14:38:04.0658 1652 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
14:38:04.0689 1652 UmPass - ok
14:38:04.0689 1652 umxfwhlp - ok
14:38:04.0705 1652 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
14:38:04.0751 1652 upnphost - ok
14:38:04.0767 1652 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:38:04.0767 1652 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
14:38:04.0767 1652 USBAAPL - detected UnsignedFile.Multi.Generic (1)
14:38:04.0783 1652 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
14:38:04.0798 1652 usbccgp - ok
14:38:04.0814 1652 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
14:38:04.0829 1652 usbcir - ok
14:38:04.0845 1652 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
14:38:04.0861 1652 usbehci - ok
14:38:04.0876 1652 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
14:38:04.0907 1652 usbhub - ok
14:38:04.0907 1652 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
14:38:04.0923 1652 usbohci - ok
14:38:04.0939 1652 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
14:38:04.0954 1652 usbprint - ok
14:38:04.0970 1652 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:38:04.0985 1652 USBSTOR - ok
14:38:05.0001 1652 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
14:38:05.0017 1652 usbuhci - ok
14:38:05.0017 1652 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
14:38:05.0063 1652 UxSms - ok
14:38:05.0079 1652 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
14:38:05.0095 1652 VaultSvc - ok
14:38:05.0110 1652 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:38:05.0126 1652 vdrvroot - ok
14:38:05.0157 1652 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
14:38:05.0188 1652 vds - ok
14:38:05.0188 1652 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:38:05.0204 1652 vga - ok
14:38:05.0219 1652 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:38:05.0266 1652 VgaSave - ok
14:38:05.0266 1652 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
14:38:05.0297 1652 vhdmp - ok
14:38:05.0297 1652 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
14:38:05.0329 1652 viaagp - ok
14:38:05.0329 1652 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
14:38:05.0360 1652 ViaC7 - ok
14:38:05.0360 1652 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
14:38:05.0375 1652 viaide - ok
14:38:05.0391 1652 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
14:38:05.0407 1652 volmgr - ok
14:38:05.0422 1652 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:38:05.0453 1652 volmgrx - ok
14:38:05.0469 1652 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
14:38:05.0500 1652 volsnap - ok
14:38:05.0500 1652 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
14:38:05.0531 1652 vsmraid - ok
14:38:05.0594 1652 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
14:38:05.0641 1652 VSS - ok
14:38:05.0641 1652 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
14:38:05.0672 1652 vwifibus - ok
14:38:05.0687 1652 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
14:38:05.0750 1652 W32Time - ok
14:38:05.0750 1652 W55U01 - ok
14:38:05.0765 1652 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
14:38:05.0781 1652 WacomPen - ok
14:38:05.0797 1652 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
14:38:05.0843 1652 WANARP - ok
14:38:05.0843 1652 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
14:38:05.0890 1652 Wanarpv6 - ok
14:38:05.0968 1652 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
14:38:06.0031 1652 WatAdminSvc - ok
14:38:06.0124 1652 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
14:38:06.0202 1652 wbengine - ok
14:38:06.0218 1652 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
14:38:06.0265 1652 WbioSrvc - ok
14:38:06.0296 1652 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
14:38:06.0327 1652 wcncsvc - ok
14:38:06.0343 1652 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
14:38:06.0374 1652 WcsPlugInService - ok
14:38:06.0389 1652 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
14:38:06.0421 1652 Wd - ok
14:38:06.0421 1652 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
14:38:06.0452 1652 WDC_SAM - ok
14:38:06.0467 1652 WDDMService (7d1e301e2eeaf6d3730887de933413e6) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
14:38:06.0483 1652 WDDMService ( UnsignedFile.Multi.Generic ) - warning
14:38:06.0483 1652 WDDMService - detected UnsignedFile.Multi.Generic (1)
14:38:06.0514 1652 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:38:06.0561 1652 Wdf01000 - ok
14:38:06.0577 1652 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:38:06.0608 1652 WdiServiceHost - ok
14:38:06.0623 1652 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:38:06.0655 1652 WdiSystemHost - ok
14:38:06.0670 1652 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
14:38:06.0686 1652 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning
14:38:06.0686 1652 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)
14:38:06.0701 1652 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
14:38:06.0733 1652 WebClient - ok
14:38:06.0748 1652 websenserealtimeanalyzer - ok
14:38:06.0764 1652 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
14:38:06.0842 1652 Wecsvc - ok
14:38:06.0857 1652 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
14:38:06.0920 1652 wercplsupport - ok
14:38:06.0935 1652 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
14:38:07.0013 1652 WerSvc - ok
14:38:07.0013 1652 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:38:07.0076 1652 WfpLwf - ok
14:38:07.0091 1652 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:38:07.0107 1652 WIMMount - ok
14:38:07.0154 1652 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
14:38:07.0185 1652 WinDefend - ok
14:38:07.0201 1652 WinHttpAutoProxySvc - ok
14:38:07.0216 1652 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
14:38:07.0263 1652 Winmgmt - ok
14:38:07.0341 1652 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
14:38:07.0403 1652 WinRM - ok
14:38:07.0419 1652 wintab32 - ok
14:38:07.0435 1652 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
14:38:07.0450 1652 WinUsb - ok
14:38:07.0497 1652 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
14:38:07.0544 1652 Wlansvc - ok
14:38:07.0544 1652 WLAN_USB - ok
14:38:07.0669 1652 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:38:07.0747 1652 wlidsvc - ok
14:38:07.0793 1652 WmaCDriverV32 - ok
14:38:07.0809 1652 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:38:07.0856 1652 WmiAcpi - ok
14:38:07.0871 1652 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
14:38:07.0903 1652 wmiApSrv - ok
14:38:07.0981 1652 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:38:08.0043 1652 WMPNetworkSvc - ok
14:38:08.0090 1652 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
14:38:08.0121 1652 WPCSvc - ok
14:38:08.0137 1652 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
14:38:08.0168 1652 WPDBusEnum - ok
14:38:08.0183 1652 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:38:08.0246 1652 ws2ifsl - ok
14:38:08.0261 1652 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
14:38:08.0293 1652 wscsvc - ok
14:38:08.0308 1652 WSearch - ok
14:38:08.0433 1652 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
14:38:08.0558 1652 wuauserv - ok
14:38:08.0605 1652 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
14:38:08.0683 1652 WudfPf - ok
14:38:08.0698 1652 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:38:08.0761 1652 WUDFRd - ok
14:38:08.0776 1652 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
14:38:08.0854 1652 wudfsvc - ok
14:38:08.0870 1652 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
14:38:08.0917 1652 WwanSvc - ok
14:38:08.0932 1652 XilinxPC4Driver (6104f397127feeccce16bd16cd3843a6) C:\Windows\System32\drivers\xpc4drvr.sys
14:38:08.0932 1652 XilinxPC4Driver ( UnsignedFile.Multi.Generic ) - warning
14:38:08.0932 1652 XilinxPC4Driver - detected UnsignedFile.Multi.Generic (1)
14:38:08.0948 1652 z800bus - ok
14:38:08.0963 1652 zpnodecollector - ok
14:38:08.0995 1652 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:38:09.0041 1652 \Device\Harddisk0\DR0 - ok
14:38:09.0057 1652 Boot (0x1200) (32dd58855755ee2ca18a8c61cc51637b) \Device\Harddisk0\DR0\Partition0
14:38:09.0057 1652 \Device\Harddisk0\DR0\Partition0 - ok
14:38:09.0057 1652 Boot (0x1200) (8f0738f899459fa9d708b4aaf70a8d14) \Device\Harddisk0\DR0\Partition1
14:38:09.0057 1652 \Device\Harddisk0\DR0\Partition1 - ok
14:38:09.0073 1652 ============================================================
14:38:09.0073 1652 Scan finished
14:38:09.0073 1652 ============================================================
14:38:09.0088 1664 Detected object count: 5
14:38:09.0088 1664 Actual detected object count: 5
14:38:15.0016 1664 C:\Windows\system32\drivers\afd.sys - copied to quarantine
14:38:15.0032 1664 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\afd.sys) error 1813
14:38:15.0281 1664 Backup copy not found, trying to cure infected file..
14:38:15.0281 1664 C:\Windows\system32\drivers\afd.sys - Cure failed (FFFFFFFF)
14:38:15.0281 1664 C:\Windows\system32\drivers\afd.sys - processing error
14:38:16.0139 1664 AFD ( Virus.Win32.ZAccess.c ) - User select action: Cure
14:38:16.0139 1664 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:16.0139 1664 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:16.0139 1664 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:16.0139 1664 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:16.0139 1664 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:16.0139 1664 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:38:16.0155 1664 XilinxPC4Driver ( UnsignedFile.Multi.Generic ) - skipped by user
14:38:16.0155 1664 XilinxPC4Driver ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#14
soggywaffles
Posted 09 May 2012 - 01:41 PM

soggywaffles

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Farbar Service Scanner Version: 08-05-2012
Ran by Owner (administrator) on 09-05-2012 at 14:39:43
Running from "C:\Users\Owner\Desktop"
Microsoft Windows 7 Home Premium (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-16 12:20] - [2011-04-24 21:35] - 0338944 ____A () 3399BA25B53DE355C41F30E5B74F11CF

ATTENTION!=====> C:\Windows\system32\Drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-09 01:20] - [2011-09-29 10:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C

C:\Windows\system32\dnsrslvr.dll
[2011-04-14 15:22] - [2011-03-03 00:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-13 18:53] - [2009-07-13 20:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 18:54] - [2009-07-13 20:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 18:23] - [2009-07-13 20:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 18:24] - [2009-07-13 20:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll
[2011-02-08 16:12] - [2010-12-21 00:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-13 19:15] - [2009-07-13 20:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-13 18:30] - [2009-07-13 20:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#15
maliprog
Posted 09 May 2012 - 03:04 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OTL failed to replace bad driver. We need to try another tool.

Step 1

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to move:
C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys | C:\Windows\System32\drivers\afd.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh Hijackthis log .


Step 2

Please run Farbar Service Scanner as you did before and post log for me.

Step 3

Please don't forget to include these items in your reply:

  • The Avenger log
  • FSS log
It would be helpful if you could post each log in separate post
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP