Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Tried everything and need help - browser hijack and other problems [So


  • This topic is locked This topic is locked

#1
ackmiller

ackmiller

    Member

  • Member
  • PipPip
  • 30 posts
First thing I noticed was advertisement audio when I opened IE. No extra windows just a bunch of iexplorer.exe process running in the background and apparently directed to some ads (I also get a bunch of Chrome and svchost.exe processes running too). Shortly after I began getting browser redirects. I researched the interwebs and learned this might be a rootkit infection which I have tried to fix but so far no luck (ran a few different rootkit killer softwares and nothing helped). I also noticed by Windows firewall is disabled and I cannot get it turned on (I get an error when I try to change firewall settings or turn it off/on). I am running Windows 7 on a 64-bit laptop.

I have tried running the latest (free) versions of AVG anti-virus, Ad-Aware anti-virus, Malwarebytes, and SpyBot and they haven't found or fixed the problem either. I ran OTL.exe and below is my log file (it's huge). Any and all help is GREATLY appreciated.

OTL logfile created on: 8/21/2012 11:58:43 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.51 Gb Available Physical Memory | 62.71% Memory free
8.00 Gb Paging File | 6.28 Gb Available in Paging File | 78.53% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 171.55 Gb Free Space | 57.55% Space Free | Partition Type: NTFS
Drive D: | 5.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ANDYS_LAPTOP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/21 23:58:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/07/12 18:32:18 | 018,832,264 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/07/09 20:44:48 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/09 20:44:45 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/21 05:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/06/06 14:26:54 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/09/04 14:16:16 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared Files\brs.exe
PRC - [2008/07/20 21:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/20 21:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/09 20:44:49 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/09 20:44:45 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/27 12:58:08 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/14 20:27:41 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/07/09 20:44:48 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/06/06 14:26:54 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/03/14 18:42:00 | 004,101,624 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/29 17:46:52 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2010/03/27 12:55:16 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/29 14:19:18 | 000,222,720 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/09/10 14:31:46 | 000,159,232 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2008/07/20 21:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/03/25 21:23:58 | 000,894,976 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/03/28 12:38:01 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2009/10/09 21:22:42 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (LeapFrog-USBLAN)
DRV:64bit: - [2009/08/28 10:33:48 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 20:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/13 20:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/07/20 21:44:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2008/02/06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/09/10 19:35:14 | 000,057,872 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2007/07/04 18:30:10 | 000,091,136 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EMS7SK.sys -- (EMSCR)
DRV:64bit: - [2007/07/04 18:30:08 | 000,060,416 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESD7SK.sys -- (ESDCR)
DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/01/08 17:38:52 | 000,047,104 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2006/11/22 04:43:06 | 001,453,056 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smserial.sys -- (smserial)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/03/28 12:38:01 | 000,086,584 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2009/09/04 14:16:14 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/01/08 02:08:23] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2009/09/03 18:04:06 | 000,024,576 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\GameTap Web Player\bin\release\X4HSX32.sys -- (X4HSX32)
DRV - [2009/08/14 09:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 09:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/01/24 13:39:08 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RivaTuner v2.20\RivaTuner64.sys -- (RivaTuner64)
DRV - [2008/09/29 14:21:34 | 000,040,480 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)
DRV - [2008/09/10 14:28:50 | 000,040,992 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflsh64.sys -- (NVR0FLASHDev)
DRV - [2008/05/15 17:59:46 | 000,014,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RMClock\RTCore64.sys -- (RTCore64)
DRV - [2005/01/03 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 CD 03 12 16 80 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@gametap.com/npgametapwebplayer,version=4.2.0.8: C:\Program Files (x86)\GameTap Web Player\bin\release\npgametapwebplayer.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/18 19:19:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/16 18:14:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/03 18:21:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 20:44:58 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/08/21 22:00:08 | 000,444,650 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15277 more lines...
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\21.0.1180.83\npchrome_frame.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [PC Speed Maximizer] "C:\Program Files (x86)\PC Speed Maximizer\SPMStarter.exe" File not found
O4 - HKCU..\Run: [SPMTray] "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} http://archives.game...pWebUpdater.cab (GameTap Web Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EFEC99B-2872-47D3-8B33-3DDCEAD8B2F6}: DhcpNameServer = 192.168.1.254 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{730F48E3-334B-48AF-97FF-F0653B6A26DF}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B31CF903-CFC8-46BF-B492-A79A51B70DB9}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\21.0.1180.83\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/06 11:01:16 | 000,000,044 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/21 23:58:18 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/08/21 23:51:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012/08/21 21:27:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/08/21 21:26:06 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Games
[2012/08/21 21:23:21 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/08/21 21:14:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2012/08/21 21:12:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
[2012/08/21 20:31:07 | 000,000,000 | ---D | C] -- C:\Downloads
[2012/08/21 20:21:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
[2012/08/21 20:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Maximizer
[2012/08/21 20:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2012/08/21 20:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/08/21 20:11:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\HPAppData
[2012/08/21 20:10:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Ad-Aware Antivirus
[2012/08/21 20:10:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\adaware
[2012/08/19 10:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/08/19 10:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/08/19 10:06:45 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012/08/19 10:06:44 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012/08/19 10:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/08/08 19:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/08/08 19:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/08/08 19:39:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/08/04 09:09:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2012/08/04 09:08:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AVG Secure Search
[2012/08/04 09:08:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\AVG2012
[2012/08/04 09:08:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2012/08/04 09:07:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2012/08/04 09:07:41 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/08/04 09:07:41 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2012/08/04 09:07:41 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/08/04 09:07:41 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/08/04 09:07:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2012/08/04 09:07:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2012/08/04 09:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2012/08/04 09:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates
[2012/08/04 09:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu
[2012/08/04 09:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2012/08/04 09:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2012/08/04 09:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood
[2012/08/04 09:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood
[2012/08/04 09:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos
[2012/08/04 09:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures
[2012/08/04 09:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music
[2012/08/04 09:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings
[2012/08/04 09:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2012/08/04 09:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2012/08/04 09:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data
[2012/08/04 09:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2012/08/04 09:07:18 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2012/08/04 09:07:18 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2012/08/04 09:07:18 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2012/08/04 09:07:18 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2012/08/04 09:07:18 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2012/08/04 09:07:18 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/04 09:07:18 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2012/08/04 09:07:18 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2012/08/04 09:07:18 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2012/08/04 09:07:18 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents
[2012/08/04 09:07:18 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2012/08/04 09:07:18 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/04 09:07:18 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents
[2012/08/04 09:07:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2012/08/04 09:07:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help
[2012/08/04 09:07:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2012/08/04 09:07:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2012/08/04 09:07:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData
[2012/07/31 17:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/07/31 17:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/21 23:58:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/08/21 23:57:29 | 000,010,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 23:57:29 | 000,010,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/21 23:50:38 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/21 23:48:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/21 23:48:20 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/21 23:25:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4233454332-3810385758-2920334761-1000UA.job
[2012/08/21 23:09:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/21 23:08:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/21 22:00:08 | 000,444,650 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/21 20:27:02 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/08/21 20:21:01 | 000,001,117 | ---- | M] () -- C:\Users\Administrator\Desktop\PC Speed Maximizer.lnk
[2012/08/21 20:11:44 | 000,027,520 | ---- | M] () -- C:\Users\Administrator\AppData\Local\dt.dat
[2012/08/21 20:10:06 | 000,001,437 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/21 20:09:21 | 000,000,543 | ---- | M] () -- C:\Windows\Brownie.ini
[2012/08/21 18:39:31 | 104,595,036 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/21 18:32:35 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4233454332-3810385758-2920334761-1000Core.job
[2012/08/19 10:42:27 | 003,037,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/19 10:19:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/19 10:19:02 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/08/09 20:59:08 | 000,000,151 | ---- | M] () -- C:\Windows\PhotoSnapViewer.INI
[2012/08/09 20:55:09 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/09 20:55:09 | 000,618,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/09 20:55:09 | 000,104,546 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/09 18:09:15 | 000,342,861 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/08/08 19:39:28 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/08/04 09:07:22 | 000,000,632 | RHS- | M] () -- C:\Users\Administrator\ntuser.pol
[2012/07/31 17:28:48 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012/07/23 15:37:39 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/21 20:21:01 | 000,001,117 | ---- | C] () -- C:\Users\Administrator\Desktop\PC Speed Maximizer.lnk
[2012/08/21 20:11:44 | 000,027,520 | ---- | C] () -- C:\Users\Administrator\AppData\Local\dt.dat
[2012/08/19 10:19:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/08/19 10:19:02 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/08/08 19:39:28 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/08/04 09:08:46 | 000,001,437 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/04 09:07:47 | 000,001,409 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/08/04 09:07:42 | 000,001,443 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/04 09:07:22 | 000,000,632 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2012/08/04 09:07:18 | 000,000,290 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/04 09:07:18 | 000,000,272 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/06/24 09:44:34 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{9a58b3dd-ddc3-581c-fe9c-978c1fc06bd9}\L\00000004.@
[2012/05/10 18:21:27 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{9a58b3dd-ddc3-581c-fe9c-978c1fc06bd9}\@
[2012/05/10 18:21:27 | 000,002,048 | -HS- | C] () -- C:\Users\Admin\AppData\Local\{9a58b3dd-ddc3-581c-fe9c-978c1fc06bd9}\@
[2011/05/23 19:21:31 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/23 19:21:31 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/05/08 13:44:32 | 000,833,024 | ---- | C] () -- C:\Windows\SysWow64\user.dat
[2011/04/12 21:37:22 | 000,090,494 | ---- | C] () -- C:\Windows\War3Unin.dat

========== LOP Check ==========

[2012/08/21 20:21:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ad-Aware Antivirus
[2012/08/04 09:08:12 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG2012
[2012/06/25 21:39:23 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:D3225905
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:C46995DA

< End of report >
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello ackmiller and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

We need to disable Spybot S&D's "TeaTimer".

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can re-enable it when we're done if you like.

  • Open Spybot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Mode and then on "Advanced Mode".
    Posted Image
  • You may be presented with a warning dialog. If so, press Yes.
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck these checkboxes:
    Posted Image
  • Close/Exit Spybot Search and Destroy.

Step 2

We need to remove AVG from your system. Please download AVG Remover and run it in order to remove AVG. After we finish cleaning of your system you can install AVG again.

Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply

Step 1

Please don't forget to include these items in your reply:

  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
ackmiller

ackmiller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Followed instructions (disabled SpyBot TeaTimer, uninstalled AVG, and disables AdAware). Attached is the ComboFix.txt file. I will attach the log file in the next reply.

Attached Files


Edited by ackmiller, 22 August 2012 - 06:49 PM.

  • 0

#4
ackmiller

ackmiller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here is the log file.

ComboFix 12-08-22.03 - Admin 08/22/2012 19:17:53.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2760 [GMT -4:00]
Running from: c:\users\Admin\Downloads\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\glbrbaa.tmp
c:\programdata\zornbaa.tmp
c:\users\Admin\AppData\Roaming\adaware-installer-reboot-required.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
2012-08-22 23:29 . 2012-08-22 23:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-22 00:31 . 2012-08-22 01:11 -------- d-----w- C:\Downloads
2012-08-22 00:20 . 2012-08-22 00:20 -------- d-----w- c:\program files (x86)\PC Speed Maximizer
2012-08-22 00:20 . 2012-08-22 01:15 -------- d-----w- c:\program files (x86)\Free Download Manager
2012-08-22 00:20 . 2012-08-22 00:32 -------- d-----w- c:\programdata\blekko toolbars
2012-08-20 10:37 . 2009-08-20 03:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-08-19 23:33 . 2012-08-19 23:33 -------- d-----w- c:\users\Admin\AppData\Roaming\HPAppData
2012-08-19 14:22 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-19 14:18 . 2012-08-19 14:18 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-08-19 14:06 . 2012-08-22 23:18 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-08-19 13:57 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-08-19 13:57 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-08-19 13:57 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-08-19 13:57 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-08-19 13:57 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-19 13:57 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-19 13:56 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-08-19 13:53 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-19 13:53 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-19 13:53 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-19 13:53 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-19 13:53 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-19 13:53 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-09 01:24 . 2012-08-09 01:24 -------- d-----w- c:\users\Admin\AppData\Local\Skyrim
2012-08-09 01:22 . 2008-03-05 20:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll
2012-08-09 01:21 . 2006-03-31 16:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll
2012-08-09 01:21 . 2006-02-03 12:42 355536 ----a-w- c:\windows\system32\xactengine2_0.dll
2012-08-09 01:21 . 2006-02-03 12:41 16592 ----a-w- c:\windows\system32\x3daudio1_0.dll
2012-08-09 01:21 . 2006-02-03 12:43 3830992 ----a-w- c:\windows\system32\d3dx9_29.dll
2012-08-09 01:21 . 2005-05-26 19:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-08-09 01:21 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2012-08-09 01:21 . 2005-03-18 21:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll
2012-08-09 01:21 . 2005-02-05 23:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll
2012-08-08 23:39 . 2012-08-08 23:39 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-08-08 23:39 . 2012-08-22 23:32 -------- d-----w- c:\program files (x86)\Steam
2012-08-04 13:07 . 2012-08-04 13:07 -------- d-----w- c:\users\Administrator
2012-07-31 21:17 . 2012-07-31 21:17 -------- d-----w- c:\programdata\Battle.net
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 00:27 . 2012-05-10 23:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 00:27 . 2011-05-21 04:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 08:27 . 2010-06-26 12:58 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2010-01-21 23:07 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-02 22:19 . 2012-06-19 11:18 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 11:18 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 11:18 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 11:18 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 11:18 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 11:18 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 11:18 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 11:18 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 11:18 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . E107F960D82DC2780C45982ACC8C5984 . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-09-29 145408]
"RMClock"="c:\program files (x86)\RMClock\RMClockLauncher.exe" [2008-02-29 61440]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-08 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-09-04 75048]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2009-04-17 87336]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2009-04-17 62760]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 135664]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-03-29 288112]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\LunaPlus\GameGuard\dump_wmimmc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-27 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 135664]
R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2009-10-10 40320]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.20\RivaTuner64.sys [2009-01-24 19952]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-06 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-02-06 54480]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-08-14 517632]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-01-08 47104]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [2008-05-15 14352]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RTCORE64
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 00:27]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 01:44]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 01:44]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4233454332-3810385758-2920334761-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-28 15:14]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4233454332-3810385758-2920334761-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-28 15:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 23:35 3380736 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 23:35 3380736 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2007-06-13 5178368]
"Skytel"="Skytel.exe" [2007-05-28 1826816]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808]
"combofix"="c:\combofix\CF29885.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
Notify-psfus - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}"=hex:51,66,7a,6c,4c,1d,38,12,19,c7,a0,
e8,38,54,d3,01,c4,41,3b,b9,ea,bd,0b,b3
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:92,93,ac,b9,1c,7e,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,26,b6,98,61,4b,32,40,b7,a4,c3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,26,b6,98,61,4b,32,40,b7,a4,c3,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:15,d6,43,7a,1c,60,82,23,65,ec,ca,a9,ff,41,4d,c2,9f,d5,41,27,93,
c7,41,e7,ca,8c,18,a0,ef,8f,8e,f6,b0,94,c9,42,d2,7c,e2,a1,e5,83,17,dc,4f,da,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\ %W*%H"]
"Successes"=dword:e0000000
"Failures"=dword:e0000001
"{B31CF903-CFC8-46BF-B492-A79A51B70DB9}"=hex:00,1a,70,54,38,fe
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,26,e1,e7,22,f5,07,4b,b0,72,09,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,26,e1,e7,22,f5,07,4b,b0,72,09,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:15,d6,43,7a,1c,60,82,23,65,ec,ca,a9,ff,41,4d,c2,9f,d5,41,27,93,
c7,41,e7,ca,8c,18,a0,ef,8f,8e,f6,b0,94,c9,42,d2,7c,e2,a1,e5,83,17,dc,4f,da,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\RMClock\RMClock.exe
.
**************************************************************************
.
Completion time: 2012-08-22 19:39:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-22 23:39
.
Pre-Run: 187,572,228,096 bytes free
Post-Run: 187,391,643,648 bytes free
.
- - End Of File - - 1C3E2C33FF2E47A9F0FA50D4DE558D62

Attached Files


  • 0

#5
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Some of your system files are infected too. Let's try to replace them.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Files
    C:\Windows\Installer\{9a58b3dd-ddc3-581c-fe9c-978c1fc06bd9}
    C:\Users\Admin\AppData\Local\{9a58b3dd-ddc3-581c-fe9c-978c1fc06bd9}

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Step 2

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

FCopy::
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll | c:\windows\SysWOW64\user32.dll


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 3

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
  • TDSSKiller log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#6
ackmiller

ackmiller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here is the 1st of 3 .txt files you requested.

FYI - Not sure if what I have done so far is supposed to clean out the virus, but still infected with browser hijack and lots of chrome and iexplorer process opened in the background.

Also, I noticed 2 new Windows 7 account users were setup, one named "MSprovider" and the other something like "MSprovider 403". They were password protected and I have no idea where they came from (virus?). I logged in as the administrator and deleted these accounts (I did this after I followed your latest instructions).

Lastly, a new symptom started. After running combofix and before running TDSSkiller my machine shutdown (went through the Windows shutdown process). It did this 2 more times after I restarted before I was finally able to run TDSSkiller. Can't remember, but I don't think it shutdown after I deleted the 2 MSprovider accounts (not sure if they are linked, but thought I should mention it). I will let you know if I get any more spontaneous shutdowns now that I ran TDSSkiller

Attached Files


Edited by ackmiller, 23 August 2012 - 04:12 PM.

  • 0

#7
ackmiller

ackmiller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
2 of 3 requested .txt files

ComboFix 12-08-22.03 - Admin 08/23/2012 7:01.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2856 [GMT -4:00]
Running from: c:\users\Admin\Downloads\Desktop\ComboFix.exe
Command switches used :: c:\users\Admin\Downloads\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\zyifbaa.tmp
c:\windows\SysWow64\win5E83.tmp
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache64\services.exe
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --> c:\windows\SysWOW64\user32.dll
.
((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))
.
.
2012-08-23 11:25 . 2012-08-23 11:25 906 ----a-w- c:\programdata\vkefbaa.tmp
2012-08-23 11:09 . 2012-08-23 11:09 -------- d-----w- c:\users\Katie's Account\AppData\Local\temp
2012-08-23 11:09 . 2012-08-23 11:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-23 10:45 . 2012-08-23 10:45 -------- d-----w- C:\_OTL
2012-08-22 23:17 . 2012-08-22 23:17 -------- d-----w- c:\programdata\GFI Software
2012-08-22 00:31 . 2012-08-22 01:11 -------- d-----w- C:\Downloads
2012-08-22 00:20 . 2012-08-22 00:20 -------- d-----w- c:\program files (x86)\PC Speed Maximizer
2012-08-22 00:20 . 2012-08-22 01:15 -------- d-----w- c:\program files (x86)\Free Download Manager
2012-08-22 00:20 . 2012-08-22 00:32 -------- d-----w- c:\programdata\blekko toolbars
2012-08-20 10:37 . 2009-08-20 03:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-08-19 23:33 . 2012-08-19 23:33 -------- d-----w- c:\users\Admin\AppData\Roaming\HPAppData
2012-08-19 14:22 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-19 14:18 . 2012-08-19 14:18 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-08-19 14:06 . 2012-08-22 23:18 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-08-19 13:57 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-08-19 13:57 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-08-19 13:57 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-08-19 13:57 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-08-19 13:57 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-19 13:57 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-19 13:56 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-08-19 13:53 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-19 13:53 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-19 13:53 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-19 13:53 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-19 13:53 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-19 13:53 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-09 01:24 . 2012-08-09 01:24 -------- d-----w- c:\users\Admin\AppData\Local\Skyrim
2012-08-09 01:22 . 2008-03-05 20:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll
2012-08-09 01:21 . 2006-03-31 16:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll
2012-08-09 01:21 . 2006-02-03 12:42 355536 ----a-w- c:\windows\system32\xactengine2_0.dll
2012-08-09 01:21 . 2006-02-03 12:41 16592 ----a-w- c:\windows\system32\x3daudio1_0.dll
2012-08-09 01:21 . 2006-02-03 12:43 3830992 ----a-w- c:\windows\system32\d3dx9_29.dll
2012-08-09 01:21 . 2005-05-26 19:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-08-09 01:21 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2012-08-09 01:21 . 2005-03-18 21:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll
2012-08-09 01:21 . 2005-02-05 23:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll
2012-08-08 23:39 . 2012-08-08 23:39 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-08-08 23:39 . 2012-08-23 11:28 -------- d-----w- c:\program files (x86)\Steam
2012-08-04 13:07 . 2012-08-04 13:07 -------- d-----w- c:\users\Administrator
2012-07-31 21:17 . 2012-07-31 21:17 -------- d-----w- c:\programdata\Battle.net
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 00:27 . 2012-05-10 23:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 00:27 . 2011-05-21 04:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 08:27 . 2010-06-26 12:58 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2010-01-21 23:07 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-02 22:19 . 2012-06-19 11:18 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 11:18 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 11:18 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 11:18 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 11:18 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 11:18 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 11:18 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 11:18 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 11:18 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . E107F960D82DC2780C45982ACC8C5984 . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-08-22_23.32.44 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-08-19 15:13 . 2012-08-22 22:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
+ 2012-08-19 15:13 . 2012-08-23 11:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
+ 2012-06-25 12:04 . 2012-08-23 11:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-06-25 12:04 . 2012-08-19 20:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-08-23 10:52 . 2012-08-23 11:27 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012082320120824\index.dat
+ 2012-08-23 11:27 . 2012-08-23 11:27 83968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{911C5102-ED15-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-23 10:52 . 2012-08-23 10:52 25600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{990546E7-ED10-11E1-8C64-001060F0A7C9}.dat
+ 2012-08-23 10:58 . 2012-08-23 10:59 40960 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7E1CBFBA-ED11-11E1-8C64-001060F0A7C9}.dat
+ 2012-08-23 11:20 . 2012-08-23 11:20 10240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{77530DD9-ED14-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-23 11:20 . 2012-08-23 11:20 56832 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{77530DD7-ED14-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-23 10:58 . 2012-08-23 10:58 12800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{669FAFFC-ED11-11E1-8C64-001060F0A7C9}.dat
+ 2012-08-23 10:57 . 2012-08-23 10:58 61952 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{669FAFFA-ED11-11E1-8C64-001060F0A7C9}.dat
+ 2012-06-24 13:54 . 2012-08-23 11:25 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-06-24 13:54 . 2012-08-22 23:09 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-03-27 15:40 . 2012-08-23 10:52 51210 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2010-04-03 16:17 . 2012-08-23 10:46 11086 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-07-14 05:10 . 2012-08-23 10:52 48404 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-27 15:20 . 2012-08-23 10:52 13956 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4233454332-3810385758-2920334761-1000_UserData.bin
+ 2012-08-22 21:51 . 2012-08-23 11:27 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{82B65B2C-ECA3-11E1-AC9C-001060F0A7C9}.dat
- 2012-08-22 21:51 . 2012-08-22 22:49 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{82B65B2C-ECA3-11E1-AC9C-001060F0A7C9}.dat
+ 2012-08-23 10:54 . 2012-08-23 10:58 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E2EC3F37-ED10-11E1-8C64-001060F0A7C9}.dat
+ 2012-08-23 10:54 . 2012-08-23 10:58 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DEAAFB25-ED10-11E1-8C64-001060F0A7C9}.dat
+ 2012-08-23 11:15 . 2012-08-23 11:20 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DE584858-ED13-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-23 10:52 . 2012-08-23 10:52 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{990546E6-ED10-11E1-8C64-001060F0A7C9}.dat
+ 2012-08-23 10:58 . 2012-08-23 10:58 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7E1CBFB9-ED11-11E1-8C64-001060F0A7C9}.dat
+ 2012-08-23 11:25 . 2012-08-23 11:25 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4E40CE2B-ED15-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-23 11:16 . 2012-08-23 11:16 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F01F8F61-ED13-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-23 10:52 . 2012-08-23 10:52 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ADDEFDF3-ED10-11E1-8C64-001060F0A7C9}.dat
+ 2012-08-23 10:52 . 2012-08-23 10:52 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4EF1E4C-ED10-11E1-8C64-001060F0A7C9}.dat
+ 2012-08-23 11:18 . 2012-08-23 11:19 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4FD9F40E-ED14-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-23 10:56 . 2012-08-23 10:58 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21293732-ED11-11E1-8C64-001060F0A7C9}.dat
+ 2012-08-23 10:56 . 2012-08-23 10:58 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21293730-ED11-11E1-8C64-001060F0A7C9}.dat
- 2010-03-27 07:24 . 2012-08-22 23:30 3641 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-03-27 07:24 . 2012-08-23 11:10 3641 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-08-23 11:11 . 2012-08-23 11:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-22 23:31 . 2012-08-22 23:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-22 23:31 . 2012-08-22 23:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-23 11:11 . 2012-08-23 11:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-19 02:30 . 2012-08-23 11:25 851968 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
+ 2011-05-06 02:18 . 2012-08-23 11:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-05-06 02:18 . 2012-08-22 23:09 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-08-23 11:27 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-22 23:09 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-23 10:54 . 2012-08-23 10:58 144896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DEAAFB26-ED10-11E1-8C64-001060F0A7C9}.dat
+ 2012-08-23 11:20 . 2012-08-23 11:20 128512 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{77530DD5-ED14-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-23 11:25 . 2012-08-23 11:29 333824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4E40CE2C-ED15-11E1-AC7B-001060F0A7C9}.dat
+ 2010-03-27 14:23 . 2012-08-23 10:29 416510 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 05:01 . 2012-08-23 11:10 498836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-22 23:30 498836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-08-22 23:09 1572864 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-23 11:27 1572864 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-23 11:25 1409024 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-10-31 18:31 . 2012-08-23 11:10 3344272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4233454332-3810385758-2920334761-1000-12288.dat
+ 2012-08-19 21:04 . 2012-08-23 11:10 1891688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-08-17 21:23 . 2012-08-17 21:23 7945216 c:\windows\Installer\e2de45.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-09-29 145408]
"RMClock"="c:\program files (x86)\RMClock\RMClockLauncher.exe" [2008-02-29 61440]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-08 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-09-04 75048]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2009-04-17 87336]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2009-04-17 62760]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
[BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 135664]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-03-29 288112]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 dump_wmimmc;dump_wmimmc;c:\gpotato\LunaPlus\GameGuard\dump_wmimmc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-27 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 135664]
R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2009-10-10 40320]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.20\RivaTuner64.sys [2009-01-24 19952]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-06 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-02-06 54480]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2009-08-14 517632]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2007-01-08 47104]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 00:27]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 01:44]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 01:44]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4233454332-3810385758-2920334761-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-28 15:14]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4233454332-3810385758-2920334761-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-28 15:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 23:35 3380736 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 23:35 3380736 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2007-06-13 5178368]
"Skytel"="Skytel.exe" [2007-05-28 1826816]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}"=hex:51,66,7a,6c,4c,1d,38,12,19,c7,a0,
e8,38,54,d3,01,c4,41,3b,b9,ea,bd,0b,b3
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:92,93,ac,b9,1c,7e,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,26,b6,98,61,4b,32,40,b7,a4,c3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,26,b6,98,61,4b,32,40,b7,a4,c3,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:15,d6,43,7a,1c,60,82,23,65,ec,ca,a9,ff,41,4d,c2,9f,d5,41,27,93,
c7,41,e7,ca,8c,18,a0,ef,8f,8e,f6,b0,94,c9,42,d2,7c,e2,a1,e5,83,17,dc,4f,da,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\ %W*%H"]
"Successes"=dword:e0000000
"Failures"=dword:e0000001
"{B31CF903-CFC8-46BF-B492-A79A51B70DB9}"=hex:00,1a,70,54,38,fe
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,26,e1,e7,22,f5,07,4b,b0,72,09,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,26,e1,e7,22,f5,07,4b,b0,72,09,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:15,d6,43,7a,1c,60,82,23,65,ec,ca,a9,ff,41,4d,c2,9f,d5,41,27,93,
c7,41,e7,ca,8c,18,a0,ef,8f,8e,f6,b0,94,c9,42,d2,7c,e2,a1,e5,83,17,dc,4f,da,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
.
**************************************************************************
.
Completion time: 2012-08-23 07:33:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-23 11:33
ComboFix2.txt 2012-08-22 23:39
.
Pre-Run: 187,503,038,464 bytes free
Post-Run: 187,155,865,600 bytes free
.
- - End Of File - - AA4BE7FE2A7B37F181A673EF1FC1028A

Attached Files


  • 0

#8
ackmiller

ackmiller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
3 of 3 requested .txt files.

17:52:14.0289 3348 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
17:52:14.0585 3348 ============================================================
17:52:14.0585 3348 Current date / time: 2012/08/23 17:52:14.0585
17:52:14.0585 3348 SystemInfo:
17:52:14.0585 3348
17:52:14.0585 3348 OS Version: 6.1.7601 ServicePack: 1.0
17:52:14.0585 3348 Product type: Workstation
17:52:14.0585 3348 ComputerName: ANDYS_LAPTOP
17:52:14.0585 3348 UserName: Admin
17:52:14.0585 3348 Windows directory: C:\Windows
17:52:14.0585 3348 System windows directory: C:\Windows
17:52:14.0585 3348 Running under WOW64
17:52:14.0585 3348 Processor architecture: Intel x64
17:52:14.0585 3348 Number of processors: 2
17:52:14.0585 3348 Page size: 0x1000
17:52:14.0585 3348 Boot type: Normal boot
17:52:14.0585 3348 ============================================================
17:52:15.0272 3348 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:52:15.0287 3348 ============================================================
17:52:15.0287 3348 \Device\Harddisk0\DR0:
17:52:15.0287 3348 MBR partitions:
17:52:15.0287 3348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
17:52:15.0287 3348 ============================================================
17:52:15.0303 3348 C: <-> \Device\Harddisk0\DR0\Partition1
17:52:15.0303 3348 ============================================================
17:52:15.0303 3348 Initialize success
17:52:15.0303 3348 ============================================================
17:52:27.0674 1068 ============================================================
17:52:27.0674 1068 Scan started
17:52:27.0674 1068 Mode: Manual; SigCheck; TDLFS;
17:52:27.0674 1068 ============================================================
17:52:27.0830 1068 ================ Scan system memory ========================
17:52:27.0830 1068 System memory - ok
17:52:27.0830 1068 ================ Scan services =============================
17:52:28.0173 1068 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:52:28.0391 1068 1394ohci - ok
17:52:28.0454 1068 [ E0A8525A951ADDB4655BC2068566407D ] 61883 C:\Windows\system32\DRIVERS\61883.sys
17:52:28.0532 1068 61883 - ok
17:52:28.0594 1068 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:52:28.0610 1068 ACPI - ok
17:52:28.0672 1068 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:52:28.0797 1068 AcpiPmi - ok
17:52:28.0859 1068 [ D44BCAF639E4E45307C2BC80715273D5 ] adfs C:\Windows\system32\drivers\adfs.sys
17:52:28.0875 1068 adfs - ok
17:52:29.0000 1068 Adobe Direct CVS Service - ok
17:52:29.0187 1068 [ 9444A3530C2E88B7ED96A566FF9CCC13 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
17:52:29.0203 1068 Adobe Version Cue CS4 - ok
17:52:29.0359 1068 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:52:29.0359 1068 AdobeFlashPlayerUpdateSvc - ok
17:52:29.0421 1068 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:52:29.0437 1068 adp94xx - ok
17:52:29.0483 1068 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:52:29.0499 1068 adpahci - ok
17:52:29.0515 1068 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:52:29.0530 1068 adpu320 - ok
17:52:29.0561 1068 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:52:29.0686 1068 AeLookupSvc - ok
17:52:29.0749 1068 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:52:29.0780 1068 AFD - ok
17:52:29.0842 1068 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:52:29.0842 1068 agp440 - ok
17:52:29.0858 1068 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:52:29.0905 1068 ALG - ok
17:52:29.0951 1068 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:52:29.0951 1068 aliide - ok
17:52:29.0967 1068 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:52:29.0983 1068 amdide - ok
17:52:30.0029 1068 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:52:30.0076 1068 AmdK8 - ok
17:52:30.0092 1068 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:52:30.0123 1068 AmdPPM - ok
17:52:30.0154 1068 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:52:30.0170 1068 amdsata - ok
17:52:30.0201 1068 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:52:30.0201 1068 amdsbs - ok
17:52:30.0232 1068 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:52:30.0248 1068 amdxata - ok
17:52:30.0310 1068 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:52:30.0373 1068 AppID - ok
17:52:30.0419 1068 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:52:30.0466 1068 AppIDSvc - ok
17:52:30.0497 1068 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:52:30.0560 1068 Appinfo - ok
17:52:30.0638 1068 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:52:30.0653 1068 Apple Mobile Device - ok
17:52:30.0716 1068 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:52:30.0731 1068 AppMgmt - ok
17:52:30.0778 1068 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:52:30.0794 1068 arc - ok
17:52:30.0825 1068 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:52:30.0825 1068 arcsas - ok
17:52:30.0872 1068 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:52:30.0903 1068 AsyncMac - ok
17:52:30.0965 1068 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:52:30.0965 1068 atapi - ok
17:52:31.0059 1068 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:52:31.0121 1068 AudioEndpointBuilder - ok
17:52:31.0153 1068 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:52:31.0184 1068 AudioSrv - ok
17:52:31.0262 1068 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys
17:52:31.0293 1068 Avc - ok
17:52:31.0371 1068 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:52:31.0402 1068 AxInstSV - ok
17:52:31.0433 1068 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:52:31.0449 1068 b06bdrv - ok
17:52:31.0496 1068 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:52:31.0511 1068 b57nd60a - ok
17:52:31.0558 1068 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:52:31.0589 1068 BDESVC - ok
17:52:31.0605 1068 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:52:31.0652 1068 Beep - ok
17:52:31.0745 1068 [ 20F9570285E6AC8DCC12FFC28E5A6ABD ] BeTwinProxy C:\Windows\System32\BeTwinProxyVS.dll
17:52:31.0745 1068 BeTwinProxy - ok
17:52:31.0823 1068 [ C190A4C260F9F293BE87B22E02CA1E2D ] BeTwinService C:\Windows\system32\BeTwinServiceVS.exe
17:52:31.0855 1068 BeTwinService ( UnsignedFile.Multi.Generic ) - warning
17:52:31.0855 1068 BeTwinService - detected UnsignedFile.Multi.Generic (1)
17:52:31.0901 1068 [ 3F62575213319098BA8522EA6575B0A3 ] BeTwinSystem C:\Windows\system32\Drivers\BeTwinSystemVS.sys
17:52:31.0917 1068 BeTwinSystem - ok
17:52:31.0979 1068 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:52:32.0057 1068 BFE - ok
17:52:32.0104 1068 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
17:52:32.0167 1068 BITS - ok
17:52:32.0198 1068 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:52:32.0229 1068 blbdrive - ok
17:52:32.0354 1068 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:52:32.0369 1068 Bonjour Service - ok
17:52:32.0432 1068 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:52:32.0494 1068 bowser - ok
17:52:32.0557 1068 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:52:32.0588 1068 BrFiltLo - ok
17:52:32.0603 1068 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:52:32.0619 1068 BrFiltUp - ok
17:52:32.0666 1068 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:52:32.0697 1068 BridgeMP - ok
17:52:32.0759 1068 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:52:32.0791 1068 Browser - ok
17:52:32.0806 1068 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:52:32.0837 1068 Brserid - ok
17:52:32.0837 1068 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:52:32.0853 1068 BrSerWdm - ok
17:52:32.0869 1068 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:52:32.0884 1068 BrUsbMdm - ok
17:52:32.0884 1068 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:52:32.0900 1068 BrUsbSer - ok
17:52:32.0962 1068 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:52:33.0009 1068 BthEnum - ok
17:52:33.0009 1068 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:52:33.0040 1068 BTHMODEM - ok
17:52:33.0071 1068 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:52:33.0103 1068 BthPan - ok
17:52:33.0149 1068 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:52:33.0227 1068 BTHPORT - ok
17:52:33.0290 1068 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:52:33.0337 1068 bthserv - ok
17:52:33.0352 1068 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:52:33.0383 1068 BTHUSB - ok
17:52:33.0415 1068 catchme - ok
17:52:33.0461 1068 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:52:33.0508 1068 cdfs - ok
17:52:33.0555 1068 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:52:33.0571 1068 cdrom - ok
17:52:33.0633 1068 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:52:33.0680 1068 CertPropSvc - ok
17:52:33.0727 1068 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:52:33.0758 1068 circlass - ok
17:52:33.0820 1068 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:52:33.0836 1068 CLFS - ok
17:52:33.0898 1068 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:52:33.0898 1068 clr_optimization_v2.0.50727_32 - ok
17:52:33.0976 1068 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:52:33.0992 1068 clr_optimization_v2.0.50727_64 - ok
17:52:34.0023 1068 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:52:34.0070 1068 CmBatt - ok
17:52:34.0101 1068 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:52:34.0117 1068 cmdide - ok
17:52:34.0148 1068 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:52:34.0241 1068 CNG - ok
17:52:34.0304 1068 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:52:34.0319 1068 Compbatt - ok
17:52:34.0382 1068 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:52:34.0413 1068 CompositeBus - ok
17:52:34.0413 1068 COMSysApp - ok
17:52:34.0413 1068 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:52:34.0429 1068 crcdisk - ok
17:52:34.0491 1068 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:52:34.0522 1068 CryptSvc - ok
17:52:34.0569 1068 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
17:52:34.0616 1068 CSC - ok
17:52:34.0663 1068 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
17:52:34.0709 1068 CscService - ok
17:52:34.0756 1068 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:52:34.0803 1068 DcomLaunch - ok
17:52:34.0850 1068 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:52:34.0897 1068 defragsvc - ok
17:52:34.0928 1068 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:52:34.0975 1068 DfsC - ok
17:52:35.0006 1068 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:52:35.0068 1068 Dhcp - ok
17:52:35.0131 1068 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:52:35.0177 1068 discache - ok
17:52:35.0224 1068 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:52:35.0240 1068 Disk - ok
17:52:35.0271 1068 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:52:35.0302 1068 Dnscache - ok
17:52:35.0349 1068 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:52:35.0411 1068 dot3svc - ok
17:52:35.0474 1068 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
17:52:35.0505 1068 Dot4 - ok
17:52:35.0567 1068 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
17:52:35.0599 1068 Dot4Print - ok
17:52:35.0630 1068 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
17:52:35.0661 1068 dot4usb - ok
17:52:35.0708 1068 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:52:35.0755 1068 DPS - ok
17:52:35.0817 1068 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:52:35.0833 1068 drmkaud - ok
17:52:35.0879 1068 dump_wmimmc - ok
17:52:35.0911 1068 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:52:35.0926 1068 DXGKrnl - ok
17:52:35.0989 1068 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:52:36.0035 1068 EapHost - ok
17:52:36.0145 1068 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:52:36.0269 1068 ebdrv - ok
17:52:36.0316 1068 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:52:36.0347 1068 EFS - ok
17:52:36.0394 1068 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:52:36.0457 1068 ehRecvr - ok
17:52:36.0488 1068 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:52:36.0503 1068 ehSched - ok
17:52:36.0550 1068 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:52:36.0566 1068 elxstor - ok
17:52:36.0597 1068 [ 2327E9BC434279674DFA93977FC5F3B3 ] EMSCR C:\Windows\system32\DRIVERS\EMS7SK.sys
17:52:36.0644 1068 EMSCR - ok
17:52:36.0691 1068 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:52:36.0722 1068 ErrDev - ok
17:52:36.0815 1068 [ C58D23711057D7E643FCC8428F60F133 ] ESDCR C:\Windows\system32\DRIVERS\ESD7SK.sys
17:52:36.0862 1068 ESDCR - ok
17:52:36.0909 1068 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:52:36.0971 1068 EventSystem - ok
17:52:37.0003 1068 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:52:37.0034 1068 exfat - ok
17:52:37.0065 1068 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:52:37.0127 1068 fastfat - ok
17:52:37.0190 1068 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:52:37.0252 1068 Fax - ok
17:52:37.0330 1068 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:52:37.0377 1068 fdc - ok
17:52:37.0455 1068 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:52:37.0502 1068 fdPHost - ok
17:52:37.0533 1068 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:52:37.0580 1068 FDResPub - ok
17:52:37.0611 1068 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:52:37.0627 1068 FileInfo - ok
17:52:37.0627 1068 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:52:37.0658 1068 Filetrace - ok
17:52:37.0720 1068 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:52:37.0751 1068 FLEXnet Licensing Service - ok
17:52:37.0798 1068 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
17:52:37.0845 1068 FLEXnet Licensing Service 64 - ok
17:52:37.0861 1068 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:52:37.0876 1068 flpydisk - ok
17:52:37.0923 1068 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:52:37.0939 1068 FltMgr - ok
17:52:37.0985 1068 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:52:38.0048 1068 FontCache - ok
17:52:38.0079 1068 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:52:38.0095 1068 FsDepends - ok
17:52:38.0126 1068 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
17:52:38.0141 1068 fssfltr - ok
17:52:38.0235 1068 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:52:38.0282 1068 fsssvc - ok
17:52:38.0344 1068 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:52:38.0344 1068 Fs_Rec - ok
17:52:38.0407 1068 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:52:38.0422 1068 fvevol - ok
17:52:38.0453 1068 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:52:38.0469 1068 gagp30kx - ok
17:52:38.0516 1068 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:52:38.0516 1068 GEARAspiWDM - ok
17:52:38.0578 1068 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:52:38.0641 1068 gpsvc - ok
17:52:38.0750 1068 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:52:38.0750 1068 gupdate - ok
17:52:38.0812 1068 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:52:38.0812 1068 gupdatem - ok
17:52:38.0843 1068 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:52:38.0875 1068 hcw85cir - ok
17:52:38.0921 1068 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:52:38.0953 1068 HDAudBus - ok
17:52:38.0968 1068 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:52:38.0984 1068 HidBatt - ok
17:52:38.0999 1068 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:52:39.0015 1068 HidBth - ok
17:52:39.0046 1068 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:52:39.0077 1068 HidIr - ok
17:52:39.0124 1068 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:52:39.0171 1068 hidserv - ok
17:52:39.0233 1068 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:52:39.0249 1068 HidUsb - ok
17:52:39.0311 1068 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:52:39.0374 1068 hkmsvc - ok
17:52:39.0405 1068 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:52:39.0421 1068 HomeGroupListener - ok
17:52:39.0452 1068 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:52:39.0483 1068 HomeGroupProvider - ok
17:52:39.0577 1068 [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:52:39.0608 1068 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
17:52:39.0608 1068 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
17:52:39.0655 1068 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:52:39.0670 1068 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
17:52:39.0670 1068 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
17:52:39.0717 1068 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:52:39.0733 1068 HpSAMD - ok
17:52:39.0764 1068 [ 1967A46A7B9A55D2630D886211D40175 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:52:39.0811 1068 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
17:52:39.0811 1068 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
17:52:39.0842 1068 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:52:39.0920 1068 HTTP - ok
17:52:39.0951 1068 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:52:39.0967 1068 hwpolicy - ok
17:52:40.0029 1068 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:52:40.0045 1068 i8042prt - ok
17:52:40.0091 1068 [ 3E42C4691AAD4B1E8D0466F9CBF05CBE ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
17:52:40.0107 1068 IAANTMON - ok
17:52:40.0138 1068 [ FC28E90F2204D8FD147FA9BFA8A51C01 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:52:40.0154 1068 iaStor - ok
17:52:40.0169 1068 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:52:40.0201 1068 iaStorV - ok
17:52:40.0310 1068 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:52:40.0325 1068 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:52:40.0325 1068 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:52:40.0403 1068 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:52:40.0435 1068 idsvc - ok
17:52:40.0497 1068 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:52:40.0497 1068 iirsp - ok
17:52:40.0559 1068 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:52:40.0622 1068 IKEEXT - ok
17:52:40.0669 1068 [ 9D81AA3E717E02DB58F86C79ABBC63CF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:52:40.0840 1068 IntcAzAudAddService - ok
17:52:40.0903 1068 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:52:40.0903 1068 intelide - ok
17:52:40.0949 1068 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:52:40.0981 1068 intelppm - ok
17:52:41.0027 1068 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:52:41.0059 1068 IPBusEnum - ok
17:52:41.0090 1068 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:52:41.0137 1068 IpFilterDriver - ok
17:52:41.0199 1068 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:52:41.0277 1068 iphlpsvc - ok
17:52:41.0324 1068 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:52:41.0324 1068 IPMIDRV - ok
17:52:41.0386 1068 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:52:41.0417 1068 IPNAT - ok
17:52:41.0480 1068 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:52:41.0527 1068 iPod Service - ok
17:52:41.0573 1068 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:52:41.0620 1068 IRENUM - ok
17:52:41.0651 1068 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:52:41.0667 1068 isapnp - ok
17:52:41.0683 1068 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:52:41.0698 1068 iScsiPrt - ok
17:52:41.0761 1068 [ A05DE15CECE80427EAD47BE335367EE6 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
17:52:41.0807 1068 itecir - ok
17:52:41.0870 1068 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:52:41.0885 1068 kbdclass - ok
17:52:41.0917 1068 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:52:41.0948 1068 kbdhid - ok
17:52:41.0979 1068 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:52:41.0995 1068 KeyIso - ok
17:52:42.0026 1068 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:52:42.0041 1068 KSecDD - ok
17:52:42.0073 1068 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:52:42.0088 1068 KSecPkg - ok
17:52:42.0119 1068 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:52:42.0166 1068 ksthunk - ok
17:52:42.0275 1068 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:52:42.0416 1068 KtmRm - ok
17:52:42.0494 1068 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:52:42.0556 1068 LanmanServer - ok
17:52:42.0603 1068 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:52:42.0665 1068 LanmanWorkstation - ok
17:52:42.0681 1068 Lbd - ok
17:52:43.0024 1068 [ 3DAEB081420A871224FB6573AC5707F5 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
17:52:43.0211 1068 LeapFrog Connect Device Service - ok
17:52:43.0289 1068 [ 797289607A5EBF31353AA5EAD141F872 ] LeapFrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys
17:52:43.0321 1068 LeapFrog-USBLAN - ok
17:52:43.0367 1068 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:52:43.0414 1068 lltdio - ok
17:52:43.0461 1068 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:52:43.0523 1068 lltdsvc - ok
17:52:43.0539 1068 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:52:43.0570 1068 lmhosts - ok
17:52:43.0617 1068 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:52:43.0633 1068 LSI_FC - ok
17:52:43.0664 1068 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:52:43.0679 1068 LSI_SAS - ok
17:52:43.0711 1068 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:52:43.0726 1068 LSI_SAS2 - ok
17:52:43.0742 1068 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:52:43.0742 1068 LSI_SCSI - ok
17:52:43.0773 1068 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:52:43.0820 1068 luafv - ok
17:52:43.0929 1068 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
17:52:43.0976 1068 McciCMService ( UnsignedFile.Multi.Generic ) - warning
17:52:43.0976 1068 McciCMService - detected UnsignedFile.Multi.Generic (1)
17:52:44.0038 1068 [ 859E5A32485178DAECA06B52E2BB44B2 ] McciCMService64 C:\Program Files\Common Files\Motive\McciCMService.exe
17:52:44.0069 1068 McciCMService64 ( UnsignedFile.Multi.Generic ) - warning
17:52:44.0069 1068 McciCMService64 - detected UnsignedFile.Multi.Generic (1)
17:52:44.0101 1068 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:52:44.0116 1068 Mcx2Svc - ok
17:52:44.0116 1068 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:52:44.0132 1068 megasas - ok
17:52:44.0413 1068 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:52:44.0475 1068 MegaSR - ok
17:52:44.0927 1068 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
17:52:44.0943 1068 Microsoft Office Groove Audit Service - ok
17:52:45.0052 1068 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:52:45.0083 1068 MMCSS - ok
17:52:45.0115 1068 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:52:45.0177 1068 Modem - ok
17:52:45.0302 1068 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:52:45.0349 1068 monitor - ok
17:52:45.0395 1068 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:52:45.0411 1068 mouclass - ok
17:52:45.0536 1068 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:52:45.0583 1068 mouhid - ok
17:52:45.0692 1068 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:52:45.0707 1068 mountmgr - ok
17:52:45.0832 1068 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:52:45.0863 1068 mpio - ok
17:52:45.0910 1068 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:52:45.0941 1068 mpsdrv - ok
17:52:46.0113 1068 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:52:46.0191 1068 MpsSvc - ok
17:52:46.0222 1068 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\Program Files (x86)\Common Files\Motive\MREMP50.sys
17:52:46.0253 1068 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
17:52:46.0253 1068 MREMP50 - detected UnsignedFile.Multi.Generic (1)
17:52:46.0269 1068 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\Program Files (x86)\Common Files\Motive\MRESP50.sys
17:52:46.0300 1068 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
17:52:46.0300 1068 MRESP50 - detected UnsignedFile.Multi.Generic (1)
17:52:46.0347 1068 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:52:46.0378 1068 MRxDAV - ok
17:52:46.0425 1068 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:52:46.0472 1068 mrxsmb - ok
17:52:46.0487 1068 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:52:46.0503 1068 mrxsmb10 - ok
17:52:46.0519 1068 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:52:46.0597 1068 mrxsmb20 - ok
17:52:46.0675 1068 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:52:46.0675 1068 msahci - ok
17:52:46.0753 1068 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:52:46.0753 1068 msdsm - ok
17:52:46.0784 1068 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:52:46.0831 1068 MSDTC - ok
17:52:46.0877 1068 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
17:52:46.0893 1068 MSDV - ok
17:52:46.0924 1068 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:52:46.0955 1068 Msfs - ok
17:52:47.0018 1068 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:52:47.0049 1068 mshidkmdf - ok
17:52:47.0049 1068 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:52:47.0065 1068 msisadrv - ok
17:52:47.0096 1068 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:52:47.0158 1068 MSiSCSI - ok
17:52:47.0158 1068 msiserver - ok
17:52:47.0205 1068 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:52:47.0283 1068 MSKSSRV - ok
17:52:47.0299 1068 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:52:47.0345 1068 MSPCLOCK - ok
17:52:47.0361 1068 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:52:47.0408 1068 MSPQM - ok
17:52:47.0455 1068 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:52:47.0470 1068 MsRPC - ok
17:52:47.0486 1068 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:52:47.0486 1068 mssmbios - ok
17:52:47.0533 1068 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:52:47.0595 1068 MSTEE - ok
17:52:47.0626 1068 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:52:47.0626 1068 MTConfig - ok
17:52:47.0642 1068 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:52:47.0657 1068 Mup - ok
17:52:47.0689 1068 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:52:47.0751 1068 napagent - ok
17:52:47.0798 1068 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:52:47.0845 1068 NativeWifiP - ok
17:52:48.0079 1068 [ 0D01287D85B3715FA8270E8EC919B7F7 ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
17:52:48.0172 1068 NBService ( UnsignedFile.Multi.Generic ) - warning
17:52:48.0172 1068 NBService - detected UnsignedFile.Multi.Generic (1)
17:52:48.0359 1068 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
17:52:48.0422 1068 NDIS - ok
17:52:48.0453 1068 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:52:48.0484 1068 NdisCap - ok
17:52:48.0547 1068 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:52:48.0578 1068 NdisTapi - ok
17:52:48.0656 1068 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:52:48.0703 1068 Ndisuio - ok
17:52:48.0749 1068 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:52:48.0796 1068 NdisWan - ok
17:52:48.0843 1068 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:52:48.0859 1068 NDProxy - ok
17:52:48.0921 1068 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:52:48.0921 1068 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:52:48.0921 1068 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:52:48.0999 1068 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
17:52:49.0030 1068 Netaapl - ok
17:52:49.0061 1068 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:52:49.0108 1068 NetBIOS - ok
17:52:49.0155 1068 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:52:49.0217 1068 NetBT - ok
17:52:49.0249 1068 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:52:49.0264 1068 Netlogon - ok
17:52:49.0295 1068 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:52:49.0358 1068 Netman - ok
17:52:49.0405 1068 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:52:49.0467 1068 netprofm - ok
17:52:49.0592 1068 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
17:52:49.0779 1068 netw5v64 - ok
17:52:49.0857 1068 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:52:49.0873 1068 nfrd960 - ok
17:52:49.0951 1068 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:52:49.0997 1068 NlaSvc - ok
17:52:50.0107 1068 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
17:52:50.0138 1068 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
17:52:50.0138 1068 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
17:52:50.0169 1068 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:52:50.0200 1068 Npfs - ok
17:52:50.0231 1068 npggsvc - ok
17:52:50.0247 1068 NPPTNT2 - ok
17:52:50.0278 1068 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:52:50.0325 1068 nsi - ok
17:52:50.0356 1068 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:52:50.0387 1068 nsiproxy - ok
17:52:50.0450 1068 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:52:50.0512 1068 Ntfs - ok
17:52:50.0543 1068 nTuneService - ok
17:52:50.0575 1068 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:52:50.0668 1068 Null - ok
17:52:50.0949 1068 [ 325520227CC568052AE1D7AD49D90951 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:52:51.0152 1068 nvlddmkm - ok
17:52:51.0214 1068 [ 2CCB22FBCAF81D5F4E626007C2396A4D ] NVR0Dev C:\Windows\nvoclk64.sys
17:52:51.0214 1068 NVR0Dev - ok
17:52:51.0323 1068 [ C3280C07FFCE3E23E0A75806490FE09D ] NVR0FLASHDev C:\Windows\nvflsh64.sys
17:52:51.0323 1068 NVR0FLASHDev - ok
17:52:51.0401 1068 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:52:51.0417 1068 nvraid - ok
17:52:51.0448 1068 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:52:51.0464 1068 nvstor - ok
17:52:51.0479 1068 [ 4DFFB8DDBA4A0E8222E0E8D2CD590803 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:52:51.0495 1068 nvsvc - ok
17:52:51.0526 1068 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:52:51.0526 1068 nv_agp - ok
17:52:51.0635 1068 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:52:51.0651 1068 odserv - ok
17:52:51.0682 1068 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:52:51.0682 1068 ohci1394 - ok
17:52:51.0745 1068 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:52:51.0760 1068 ose - ok
17:52:51.0791 1068 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:52:51.0807 1068 p2pimsvc - ok
17:52:51.0869 1068 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:52:51.0901 1068 p2psvc - ok
17:52:51.0932 1068 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:52:51.0947 1068 Parport - ok
17:52:51.0994 1068 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:52:52.0010 1068 partmgr - ok
17:52:52.0025 1068 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:52:52.0072 1068 PcaSvc - ok
17:52:52.0088 1068 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:52:52.0103 1068 pci - ok
17:52:52.0150 1068 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:52:52.0166 1068 pciide - ok
17:52:52.0275 1068 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:52:52.0306 1068 pcmcia - ok
17:52:52.0322 1068 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:52:52.0322 1068 pcw - ok
17:52:52.0369 1068 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:52:52.0431 1068 PEAUTH - ok
17:52:52.0587 1068 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:52:52.0712 1068 PeerDistSvc - ok
17:52:53.0055 1068 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:52:53.0086 1068 PerfHost - ok
17:52:53.0149 1068 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:52:53.0227 1068 pla - ok
17:52:53.0305 1068 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:52:53.0336 1068 PlugPlay - ok
17:52:53.0383 1068 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:52:53.0398 1068 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:52:53.0398 1068 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:52:53.0429 1068 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:52:53.0461 1068 PNRPAutoReg - ok
17:52:53.0492 1068 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:52:53.0507 1068 PNRPsvc - ok
17:52:53.0554 1068 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:52:53.0601 1068 PolicyAgent - ok
17:52:53.0648 1068 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:52:53.0710 1068 Power - ok
17:52:53.0773 1068 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:52:53.0804 1068 PptpMiniport - ok
17:52:53.0835 1068 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:52:53.0851 1068 Processor - ok
17:52:53.0897 1068 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:52:53.0929 1068 ProfSvc - ok
17:52:53.0960 1068 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:52:53.0960 1068 ProtectedStorage - ok
17:52:54.0022 1068 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:52:54.0069 1068 Psched - ok
17:52:54.0131 1068 [ 901DBA98359966A62A6548596988E931 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
17:52:54.0131 1068 PxHlpa64 - ok
17:52:54.0209 1068 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:52:54.0287 1068 ql2300 - ok
17:52:54.0303 1068 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:52:54.0319 1068 ql40xx - ok
17:52:54.0443 1068 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:52:54.0490 1068 QWAVE - ok
17:52:54.0506 1068 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:52:54.0537 1068 QWAVEdrv - ok
17:52:54.0537 1068 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:52:54.0568 1068 RasAcd - ok
17:52:54.0615 1068 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:52:54.0646 1068 RasAgileVpn - ok
17:52:54.0662 1068 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:52:54.0724 1068 RasAuto - ok
17:52:54.0755 1068 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:52:54.0802 1068 Rasl2tp - ok
17:52:54.0833 1068 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:52:54.0880 1068 RasMan - ok
17:52:54.0896 1068 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:52:54.0943 1068 RasPppoe - ok
17:52:54.0958 1068 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:52:54.0989 1068 RasSstp - ok
17:52:55.0036 1068 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:52:55.0099 1068 rdbss - ok
17:52:55.0130 1068 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:52:55.0161 1068 rdpbus - ok
17:52:55.0161 1068 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:52:55.0192 1068 RDPCDD - ok
17:52:55.0270 1068 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:52:55.0286 1068 RDPDR - ok
17:52:55.0317 1068 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:52:55.0379 1068 RDPENCDD - ok
17:52:55.0395 1068 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:52:55.0426 1068 RDPREFMP - ok
17:52:55.0489 1068 [ 977EF648C56541F1D1E5CCE7B44EEA28 ] RDPSSW32 C:\Windows\System32\RDPSSW32.EXE
17:52:55.0504 1068 RDPSSW32 ( UnsignedFile.Multi.Generic ) - warning
17:52:55.0504 1068 RDPSSW32 - detected UnsignedFile.Multi.Generic (1)
17:52:55.0613 1068 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:52:55.0660 1068 RdpVideoMiniport - ok
17:52:55.0754 1068 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:52:55.0816 1068 RDPWD - ok
17:52:55.0863 1068 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:52:55.0879 1068 rdyboost - ok
17:52:55.0941 1068 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:52:56.0050 1068 RemoteAccess - ok
17:52:56.0128 1068 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:52:56.0175 1068 RemoteRegistry - ok
17:52:56.0222 1068 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:52:56.0253 1068 RFCOMM - ok
17:52:56.0300 1068 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
17:52:56.0315 1068 RimUsb - ok
17:52:56.0425 1068 [ A10B40CF9EB57D24E44717A2D38A00F4 ] RivaTuner64 C:\Program Files (x86)\RivaTuner v2.20\RivaTuner64.sys
17:52:56.0487 1068 RivaTuner64 - ok
17:52:56.0503 1068 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:52:56.0549 1068 RpcEptMapper - ok
17:52:56.0581 1068 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:52:56.0596 1068 RpcLocator - ok
17:52:56.0643 1068 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
17:52:56.0674 1068 RpcSs - ok
17:52:56.0737 1068 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:52:56.0768 1068 rspndr - ok
17:52:56.0861 1068 [ BC5366760098DC14EC00AE36C359F42B ] RTCore64 C:\Program Files (x86)\RMClock\RTCore64.sys
17:52:56.0877 1068 RTCore64 - ok
17:52:56.0955 1068 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:52:56.0986 1068 RTL8167 - ok
17:52:57.0017 1068 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:52:57.0049 1068 s3cap - ok
17:52:57.0064 1068 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:52:57.0080 1068 SamSs - ok
17:52:57.0095 1068 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:52:57.0111 1068 sbp2port - ok
17:52:57.0158 1068 SBRE - ok
17:52:57.0173 1068 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:52:57.0205 1068 SCardSvr - ok
17:52:57.0283 1068 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:52:57.0345 1068 scfilter - ok
17:52:57.0548 1068 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:52:57.0657 1068 Schedule - ok
17:52:57.0688 1068 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:52:57.0719 1068 SCPolicySvc - ok
17:52:57.0766 1068 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
17:52:57.0797 1068 sdbus - ok
17:52:57.0844 1068 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:52:57.0875 1068 SDRSVC - ok
17:52:57.0922 1068 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:52:57.0969 1068 secdrv - ok
17:52:58.0031 1068 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:52:58.0078 1068 seclogon - ok
17:52:58.0109 1068 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:52:58.0141 1068 SENS - ok
17:52:58.0156 1068 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:52:58.0172 1068 SensrSvc - ok
17:52:58.0219 1068 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:52:58.0250 1068 Serenum - ok
17:52:58.0297 1068 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:52:58.0312 1068 Serial - ok
17:52:58.0375 1068 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:52:58.0390 1068 sermouse - ok
17:52:58.0437 1068 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:52:58.0484 1068 SessionEnv - ok
17:52:58.0515 1068 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:52:58.0562 1068 sffdisk - ok
17:52:58.0577 1068 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:52:58.0609 1068 sffp_mmc - ok
17:52:58.0811 1068 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:52:58.0843 1068 sffp_sd - ok
17:52:58.0905 1068 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:52:58.0936 1068 sfloppy - ok
17:52:59.0108 1068 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:52:59.0186 1068 SharedAccess - ok
17:52:59.0233 1068 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:52:59.0295 1068 ShellHWDetection - ok
17:52:59.0326 1068 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:52:59.0326 1068 SiSRaid2 - ok
17:52:59.0342 1068 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:52:59.0357 1068 SiSRaid4 - ok
17:52:59.0357 1068 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:52:59.0389 1068 Smb - ok
17:52:59.0467 1068 [ F024FA4FD2D9490934F239812E62E559 ] smserial C:\Windows\system32\DRIVERS\smserial.sys
17:52:59.0529 1068 smserial - ok
17:52:59.0576 1068 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:52:59.0623 1068 SNMPTRAP - ok
17:52:59.0654 1068 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:52:59.0654 1068 spldr - ok
17:52:59.0701 1068 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:52:59.0732 1068 Spooler - ok
17:52:59.0825 1068 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:52:59.0950 1068 sppsvc - ok
17:52:59.0981 1068 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:53:00.0028 1068 sppuinotify - ok
17:53:00.0075 1068 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:53:00.0153 1068 srv - ok
17:53:00.0169 1068 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:53:00.0215 1068 srv2 - ok
17:53:00.0231 1068 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:53:00.0262 1068 srvnet - ok
17:53:00.0325 1068 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:53:00.0371 1068 SSDPSRV - ok
17:53:00.0403 1068 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:53:00.0434 1068 SstpSvc - ok
17:53:00.0481 1068 Steam Client Service - ok
17:53:00.0496 1068 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:53:00.0512 1068 stexstor - ok
17:53:00.0574 1068 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:53:00.0621 1068 stisvc - ok
17:53:00.0668 1068 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:53:00.0668 1068 storflt - ok
17:53:00.0715 1068 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:53:00.0730 1068 storvsc - ok
17:53:00.0746 1068 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:53:00.0761 1068 swenum - ok
17:53:00.0777 1068 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:53:00.0839 1068 swprv - ok
17:53:00.0855 1068 Synth3dVsc - ok
17:53:00.0902 1068 [ 8F63178D1DB81BB79270AE55ECDD8321 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:53:00.0917 1068 SynTP - ok
17:53:00.0980 1068 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:53:01.0058 1068 SysMain - ok
17:53:01.0105 1068 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:53:01.0136 1068 TabletInputService - ok
17:53:01.0151 1068 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:53:01.0214 1068 TapiSrv - ok
17:53:01.0245 1068 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:53:01.0276 1068 TBS - ok
17:53:01.0339 1068 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:53:01.0401 1068 Tcpip - ok
17:53:01.0479 1068 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:53:01.0510 1068 TCPIP6 - ok
17:53:01.0541 1068 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:53:01.0588 1068 tcpipreg - ok
17:53:01.0635 1068 [ C050F120451B08FBF79588F66BF51CCD ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
17:53:01.0651 1068 TcUsb - ok
17:53:01.0682 1068 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:53:01.0697 1068 TDPIPE - ok
17:53:01.0744 1068 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:53:01.0744 1068 TDTCP - ok
17:53:01.0775 1068 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:53:01.0807 1068 tdx - ok
17:53:01.0822 1068 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:53:01.0822 1068 TermDD - ok
17:53:01.0853 1068 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:53:01.0916 1068 TermService - ok
17:53:01.0947 1068 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:53:01.0978 1068 Themes - ok
17:53:02.0009 1068 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:53:02.0041 1068 THREADORDER - ok
17:53:02.0056 1068 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:53:02.0103 1068 TrkWks - ok
17:53:02.0165 1068 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:53:02.0212 1068 TrustedInstaller - ok
17:53:02.0243 1068 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:53:02.0290 1068 tssecsrv - ok
17:53:02.0368 1068 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:53:02.0384 1068 TsUsbFlt - ok
17:53:02.0415 1068 tsusbhub - ok
17:53:02.0462 1068 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:53:02.0509 1068 tunnel - ok
17:53:02.0555 1068 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:53:02.0571 1068 uagp35 - ok
17:53:02.0602 1068 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:53:02.0665 1068 udfs - ok
17:53:02.0696 1068 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:53:02.0711 1068 UI0Detect - ok
17:53:02.0743 1068 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:53:02.0743 1068 uliagpkx - ok
17:53:02.0789 1068 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:53:02.0805 1068 umbus - ok
17:53:02.0836 1068 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:53:02.0852 1068 UmPass - ok
17:53:02.0899 1068 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
17:53:02.0930 1068 UmRdpService - ok
17:53:02.0992 1068 UpdateCenterService - ok
17:53:03.0008 1068 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:53:03.0055 1068 upnphost - ok
17:53:03.0117 1068 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:53:03.0148 1068 USBAAPL64 - ok
17:53:03.0179 1068 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:53:03.0211 1068 usbaudio - ok
17:53:03.0273 1068 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:53:03.0304 1068 usbccgp - ok
17:53:03.0320 1068 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
17:53:03.0335 1068 usbcir - ok
17:53:03.0367 1068 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:53:03.0382 1068 usbehci - ok
17:53:03.0445 1068 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:53:03.0491 1068 usbhub - ok
17:53:03.0491 1068 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:53:03.0507 1068 usbohci - ok
17:53:03.0538 1068 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:53:03.0569 1068 usbprint - ok
17:53:03.0616 1068 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:53:03.0647 1068 usbscan - ok
17:53:03.0679 1068 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:53:03.0710 1068 USBSTOR - ok
17:53:03.0741 1068 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:53:03.0772 1068 usbuhci - ok
17:53:03.0835 1068 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:53:03.0850 1068 usbvideo - ok
17:53:03.0866 1068 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:53:03.0928 1068 UxSms - ok
17:53:03.0944 1068 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:53:03.0959 1068 VaultSvc - ok
17:53:03.0991 1068 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:53:04.0006 1068 vdrvroot - ok
17:53:04.0053 1068 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:53:04.0084 1068 vds - ok
17:53:04.0115 1068 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:53:04.0131 1068 vga - ok
17:53:04.0162 1068 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:53:04.0209 1068 VgaSave - ok
17:53:04.0240 1068 VGPU - ok
17:53:04.0303 1068 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:53:04.0303 1068 vhdmp - ok
17:53:04.0349 1068 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:53:04.0365 1068 viaide - ok
17:53:04.0412 1068 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:53:04.0427 1068 vmbus - ok
17:53:04.0490 1068 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:53:04.0521 1068 VMBusHID - ok
17:53:04.0552 1068 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:53:04.0568 1068 volmgr - ok
17:53:04.0661 1068 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:53:04.0677 1068 volmgrx - ok
17:53:04.0771 1068 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:53:04.0817 1068 volsnap - ok
17:53:04.0880 1068 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:53:04.0895 1068 vsmraid - ok
17:53:05.0207 1068 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:53:05.0348 1068 VSS - ok
17:53:05.0395 1068 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:53:05.0441 1068 vwifibus - ok
17:53:05.0536 1068 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:53:05.0598 1068 W32Time - ok
17:53:05.0630 1068 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:53:05.0692 1068 WacomPen - ok
17:53:05.0817 1068 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:53:05.0879 1068 WANARP - ok
17:53:05.0973 1068 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:53:05.0988 1068 Wanarpv6 - ok
17:53:06.0363 1068 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:53:06.0425 1068 WatAdminSvc - ok
17:53:06.0676 1068 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:53:06.0801 1068 wbengine - ok
17:53:06.0832 1068 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:53:06.0863 1068 WbioSrvc - ok
17:53:06.0957 1068 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:53:07.0050 1068 wcncsvc - ok
17:53:07.0066 1068 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:53:07.0081 1068 WcsPlugInService - ok
17:53:07.0175 1068 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:53:07.0175 1068 Wd - ok
17:53:07.0253 1068 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
17:53:07.0269 1068 WDC_SAM - ok
17:53:07.0409 1068 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:53:07.0471 1068 Wdf01000 - ok
17:53:07.0503 1068 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:53:07.0550 1068 WdiServiceHost - ok
17:53:07.0550 1068 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:53:07.0565 1068 WdiSystemHost - ok
17:53:07.0628 1068 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:53:07.0674 1068 WebClient - ok
17:53:07.0752 1068 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:53:07.0815 1068 Wecsvc - ok
17:53:07.0830 1068 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:53:07.0908 1068 wercplsupport - ok
17:53:07.0971 1068 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:53:08.0002 1068 WerSvc - ok
17:53:08.0096 1068 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:53:08.0127 1068 WfpLwf - ok
17:53:08.0267 1068 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:53:08.0361 1068 WIMMount - ok
17:53:08.0486 1068 WinDefend - ok
17:53:08.0486 1068 WinHttpAutoProxySvc - ok
17:53:08.0969 1068 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:53:09.0078 1068 Winmgmt - ok
17:53:09.0141 1068 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:53:09.0266 1068 WinRM - ok
17:53:09.0328 1068 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:53:09.0344 1068 WinUsb - ok
17:53:09.0515 1068 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:53:09.0656 1068 Wlansvc - ok
17:53:10.0046 1068 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:53:10.0139 1068 wlidsvc - ok
17:53:10.0186 1068 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:53:10.0217 1068 WmiAcpi - ok
17:53:10.0264 1068 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:53:10.0311 1068 wmiApSrv - ok
17:53:10.0342 1068 WMPNetworkSvc - ok
17:53:10.0420 1068 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:53:10.0436 1068 WPCSvc - ok
17:53:10.0482 1068 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:53:10.0498 1068 WPDBusEnum - ok
17:53:10.0592 1068 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:53:10.0623 1068 ws2ifsl - ok
17:53:10.0857 1068 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:53:10.0919 1068 wscsvc - ok
17:53:10.0935 1068 WSearch - ok
17:53:11.0200 1068 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:53:11.0325 1068 wuauserv - ok
17:53:11.0372 1068 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:53:11.0403 1068 WudfPf - ok
17:53:11.0434 1068 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:53:11.0512 1068 WUDFRd - ok
17:53:11.0559 1068 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:53:11.0590 1068 wudfsvc - ok
17:53:11.0606 1068 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:53:11.0637 1068 WwanSvc - ok
17:53:11.0777 1068 [ 72E8F37E00DCBD7432C7824570A3A7AA ] X4HSX32 C:\Program Files (x86)\GameTap Web Player\bin\Release\X4HSX32.Sys
17:53:11.0808 1068 X4HSX32 ( UnsignedFile.Multi.Generic ) - warning
17:53:11.0808 1068 X4HSX32 - detected UnsignedFile.Multi.Generic (1)
17:53:12.0089 1068 [ 74983ADDCA2D9618512C088D856D6615 ] {95808DC4-FA4A-4C74-92FE-5B863F82066B} C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl
17:53:12.0105 1068 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
17:53:12.0152 1068 ================ Scan global ===============================
17:53:12.0198 1068 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:53:12.0230 1068 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:53:12.0245 1068 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:53:12.0276 1068 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:53:12.0370 1068 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:53:12.0417 1068 [Global] - ok
17:53:12.0417 1068 ================ Scan MBR ==================================
17:53:12.0432 1068 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:53:17.0394 1068 \Device\Harddisk0\DR0 - ok
17:53:17.0394 1068 ================ Scan VBR ==================================
17:53:17.0425 1068 [ 34CEFF60714037E28C8B41B6AEA3C278 ] \Device\Harddisk0\DR0\Partition1
17:53:17.0425 1068 \Device\Harddisk0\DR0\Partition1 - ok
17:53:17.0425 1068 ============================================================
17:53:17.0425 1068 Scan finished
17:53:17.0425 1068 ============================================================
17:53:17.0425 1532 Detected object count: 15
17:53:17.0425 1532 Actual detected object count: 15
17:54:50.0938 1532 BeTwinService ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:50.0938 1532 BeTwinService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:54:50.0938 1532 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:50.0938 1532 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:54:50.0938 1532 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:50.0938 1532 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:54:50.0938 1532 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:50.0938 1532 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:54:50.0938 1532 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:50.0938 1532 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:54:50.0938 1532 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:50.0938 1532 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:54:50.0938 1532 McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:50.0938 1532 McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:54:50.0938 1532 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:50.0938 1532 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:54:50.0938 1532 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:50.0938 1532 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:54:50.0938 1532 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:50.0938 1532 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:54:50.0953 1532 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:50.0953 1532 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:54:50.0953 1532 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:50.0953 1532 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:54:50.0953 1532 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:50.0953 1532 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:54:50.0953 1532 RDPSSW32 ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:50.0953 1532 RDPSSW32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:54:50.0953 1532 X4HSX32 ( UnsignedFile.Multi.Generic ) - skipped by user
17:54:50.0953 1532 X4HSX32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:55:00.0828 3356 Deinitialize success

Attached Files


  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. After this step restart your system and test it. Tell me what problems you have now?

Also please don't attach logs. Post them instead.

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#10
ackmiller

ackmiller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here is MBAM report after it disinfected several trojans.


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.24.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ANDYS_LAPTOP [administrator]

8/24/2012 6:59:43 AM
mbam-log-2012-08-24 (06-59-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243435
Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Detected: 1
C:\Windows\SysWOW64\svc2dll.exe (Trojan.Agent.Gen) -> 1368 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\Adobe Direct CVS Service (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Windows\System32\svc2dll.exe (Trojan.Agent.Gen) -> Delete on reboot.
C:\Windows\SysWOW64\svc2dll.exe (Trojan.Agent.Gen) -> Delete on reboot.
C:\Windows\System32\svc2dll.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\svc2dll.dat (Malware.Trace) -> Quarantined and deleted successfully.

(end)
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Restart your system and test it. Let me know results and problems.
  • 0

#12
ackmiller

ackmiller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Sigh, I am a bit sad :(

I restarted the machine like you asked and I noticed (like the last few times) that there is a long pause of a black screen between the Windows load graphic and the login screen (like 3-4 minutes). Before my infection this long black screen pause was not there. My computer is loading something during that time (the fan is running hard) but I don't if that is a virus doing dirty work or normal.

Most disconcerting is that I still have my browser hijacked and when I launch IE i get 2 iexplorer.exe process running (only one window opened) and with Chrome i get 2-4 chrome.exe processes opened with only one window. Each new window (IE or Chrome) only opens 1 additional process though.

Also, I still have some intermittent audio playing in the background (they are ads of some sort) and I assume these are tied to the background IE or Chrome processes that are running.

When I close down IE all iexplorer.exe process close down, same with CHrome. I can kill the iexplorer/chrome processes through task manager though.

Lastly, I seem to have a lot of svchost.exe process open (16 open when I restart and do nothing but check task manager). Never noticed this many before but perhaps that is normal. These svchost processes are split between NETWORK, SYSTEM, and LOCAL.

You have been very helpful so far and hopefully (thanks btw) and I am hopeful you can help me beat this darn virus.

Edited by ackmiller, 24 August 2012 - 03:54 PM.

  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I'm not giving up as long as you bare with me. We'll nail this.

Most disconcerting is that I still have my browser hijacked and when I launch IE i get 2 iexplorer.exe process running (only one window opened) and with Chrome i get 2-4 chrome.exe processes opened with only one window. Each new window (IE or Chrome) only opens 1 additional process though.


This is normal for IE and for Chrome. It should be like this. Two processes start when you run IE or Chrome.

Lastly, I seem to have a lot of svchost.exe process open (16 open when I restart and do nothing but check task manager). Never noticed this many before but perhaps that is normal. These svchost processes are split between NETWORK, SYSTEM, and LOCAL.


This is normal for clean system too as long as legal svchost.exe is running. In your case it is.

Also, I still have some intermittent audio playing in the background (they are ads of some sort) and I assume these are tied to the background IE or Chrome processes that are running.


OK. We need to test this. When exactly you hear this adds?

Start IE and see if you hear them. After that close IE and start Chrome and test if you hear adds in Chrome.
Also close IE and Chrome and see if you can hear adds while you are not using any browser. Please test this and let me know.

Now we need to do some scans so I can see where we stand now

Step 1

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, aswMBR will save additional file named MBR.dat. Attach it to your next reply
Step 2

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.


Step 3


Please don't forget to include these items in your reply:


  • New OTL scan log
  • aswMBR log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#14
ackmiller

ackmiller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I don't hear background sound anymore when using IE or Chrome so perhaps that problem is fixed (yeah!). However, my IE and Chrome browsers are still hijacked. I can type in an address and go straight to a website, but when I do a Google search and click on a Google link I am redirected to some crap ad sites.

Here is the aswMBR.txt file:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-25 03:21:35
-----------------------------
03:21:35.890 OS Version: Windows x64 6.1.7601 Service Pack 1
03:21:35.890 Number of processors: 2 586 0x1706
03:21:35.890 ComputerName: ANDYS_LAPTOP UserName: Admin
03:21:37.325 Initialize success
03:23:35.383 AVAST engine defs: 12082402
03:23:54.287 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
03:23:54.287 Disk 0 Vendor: ST932042 SD13 Size: 305245MB BusType: 3
03:23:54.302 Disk 0 MBR read successfully
03:23:54.302 Disk 0 MBR scan
03:23:54.318 Disk 0 Windows 7 default MBR code
03:23:54.334 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
03:23:54.412 Disk 0 scanning C:\Windows\system32\drivers
03:24:08.592 Service scanning
03:24:31.696 Modules scanning
03:24:31.696 Disk 0 trace - called modules:
03:24:31.758 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
03:24:31.774 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005dc6060]
03:24:31.774 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa8004fc1950]
03:24:31.774 5 ACPI.sys[fffff88000f347a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004fc2050]
03:24:32.803 AVAST engine scan C:\Windows
03:24:37.499 AVAST engine scan C:\Windows\system32
03:27:16.006 AVAST engine scan C:\Windows\system32\drivers
03:27:29.963 AVAST engine scan C:\Users\Admin
03:37:49.673 AVAST engine scan C:\ProgramData
03:48:12.435 Scan finished successfully
09:27:04.257 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Downloads\Desktop\MBR.dat"
09:27:04.257 The log file has been saved successfully to "C:\Users\Admin\Downloads\Desktop\aswMBR.txt"

Edited by ackmiller, 25 August 2012 - 08:55 AM.

  • 0

#15
ackmiller

ackmiller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here is the MBR.dat file (had to attach, I couldn't open so no copy/paste).

Attached Files

  • Attached File  MBR.dat   512bytes   174 downloads

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP