Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Random Spam Sites Pop-Up / Google Redirect & Hearing commercial ad

Started by bigchris , Jun 12 2012 07:57 PM

  • This topic is locked This topic is locked

#1
bigchris
Posted 12 June 2012 - 07:57 PM

bigchris

    Member

  • Member
  • PipPip
  • 59 posts
Hello I'm having a problem with both google and just surfing regularly. When I do a search on google and click a link it gets redirected somewhere else, completely different of what I was searching for, unless I click the link multiple times. Also when I'm on websites like tumblr or facebook, websites I normally use, sometimes my browser will open up a new tab with a random website that was not featured on the site I was previously on. And when I have my interent browser completely closed I hear commercial ads in the background even though my browser is closed I frequently hear ads playing in the background.

Can anyone please help me as soon as possible :( Thanks, hope to hear from anyone soon.
  • 0

Advertisements

#2
bigchris
Posted 12 June 2012 - 08:52 PM

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
OTL logfile created on: 6/12/2012 10:01:31 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Owner\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 40.39% Memory free
7.98 Gb Paging File | 5.36 Gb Available in Paging File | 67.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.39 Gb Total Space | 144.29 Gb Free Space | 50.74% Space Free | Partition Type: NTFS
Drive D: | 13.70 Gb Total Space | 1.83 Gb Free Space | 13.37% Space Free | Partition Type: NTFS

Computer Name: CHRIS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/12 22:00:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/06/11 13:28:58 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/07/20 11:46:32 | 000,080,704 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011/07/02 01:30:46 | 000,263,504 | ---- | M] () -- C:\Windows\SysWOW64\cfgmig32.exe
PRC - [2009/04/22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/03/11 11:42:08 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008/01/20 22:49:49 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2007/04/30 20:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/22 22:53:22 | 000,267,656 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll
MOD - [2009/04/22 22:53:22 | 000,124,288 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll
MOD - [2009/04/22 22:53:22 | 000,038,184 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll
MOD - [2009/04/22 22:53:20 | 000,349,480 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll
MOD - [2009/04/11 02:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2007/04/30 20:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007/04/23 01:19:28 | 000,026,392 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\Docklets\Calendar\Calendar.dll
MOD - [2007/04/21 14:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll
MOD - [2007/04/19 15:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll
MOD - [2002/11/19 15:11:40 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Common Files\Stardock\ODimg.dll
MOD - [2002/03/13 20:46:32 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\ODimg.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/13 16:32:11 | 000,291,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV:64bit: - [2011/07/02 01:27:14 | 000,286,032 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV:64bit: - [2011/07/02 01:27:12 | 000,359,248 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV:64bit: - [2011/05/30 04:11:44 | 000,312,656 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/04/04 13:42:30 | 000,920,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/06/03 20:43:18 | 000,239,104 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/27 18:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2006/11/22 05:11:54 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxctcoms.exe -- (lxct_device)
SRV - [2012/06/11 13:29:00 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/29 22:15:41 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/07/20 11:46:32 | 000,080,704 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (FreemakeUtilsService)
SRV - [2011/07/02 01:30:46 | 000,263,504 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\cfgmig32.exe -- (WinSvchostManagerSrv)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/16 19:16:44 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/17 20:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/22 05:11:36 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxctcoms.exe -- (lxct_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/13 16:32:13 | 000,202,320 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\KmxCF.sys -- (KmxCF)
DRV:64bit: - [2012/01/13 16:32:13 | 000,143,824 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\kmxfw.sys -- (KmxFw)
DRV:64bit: - [2012/01/13 16:32:13 | 000,099,024 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\KmxFilter.sys -- (KmxFilter)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/12 18:22:18 | 000,364,624 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\kmxcfg.sys -- (KmxCfg)
DRV:64bit: - [2011/05/10 18:46:06 | 000,178,768 | ---- | M] (CA) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\KmxAMRT.sys -- (KmxAMRT)
DRV:64bit: - [2011/03/23 17:29:08 | 000,113,744 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\kmxagent.sys -- (KmxAgent)
DRV:64bit: - [2011/03/23 17:29:08 | 000,087,120 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\KmxFile.sys -- (KmxFile)
DRV:64bit: - [2011/02/24 15:36:46 | 000,081,488 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\KmxSbx.sys -- (KmxSbx)
DRV:64bit: - [2010/07/27 11:53:07 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2010/06/23 09:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010/04/27 14:40:40 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/25 15:19:02 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/12/31 19:07:47 | 000,082,048 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\pcouffin64a.sys -- (Pcouffin64)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/07/21 14:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/03 20:43:18 | 000,486,400 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/01 14:50:52 | 000,033,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\point64k.sys -- (Point64)
DRV:64bit: - [2009/06/01 14:50:52 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/12/30 12:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/10/28 09:33:30 | 008,039,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/08/18 03:11:52 | 000,013,312 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ICDUSB3.sys -- (ICDUSB3)
DRV:64bit: - [2008/07/17 12:38:16 | 000,143,248 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/06/04 17:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2008/01/31 19:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/01/20 22:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2003/09/08 21:30:31 | 000,011,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2C284C26-5B06-4DFC-B46C-9D2EA294202A}
IE:64bit: - HKLM\..\SearchScopes\{2C284C26-5B06-4DFC-B46C-9D2EA294202A}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{3F69DA71-DC06-4D09-BEF6-BC86B2EA700C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKLM\..\SearchScopes\{2C284C26-5B06-4DFC-B46C-9D2EA294202A}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{3F69DA71-DC06-4D09-BEF6-BC86B2EA700C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2424309

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{92a3a126-5ea4-4c39-98c5-3b17591b7014}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "LockerzAlerts Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...GO&form=ZGAPHP"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\SearchPredict\PRFireFox [2011/07/29 22:23:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\Firefox [2012/01/13 16:03:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/17 15:55:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/06 21:47:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/06 21:47:56 | 000,000,000 | ---D | M]

[2009/12/09 22:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2012/05/30 16:02:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\94jd3e2x.default\extensions
[2010/04/27 15:03:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\94jd3e2x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/30 16:02:21 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\94jd3e2x.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/04/15 10:00:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\94jd3e2x.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/05 14:22:46 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\94jd3e2x.default\extensions\vshare@toolbar
[2011/03/25 21:42:48 | 000,001,919 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\94jd3e2x.default\searchplugins\bing-zugo.xml
[2010/06/08 11:36:50 | 000,000,929 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\94jd3e2x.default\searchplugins\conduit.xml
[2012/01/18 22:26:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/17 15:55:40 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/04/22 17:14:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll
[2012/02/15 16:25:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/15 16:25:31 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/12 11:33:21 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CA Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKLM\..\Toolbar: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (CA Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\x86\Toolbar\caIEToolbar.dll (CA, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TVAgent] C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ViGlance] C:\Program Files (x86)\ViGlance\ViGlance.exe (Lee-Soft.com, Lee Matthew Chantrey)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Windows\SysNative\VetRedir64.dll (Computer Associates International, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} http://optimum.net/d...nerXControl.ocx (TNetworkScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D95BBDBE-0930-4FDD-9DD2-1D31084F09AF}: DhcpNameServer = 167.206.245.129 167.206.245.130
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O20:64bit: - AppInit_DLLs: (UmxSbxExA64.dll) - C:\Windows\SysNative\UmxSbxExA64.dll (CA)
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\Windows\SysWow64\UmxSbxExw.dll (CA)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20:64bit: - Winlogon\Notify\WB: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - C:\Windows\SysWow64\UmxWNP.dll (CA)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/12 22:00:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/06/12 10:19:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/11 22:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/11 22:56:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/06 21:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/06 21:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/06/06 12:33:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Real
[2012/06/06 12:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rhapsody
[2012/06/03 16:21:55 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/05/28 21:55:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012/05/28 21:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[1 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/12 22:06:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/12 22:00:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2012/06/12 21:16:14 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 21:16:14 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/12 21:15:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/12 21:13:49 | 002,781,927 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k0
[2012/06/12 21:13:49 | 000,216,508 | ---- | M] () -- C:\Windows\SysNative\drivers\KmxAgent.asc
[2012/06/12 21:13:49 | 000,000,505 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k0
[2012/06/12 21:13:49 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k7
[2012/06/12 21:13:49 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k6
[2012/06/12 21:13:49 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k5
[2012/06/12 21:13:49 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k4
[2012/06/12 21:13:49 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k3
[2012/06/12 21:13:49 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k2
[2012/06/12 21:13:49 | 000,000,085 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxcfg.u2k1
[2012/06/12 21:13:49 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k7
[2012/06/12 21:13:49 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k6
[2012/06/12 21:13:49 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k5
[2012/06/12 21:13:49 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k4
[2012/06/12 21:13:49 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k3
[2012/06/12 21:13:49 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k2
[2012/06/12 21:13:49 | 000,000,049 | ---- | M] () -- C:\Windows\SysNative\drivers\kmxzone.u2k1
[2012/06/12 21:13:36 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/12 12:07:18 | 000,397,451 | ---- | M] () -- C:\Users\Owner\Desktop\MiniToolBox.exe
[2012/06/12 12:04:41 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/06/11 22:57:02 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/10 19:10:44 | 000,001,460 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps64.dat
[2012/06/10 18:00:03 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2012/06/10 11:41:39 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/10 11:41:39 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/10 11:41:39 | 000,104,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/07 09:57:35 | 001,596,288 | ---- | M] () -- C:\Users\Owner\Desktop\Chasing The Sun.mp3
[2012/06/07 09:56:27 | 010,150,461 | ---- | M] () -- C:\Users\Owner\Desktop\Rescate. - Alexis y fido ft daddy yankee.mp3
[2012/06/06 12:40:08 | 000,870,128 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mcs.rma
[2012/06/06 12:40:08 | 000,000,004 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\4C80B4
[2012/06/04 11:09:26 | 007,433,421 | ---- | M] () -- C:\Users\Owner\Desktop\Naked- Dev Ft. Enrique Iglesias.mp3
[2012/06/04 11:07:56 | 008,894,122 | ---- | M] () -- C:\Users\Owner\Desktop\Energia- Alexis y Fido.mp3
[2012/06/04 11:06:57 | 002,907,460 | ---- | M] () -- C:\Users\Owner\Desktop\Alguien Soy Yo- Enrique Iglesias.mp3
[2012/05/23 11:27:07 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[1 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/12 21:16:36 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000008.@
[2012/06/12 12:07:17 | 000,397,451 | ---- | C] () -- C:\Users\Owner\Desktop\MiniToolBox.exe
[2012/06/12 12:04:41 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2012/06/11 22:57:02 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/10 21:23:58 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000000.@
[2012/06/07 09:57:34 | 001,596,288 | ---- | C] () -- C:\Users\Owner\Desktop\Chasing The Sun.mp3
[2012/06/07 09:55:46 | 010,150,461 | ---- | C] () -- C:\Users\Owner\Desktop\Rescate. - Alexis y fido ft daddy yankee.mp3
[2012/06/06 12:34:16 | 000,870,128 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\mcs.rma
[2012/06/06 12:34:16 | 000,000,004 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\4C80B4
[2012/06/04 11:09:24 | 007,433,421 | ---- | C] () -- C:\Users\Owner\Desktop\Naked- Dev Ft. Enrique Iglesias.mp3
[2012/06/04 11:07:55 | 008,894,122 | ---- | C] () -- C:\Users\Owner\Desktop\Energia- Alexis y Fido.mp3
[2012/06/04 11:06:53 | 002,907,460 | ---- | C] () -- C:\Users\Owner\Desktop\Alguien Soy Yo- Enrique Iglesias.mp3
[2012/06/03 16:10:35 | 000,000,773 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\L\00000004.@
[2012/06/03 16:10:34 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000032.@
[2012/06/03 16:10:34 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\80000064.@
[2012/06/03 16:10:33 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\00000004.@
[2012/06/03 16:10:33 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\U\000000cb.@
[2012/03/26 11:09:50 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/03/26 11:09:50 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/03/21 17:07:04 | 000,038,429 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/01/13 16:05:36 | 001,422,672 | ---- | C] () -- C:\Windows\SysWow64\cfgmig32.dll
[2012/01/13 16:05:36 | 000,263,504 | ---- | C] () -- C:\Windows\SysWow64\cfgmig32.exe
[2012/01/13 16:03:18 | 004,108,304 | ---- | C] () -- C:\Windows\SysWow64\win32cpr.dll
[2012/01/13 16:03:18 | 003,207,184 | ---- | C] () -- C:\Windows\SysWow64\mdmcls32.exe
[2012/01/13 16:03:18 | 002,760,720 | ---- | C] () -- C:\Windows\SysWow64\svcprs32.exe
[2012/01/13 16:03:18 | 001,744,912 | ---- | C] () -- C:\Windows\SysWow64\winsflt.dll
[2012/01/13 16:03:18 | 000,098,320 | ---- | C] () -- C:\Windows\SysWow64\winsfinst.exe
[2012/01/11 19:10:38 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2012/01/11 19:10:38 | 000,002,048 | -HS- | C] () -- C:\Users\Owner\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\@
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/06/08 15:46:59 | 011,794,135 | ---- | C] () -- C:\Users\Owner\AppData\Local\ssaptn.185
[2011/05/30 18:22:21 | 011,792,676 | ---- | C] () -- C:\Users\Owner\AppData\Local\ssaptn.183
[2011/05/30 18:22:19 | 169,062,057 | ---- | C] () -- C:\Users\Owner\AppData\Local\lpt$vpn.191
[2011/05/24 13:59:39 | 170,535,081 | ---- | C] () -- C:\Users\Owner\AppData\Local\lpt$vpn.177
[2011/05/23 14:39:18 | 011,791,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\ssaptn.179
[2011/05/23 14:39:16 | 171,126,441 | ---- | C] () -- C:\Users\Owner\AppData\Local\lpt$vpn.173
[2011/01/29 14:13:25 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\mp3dec.dll
[2011/01/29 14:13:25 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\dsp_trc.dll
[2011/01/29 14:13:25 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\IcdSptSvps.dll
[2011/01/25 21:21:19 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/20 20:13:55 | 000,839,680 | ---- | C] () -- C:\Windows\SysWow64\FDRpage.dll
[2010/12/20 20:13:43 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\CreateDir.exe

========== LOP Check ==========

[2009/12/01 15:21:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\5400 Series
[2009/06/28 17:12:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore
[2010/09/29 21:24:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/01 13:09:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/04/07 20:56:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IObit
[2012/03/05 12:09:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ooVoo Details
[2011/03/23 15:15:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Opera
[2009/07/15 22:40:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2011/11/16 20:21:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Rovio
[2010/12/01 22:40:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SeriousBit
[2009/12/04 13:09:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Stardock
[2009/06/28 17:05:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2011/02/17 17:23:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ViGlance
[2009/07/09 08:30:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent
[2010/01/05 18:43:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2010/10/21 21:39:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
[2010/04/07 20:32:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WindSolutions
[2012/06/10 18:00:03 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2012/06/12 21:13:37 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#3
maliprog
Posted 12 June 2012 - 11:23 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello bigchris and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: You have very nasty infection! I would strongly advice you to backup all your important data from your system before you begin with the fix.

This malware tends to disable you whole system and let you with nothing. Please backup your data.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 4

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, ZIP MBR.dat it creates and attach it to your next reply

Step 5

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
  • aswMBR log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#4
bigchris
Posted 13 June 2012 - 08:51 AM

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
1) I couldn't cure so I just skipped like you said to do.



10:31:25.0651 7548 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
10:31:26.0079 7548 ============================================================
10:31:26.0079 7548 Current date / time: 2012/06/13 10:31:26.0078
10:31:26.0079 7548 SystemInfo:
10:31:26.0079 7548
10:31:26.0079 7548 OS Version: 6.0.6002 ServicePack: 2.0
10:31:26.0079 7548 Product type: Workstation
10:31:26.0079 7548 ComputerName: CHRIS
10:31:26.0079 7548 UserName: Owner
10:31:26.0079 7548 Windows directory: C:\Windows
10:31:26.0079 7548 System windows directory: C:\Windows
10:31:26.0079 7548 Running under WOW64
10:31:26.0079 7548 Processor architecture: Intel x64
10:31:26.0079 7548 Number of processors: 2
10:31:26.0080 7548 Page size: 0x1000
10:31:26.0080 7548 Boot type: Normal boot
10:31:26.0080 7548 ============================================================
10:31:30.0208 7548 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:31:30.0262 7548 ============================================================
10:31:30.0262 7548 \Device\Harddisk0\DR0:
10:31:30.0290 7548 MBR partitions:
10:31:30.0290 7548 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x238C5800
10:31:30.0290 7548 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x238C6000, BlocksNum 0x1B67000
10:31:30.0290 7548 ============================================================
10:31:30.0385 7548 C: <-> \Device\Harddisk0\DR0\Partition0
10:31:30.0626 7548 D: <-> \Device\Harddisk0\DR0\Partition1
10:31:30.0627 7548 ============================================================
10:31:30.0627 7548 Initialize success
10:31:30.0627 7548 ============================================================
10:32:11.0711 5464 ============================================================
10:32:11.0711 5464 Scan started
10:32:11.0711 5464 Mode: Manual; SigCheck; TDLFS;
10:32:11.0711 5464 ============================================================
10:32:14.0835 5464 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
10:32:15.0090 5464 Accelerometer - ok
10:32:15.0882 5464 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
10:32:15.0954 5464 ACPI - ok
10:32:16.0771 5464 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:32:16.0790 5464 AdobeARMservice - ok
10:32:19.0135 5464 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:32:19.0293 5464 AdobeFlashPlayerUpdateSvc - ok
10:32:20.0964 5464 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
10:32:21.0101 5464 adp94xx - ok
10:32:21.0851 5464 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
10:32:21.0948 5464 adpahci - ok
10:32:22.0390 5464 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
10:32:22.0458 5464 adpu160m - ok
10:32:22.0901 5464 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
10:32:22.0985 5464 adpu320 - ok
10:32:23.0212 5464 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
10:32:24.0402 5464 AeLookupSvc - ok
10:32:25.0522 5464 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
10:32:25.0889 5464 AFD - ok
10:32:26.0262 5464 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
10:32:26.0407 5464 AgereModemAudio - ok
10:32:29.0052 5464 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys
10:32:29.0713 5464 AgereSoftModem - ok
10:32:30.0145 5464 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
10:32:30.0210 5464 agp440 - ok
10:32:30.0703 5464 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
10:32:30.0760 5464 aic78xx - ok
10:32:36.0916 5464 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
10:32:36.0916 5464 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
10:32:36.0925 5464 Akamai ( HiddenFile.Multi.Generic ) - warning
10:32:36.0926 5464 Akamai - detected HiddenFile.Multi.Generic (1)
10:32:38.0137 5464 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
10:32:40.0131 5464 ALG - ok
10:32:40.0530 5464 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys
10:32:40.0558 5464 aliide - ok
10:32:40.0783 5464 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys
10:32:40.0805 5464 amdide - ok
10:32:41.0052 5464 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
10:32:41.0239 5464 AmdK8 - ok
10:32:41.0755 5464 ApfiltrService (69d882157e5e4d17d32e30182f945046) C:\Windows\system32\DRIVERS\Apfiltr.sys
10:32:41.0828 5464 ApfiltrService - ok
10:32:42.0201 5464 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
10:32:42.0309 5464 Appinfo - ok
10:32:43.0175 5464 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:32:43.0194 5464 Apple Mobile Device - ok
10:32:43.0524 5464 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
10:32:43.0584 5464 arc - ok
10:32:43.0857 5464 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
10:32:43.0929 5464 arcsas - ok
10:32:44.0112 5464 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
10:32:44.0323 5464 AsyncMac - ok
10:32:44.0446 5464 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
10:32:44.0471 5464 atapi - ok
10:32:45.0583 5464 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
10:32:45.0999 5464 AudioEndpointBuilder - ok
10:32:46.0008 5464 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
10:32:46.0090 5464 AudioSrv - ok
10:32:52.0319 5464 BCM43XX (6c95dd14cfd30b0617b91dc6a0b1a1fb) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:32:53.0101 5464 BCM43XX - ok
10:32:57.0111 5464 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
10:32:57.0487 5464 BITS - ok
10:32:57.0848 5464 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
10:32:58.0117 5464 blbdrive - ok
10:32:59.0511 5464 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:32:59.0582 5464 Bonjour Service - ok
10:32:59.0917 5464 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
10:33:00.0079 5464 bowser - ok
10:33:00.0267 5464 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
10:33:00.0418 5464 BrFiltLo - ok
10:33:00.0508 5464 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
10:33:00.0606 5464 BrFiltUp - ok
10:33:00.0963 5464 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
10:33:01.0061 5464 Browser - ok
10:33:01.0435 5464 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
10:33:03.0797 5464 Brserid - ok
10:33:03.0920 5464 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
10:33:04.0147 5464 BrSerWdm - ok
10:33:04.0222 5464 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
10:33:04.0439 5464 BrUsbMdm - ok
10:33:04.0560 5464 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
10:33:04.0744 5464 BrUsbSer - ok
10:33:04.0943 5464 BthEnum (471ff09330a53177bbe9fd6ddf8a8259) C:\Windows\system32\DRIVERS\BthEnum.sys
10:33:05.0175 5464 BthEnum - ok
10:33:05.0390 5464 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
10:33:05.0615 5464 BTHMODEM - ok
10:33:05.0859 5464 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
10:33:06.0025 5464 BthPan - ok
10:33:07.0708 5464 BTHPORT (7d104f22c04a76f0d2f96f789ac07fcb) C:\Windows\system32\Drivers\BTHport.sys
10:33:08.0138 5464 BTHPORT - ok
10:33:08.0378 5464 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
10:33:08.0643 5464 BthServ - ok
10:33:08.0762 5464 BTHUSB (d9324f0c142267961ce900bfc3798bb1) C:\Windows\system32\Drivers\BTHUSB.sys
10:33:08.0981 5464 BTHUSB - ok
10:33:10.0148 5464 CAAMSvc (51e0078586bf3ac6813cedacfb220fef) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
10:33:10.0171 5464 CAAMSvc - ok
10:33:10.0978 5464 CaCCProvSP (b3b8e9ae50343daaf7d4dd9953601e98) C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
10:33:11.0052 5464 CaCCProvSP - ok
10:33:11.0855 5464 CAISafe (e0f7e8b3ec79db2a191b42fcc06f17e6) C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
10:33:11.0880 5464 CAISafe - ok
10:33:12.0725 5464 ccSchedulerSVC (ed1cf50c7c3b1f81e62bf09b420fe5e7) C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
10:33:12.0749 5464 ccSchedulerSVC - ok
10:33:13.0076 5464 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
10:33:13.0199 5464 cdfs - ok
10:33:13.0521 5464 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
10:33:13.0612 5464 cdrom - ok
10:33:13.0852 5464 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
10:33:13.0919 5464 CertPropSvc - ok
10:33:14.0161 5464 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
10:33:14.0358 5464 circlass - ok
10:33:15.0244 5464 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
10:33:15.0367 5464 CLFS - ok
10:33:16.0107 5464 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:33:16.0218 5464 clr_optimization_v2.0.50727_32 - ok
10:33:16.0766 5464 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:33:16.0825 5464 clr_optimization_v2.0.50727_64 - ok
10:33:17.0725 5464 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:33:17.0991 5464 clr_optimization_v4.0.30319_32 - ok
10:33:18.0758 5464 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:33:18.0942 5464 clr_optimization_v4.0.30319_64 - ok
10:33:19.0148 5464 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
10:33:19.0278 5464 CmBatt - ok
10:33:19.0397 5464 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys
10:33:19.0421 5464 cmdide - ok
10:33:20.0621 5464 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
10:33:20.0647 5464 Com4QLBEx - ok
10:33:20.0846 5464 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
10:33:20.0871 5464 Compbatt - ok
10:33:20.0876 5464 COMSysApp - ok
10:33:21.0801 5464 cpuz132 - ok
10:33:21.0956 5464 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
10:33:21.0979 5464 crcdisk - ok
10:33:22.0498 5464 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
10:33:22.0600 5464 CryptSvc - ok
10:33:24.0331 5464 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
10:33:24.0619 5464 DcomLaunch - ok
10:33:24.0891 5464 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
10:33:25.0064 5464 DfsC - ok
10:33:34.0074 5464 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
10:33:36.0013 5464 DFSR - ok
10:33:38.0434 5464 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
10:33:38.0642 5464 Dhcp - ok
10:33:39.0236 5464 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
10:33:39.0314 5464 disk - ok
10:33:39.0880 5464 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
10:33:40.0132 5464 Dnscache - ok
10:33:40.0900 5464 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
10:33:41.0090 5464 dot3svc - ok
10:33:41.0707 5464 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
10:33:41.0869 5464 DPS - ok
10:33:42.0170 5464 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
10:33:42.0450 5464 drmkaud - ok
10:33:44.0899 5464 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
10:33:45.0456 5464 DXGKrnl - ok
10:33:45.0514 5464 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
10:33:45.0720 5464 E1G60 - ok
10:33:46.0385 5464 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
10:33:46.0538 5464 EapHost - ok
10:33:47.0458 5464 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
10:33:47.0489 5464 Ecache - ok
10:33:48.0848 5464 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
10:33:49.0367 5464 ehRecvr - ok
10:33:50.0161 5464 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
10:33:50.0251 5464 ehSched - ok
10:33:50.0522 5464 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
10:33:50.0851 5464 ehstart - ok
10:33:52.0475 5464 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
10:33:52.0621 5464 elxstor - ok
10:33:54.0557 5464 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
10:33:57.0051 5464 EMDMgmt - ok
10:33:57.0674 5464 enecir (cd0c80e5e9a9bf8dd145f43713d77993) C:\Windows\system32\DRIVERS\enecir.sys
10:33:57.0928 5464 enecir - ok
10:33:58.0013 5464 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
10:33:58.0089 5464 ErrDev - ok
10:33:59.0269 5464 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
10:33:59.0580 5464 EventSystem - ok
10:34:00.0011 5464 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
10:34:00.0297 5464 exfat - ok
10:34:01.0010 5464 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
10:34:01.0288 5464 fastfat - ok
10:34:01.0534 5464 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
10:34:01.0689 5464 fdc - ok
10:34:01.0797 5464 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
10:34:01.0971 5464 fdPHost - ok
10:34:02.0197 5464 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
10:34:02.0388 5464 FDResPub - ok
10:34:02.0672 5464 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
10:34:02.0750 5464 FileInfo - ok
10:34:02.0902 5464 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
10:34:03.0098 5464 Filetrace - ok
10:34:03.0269 5464 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:34:03.0419 5464 flpydisk - ok
10:34:04.0439 5464 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
10:34:04.0507 5464 FltMgr - ok
10:34:04.0572 5464 fofegqot - ok
10:34:08.0107 5464 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
10:34:08.0547 5464 FontCache - ok
10:34:08.0955 5464 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:34:09.0055 5464 FontCache3.0.0.0 - ok
10:34:10.0315 5464 FreemakeUtilsService (b606b9db6f2039913015b7153e35d815) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
10:34:10.0348 5464 FreemakeUtilsService - ok
10:34:10.0731 5464 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
10:34:10.0811 5464 fssfltr - ok
10:34:15.0933 5464 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:34:17.0352 5464 fsssvc - ok
10:34:19.0536 5464 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
10:34:19.0684 5464 Fs_Rec - ok
10:34:19.0969 5464 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
10:34:20.0026 5464 gagp30kx - ok
10:34:21.0529 5464 GameConsoleService (2e7e49077c7bbeb2947bd6d03c8454b5) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
10:34:21.0720 5464 GameConsoleService - ok
10:34:21.0897 5464 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:34:21.0915 5464 GEARAspiWDM - ok
10:34:23.0203 5464 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
10:34:23.0386 5464 gpsvc - ok
10:34:24.0145 5464 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
10:34:24.0470 5464 HdAudAddService - ok
10:34:27.0354 5464 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:34:27.0582 5464 HDAudBus - ok
10:34:27.0681 5464 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
10:34:27.0897 5464 HidBth - ok
10:34:28.0047 5464 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
10:34:28.0199 5464 HidIr - ok
10:34:28.0334 5464 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
10:34:28.0433 5464 hidserv - ok
10:34:28.0560 5464 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
10:34:28.0607 5464 HidUsb - ok
10:34:28.0962 5464 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
10:34:29.0105 5464 hkmsvc - ok
10:34:30.0109 5464 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
10:34:30.0169 5464 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
10:34:30.0169 5464 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
10:34:30.0477 5464 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
10:34:30.0543 5464 HpCISSs - ok
10:34:30.0690 5464 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
10:34:30.0716 5464 hpdskflt - ok
10:34:30.0889 5464 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
10:34:31.0021 5464 HpqKbFiltr - ok
10:34:32.0269 5464 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:34:32.0294 5464 hpqwmiex - ok
10:34:32.0501 5464 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
10:34:32.0521 5464 hpsrv - ok
10:34:33.0810 5464 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
10:34:34.0035 5464 HTTP - ok
10:34:34.0383 5464 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
10:34:34.0406 5464 i2omp - ok
10:34:34.0652 5464 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
10:34:34.0703 5464 i8042prt - ok
10:34:35.0429 5464 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
10:34:35.0485 5464 iaStorV - ok
10:34:35.0707 5464 ICDUSB3 (55836a07c030748b47c613dc30f724d5) C:\Windows\system32\Drivers\ICDUSB3.sys
10:34:35.0924 5464 ICDUSB3 - ok
10:34:36.0389 5464 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:34:36.0463 5464 IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:34:36.0463 5464 IDriverT - detected UnsignedFile.Multi.Generic (1)
10:34:38.0464 5464 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:34:38.0784 5464 idsvc - ok
10:35:08.0668 5464 igfx (7b0a679638e9380c0d8d42c7d43f8169) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:35:14.0996 5464 igfx - ok
10:35:18.0087 5464 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
10:35:18.0162 5464 iirsp - ok
10:35:20.0246 5464 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
10:35:20.0469 5464 IKEEXT - ok
10:35:21.0408 5464 IntcHdmiAddService (c7c9720a5b0fd2b974fc4f72e405204b) C:\Windows\system32\drivers\IntcHdmi.sys
10:35:21.0525 5464 IntcHdmiAddService - ok
10:35:21.0871 5464 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys
10:35:21.0897 5464 intelide - ok
10:35:22.0074 5464 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
10:35:22.0172 5464 intelppm - ok
10:35:22.0480 5464 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
10:35:22.0626 5464 IPBusEnum - ok
10:35:22.0922 5464 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:35:23.0046 5464 IpFilterDriver - ok
10:35:23.0050 5464 IpInIp - ok
10:35:23.0465 5464 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
10:35:23.0750 5464 IPMIDRV - ok
10:35:24.0524 5464 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
10:35:24.0712 5464 IPNAT - ok
10:35:28.0355 5464 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
10:35:28.0509 5464 iPod Service - ok
10:35:28.0684 5464 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
10:35:28.0905 5464 IRENUM - ok
10:35:29.0081 5464 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
10:35:29.0107 5464 isapnp - ok
10:35:29.0803 5464 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
10:35:29.0902 5464 iScsiPrt - ok
10:35:29.0984 5464 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
10:35:30.0227 5464 iteatapi - ok
10:35:31.0409 5464 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
10:35:31.0433 5464 iteraid - ok
10:35:32.0241 5464 JMCR (00495b8f39c7c1a9179e40c3bf2475df) C:\Windows\system32\DRIVERS\jmcr.sys
10:35:32.0661 5464 JMCR - ok
10:35:32.0889 5464 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
10:35:33.0051 5464 kbdclass - ok
10:35:33.0306 5464 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
10:35:33.0456 5464 kbdhid - ok
10:35:33.0702 5464 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:35:33.0974 5464 KeyIso - ok
10:35:34.0793 5464 KmxAgent (7594e8799fa212576c93bfdf54583452) C:\Windows\system32\DRIVERS\kmxagent.sys
10:35:34.0866 5464 KmxAgent - ok
10:35:36.0076 5464 KmxAMRT (e5bb08fcf05ef7333be3b5b35295c4c0) C:\Windows\system32\DRIVERS\KmxAMRT.sys
10:35:36.0162 5464 KmxAMRT - ok
10:35:37.0786 5464 KmxCF (54721e47b8350770332128fcffc7a460) C:\Windows\system32\DRIVERS\KmxCF.sys
10:35:37.0972 5464 KmxCF - ok
10:35:40.0065 5464 KmxCfg (174a70fd5367388f6f378cbc6dd723ee) C:\Windows\system32\DRIVERS\kmxcfg.sys
10:35:40.0490 5464 KmxCfg - ok
10:35:41.0407 5464 KmxFile (dc77781ab8cf3043da60187a1511fef6) C:\Windows\system32\DRIVERS\KmxFile.sys
10:35:41.0648 5464 KmxFile - ok
10:35:42.0357 5464 KmxFilter (87da5afc8950ec34d0cddf3438370727) C:\Windows\system32\DRIVERS\KmxFilter.sys
10:35:42.0520 5464 KmxFilter - ok
10:35:43.0003 5464 KmxFw (15260d1b5bb6ba8e5079e758fce88207) C:\Windows\system32\DRIVERS\kmxfw.sys
10:35:43.0104 5464 KmxFw - ok
10:35:43.0569 5464 KmxSbx (9ea56ddeeb080727ff448a0c6e37de08) C:\Windows\system32\DRIVERS\KmxSbx.sys
10:35:43.0649 5464 KmxSbx - ok
10:35:45.0840 5464 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
10:35:46.0078 5464 KSecDD - ok
10:35:46.0494 5464 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
10:35:46.0613 5464 ksthunk - ok
10:35:48.0785 5464 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
10:35:49.0041 5464 KtmRm - ok
10:35:49.0046 5464 kuufyfud - ok
10:35:49.0941 5464 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
10:35:50.0210 5464 LanmanServer - ok
10:35:51.0152 5464 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
10:35:51.0514 5464 LanmanWorkstation - ok
10:35:52.0907 5464 LightScribeService (ac2e68e3421af857b8d438414e7ae31c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
10:35:52.0922 5464 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
10:35:52.0923 5464 LightScribeService - detected UnsignedFile.Multi.Generic (1)
10:35:53.0188 5464 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
10:35:53.0262 5464 lltdio - ok
10:35:54.0879 5464 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
10:35:55.0126 5464 lltdsvc - ok
10:35:55.0265 5464 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
10:35:55.0408 5464 lmhosts - ok
10:35:55.0760 5464 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
10:35:55.0807 5464 LSI_FC - ok
10:35:56.0175 5464 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
10:35:56.0201 5464 LSI_SAS - ok
10:35:56.0696 5464 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
10:35:56.0751 5464 LSI_SCSI - ok
10:35:57.0029 5464 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
10:35:57.0186 5464 luafv - ok
10:35:57.0250 5464 lxct_device - ok
10:35:57.0908 5464 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
10:35:58.0928 5464 MBAMProtector - ok
10:36:01.0830 5464 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:36:01.0893 5464 MBAMService - ok
10:36:01.0903 5464 mbngfrcg - ok
10:36:01.0916 5464 MCSTRM - ok
10:36:02.0199 5464 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
10:36:02.0430 5464 Mcx2Svc - ok
10:36:02.0838 5464 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
10:36:02.0864 5464 megasas - ok
10:36:04.0115 5464 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
10:36:04.0328 5464 MegaSR - ok
10:36:05.0568 5464 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
10:36:05.0678 5464 Microsoft Office Groove Audit Service - ok
10:36:05.0912 5464 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
10:36:06.0100 5464 MMCSS - ok
10:36:06.0522 5464 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
10:36:06.0785 5464 Modem - ok
10:36:07.0044 5464 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
10:36:07.0166 5464 monitor - ok
10:36:07.0584 5464 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
10:36:07.0675 5464 mouclass - ok
10:36:07.0881 5464 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
10:36:08.0065 5464 mouhid - ok
10:36:08.0616 5464 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
10:36:08.0711 5464 MountMgr - ok
10:36:09.0576 5464 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
10:36:09.0663 5464 mpio - ok
10:36:09.0973 5464 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
10:36:10.0189 5464 mpsdrv - ok
10:36:10.0553 5464 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
10:36:10.0580 5464 Mraid35x - ok
10:36:11.0446 5464 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
10:36:11.0557 5464 MRxDAV - ok
10:36:12.0157 5464 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:36:12.0283 5464 mrxsmb - ok
10:36:13.0107 5464 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:36:13.0221 5464 mrxsmb10 - ok
10:36:13.0782 5464 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:36:13.0843 5464 mrxsmb20 - ok
10:36:14.0130 5464 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
10:36:14.0156 5464 msahci - ok
10:36:14.0540 5464 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
10:36:14.0615 5464 msdsm - ok
10:36:15.0015 5464 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
10:36:15.0206 5464 MSDTC - ok
10:36:15.0473 5464 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
10:36:15.0742 5464 Msfs - ok
10:36:15.0904 5464 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
10:36:15.0927 5464 msisadrv - ok
10:36:16.0766 5464 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
10:36:16.0902 5464 MSiSCSI - ok
10:36:16.0908 5464 msiserver - ok
10:36:17.0040 5464 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
10:36:17.0187 5464 MSKSSRV - ok
10:36:17.0277 5464 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
10:36:17.0445 5464 MSPCLOCK - ok
10:36:17.0638 5464 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
10:36:17.0804 5464 MSPQM - ok
10:36:19.0018 5464 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
10:36:19.0088 5464 MsRPC - ok
10:36:19.0286 5464 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
10:36:19.0322 5464 mssmbios - ok
10:36:19.0605 5464 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
10:36:19.0833 5464 MSTEE - ok
10:36:20.0050 5464 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
10:36:20.0129 5464 Mup - ok
10:36:21.0346 5464 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
10:36:21.0617 5464 napagent - ok
10:36:22.0484 5464 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
10:36:22.0638 5464 NativeWifiP - ok
10:36:22.0902 5464 NAVENG - ok
10:36:22.0907 5464 NAVEX15 - ok
10:36:25.0817 5464 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
10:36:26.0113 5464 NDIS - ok
10:36:26.0494 5464 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
10:36:27.0632 5464 NdisTapi - ok
10:36:27.0732 5464 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
10:36:27.0910 5464 Ndisuio - ok
10:36:28.0667 5464 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
10:36:28.0904 5464 NdisWan - ok
10:36:29.0192 5464 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
10:36:29.0352 5464 NDProxy - ok
10:36:29.0621 5464 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
10:36:29.0834 5464 NetBIOS - ok
10:36:30.0682 5464 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
10:36:30.0962 5464 netbt - ok
10:36:31.0173 5464 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:36:31.0201 5464 Netlogon - ok
10:36:32.0157 5464 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
10:36:32.0342 5464 Netman - ok
10:36:33.0687 5464 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
10:36:33.0842 5464 netprofm - ok
10:36:34.0708 5464 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:36:34.0791 5464 NetTcpPortSharing - ok
10:36:44.0395 5464 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys
10:36:46.0851 5464 NETw3v64 - ok
10:36:49.0397 5464 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
10:36:49.0526 5464 nfrd960 - ok
10:36:50.0208 5464 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
10:36:50.0336 5464 NlaSvc - ok
10:36:50.0731 5464 Norton Internet Security - ok
10:36:51.0059 5464 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
10:36:51.0197 5464 Npfs - ok
10:36:51.0415 5464 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
10:36:51.0564 5464 nsi - ok
10:36:51.0810 5464 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
10:36:51.0987 5464 nsiproxy - ok
10:36:57.0083 5464 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
10:36:57.0928 5464 Ntfs - ok
10:37:00.0991 5464 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
10:37:01.0536 5464 NuidFltr - ok
10:37:02.0164 5464 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
10:37:02.0296 5464 Null - ok
10:37:02.0984 5464 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
10:37:03.0064 5464 nvraid - ok
10:37:03.0385 5464 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
10:37:03.0452 5464 nvstor - ok
10:37:03.0821 5464 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
10:37:03.0899 5464 nv_agp - ok
10:37:03.0904 5464 NwlnkFlt - ok
10:37:03.0908 5464 NwlnkFwd - ok
10:37:05.0809 5464 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:37:05.0896 5464 odserv - ok
10:37:06.0317 5464 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
10:37:06.0489 5464 ohci1394 - ok
10:37:07.0130 5464 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:37:07.0154 5464 ose - ok
10:37:09.0974 5464 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:37:10.0286 5464 p2pimsvc - ok
10:37:10.0302 5464 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:37:10.0562 5464 p2psvc - ok
10:37:11.0052 5464 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
10:37:11.0230 5464 Parport - ok
10:37:11.0598 5464 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
10:37:11.0677 5464 partmgr - ok
10:37:12.0021 5464 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
10:37:12.0509 5464 PcaSvc - ok
10:37:12.0968 5464 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
10:37:13.0073 5464 pci - ok
10:37:13.0132 5464 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys
10:37:13.0157 5464 pciide - ok
10:37:13.0961 5464 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
10:37:14.0105 5464 pcmcia - ok
10:37:14.0668 5464 Pcouffin64 (a7a134de374e91d931ba211556293b1b) C:\Windows\system32\Drivers\pcouffin64a.sys
10:37:14.0734 5464 Pcouffin64 ( UnsignedFile.Multi.Generic ) - warning
10:37:14.0734 5464 Pcouffin64 - detected UnsignedFile.Multi.Generic (1)
10:37:15.0798 5464 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
10:37:16.0073 5464 PEAUTH - ok
10:37:17.0908 5464 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
10:37:17.0978 5464 PerfHost - ok
10:37:21.0759 5464 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
10:37:22.0075 5464 pla - ok
10:37:23.0067 5464 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
10:37:23.0212 5464 PlugPlay - ok
10:37:25.0234 5464 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:37:25.0296 5464 PNRPAutoReg - ok
10:37:25.0309 5464 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
10:37:25.0422 5464 PNRPsvc - ok
10:37:25.0911 5464 Point64 (a6d06378f37bdba0c0019294c2aabbd0) C:\Windows\system32\DRIVERS\point64k.sys
10:37:25.0962 5464 Point64 - ok
10:37:27.0306 5464 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
10:37:27.0722 5464 PolicyAgent - ok
10:37:27.0934 5464 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
10:37:28.0030 5464 PptpMiniport - ok
10:37:28.0265 5464 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
10:37:28.0421 5464 Processor - ok
10:37:28.0917 5464 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
10:37:29.0020 5464 ProfSvc - ok
10:37:29.0190 5464 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:37:29.0218 5464 ProtectedStorage - ok
10:37:29.0604 5464 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
10:37:29.0663 5464 PSched - ok
10:37:29.0972 5464 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:37:29.0992 5464 PxHlpa64 - ok
10:37:32.0922 5464 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
10:37:33.0201 5464 ql2300 - ok
10:37:33.0677 5464 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
10:37:33.0737 5464 ql40xx - ok
10:37:34.0432 5464 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
10:37:34.0559 5464 QWAVE - ok
10:37:34.0793 5464 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
10:37:34.0821 5464 QWAVEdrv - ok
10:37:34.0928 5464 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
10:37:35.0074 5464 RasAcd - ok
10:37:35.0496 5464 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
10:37:35.0655 5464 RasAuto - ok
10:37:36.0030 5464 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:37:36.0165 5464 Rasl2tp - ok
10:37:36.0913 5464 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
10:37:37.0830 5464 RasMan - ok
10:37:38.0043 5464 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
10:37:38.0175 5464 RasPppoe - ok
10:37:38.0528 5464 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
10:37:38.0636 5464 RasSstp - ok
10:37:39.0385 5464 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
10:37:39.0590 5464 rdbss - ok
10:37:39.0730 5464 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:37:39.0856 5464 RDPCDD - ok
10:37:40.0704 5464 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
10:37:40.0941 5464 rdpdr - ok
10:37:41.0023 5464 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
10:37:41.0199 5464 RDPENCDD - ok
10:37:41.0732 5464 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
10:37:41.0926 5464 RDPWD - ok
10:37:43.0748 5464 Recovery Service for Windows (bc0a4d47472b042537f4e57b950415fa) C:\Program Files (x86)\SMINST\BLService.exe
10:37:43.0820 5464 Recovery Service for Windows - ok
10:37:44.0090 5464 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
10:37:44.0158 5464 RemoteAccess - ok
10:37:45.0125 5464 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
10:37:45.0255 5464 RemoteRegistry - ok
10:37:45.0977 5464 RFCOMM (72c35598ba591abddc37fce7d26fe1c4) C:\Windows\system32\DRIVERS\rfcomm.sys
10:37:46.0162 5464 RFCOMM - ok
10:37:47.0084 5464 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
10:37:47.0100 5464 RichVideo ( UnsignedFile.Multi.Generic ) - warning
10:37:47.0100 5464 RichVideo - detected UnsignedFile.Multi.Generic (1)
10:37:47.0145 5464 RimUsb - ok
10:37:47.0412 5464 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
10:37:47.0654 5464 RimVSerPort - ok
10:37:47.0905 5464 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
10:37:48.0017 5464 ROOTMODEM - ok
10:37:48.0169 5464 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
10:37:48.0323 5464 RpcLocator - ok
10:37:50.0709 5464 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
10:37:51.0099 5464 RpcSs - ok
10:37:51.0373 5464 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
10:37:51.0472 5464 rspndr - ok
10:37:52.0933 5464 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys
10:37:53.0209 5464 RTL8169 - ok
10:37:53.0383 5464 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
10:37:53.0426 5464 SamSs - ok
10:37:53.0688 5464 SASKUTIL - ok
10:37:54.0020 5464 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
10:37:54.0044 5464 sbp2port - ok
10:37:54.0578 5464 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
10:37:54.0785 5464 SCardSvr - ok
10:37:57.0003 5464 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
10:37:57.0359 5464 Schedule - ok
10:37:57.0798 5464 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
10:37:57.0844 5464 SCPolicySvc - ok
10:37:58.0199 5464 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
10:37:58.0310 5464 sdbus - ok
10:37:58.0810 5464 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
10:37:58.0870 5464 SDRSVC - ok
10:37:59.0118 5464 SecDrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS
10:37:59.0272 5464 SecDrv - ok
10:37:59.0433 5464 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
10:37:59.0523 5464 seclogon - ok
10:37:59.0768 5464 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
10:37:59.0834 5464 SENS - ok
10:38:00.0018 5464 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
10:38:00.0238 5464 Serenum - ok
10:38:00.0464 5464 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
10:38:00.0610 5464 Serial - ok
10:38:00.0850 5464 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
10:38:00.0991 5464 sermouse - ok
10:38:01.0204 5464 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
10:38:01.0289 5464 SessionEnv - ok
10:38:01.0417 5464 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
10:38:01.0577 5464 sffdisk - ok
10:38:01.0690 5464 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
10:38:01.0813 5464 sffp_mmc - ok
10:38:01.0890 5464 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
10:38:02.0028 5464 sffp_sd - ok
10:38:02.0089 5464 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
10:38:02.0273 5464 sfloppy - ok
10:38:02.0967 5464 ShellHWDetection (21d8f71e022f52bb2e94bd3947bfe7ab) C:\Windows\System32\shsvcs.dll
10:38:03.0012 5464 ShellHWDetection ( UnsignedFile.Multi.Generic ) - warning
10:38:03.0012 5464 ShellHWDetection - detected UnsignedFile.Multi.Generic (1)
10:38:03.0145 5464 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
10:38:03.0170 5464 SiSRaid2 - ok
10:38:03.0411 5464 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
10:38:03.0438 5464 SiSRaid4 - ok
10:38:10.0012 5464 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
10:38:11.0062 5464 slsvc - ok
10:38:13.0141 5464 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
10:38:13.0237 5464 SLUINotify - ok
10:38:13.0863 5464 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
10:38:13.0996 5464 Smb - ok
10:38:14.0186 5464 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
10:38:14.0213 5464 SNMPTRAP - ok
10:38:14.0342 5464 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
10:38:14.0371 5464 spldr - ok
10:38:15.0096 5464 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
10:38:15.0196 5464 Spooler - ok
10:38:15.0201 5464 SRTSP - ok
10:38:15.0207 5464 SRTSPX - ok
10:38:17.0800 5464 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
10:38:18.0021 5464 srv - ok
10:38:18.0828 5464 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
10:38:18.0951 5464 srv2 - ok
10:38:19.0200 5464 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
10:38:19.0238 5464 srvnet - ok
10:38:19.0882 5464 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
10:38:19.0984 5464 SSDPSRV - ok
10:38:20.0984 5464 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
10:38:21.0083 5464 SstpSvc - ok
10:38:22.0851 5464 STacSV (72eb6157e892a674e47e08732bb5cce3) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe
10:38:22.0998 5464 STacSV - ok
10:38:24.0248 5464 STHDA (0c7bda7e9a329a071c080eb5210fe019) C:\Windows\system32\DRIVERS\stwrt64.sys
10:38:24.0437 5464 STHDA - ok
10:38:25.0859 5464 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
10:38:26.0094 5464 stisvc - ok
10:38:26.0193 5464 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
10:38:26.0277 5464 swenum - ok
10:38:27.0385 5464 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
10:38:27.0579 5464 swprv - ok
10:38:28.0242 5464 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
10:38:28.0325 5464 Symc8xx - ok
10:38:28.0438 5464 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
10:38:28.0505 5464 Sym_hi - ok
10:38:28.0761 5464 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
10:38:28.0836 5464 Sym_u3 - ok
10:38:31.0127 5464 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
10:38:31.0426 5464 SysMain - ok
10:38:31.0769 5464 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
10:38:31.0861 5464 TabletInputService - ok
10:38:32.0696 5464 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
10:38:32.0808 5464 TapiSrv - ok
10:38:33.0064 5464 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
10:38:33.0170 5464 TBS - ok
10:38:37.0948 5464 Tcpip (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\drivers\tcpip.sys
10:38:38.0414 5464 Tcpip - ok
10:38:38.0437 5464 Tcpip6 (ac8d5728e6ad6a7c4819d9a67008337a) C:\Windows\system32\DRIVERS\tcpip.sys
10:38:38.0777 5464 Tcpip6 - ok
10:38:39.0064 5464 tcpipreg (fd8fde859e38e40a20085ebb0c22b416) C:\Windows\system32\drivers\tcpipreg.sys
10:38:39.0201 5464 tcpipreg - ok
10:38:39.0305 5464 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
10:38:39.0476 5464 TDPIPE - ok
10:38:39.0621 5464 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
10:38:39.0746 5464 TDTCP - ok
10:38:40.0097 5464 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
10:38:40.0223 5464 tdx - ok
10:38:40.0490 5464 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
10:38:40.0566 5464 TermDD - ok
10:38:42.0170 5464 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
10:38:42.0347 5464 TermService - ok
10:38:43.0101 5464 Themes (21d8f71e022f52bb2e94bd3947bfe7ab) C:\Windows\system32\shsvcs.dll
10:38:43.0118 5464 Themes ( UnsignedFile.Multi.Generic ) - warning
10:38:43.0118 5464 Themes - detected UnsignedFile.Multi.Generic (1)
10:38:43.0327 5464 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
10:38:43.0401 5464 THREADORDER - ok
10:38:43.0817 5464 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
10:38:43.0925 5464 TrkWks - ok
10:38:44.0219 5464 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
10:38:44.0270 5464 TrustedInstaller - ok
10:38:44.0468 5464 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:38:45.0397 5464 tssecsrv - ok
10:38:45.0580 5464 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
10:38:45.0667 5464 tunmp - ok
10:38:45.0836 5464 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
10:38:45.0932 5464 tunnel - ok
10:38:47.0753 5464 TVCapSvc (4bc24ad1af866eb21c09d837a8a017e7) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
10:38:47.0782 5464 TVCapSvc - ok
10:38:48.0116 5464 TVSched (56196a4fd34a9985ab93531dcdc07dcb) C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
10:38:48.0136 5464 TVSched - ok
10:38:48.0386 5464 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
10:38:48.0489 5464 uagp35 - ok
10:38:49.0509 5464 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
10:38:49.0725 5464 udfs - ok
10:38:49.0899 5464 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
10:38:49.0992 5464 UI0Detect - ok
10:38:50.0330 5464 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
10:38:50.0438 5464 uliagpkx - ok
10:38:51.0342 5464 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
10:38:51.0426 5464 uliahci - ok
10:38:51.0842 5464 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
10:38:51.0921 5464 UlSata - ok
10:38:52.0517 5464 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
10:38:52.0603 5464 ulsata2 - ok
10:38:52.0865 5464 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
10:38:53.0005 5464 umbus - ok
10:38:55.0062 5464 UmxEngine (af950f62e5fc72ffdb7363f72600b21c) C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
10:38:55.0141 5464 UmxEngine - ok
10:38:56.0085 5464 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
10:38:56.0290 5464 upnphost - ok
10:38:56.0555 5464 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
10:38:57.0166 5464 USBAAPL64 - ok
10:38:58.0181 5464 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
10:38:58.0323 5464 usbaudio - ok
10:38:58.0547 5464 usbbus - ok
10:38:59.0192 5464 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
10:38:59.0340 5464 usbccgp - ok
10:38:59.0902 5464 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
10:39:00.0126 5464 usbcir - ok
10:39:00.0483 5464 UsbDiag - ok
10:39:01.0027 5464 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
10:39:01.0169 5464 usbehci - ok
10:39:02.0148 5464 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
10:39:02.0393 5464 usbhub - ok
10:39:02.0488 5464 USBModem - ok
10:39:02.0798 5464 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
10:39:02.0953 5464 usbohci - ok
10:39:03.0170 5464 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
10:39:03.0310 5464 usbprint - ok
10:39:03.0521 5464 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
10:39:03.0681 5464 usbscan - ok
10:39:04.0011 5464 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:39:04.0162 5464 USBSTOR - ok
10:39:04.0472 5464 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
10:39:04.0666 5464 usbuhci - ok
10:39:05.0143 5464 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
10:39:05.0315 5464 usbvideo - ok
10:39:05.0529 5464 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
10:39:05.0609 5464 UxSms - ok
10:39:07.0271 5464 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
10:39:07.0581 5464 vds - ok
10:39:08.0048 5464 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
10:39:08.0179 5464 vga - ok
10:39:08.0328 5464 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
10:39:08.0500 5464 VgaSave - ok
10:39:08.0718 5464 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys
10:39:08.0747 5464 viaide - ok
10:39:09.0482 5464 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
10:39:09.0495 5464 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - warning
10:39:09.0495 5464 Viewpoint Manager Service - detected UnsignedFile.Multi.Generic (1)
10:39:09.0918 5464 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
10:39:09.0946 5464 volmgr - ok
10:39:10.0510 5464 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
10:39:10.0767 5464 volmgrx - ok
10:39:12.0281 5464 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
10:39:12.0443 5464 volsnap - ok
10:39:13.0120 5464 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
10:39:13.0262 5464 vsmraid - ok
10:39:19.0704 5464 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
10:39:20.0348 5464 VSS - ok
10:39:21.0454 5464 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
10:39:21.0707 5464 W32Time - ok
10:39:22.0163 5464 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
10:39:22.0316 5464 WacomPen - ok
10:39:22.0705 5464 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:39:22.0843 5464 Wanarp - ok
10:39:22.0848 5464 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:39:22.0911 5464 Wanarpv6 - ok
10:39:24.0940 5464 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
10:39:25.0268 5464 wcncsvc - ok
10:39:25.0477 5464 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
10:39:25.0659 5464 WcsPlugInService - ok
10:39:25.0776 5464 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
10:39:25.0859 5464 Wd - ok
10:39:28.0163 5464 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:39:28.0591 5464 Wdf01000 - ok
10:39:28.0955 5464 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
10:39:29.0066 5464 WdiServiceHost - ok
10:39:29.0070 5464 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
10:39:29.0141 5464 WdiSystemHost - ok
10:39:29.0845 5464 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
10:39:29.0958 5464 WebClient - ok
10:39:30.0821 5464 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
10:39:30.0962 5464 Wecsvc - ok
10:39:31.0336 5464 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
10:39:31.0422 5464 wercplsupport - ok
10:39:31.0968 5464 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
10:39:32.0082 5464 WerSvc - ok
10:39:32.0089 5464 WinHttpAutoProxySvc - ok
10:39:32.0945 5464 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
10:39:33.0065 5464 Winmgmt - ok
10:39:39.0804 5464 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
10:39:40.0893 5464 WinRM - ok
10:39:44.0224 5464 WinSvchostManagerSrv (468570216ad689fd4af9db4b3d3027c9) C:\Windows\SysWOW64\cfgmig32.exe
10:39:44.0292 5464 WinSvchostManagerSrv - ok
10:39:47.0973 5464 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
10:39:48.0389 5464 Wlansvc - ok
10:39:49.0199 5464 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:39:49.0281 5464 wlcrasvc - ok
10:39:56.0805 5464 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:39:57.0104 5464 wlidsvc - ok
10:39:59.0504 5464 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:39:59.0619 5464 WmiAcpi - ok
10:40:00.0668 5464 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
10:40:00.0794 5464 wmiApSrv - ok
10:40:01.0159 5464 WMPNetworkSvc - ok
10:40:01.0275 5464 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
10:40:01.0455 5464 WPCSvc - ok
10:40:01.0580 5464 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
10:40:01.0796 5464 WPDBusEnum - ok
10:40:02.0041 5464 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
10:40:02.0186 5464 WpdUsb - ok
10:40:05.0604 5464 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:40:05.0945 5464 WPFFontCache_v0400 - ok
10:40:06.0135 5464 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
10:40:06.0299 5464 ws2ifsl - ok
10:40:06.0305 5464 WSearch - ok
10:40:12.0700 5464 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
10:40:13.0827 5464 wuauserv - ok
10:40:16.0089 5464 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:40:16.0335 5464 WUDFRd - ok
10:40:16.0664 5464 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
10:40:16.0843 5464 wudfsvc - ok
10:40:17.0545 5464 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys
10:40:17.0902 5464 yukonx64 - ok
10:40:17.0953 5464 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
10:40:35.0766 5464 \Device\Harddisk0\DR0 - ok
10:40:35.0833 5464 Boot (0x1200) (eb4b4c2dd969d6a2382182959a45c2df) \Device\Harddisk0\DR0\Partition0
10:40:35.0915 5464 \Device\Harddisk0\DR0\Partition0 - ok
10:40:35.0998 5464 Boot (0x1200) (05b4b744b406b86dad3a1afc8a19da22) \Device\Harddisk0\DR0\Partition1
10:40:36.0100 5464 \Device\Harddisk0\DR0\Partition1 - ok
10:40:36.0101 5464 ============================================================
10:40:36.0101 5464 Scan finished
10:40:36.0101 5464 ============================================================
10:40:36.0105 7120 Detected object count: 9
10:40:36.0105 7120 Actual detected object count: 9
10:42:25.0518 7120 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
10:42:25.0518 7120 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
10:42:25.0518 7120 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:42:25.0518 7120 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:42:25.0519 7120 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:42:25.0519 7120 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:42:25.0520 7120 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
10:42:25.0520 7120 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:42:25.0520 7120 Pcouffin64 ( UnsignedFile.Multi.Generic ) - skipped by user
10:42:25.0521 7120 Pcouffin64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:42:25.0521 7120 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
10:42:25.0521 7120 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:42:25.0523 7120 ShellHWDetection ( UnsignedFile.Multi.Generic ) - skipped by user
10:42:25.0523 7120 ShellHWDetection ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:42:25.0523 7120 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
10:42:25.0523 7120 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:42:25.0524 7120 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:42:25.0524 7120 Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

#5
bigchris
Posted 13 June 2012 - 12:27 PM

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
I did what you said with ComboFix and it almost done but stays frozen almost at the end saying Output folder: C:\32788R22FWJFW\N_ and C:\32788R22FWJFW what do I do know please help.
  • 0

#6
maliprog
Posted 13 June 2012 - 02:07 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
If Combofix is still at the same place then you must restart your system. After restart try to run Combofix again. Hopefully we will get log this time.
  • 0

#7
bigchris
Posted 13 June 2012 - 02:17 PM

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
I did what you said and I got a message stating "Error Opening file for writing: C:\32788R22FWJFW\License\iexplore.exe

Click Abort to stop the installation, Retry to to try again, or Ignore to Skip the file.
I clicked retry and the same message pop ups. What do I do ? :/
  • 0

#8
maliprog
Posted 13 June 2012 - 02:22 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please restart in safe mode and then try to run Combofix:

  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

  • 0

#9
bigchris
Posted 13 June 2012 - 02:43 PM

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Okay I did that but when I go in safemode just safemode it just says please wait and gets stucked on Loaded:\windows\system\drivers\crcdisk.sys
Why? :( what do I do
  • 0

#10
maliprog
Posted 13 June 2012 - 03:08 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
This is strange... This malware is known to fight back when you touch it so we must try everything we can.

Please start Windows again in Normal mode. If you get error again then try to press any button just to turn it off. If you fail then try to do this:

  • Download TheKiller to your Desktop
  • Note that TheKiller is renamed as explorer.exe
  • Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Press OK button after program finish
  • Do not restart your system after this step
NOTE: If malware blocks TheKiller from running please try to run it several more times

This should stop error message. Try to run Combofix now as you did before.
  • 0

Advertisements

#11
maliprog
Posted 13 June 2012 - 03:17 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
You send me PM with current status so don't do last step. Before we continue please tell me how is your system now?
  • 0

#12
bigchris
Posted 13 June 2012 - 03:29 PM

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
I'm still having the same problems even now my laptop restarted itself and is updating. Just finished now and I still have the problems
  • 0

#13
bigchris
Posted 13 June 2012 - 04:18 PM

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
Okay strange I tried once again ComboFix and it finished completely then appearing a blue window saying Administrator Autoscan and is scanning for infected files and completed stage 1 and 2. Thats is happening as im telling you since im on my phone. Know what?
  • 0

#14
bigchris
Posted 13 June 2012 - 05:17 PM

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
2)

ComboFix 12-06-13.04 - Owner 06/13/2012 18:16:22.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2042 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: CA Anti-Virus Plus *Disabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
FW: CA Personal Firewall *Disabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
SP: CA Anti-Virus Plus *Disabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 4
Access is denied.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Owner\AppData\Roaming\4C80B4
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\IconsPedia.com.url
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\94jd3e2x.default\searchplugins\bing-zugo.xml
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-13 22:53 . 2012-06-13 22:53 -------- d-----w- c:\users\Rosario\AppData\Local\temp
2012-06-13 22:53 . 2012-06-13 22:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-13 21:23 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-13 21:23 . 2012-05-18 02:01 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-13 21:23 . 2012-05-17 22:38 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-06-13 21:23 . 2012-05-17 22:37 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-06-13 19:52 . 2012-05-01 14:29 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 19:52 . 2012-05-15 20:15 2767360 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 19:51 . 2012-04-23 16:25 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 19:51 . 2012-04-23 16:00 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 19:51 . 2012-04-23 16:25 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 19:51 . 2012-04-23 16:25 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 19:51 . 2012-04-23 16:00 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 19:51 . 2012-04-23 16:00 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 02:52 . 2012-06-13 02:52 -------- d-----w- c:\program files (x86)\ESET
2012-06-12 14:19 . 2012-06-12 14:19 -------- dc----w- C:\TDSSKiller_Quarantine
2012-06-12 02:56 . 2012-06-12 02:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-06 16:33 . 2012-06-06 16:33 -------- d-----w- c:\program files (x86)\Common Files\Real
2012-06-06 16:08 . 2002-11-12 16:22 569397 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\RichFX\Player\nprfxins.dll
2012-06-06 16:08 . 2012-06-12 01:47 -------- d-----w- c:\program files (x86)\Rhapsody
2012-06-03 20:21 . 2012-06-03 20:21 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-02 23:40 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B0D0234-A5E6-4A8C-8CC0-CF48CECA7D25}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 17:28 . 2012-04-04 22:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-11 17:28 . 2012-01-17 19:42 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 03:06 . 2012-04-04 23:06 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 02:55 . 2012-05-03 02:55 28056 ----a-w- c:\windows\system32\xfcodec64.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-04 19:56 . 2010-01-30 01:00 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:22 . 2012-05-13 14:05 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:45 . 2012-05-13 14:07 1422720 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-29 14:22 . 2012-05-13 14:07 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-03-20 23:34 . 2012-05-13 14:06 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-16 18:49 . 2012-03-16 18:49 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-03-16 18:49 . 2012-03-16 18:49 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-01-14 . 21D8F71E022F52BB2E94BD3947BFE7AB . 301568 . . [6.0.6000.16386] .. c:\windows\system32\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"ViGlance"="c:\program files (x86)\ViGlance\ViGlance.exe" [2011-10-21 446464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-04-23 206120]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-11 1148200]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2011-02-24 19:33 79368 ----a-w- c:\windows\System32\UmxWNP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 257224]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 15:15 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 17:29]
.
2012-05-23 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-23 19:34]
.
2011-03-06 c:\windows\Tasks\HPCeeScheduleForRosario.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-02-23 19:34]
.
2012-06-13 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-21 246784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-28 153624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-28 225816]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-28 200216]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-04 442368]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 2314120]
"cctray"="c:\program files\CA\CA Internet Security Suite\casc.exe" [2011-07-02 2658128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\UmxSbxExA64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} - hxxp://optimum.net/downloads/TNetworkScannerXControl.ocx
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\94jd3e2x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2583000&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(general.useragent.extra.brc,
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\program files (x86)\Viewpoint\Common\ViewpointService.exe
c:\windows\SysWOW64\cfgmig32.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-06-13 19:16:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-13 23:15
.
Pre-Run: 155,725,451,264 bytes free
Post-Run: 156,115,783,680 bytes free
.
- - End Of File - - 55D37051BFA148C55D6311C8BF02823A
  • 0

#15
bigchris
Posted 13 June 2012 - 06:00 PM

bigchris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 59 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-13 19:18:54
-----------------------------
19:18:54.636 OS Version: Windows x64 6.0.6002 Service Pack 2
19:18:54.636 Number of processors: 2 586 0x170A
19:18:54.636 ComputerName: CHRIS UserName: Owner
19:18:56.367 Initialize success
19:26:51.950 AVAST engine defs: 12061301
19:27:02.386 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:27:02.390 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 3
19:27:02.413 Disk 0 MBR read successfully
19:27:02.417 Disk 0 MBR scan
19:27:02.424 Disk 0 unknown MBR code
19:27:02.449 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 291211 MB offset 2048
19:27:02.602 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14030 MB offset 596402176
19:27:02.670 Disk 0 scanning C:\Windows\system32\drivers
19:27:23.338 Service scanning
19:28:19.922 Modules scanning
19:28:19.925 Disk 0 trace - called modules:
19:28:19.939 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:28:19.940 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006510790]
19:28:19.941 3 CLASSPNP.SYS[fffffa6000a2ec33] -> nt!IofCallDriver -> [0xfffffa800640ba10]
19:28:19.942 5 hpdskflt.sys[fffffa6001bf7189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c6b590]
19:28:22.467 AVAST engine scan C:\Windows
19:28:33.473 AVAST engine scan C:\Windows\system32
19:34:53.629 AVAST engine scan C:\Windows\system32\drivers
19:35:19.591 AVAST engine scan C:\Users\Owner
19:40:51.502 File: C:\Users\Owner\AppData\Local\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\n **INFECTED** Win32:Sirefef-PL [Rtk]
19:50:40.592 AVAST engine scan C:\ProgramData
19:56:43.576 Scan finished successfully
19:58:28.956 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
19:58:28.972 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   547bytes   80 downloads

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP