michael123

Members

View Profile See their activity

Posts
16
Joined
July 18, 2012
Last visited
July 23, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by michael123

Please help! random advertisement playing in background, possible malware =[

michael123 replied to michael123's topic in Resolved Malware Removal Logs

wow.. that took almost forever lol, and i seemed to have made a mistake =/ and accidently selected " delete incurable " instead of move incurable. ;[ Here are the logs ~ Drweb: 124e7f25.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Trojan.NtRootKit.13531;Deleted.; 5578dcbd.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Adware.InstallCore.19;Incurable.Deleted.; 57670667.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;BackDoor.Tdss.5231;Deleted.; 5578dcbd.qua;C:\Documents and Settings\All Users\Avira\AntiVir Desktop\INFECTED;Adware.InstallCore.19;Invalid path to file ; 5578dcbd.qua;C:\ProgramData\Avira\AntiVir Desktop\INFECTED;Adware.InstallCore.19;Invalid path to file ; tsk0000.dta;C:\TDSSKiller_Quarantine\18.07.2012_19.54.14\mbr0000\mbr0000;Trojan.Tdlphaze.1;Incurable.Moved.; tsk0003.dta;C:\TDSSKiller_Quarantine\18.07.2012_19.54.14\mbr0000\tdlfs0000;Trojan.DownLoad3.1188;Deleted.; 5578dcbd.qua;C:\Users\All Users\Avira\AntiVir Desktop\INFECTED;Adware.InstallCore.19;Invalid path to file ; security check: Results of screen317's Security Check version 0.99.43 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 Adobe Reader X (10.1.3) Mozilla Firefox (14.0.1) Google Chrome 20.0.1132.57 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 6% ````````````````````End of Log`````````````````````` And the system seems to be working fine , but still can notice the slight change in performance speeds since last week.
- July 21, 2012
- 25 replies
Please help! random advertisement playing in background, possible malware =[

michael123 replied to michael123's topic in Resolved Malware Removal Logs

yes i have updated java , and removed everything listed besides babylon
- July 20, 2012
- 25 replies
Please help! random advertisement playing in background, possible malware =[

michael123 replied to michael123's topic in Resolved Malware Removal Logs

The ads have been gone since last night lol sry forgot to tell u, and system seems to be fine , but alot slower and freezes from time to time for a breif momment
- July 20, 2012
- 25 replies
Please help! random advertisement playing in background, possible malware =[

michael123 replied to michael123's topic in Resolved Malware Removal Logs

I've been able to remove everything u listed from program and features, however i could not find the babylon toolbar =/
- July 20, 2012
- 25 replies
Please help! random advertisement playing in background, possible malware =[

michael123 replied to michael123's topic in Resolved Malware Removal Logs

And i also had a question, after doing a scan with avira and sending the threats to the quarantine, does "deleting" mean deleting them from the quarantine or deleting the whole file?
- July 20, 2012
- 25 replies
Please help! random advertisement playing in background, possible malware =[

michael123 replied to michael123's topic in Resolved Malware Removal Logs

ComboFix 12-07-19.02 - Bugs Bunny 07/19/2012 23:48:37.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4863.2710 [GMT -4:00] Running from: c:\users\Bugs Bunny\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Bugs Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\rdp52gji.default\searchplugins\bing-zugo.xml . . ((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 ))))))))))))))))))))))))))))))) . . 2012-07-20 03:57 . 2012-07-20 03:57 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-20 03:57 . 2012-07-20 03:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-19 16:12 . 2012-07-19 16:12 -------- d-----w- c:\users\Bugs Bunny\AppData\Roaming\Malwarebytes 2012-07-19 16:12 . 2012-07-19 16:12 -------- d-----w- c:\programdata\Malwarebytes 2012-07-19 16:12 . 2012-07-19 16:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-19 16:12 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-19 07:59 . 2012-07-19 08:01 -------- d-----w- c:\program files (x86)\GUMB215.tmp 2012-07-19 03:23 . 2012-07-19 03:23 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR 2012-07-19 03:22 . 2012-07-19 20:37 -------- d-----w- c:\users\Bugs Bunny\AppData\Local\PMB Files 2012-07-19 03:22 . 2012-07-19 20:37 -------- d-----w- c:\programdata\PMB Files 2012-07-19 00:08 . 2012-07-19 00:08 -------- d-----w- c:\program files\trend micro 2012-07-19 00:08 . 2012-07-19 00:10 -------- d-----w- C:\rsit 2012-07-18 23:58 . 2012-07-18 23:58 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-18 20:15 . 2012-07-18 20:15 -------- d-----w- c:\users\Bugs Bunny\AppData\Roaming\Avira 2012-07-18 20:13 . 2012-07-18 20:13 -------- d-----w- C:\desktop 2012-07-18 20:02 . 2012-07-18 20:03 -------- d-----w- c:\program files (x86)\Ask.com 2012-07-18 20:02 . 2012-05-02 19:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-07-18 20:02 . 2012-04-27 14:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-07-18 20:02 . 2012-04-25 04:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-07-18 20:01 . 2012-07-18 20:03 -------- d-----w- c:\programdata\Avira 2012-07-18 20:01 . 2012-07-18 20:01 -------- d-----w- c:\program files (x86)\Avira 2012-07-18 16:54 . 2012-07-18 16:55 -------- d-----w- c:\program files (x86)\GUMDB22.tmp 2012-07-18 16:24 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-07-18 15:48 . 2012-07-18 15:48 -------- d-----w- c:\users\Bugs Bunny\AppData\Roaming\SUPERAntiSpyware.com 2012-07-18 15:48 . 2012-07-18 15:48 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-07-18 15:48 . 2012-07-18 15:48 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-07-18 15:29 . 2012-07-18 15:29 -------- d-----w- c:\program files (x86)\Trend Micro 2012-07-18 15:23 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FC24DD5-6FBD-4A5B-A5A9-BB684093A6E2}\mpengine.dll 2012-07-18 13:22 . 2012-07-18 15:18 -------- d-----w- c:\users\Guest 2012-07-18 11:18 . 2012-07-18 11:18 -------- d-----w- c:\program files\Enigma Software Group 2012-07-18 11:16 . 2012-07-18 15:15 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP 2012-07-18 11:14 . 2012-07-18 11:14 -------- d-----w- c:\users\Bugs Bunny\AppData\Roaming\SpeedyPC Software 2012-07-18 11:14 . 2012-07-18 11:14 -------- d-----w- c:\users\Bugs Bunny\AppData\Roaming\DriverCure 2012-07-18 11:14 . 2012-07-18 11:14 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software 2012-07-18 11:14 . 2012-07-18 12:53 -------- d-----w- c:\programdata\SpeedyPC Software 2012-07-18 11:14 . 2012-07-18 11:14 -------- d-----w- c:\program files (x86)\SpeedyPC Software 2012-07-18 08:17 . 2012-07-18 15:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-07-18 08:17 . 2012-07-18 15:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-07-18 02:01 . 2012-06-06 05:50 2003968 ----a-w- c:\windows\system32\msxml6.dll 2012-07-18 02:01 . 2012-06-06 05:09 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-07-18 02:01 . 2012-06-06 05:09 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-07-18 02:00 . 2012-06-09 05:30 14165504 ----a-w- c:\windows\system32\shell32.dll 2012-07-18 02:00 . 2012-06-02 05:27 340992 ----a-w- c:\windows\system32\schannel.dll 2012-07-18 02:00 . 2012-06-02 05:38 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-18 02:00 . 2012-06-02 05:38 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-07-18 02:00 . 2012-06-02 05:37 459216 ----a-w- c:\windows\system32\drivers\cng.sys 2012-07-18 02:00 . 2012-06-02 05:27 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-18 02:00 . 2012-06-02 04:48 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-07-18 02:00 . 2012-06-02 04:47 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-07-18 02:00 . 2012-06-02 04:48 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-07-18 02:00 . 2012-06-02 04:42 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-07-18 01:59 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-18 01:59 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-13 05:36 . 2012-07-18 04:20 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2012-07-13 05:36 . 2012-07-18 04:29 -------- d-----w- c:\program files (x86)\PC Tools Registry Mechanic 2012-07-13 02:37 . 2012-07-13 02:39 -------- d-----w- c:\users\Bugs Bunny\AppData\Roaming\DivX 2012-07-13 02:36 . 2012-07-18 07:05 -------- d-----w- c:\program files\DivX 2012-07-13 02:35 . 2012-07-18 15:15 -------- d-----w- c:\program files (x86)\DivX 2012-07-13 02:35 . 2012-07-18 07:05 -------- d-----w- c:\programdata\DivX 2012-07-13 02:26 . 2012-07-18 04:50 -------- d-----w- c:\program files (x86)\MediaPlayerLite 2012-07-13 02:26 . 2012-07-18 04:51 -------- d-----w- c:\program files (x86)\Giant Savings 2012-07-13 02:21 . 2012-07-13 02:21 -------- d-----w- c:\program files (x86)\GUM91D3.tmp 2012-07-13 02:19 . 2012-07-18 15:15 -------- d-----w- c:\program files (x86)\QuickTime 2012-07-13 02:18 . 2012-07-13 02:18 -------- d-----w- c:\users\Bugs Bunny\AppData\Local\Real 2012-07-13 02:17 . 2012-07-18 05:39 -------- d-----w- c:\program files (x86)\Real 2012-07-13 02:16 . 2012-07-18 15:09 -------- d-----w- c:\users\Bugs Bunny\AppData\Local\Google 2012-07-13 02:16 . 2012-07-18 15:50 -------- d-----w- c:\program files (x86)\Google 2012-07-11 08:00 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 08:00 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3(63).dll 2012-06-24 16:52 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-24 16:52 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-24 16:52 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-24 16:52 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-24 16:51 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-24 16:51 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-24 16:51 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-24 16:51 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-24 16:51 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-23 04:36 . 2012-06-23 04:36 -------- d-----w- c:\users\Bugs Bunny\AppData\Local\Macromedia . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-18 16:20 . 2011-09-25 01:20 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-18 15:37 . 2012-05-03 02:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-18 15:37 . 2011-09-25 00:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-18 15:37 . 2012-05-03 02:37 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-05-31 16:25 . 2011-09-25 13:46 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-27 08:17 . 2012-05-27 08:17 670816 ----a-w- c:\windows\SysWow64\xsherlock.xem 2012-05-04 10:52 . 2012-06-12 23:11 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:08 . 2012-06-12 23:11 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:08 . 2012-06-12 23:11 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-02 05:32 . 2012-06-12 23:12 208896 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:50 . 2012-06-12 23:10 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:34 . 2012-06-12 23:12 76288 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:34 . 2012-06-12 23:12 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:28 . 2012-06-12 23:12 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:59 . 2012-06-12 23:10 1460224 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 05:59 . 2012-06-12 23:10 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:59 . 2012-06-12 23:10 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 04:47 . 2012-06-12 23:09 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:47 . 2012-06-12 23:09 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-24 04:47 . 2012-06-12 23:10 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [-] 2011-12-26 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll . [-] 2011-12-26 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-05 00:20 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-05 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\users\Bugs Bunny\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\users\Bugs Bunny\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 94208 ----a-w- c:\users\Bugs Bunny\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-05 1391272] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-02 348624] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\Bugs Bunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Bugs Bunny\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] ERUNT AutoBackup.lnk - c:\desktop\AUTOBACK.EXE [2005-10-20 38912] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-18 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056] R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-18 136176] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712] R3 vtany;vtany;c:\windows\vtany.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-25 1255736] R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x] R3 xspirit;xspirit;c:\windows\xspirit.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224] S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-02 465360] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-06 676864] S3 SrvHsfPCIe;SrvHsfPCIe;c:\windows\system32\DRIVERS\VSTBS36.SYS [2009-06-10 287744] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 01:37] . 2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-18 15:48] . 2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-18 15:48] . 2012-07-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5f957f63-c1a7-47b5-9bef-89507b8472fc.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2012-07-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d921bfdc-0aea-458e-9479-8d3b230d2d3a.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 97792 ----a-w- c:\users\Bugs Bunny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 97792 ----a-w- c:\users\Bugs Bunny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 97792 ----a-w- c:\users\Bugs Bunny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-10-31 21:02 97792 ----a-w- c:\users\Bugs Bunny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Free YouTube Download - c:\users\Bugs Bunny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to MP3 Converter - c:\users\Bugs Bunny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Bugs Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\rdp52gji.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=10148&l=dis&tb=AVR-3 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q= FF - user.js: extensions.BabylonToolbar_i.id - e880ced400000000000094445213b7f8 FF - user.js: extensions.BabylonToolbar_i.hardId - e880ced400000000000094445213b7f8 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15349 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:21 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100886 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS REMOVED - - - - . WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock] "ImagePath"="c:\windows\system32\xsherlock.xem" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-20 00:08:52 ComboFix-quarantined-files.txt 2012-07-20 04:08 . Pre-Run: 636,072,755,200 bytes free Post-Run: 636,464,680,960 bytes free . - - End Of File - - 8C7C97BE12FBFF5E200CDEB9C00853E9
- July 20, 2012
- 25 replies
Please help! random advertisement playing in background, possible malware =[

michael123 replied to michael123's topic in Resolved Malware Removal Logs

ooooohh sry bout that~ hope this is better Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.19.11 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Bugs Bunny :: BUGSBUNNY-PC [administrator] Protection: Enabled 7/19/2012 12:14:53 PM mbam-log-2012-07-19 (12-14-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 227411 Time elapsed: 4 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 13 HKCR\CLSID\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully. HKCR\TypeLib\{44444444-4444-4444-4444-440044044435} (PUP.Codec.PR) -> Quarantined and deleted successfully. HKCR\Interface\{55555555-5555-5555-5555-550055045535} (PUP.Codec.PR) -> Quarantined and deleted successfully. HKCR\CrossriderApp0000435.BHO.1 (PUP.Codec.PR) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully. HKCR\CrossriderApp0000435.BHO (PUP.Codec.PR) -> Quarantined and deleted successfully. HKCR\CrossriderApp0000435.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully. HKCR\CrossriderApp0000435.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully. HKCR\CrossriderApp0000435.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully. HKCR\CrossriderApp0000435.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll (PUP.Codec.PR) -> Quarantined and deleted successfully. C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end)
- July 19, 2012
- 25 replies
Please help! random advertisement playing in background, possible malware =[

michael123 replied to michael123's topic in Resolved Malware Removal Logs

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fnil\fcharset0 Calibri;}} {\colortbl ;\red0\green0\blue255;} {\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\sa200\sl276\slmult1\lang9\f0\fs22 Malwarebytes Anti-Malware (Trial) 1.62.0.1300\par {\field{\*\fldinst{HYPERLINK "www.malwarebytes.org"}}{\fldrslt{\ul\cf1 www.malwarebytes.org}}}\f0\fs22\par \par Database version: v2012.07.19.11\par \par Windows 7 x64 NTFS\par Internet Explorer 9.0.8112.16421\par Bugs Bunny :: BUGSBUNNY-PC [administrator]\par \par Protection: Enabled\par \par 7/19/2012 12:14:53 PM\par mbam-log-2012-07-19 (12-14-53).txt\par \par Scan type: Quick scan\par Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM\par Scan options disabled: P2P\par Objects scanned: 227411\par Time elapsed: 4 minute(s), 59 second(s)\par \par Memory Processes Detected: 0\par (No malicious items detected)\par \par Memory Modules Detected: 0\par (No malicious items detected)\par \par Registry Keys Detected: 13\par HKCR\\CLSID\\\{11111111-1111-1111-1111-110011041135\} (PUP.Codec.PR) -> Quarantined and deleted successfully.\par HKCR\\TypeLib\\\{44444444-4444-4444-4444-440044044435\} (PUP.Codec.PR) -> Quarantined and deleted successfully.\par HKCR\\Interface\\\{55555555-5555-5555-5555-550055045535\} (PUP.Codec.PR) -> Quarantined and deleted successfully.\par HKCR\\CrossriderApp0000435.BHO.1 (PUP.Codec.PR) -> Quarantined and deleted successfully.\par HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\\{11111111-1111-1111-1111-110011041135\} (PUP.Codec.PR) -> Quarantined and deleted successfully.\par HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\\{11111111-1111-1111-1111-110011041135\} (PUP.Codec.PR) -> Quarantined and deleted successfully.\par HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\\{11111111-1111-1111-1111-110011041135\} (PUP.Codec.PR) -> Quarantined and deleted successfully.\par HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\PreApproved\\\{11111111-1111-1111-1111-110011041135\} (PUP.Codec.PR) -> Quarantined and deleted successfully.\par HKCR\\CrossriderApp0000435.BHO (PUP.Codec.PR) -> Quarantined and deleted successfully.\par HKCR\\CrossriderApp0000435.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.\par HKCR\\CrossriderApp0000435.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.\par HKCR\\CrossriderApp0000435.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.\par HKCR\\CrossriderApp0000435.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.\par \par Registry Values Detected: 0\par (No malicious items detected)\par \par Registry Data Items Detected: 0\par (No malicious items detected)\par \par Folders Detected: 0\par (No malicious items detected)\par \par Files Detected: 2\par C:\\Program Files (x86)\\Premiumplay Codec-C\\Premiumplay Codec-C.dll (PUP.Codec.PR) -> Quarantined and deleted successfully.\par C:\\Windows\\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.\par \par (end)\par }
- July 19, 2012
- 25 replies
Please help! random advertisement playing in background, possible malware =[

michael123 replied to michael123's topic in Resolved Malware Removal Logs

Yessir~ ty once agn lol , heres the log u asked for : 22:53:30.0578 3788 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11 22:53:31.0186 3788 ============================================================ 22:53:31.0186 3788 Current date / time: 2012/07/18 22:53:31.0186 22:53:31.0186 3788 SystemInfo: 22:53:31.0186 3788 22:53:31.0186 3788 OS Version: 6.1.7600 ServicePack: 0.0 22:53:31.0186 3788 Product type: Workstation 22:53:31.0186 3788 ComputerName: BUGSBUNNY-PC 22:53:31.0186 3788 UserName: Bugs Bunny 22:53:31.0186 3788 Windows directory: C:\Windows 22:53:31.0186 3788 System windows directory: C:\Windows 22:53:31.0186 3788 Running under WOW64 22:53:31.0186 3788 Processor architecture: Intel x64 22:53:31.0186 3788 Number of processors: 4 22:53:31.0186 3788 Page size: 0x1000 22:53:31.0186 3788 Boot type: Normal boot 22:53:31.0186 3788 ============================================================ 22:53:35.0554 3788 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDDA00 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 22:53:35.0585 3788 ============================================================ 22:53:35.0585 3788 \Device\Harddisk0\DR0: 22:53:35.0585 3788 MBR partitions: 22:53:35.0585 3788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 22:53:35.0585 3788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000 22:53:35.0585 3788 ============================================================ 22:53:35.0601 3788 C: <-> \Device\Harddisk0\DR0\Partition1 22:53:35.0632 3788 I: <-> \Device\Harddisk0\DR0\Partition0 22:53:35.0632 3788 ============================================================ 22:53:35.0632 3788 Initialize success 22:53:35.0632 3788 ============================================================ 22:53:39.0953 3916 ============================================================ 22:53:39.0953 3916 Scan started 22:53:39.0953 3916 Mode: Manual; 22:53:39.0953 3916 ============================================================ 22:53:42.0465 3916 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 22:53:42.0465 3916 !SASCORE - ok 22:53:42.0839 3916 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 22:53:42.0855 3916 1394ohci - ok 22:53:42.0948 3916 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 22:53:42.0964 3916 ACPI - ok 22:53:42.0995 3916 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 22:53:43.0011 3916 AcpiPmi - ok 22:53:43.0089 3916 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 22:53:43.0089 3916 AdobeARMservice - ok 22:53:43.0697 3916 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 22:53:43.0713 3916 AdobeFlashPlayerUpdateSvc - ok 22:53:44.0072 3916 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 22:53:44.0150 3916 adp94xx - ok 22:53:44.0321 3916 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 22:53:44.0352 3916 adpahci - ok 22:53:44.0399 3916 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 22:53:44.0430 3916 adpu320 - ok 22:53:44.0477 3916 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 22:53:44.0493 3916 AeLookupSvc - ok 22:53:44.0618 3916 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 22:53:44.0680 3916 AFD - ok 22:53:44.0727 3916 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 22:53:44.0742 3916 agp440 - ok 22:53:44.0789 3916 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 22:53:44.0820 3916 ALG - ok 22:53:44.0852 3916 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 22:53:44.0867 3916 aliide - ok 22:53:44.0883 3916 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 22:53:44.0898 3916 amdide - ok 22:53:44.0914 3916 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 22:53:44.0945 3916 AmdK8 - ok 22:53:44.0976 3916 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 22:53:44.0992 3916 AmdPPM - ok 22:53:45.0039 3916 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 22:53:45.0054 3916 amdsata - ok 22:53:45.0101 3916 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 22:53:45.0132 3916 amdsbs - ok 22:53:45.0148 3916 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 22:53:45.0164 3916 amdxata - ok 22:53:45.0507 3916 AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 22:53:45.0507 3916 AntiVirSchedulerService - ok 22:53:45.0663 3916 AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 22:53:45.0663 3916 AntiVirService - ok 22:53:45.0710 3916 AntiVirWebService (e38ba9fab3981a2115c53260b930fd3c) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 22:53:45.0710 3916 AntiVirWebService - ok 22:53:45.0772 3916 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 22:53:45.0772 3916 AppID - ok 22:53:45.0803 3916 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 22:53:45.0803 3916 AppIDSvc - ok 22:53:45.0834 3916 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 22:53:45.0850 3916 Appinfo - ok 22:53:45.0928 3916 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:53:45.0944 3916 Apple Mobile Device - ok 22:53:46.0022 3916 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 22:53:46.0037 3916 AppMgmt - ok 22:53:46.0068 3916 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 22:53:46.0115 3916 arc - ok 22:53:46.0131 3916 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 22:53:46.0146 3916 arcsas - ok 22:53:46.0162 3916 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 22:53:46.0178 3916 AsyncMac - ok 22:53:46.0193 3916 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 22:53:46.0193 3916 atapi - ok 22:53:46.0334 3916 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 22:53:46.0334 3916 AudioEndpointBuilder - ok 22:53:46.0349 3916 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 22:53:46.0349 3916 AudioSrv - ok 22:53:46.0427 3916 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys 22:53:46.0443 3916 avgntflt - ok 22:53:46.0490 3916 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys 22:53:46.0490 3916 avipbb - ok 22:53:46.0521 3916 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 22:53:46.0521 3916 avkmgr - ok 22:53:46.0583 3916 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 22:53:46.0599 3916 AxInstSV - ok 22:53:46.0755 3916 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 22:53:46.0817 3916 b06bdrv - ok 22:53:46.0973 3916 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 22:53:47.0004 3916 b57nd60a - ok 22:53:47.0036 3916 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 22:53:47.0082 3916 BDESVC - ok 22:53:47.0114 3916 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 22:53:47.0114 3916 Beep - ok 22:53:47.0223 3916 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 22:53:47.0363 3916 BFE - ok 22:53:47.0675 3916 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll 22:53:47.0769 3916 BITS - ok 22:53:47.0878 3916 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 22:53:47.0878 3916 blbdrive - ok 22:53:48.0128 3916 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 22:53:48.0237 3916 Bonjour Service - ok 22:53:48.0362 3916 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 22:53:48.0393 3916 bowser - ok 22:53:48.0424 3916 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 22:53:48.0440 3916 BrFiltLo - ok 22:53:48.0440 3916 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 22:53:48.0455 3916 BrFiltUp - ok 22:53:48.0471 3916 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 22:53:48.0471 3916 Browser - ok 22:53:48.0580 3916 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 22:53:48.0642 3916 Brserid - ok 22:53:48.0658 3916 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 22:53:48.0674 3916 BrSerWdm - ok 22:53:48.0674 3916 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 22:53:48.0674 3916 BrUsbMdm - ok 22:53:48.0705 3916 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 22:53:48.0705 3916 BrUsbSer - ok 22:53:48.0736 3916 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 22:53:48.0736 3916 BTHMODEM - ok 22:53:48.0783 3916 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 22:53:48.0783 3916 bthserv - ok 22:53:48.0814 3916 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 22:53:48.0861 3916 cdfs - ok 22:53:48.0876 3916 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 22:53:48.0892 3916 cdrom - ok 22:53:48.0970 3916 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 22:53:49.0001 3916 CertPropSvc - ok 22:53:49.0048 3916 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 22:53:49.0064 3916 circlass - ok 22:53:49.0110 3916 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 22:53:49.0173 3916 CLFS - ok 22:53:49.0251 3916 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:53:49.0282 3916 clr_optimization_v2.0.50727_32 - ok 22:53:49.0344 3916 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:53:49.0360 3916 clr_optimization_v2.0.50727_64 - ok 22:53:49.0438 3916 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:53:49.0547 3916 clr_optimization_v4.0.30319_32 - ok 22:53:49.0578 3916 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:53:49.0610 3916 clr_optimization_v4.0.30319_64 - ok 22:53:49.0625 3916 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 22:53:49.0641 3916 CmBatt - ok 22:53:49.0656 3916 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 22:53:49.0672 3916 cmdide - ok 22:53:49.0734 3916 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys 22:53:49.0797 3916 CNG - ok 22:53:49.0812 3916 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 22:53:49.0812 3916 Compbatt - ok 22:53:49.0844 3916 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 22:53:49.0859 3916 CompositeBus - ok 22:53:49.0875 3916 COMSysApp - ok 22:53:49.0890 3916 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 22:53:49.0890 3916 crcdisk - ok 22:53:49.0937 3916 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll 22:53:49.0968 3916 CryptSvc - ok 22:53:50.0031 3916 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 22:53:50.0093 3916 CSC - ok 22:53:50.0265 3916 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll 22:53:50.0280 3916 CscService - ok 22:53:50.0358 3916 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 22:53:50.0358 3916 DcomLaunch - ok 22:53:50.0452 3916 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 22:53:50.0592 3916 defragsvc - ok 22:53:50.0686 3916 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 22:53:50.0702 3916 DfsC - ok 22:53:50.0780 3916 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 22:53:50.0795 3916 Dhcp - ok 22:53:50.0811 3916 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 22:53:50.0826 3916 discache - ok 22:53:50.0889 3916 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 22:53:50.0904 3916 Disk - ok 22:53:50.0967 3916 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 22:53:51.0029 3916 Dnscache - ok 22:53:51.0045 3916 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 22:53:51.0060 3916 dot3svc - ok 22:53:51.0185 3916 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys 22:53:51.0201 3916 Dot4 - ok 22:53:51.0216 3916 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys 22:53:51.0216 3916 Dot4Print - ok 22:53:51.0248 3916 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys 22:53:51.0263 3916 dot4usb - ok 22:53:51.0279 3916 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 22:53:51.0279 3916 DPS - ok 22:53:51.0310 3916 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 22:53:51.0326 3916 drmkaud - ok 22:53:51.0388 3916 dump_wmimmc - ok 22:53:51.0450 3916 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 22:53:51.0482 3916 DXGKrnl - ok 22:53:51.0513 3916 EagleX64 - ok 22:53:51.0544 3916 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 22:53:51.0544 3916 EapHost - ok 22:53:51.0684 3916 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 22:53:51.0809 3916 ebdrv - ok 22:53:51.0887 3916 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 22:53:51.0887 3916 EFS - ok 22:53:51.0950 3916 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe 22:53:52.0012 3916 ehRecvr - ok 22:53:52.0043 3916 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 22:53:52.0059 3916 ehSched - ok 22:53:52.0137 3916 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 22:53:52.0168 3916 elxstor - ok 22:53:52.0184 3916 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 22:53:52.0199 3916 ErrDev - ok 22:53:52.0246 3916 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 22:53:52.0246 3916 EventSystem - ok 22:53:52.0277 3916 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 22:53:52.0277 3916 exfat - ok 22:53:52.0293 3916 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 22:53:52.0308 3916 fastfat - ok 22:53:52.0355 3916 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 22:53:52.0371 3916 Fax - ok 22:53:52.0386 3916 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 22:53:52.0386 3916 fdc - ok 22:53:52.0418 3916 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 22:53:52.0418 3916 fdPHost - ok 22:53:52.0464 3916 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 22:53:52.0464 3916 FDResPub - ok 22:53:52.0480 3916 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 22:53:52.0496 3916 FileInfo - ok 22:53:52.0511 3916 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 22:53:52.0527 3916 Filetrace - ok 22:53:52.0527 3916 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 22:53:52.0542 3916 flpydisk - ok 22:53:52.0574 3916 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 22:53:52.0620 3916 FltMgr - ok 22:53:52.0730 3916 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll 22:53:52.0792 3916 FontCache - ok 22:53:52.0886 3916 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:53:52.0917 3916 FontCache3.0.0.0 - ok 22:53:52.0979 3916 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 22:53:53.0042 3916 FsDepends - ok 22:53:53.0104 3916 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys 22:53:53.0104 3916 Fs_Rec - ok 22:53:53.0151 3916 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 22:53:53.0229 3916 fvevol - ok 22:53:53.0244 3916 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 22:53:53.0260 3916 gagp30kx - ok 22:53:53.0291 3916 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 22:53:53.0291 3916 GEARAspiWDM - ok 22:53:53.0338 3916 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 22:53:53.0354 3916 gpsvc - ok 22:53:53.0541 3916 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:53:53.0556 3916 gupdate - ok 22:53:53.0572 3916 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:53:53.0572 3916 gupdatem - ok 22:53:53.0603 3916 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 22:53:53.0619 3916 hcw85cir - ok 22:53:53.0666 3916 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 22:53:53.0697 3916 HdAudAddService - ok 22:53:53.0712 3916 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 22:53:53.0728 3916 HDAudBus - ok 22:53:53.0744 3916 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 22:53:53.0759 3916 HidBatt - ok 22:53:53.0775 3916 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 22:53:53.0775 3916 HidBth - ok 22:53:53.0790 3916 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 22:53:53.0790 3916 HidIr - ok 22:53:53.0806 3916 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 22:53:53.0822 3916 hidserv - ok 22:53:53.0853 3916 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 22:53:53.0853 3916 HidUsb - ok 22:53:53.0884 3916 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 22:53:53.0884 3916 hkmsvc - ok 22:53:53.0915 3916 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 22:53:53.0946 3916 HomeGroupListener - ok 22:53:53.0978 3916 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 22:53:53.0993 3916 HomeGroupProvider - ok 22:53:54.0087 3916 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 22:53:54.0102 3916 hpqcxs08 - ok 22:53:54.0118 3916 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 22:53:54.0118 3916 hpqddsvc - ok 22:53:54.0149 3916 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 22:53:54.0165 3916 HpSAMD - ok 22:53:54.0274 3916 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 22:53:54.0368 3916 HTTP - ok 22:53:54.0368 3916 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 22:53:54.0383 3916 hwpolicy - ok 22:53:54.0414 3916 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 22:53:54.0430 3916 i8042prt - ok 22:53:54.0461 3916 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 22:53:54.0492 3916 iaStorV - ok 22:53:54.0570 3916 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:53:54.0664 3916 idsvc - ok 22:53:54.0851 3916 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 22:53:54.0867 3916 iirsp - ok 22:53:55.0023 3916 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 22:53:55.0038 3916 IKEEXT - ok 22:53:55.0070 3916 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 22:53:55.0085 3916 intelide - ok 22:53:55.0148 3916 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 22:53:55.0148 3916 intelppm - ok 22:53:55.0226 3916 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 22:53:55.0226 3916 IPBusEnum - ok 22:53:55.0272 3916 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:53:55.0272 3916 IpFilterDriver - ok 22:53:55.0366 3916 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 22:53:55.0428 3916 iphlpsvc - ok 22:53:55.0475 3916 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 22:53:55.0491 3916 IPMIDRV - ok 22:53:55.0522 3916 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 22:53:55.0538 3916 IPNAT - ok 22:53:55.0616 3916 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe 22:53:55.0647 3916 iPod Service - ok 22:53:55.0678 3916 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 22:53:55.0678 3916 IRENUM - ok 22:53:55.0709 3916 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 22:53:55.0709 3916 isapnp - ok 22:53:55.0756 3916 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 22:53:55.0787 3916 iScsiPrt - ok 22:53:55.0818 3916 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 22:53:55.0834 3916 kbdclass - ok 22:53:55.0850 3916 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 22:53:55.0850 3916 kbdhid - ok 22:53:55.0881 3916 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 22:53:55.0881 3916 KeyIso - ok 22:53:55.0912 3916 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys 22:53:55.0943 3916 KSecDD - ok 22:53:55.0974 3916 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys 22:53:56.0006 3916 KSecPkg - ok 22:53:56.0037 3916 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 22:53:56.0037 3916 ksthunk - ok 22:53:56.0099 3916 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 22:53:56.0146 3916 KtmRm - ok 22:53:56.0193 3916 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll 22:53:56.0193 3916 LanmanServer - ok 22:53:56.0240 3916 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 22:53:56.0240 3916 LanmanWorkstation - ok 22:53:56.0318 3916 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 22:53:56.0318 3916 lltdio - ok 22:53:56.0380 3916 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 22:53:56.0411 3916 lltdsvc - ok 22:53:56.0427 3916 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 22:53:56.0427 3916 lmhosts - ok 22:53:56.0458 3916 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 22:53:56.0474 3916 LSI_FC - ok 22:53:56.0505 3916 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 22:53:56.0520 3916 LSI_SAS - ok 22:53:56.0552 3916 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 22:53:56.0567 3916 LSI_SAS2 - ok 22:53:56.0583 3916 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 22:53:56.0598 3916 LSI_SCSI - ok 22:53:56.0614 3916 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 22:53:56.0630 3916 luafv - ok 22:53:56.0801 3916 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe 22:53:56.0848 3916 McComponentHostService - ok 22:53:56.0879 3916 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 22:53:56.0910 3916 Mcx2Svc - ok 22:53:56.0957 3916 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 22:53:56.0957 3916 megasas - ok 22:53:57.0020 3916 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 22:53:57.0035 3916 MegaSR - ok 22:53:57.0066 3916 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 22:53:57.0082 3916 MMCSS - ok 22:53:57.0082 3916 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 22:53:57.0098 3916 Modem - ok 22:53:57.0129 3916 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 22:53:57.0144 3916 monitor - ok 22:53:57.0207 3916 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 22:53:57.0222 3916 mouclass - ok 22:53:57.0269 3916 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 22:53:57.0285 3916 mouhid - ok 22:53:57.0347 3916 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 22:53:57.0378 3916 mountmgr - ok 22:53:57.0472 3916 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 22:53:57.0488 3916 MozillaMaintenance - ok 22:53:57.0534 3916 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 22:53:57.0550 3916 mpio - ok 22:53:57.0566 3916 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 22:53:57.0597 3916 mpsdrv - ok 22:53:57.0706 3916 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 22:53:57.0722 3916 MpsSvc - ok 22:53:57.0737 3916 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 22:53:57.0768 3916 MRxDAV - ok 22:53:57.0815 3916 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 22:53:57.0831 3916 mrxsmb - ok 22:53:57.0878 3916 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:53:57.0909 3916 mrxsmb10 - ok 22:53:57.0940 3916 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:53:57.0956 3916 mrxsmb20 - ok 22:53:57.0971 3916 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 22:53:57.0987 3916 msahci - ok 22:53:58.0018 3916 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 22:53:58.0049 3916 msdsm - ok 22:53:58.0080 3916 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 22:53:58.0112 3916 MSDTC - ok 22:53:58.0143 3916 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 22:53:58.0143 3916 Msfs - ok 22:53:58.0158 3916 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 22:53:58.0174 3916 mshidkmdf - ok 22:53:58.0190 3916 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 22:53:58.0205 3916 msisadrv - ok 22:53:58.0424 3916 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 22:53:58.0439 3916 MSiSCSI - ok 22:53:58.0455 3916 msiserver - ok 22:53:58.0517 3916 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 22:53:58.0533 3916 MSKSSRV - ok 22:53:58.0580 3916 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 22:53:58.0595 3916 MSPCLOCK - ok 22:53:58.0626 3916 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 22:53:58.0626 3916 MSPQM - ok 22:53:58.0751 3916 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 22:53:58.0798 3916 MsRPC - ok 22:53:58.0814 3916 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 22:53:58.0829 3916 mssmbios - ok 22:53:58.0860 3916 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 22:53:58.0876 3916 MSTEE - ok 22:53:58.0907 3916 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 22:53:58.0923 3916 MTConfig - ok 22:53:58.0985 3916 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 22:53:58.0985 3916 Mup - ok 22:53:59.0032 3916 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 22:53:59.0094 3916 napagent - ok 22:53:59.0157 3916 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 22:53:59.0204 3916 NativeWifiP - ok 22:53:59.0469 3916 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 22:53:59.0578 3916 NDIS - ok 22:53:59.0625 3916 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 22:53:59.0625 3916 NdisCap - ok 22:53:59.0656 3916 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 22:53:59.0672 3916 NdisTapi - ok 22:53:59.0687 3916 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 22:53:59.0703 3916 Ndisuio - ok 22:53:59.0734 3916 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 22:53:59.0765 3916 NdisWan - ok 22:53:59.0781 3916 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 22:53:59.0796 3916 NDProxy - ok 22:53:59.0843 3916 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll 22:53:59.0859 3916 Net Driver HPZ12 - ok 22:53:59.0890 3916 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 22:53:59.0906 3916 NetBIOS - ok 22:53:59.0952 3916 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 22:53:59.0999 3916 NetBT - ok 22:54:00.0030 3916 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 22:54:00.0030 3916 Netlogon - ok 22:54:00.0093 3916 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 22:54:00.0093 3916 Netman - ok 22:54:00.0155 3916 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 22:54:00.0171 3916 netprofm - ok 22:54:00.0264 3916 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:54:00.0296 3916 NetTcpPortSharing - ok 22:54:00.0358 3916 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 22:54:00.0374 3916 nfrd960 - ok 22:54:00.0436 3916 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 22:54:00.0452 3916 NlaSvc - ok 22:54:00.0467 3916 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 22:54:00.0467 3916 Npfs - ok 22:54:00.0514 3916 npggsvc - ok 22:54:00.0545 3916 NPPTNT2 - ok 22:54:00.0576 3916 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 22:54:00.0576 3916 nsi - ok 22:54:00.0592 3916 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 22:54:00.0608 3916 nsiproxy - ok 22:54:00.0701 3916 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 22:54:00.0779 3916 Ntfs - ok 22:54:00.0951 3916 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 22:54:00.0951 3916 Null - ok 22:54:01.0076 3916 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 22:54:01.0122 3916 NVENETFD - ok 22:54:02.0386 3916 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:54:02.0495 3916 nvlddmkm - ok 22:54:02.0667 3916 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 22:54:02.0682 3916 nvraid - ok 22:54:02.0714 3916 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys 22:54:02.0729 3916 nvsmu - ok 22:54:02.0745 3916 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 22:54:02.0760 3916 nvstor - ok 22:54:02.0854 3916 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe 22:54:02.0870 3916 nvsvc - ok 22:54:03.0213 3916 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 22:54:03.0369 3916 nvUpdatusService - ok 22:54:03.0509 3916 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 22:54:03.0525 3916 nv_agp - ok 22:54:03.0540 3916 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 22:54:03.0556 3916 ohci1394 - ok 22:54:03.0618 3916 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 22:54:03.0650 3916 p2pimsvc - ok 22:54:03.0681 3916 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 22:54:03.0728 3916 p2psvc - ok 22:54:03.0759 3916 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 22:54:03.0774 3916 Parport - ok 22:54:03.0806 3916 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys 22:54:03.0821 3916 partmgr - ok 22:54:03.0837 3916 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 22:54:03.0852 3916 PcaSvc - ok 22:54:03.0868 3916 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 22:54:03.0899 3916 pci - ok 22:54:03.0915 3916 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 22:54:03.0930 3916 pciide - ok 22:54:03.0962 3916 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 22:54:03.0993 3916 pcmcia - ok 22:54:04.0008 3916 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 22:54:04.0024 3916 pcw - ok 22:54:04.0086 3916 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 22:54:04.0149 3916 PEAUTH - ok 22:54:04.0383 3916 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 22:54:04.0461 3916 PeerDistSvc - ok 22:54:04.0586 3916 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 22:54:04.0601 3916 PerfHost - ok 22:54:04.0788 3916 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 22:54:04.0851 3916 pla - ok 22:54:05.0116 3916 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll 22:54:05.0116 3916 PlugPlay - ok 22:54:05.0241 3916 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll 22:54:05.0241 3916 Pml Driver HPZ12 - ok 22:54:05.0272 3916 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 22:54:05.0288 3916 PNRPAutoReg - ok 22:54:05.0319 3916 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 22:54:05.0319 3916 PNRPsvc - ok 22:54:05.0428 3916 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 22:54:05.0475 3916 PolicyAgent - ok 22:54:05.0506 3916 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 22:54:05.0506 3916 Power - ok 22:54:05.0568 3916 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 22:54:05.0568 3916 PptpMiniport - ok 22:54:05.0600 3916 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 22:54:05.0615 3916 Processor - ok 22:54:05.0646 3916 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll 22:54:05.0662 3916 ProfSvc - ok 22:54:05.0678 3916 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 22:54:05.0678 3916 ProtectedStorage - ok 22:54:05.0693 3916 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 22:54:05.0709 3916 Psched - ok 22:54:05.0787 3916 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 22:54:05.0849 3916 ql2300 - ok 22:54:05.0943 3916 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 22:54:05.0958 3916 ql40xx - ok 22:54:06.0005 3916 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 22:54:06.0036 3916 QWAVE - ok 22:54:06.0052 3916 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 22:54:06.0052 3916 QWAVEdrv - ok 22:54:06.0068 3916 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 22:54:06.0083 3916 RasAcd - ok 22:54:06.0130 3916 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 22:54:06.0130 3916 RasAgileVpn - ok 22:54:06.0161 3916 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 22:54:06.0192 3916 RasAuto - ok 22:54:06.0239 3916 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 22:54:06.0302 3916 Rasl2tp - ok 22:54:06.0380 3916 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 22:54:06.0411 3916 RasMan - ok 22:54:06.0442 3916 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 22:54:06.0473 3916 RasPppoe - ok 22:54:06.0489 3916 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 22:54:06.0504 3916 RasSstp - ok 22:54:06.0567 3916 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 22:54:06.0582 3916 rdbss - ok 22:54:06.0614 3916 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 22:54:06.0660 3916 rdpbus - ok 22:54:06.0676 3916 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 22:54:06.0692 3916 RDPCDD - ok 22:54:06.0723 3916 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 22:54:06.0754 3916 RDPDR - ok 22:54:06.0770 3916 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 22:54:06.0770 3916 RDPENCDD - ok 22:54:06.0801 3916 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 22:54:06.0801 3916 RDPREFMP - ok 22:54:06.0832 3916 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys 22:54:06.0863 3916 RDPWD - ok 22:54:06.0910 3916 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 22:54:06.0926 3916 rdyboost - ok 22:54:06.0957 3916 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 22:54:06.0972 3916 RemoteAccess - ok 22:54:07.0004 3916 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 22:54:07.0035 3916 RemoteRegistry - ok 22:54:07.0050 3916 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 22:54:07.0066 3916 RpcEptMapper - ok 22:54:07.0082 3916 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 22:54:07.0113 3916 RpcLocator - ok 22:54:07.0206 3916 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 22:54:07.0206 3916 RpcSs - ok 22:54:07.0284 3916 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 22:54:07.0300 3916 rspndr - ok 22:54:07.0394 3916 RTL8192su (fc00c0de6dc83de1b2b01420e2195b21) C:\Windows\system32\DRIVERS\RTL8192su.sys 22:54:07.0440 3916 RTL8192su - ok 22:54:07.0456 3916 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 22:54:07.0456 3916 s3cap - ok 22:54:07.0487 3916 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 22:54:07.0487 3916 SamSs - ok 22:54:07.0581 3916 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 22:54:07.0581 3916 SASDIFSV - ok 22:54:07.0628 3916 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 22:54:07.0628 3916 SASKUTIL - ok 22:54:07.0659 3916 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 22:54:07.0674 3916 sbp2port - ok 22:54:07.0830 3916 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 22:54:07.0862 3916 SCardSvr - ok 22:54:07.0955 3916 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 22:54:07.0971 3916 scfilter - ok 22:54:08.0033 3916 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 22:54:08.0033 3916 Schedule - ok 22:54:08.0080 3916 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 22:54:08.0080 3916 SCPolicySvc - ok 22:54:08.0111 3916 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 22:54:08.0174 3916 SDRSVC - ok 22:54:08.0236 3916 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 22:54:08.0236 3916 secdrv - ok 22:54:08.0298 3916 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 22:54:08.0330 3916 seclogon - ok 22:54:08.0376 3916 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 22:54:08.0376 3916 SENS - ok 22:54:08.0392 3916 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 22:54:08.0408 3916 SensrSvc - ok 22:54:08.0439 3916 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 22:54:08.0439 3916 Serenum - ok 22:54:08.0470 3916 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 22:54:08.0486 3916 Serial - ok 22:54:08.0517 3916 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 22:54:08.0532 3916 sermouse - ok 22:54:08.0564 3916 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 22:54:08.0595 3916 SessionEnv - ok 22:54:08.0626 3916 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 22:54:08.0657 3916 sffdisk - ok 22:54:08.0673 3916 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 22:54:08.0673 3916 sffp_mmc - ok 22:54:08.0688 3916 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 22:54:08.0704 3916 sffp_sd - ok 22:54:08.0720 3916 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 22:54:08.0735 3916 sfloppy - ok 22:54:08.0798 3916 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 22:54:08.0829 3916 SharedAccess - ok 22:54:08.0876 3916 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 22:54:08.0876 3916 ShellHWDetection - ok 22:54:08.0907 3916 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 22:54:08.0922 3916 SiSRaid2 - ok 22:54:08.0938 3916 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 22:54:08.0954 3916 SiSRaid4 - ok 22:54:08.0969 3916 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 22:54:09.0000 3916 Smb - ok 22:54:09.0032 3916 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 22:54:09.0032 3916 SNMPTRAP - ok 22:54:09.0063 3916 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 22:54:09.0063 3916 spldr - ok 22:54:09.0125 3916 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 22:54:09.0141 3916 Spooler - ok 22:54:09.0578 3916 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 22:54:09.0749 3916 sppsvc - ok 22:54:09.0952 3916 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 22:54:09.0968 3916 sppuinotify - ok 22:54:10.0077 3916 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 22:54:10.0124 3916 srv - ok 22:54:10.0233 3916 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 22:54:10.0264 3916 srv2 - ok 22:54:10.0311 3916 SrvHsfPCIe (a42b22601cc2754428b5f82e040fd1c7) C:\Windows\system32\DRIVERS\VSTBS36.SYS 22:54:10.0358 3916 SrvHsfPCIe - ok 22:54:10.0404 3916 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 22:54:10.0498 3916 SrvHsfV92 - ok 22:54:10.0748 3916 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 22:54:10.0794 3916 SrvHsfWinac - ok 22:54:10.0841 3916 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 22:54:10.0857 3916 srvnet - ok 22:54:10.0904 3916 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 22:54:10.0935 3916 SSDPSRV - ok 22:54:10.0950 3916 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 22:54:10.0982 3916 SstpSvc - ok 22:54:11.0060 3916 Steam Client Service - ok 22:54:11.0153 3916 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 22:54:11.0153 3916 Stereo Service - ok 22:54:11.0169 3916 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 22:54:11.0184 3916 stexstor - ok 22:54:11.0356 3916 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 22:54:11.0387 3916 stisvc - ok 22:54:11.0418 3916 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 22:54:11.0418 3916 storflt - ok 22:54:11.0450 3916 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 22:54:11.0465 3916 storvsc - ok 22:54:11.0481 3916 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 22:54:11.0481 3916 swenum - ok 22:54:11.0730 3916 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 22:54:11.0762 3916 swprv - ok 22:54:11.0949 3916 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 22:54:11.0949 3916 SysMain - ok 22:54:12.0027 3916 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 22:54:12.0042 3916 TabletInputService - ok 22:54:12.0074 3916 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 22:54:12.0105 3916 TapiSrv - ok 22:54:12.0152 3916 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 22:54:12.0167 3916 TBS - ok 22:54:12.0370 3916 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys 22:54:12.0464 3916 Tcpip - ok 22:54:12.0807 3916 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys 22:54:12.0822 3916 TCPIP6 - ok 22:54:12.0947 3916 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 22:54:12.0963 3916 tcpipreg - ok 22:54:12.0994 3916 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 22:54:13.0010 3916 TDPIPE - ok 22:54:13.0025 3916 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 22:54:13.0025 3916 TDTCP - ok 22:54:13.0056 3916 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 22:54:13.0088 3916 tdx - ok 22:54:13.0103 3916 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 22:54:13.0119 3916 TermDD - ok 22:54:13.0228 3916 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 22:54:13.0290 3916 TermService - ok 22:54:13.0322 3916 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 22:54:13.0322 3916 Themes - ok 22:54:13.0353 3916 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 22:54:13.0353 3916 THREADORDER - ok 22:54:13.0384 3916 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 22:54:13.0384 3916 TrkWks - ok 22:54:13.0446 3916 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 22:54:13.0478 3916 TrustedInstaller - ok 22:54:13.0509 3916 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 22:54:13.0509 3916 tssecsrv - ok 22:54:13.0556 3916 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 22:54:13.0556 3916 tunnel - ok 22:54:13.0587 3916 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 22:54:13.0602 3916 uagp35 - ok 22:54:13.0634 3916 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 22:54:13.0649 3916 udfs - ok 22:54:13.0680 3916 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 22:54:13.0696 3916 UI0Detect - ok 22:54:13.0712 3916 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 22:54:13.0727 3916 uliagpkx - ok 22:54:13.0758 3916 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 22:54:13.0758 3916 umbus - ok 22:54:13.0774 3916 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 22:54:13.0790 3916 UmPass - ok 22:54:13.0821 3916 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll 22:54:13.0852 3916 UmRdpService - ok 22:54:13.0883 3916 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 22:54:13.0946 3916 upnphost - ok 22:54:13.0992 3916 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 22:54:13.0992 3916 USBAAPL64 - ok 22:54:14.0008 3916 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys 22:54:14.0024 3916 usbccgp - ok 22:54:14.0055 3916 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 22:54:14.0070 3916 usbcir - ok 22:54:14.0086 3916 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys 22:54:14.0102 3916 usbehci - ok 22:54:14.0148 3916 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys 22:54:14.0180 3916 usbhub - ok 22:54:14.0180 3916 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys 22:54:14.0195 3916 usbohci - ok 22:54:14.0226 3916 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 22:54:14.0242 3916 usbprint - ok 22:54:14.0289 3916 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 22:54:14.0304 3916 usbscan - ok 22:54:14.0320 3916 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:54:14.0351 3916 USBSTOR - ok 22:54:14.0367 3916 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys 22:54:14.0367 3916 usbuhci - ok 22:54:14.0398 3916 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 22:54:14.0398 3916 UxSms - ok 22:54:14.0414 3916 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 22:54:14.0414 3916 VaultSvc - ok 22:54:14.0429 3916 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 22:54:14.0445 3916 vdrvroot - ok 22:54:14.0507 3916 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 22:54:14.0554 3916 vds - ok 22:54:14.0570 3916 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 22:54:14.0585 3916 vga - ok 22:54:14.0601 3916 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 22:54:14.0601 3916 VgaSave - ok 22:54:14.0632 3916 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 22:54:14.0663 3916 vhdmp - ok 22:54:14.0663 3916 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 22:54:14.0679 3916 viaide - ok 22:54:14.0710 3916 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 22:54:14.0710 3916 vmbus - ok 22:54:14.0726 3916 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 22:54:14.0741 3916 VMBusHID - ok 22:54:14.0757 3916 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 22:54:14.0772 3916 volmgr - ok 22:54:14.0819 3916 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 22:54:14.0866 3916 volmgrx - ok 22:54:14.0913 3916 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 22:54:14.0944 3916 volsnap - ok 22:54:14.0991 3916 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 22:54:15.0022 3916 vsmraid - ok 22:54:15.0240 3916 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 22:54:15.0381 3916 VSS - ok 22:54:15.0459 3916 vtany - ok 22:54:16.0535 3916 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 22:54:16.0832 3916 vwifibus - ok 22:54:17.0502 3916 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 22:54:17.0534 3916 vwififlt - ok 22:54:18.0111 3916 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 22:54:18.0173 3916 W32Time - ok 22:54:18.0204 3916 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 22:54:18.0236 3916 WacomPen - ok 22:54:18.0329 3916 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 22:54:18.0345 3916 WANARP - ok 22:54:18.0360 3916 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 22:54:18.0360 3916 Wanarpv6 - ok 22:54:18.0438 3916 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 22:54:18.0532 3916 WatAdminSvc - ok 22:54:18.0594 3916 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 22:54:18.0672 3916 wbengine - ok 22:54:18.0828 3916 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 22:54:18.0844 3916 WbioSrvc - ok 22:54:18.0891 3916 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll 22:54:18.0922 3916 wcncsvc - ok 22:54:18.0938 3916 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 22:54:18.0953 3916 WcsPlugInService - ok 22:54:18.0984 3916 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 22:54:18.0984 3916 Wd - ok 22:54:19.0062 3916 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 22:54:19.0109 3916 Wdf01000 - ok 22:54:19.0125 3916 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 22:54:19.0140 3916 WdiServiceHost - ok 22:54:19.0140 3916 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 22:54:19.0140 3916 WdiSystemHost - ok 22:54:19.0187 3916 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll 22:54:19.0312 3916 WebClient - ok 22:54:19.0406 3916 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 22:54:19.0421 3916 Wecsvc - ok 22:54:19.0437 3916 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 22:54:19.0452 3916 wercplsupport - ok 22:54:19.0484 3916 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 22:54:19.0499 3916 WerSvc - ok 22:54:19.0530 3916 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 22:54:19.0546 3916 WfpLwf - ok 22:54:19.0562 3916 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 22:54:19.0577 3916 WIMMount - ok 22:54:19.0608 3916 WinDefend - ok 22:54:19.0624 3916 WinHttpAutoProxySvc - ok 22:54:19.0702 3916 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 22:54:19.0702 3916 Winmgmt - ok 22:54:19.0827 3916 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 22:54:19.0920 3916 WinRM - ok 22:54:20.0154 3916 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 22:54:20.0170 3916 Wlansvc - ok 22:54:20.0248 3916 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 22:54:20.0248 3916 WmiAcpi - ok 22:54:20.0310 3916 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 22:54:20.0342 3916 wmiApSrv - ok 22:54:20.0373 3916 WMPNetworkSvc - ok 22:54:20.0404 3916 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 22:54:20.0420 3916 WPCSvc - ok 22:54:20.0451 3916 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 22:54:20.0451 3916 WPDBusEnum - ok 22:54:20.0466 3916 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 22:54:20.0482 3916 ws2ifsl - ok 22:54:20.0498 3916 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll 22:54:20.0513 3916 wscsvc - ok 22:54:20.0529 3916 WSearch - ok 22:54:20.0654 3916 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 22:54:20.0763 3916 wuauserv - ok 22:54:20.0903 3916 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 22:54:20.0934 3916 WudfPf - ok 22:54:20.0966 3916 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 22:54:20.0981 3916 WUDFRd - ok 22:54:21.0012 3916 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 22:54:21.0012 3916 wudfsvc - ok 22:54:21.0044 3916 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 22:54:21.0075 3916 WwanSvc - ok 22:54:21.0106 3916 xsherlock - ok 22:54:21.0122 3916 xspirit - ok 22:54:21.0153 3916 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 22:54:21.0387 3916 \Device\Harddisk0\DR0 - ok 22:54:21.0387 3916 Boot (0x1200) (5f35d90b0ab8157488fa58d07b0bc982) \Device\Harddisk0\DR0\Partition0 22:54:21.0402 3916 \Device\Harddisk0\DR0\Partition0 - ok 22:54:21.0418 3916 Boot (0x1200) (338a0e5de7d59309f79e937f0ae3e543) \Device\Harddisk0\DR0\Partition1 22:54:21.0418 3916 \Device\Harddisk0\DR0\Partition1 - ok 22:54:21.0418 3916 ============================================================ 22:54:21.0418 3916 Scan finished 22:54:21.0418 3916 ============================================================ 22:54:21.0434 3940 Detected object count: 0 22:54:21.0434 3940 Actual detected object count: 0
- July 19, 2012
- 25 replies
Please help! random advertisement playing in background, possible malware =[

michael123 replied to michael123's topic in Resolved Malware Removal Logs

TDSSKILLER log; {\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fnil\fcharset0 Tahoma;}{\f1\fnil\fcharset0 Calibri;}} {\colortbl ;\red0\green0\blue0;} {\*\generator Msftedit 5.41.21.2509;}\viewkind4\uc1\pard\cf1\f0\fs18 19:54:13.0735 1568\tab TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11\par 19:54:14.0192 1568\tab ============================================================\par 19:54:14.0192 1568\tab Current date / time: 2012/07/18 19:54:14.0192\par 19:54:14.0193 1568\tab SystemInfo:\par 19:54:14.0193 1568\tab\par 19:54:14.0193 1568\tab OS Version: 6.1.7600 ServicePack: 0.0\par 19:54:14.0193 1568\tab Product type: Workstation\par 19:54:14.0193 1568\tab ComputerName: BUGSBUNNY-PC\par 19:54:14.0193 1568\tab UserName: Bugs Bunny\par 19:54:14.0193 1568\tab Windows directory: C:\\Windows\par 19:54:14.0193 1568\tab System windows directory: C:\\Windows\par 19:54:14.0193 1568\tab Running under WOW64\par 19:54:14.0193 1568\tab Processor architecture: Intel x64\par 19:54:14.0193 1568\tab Number of processors: 4\par 19:54:14.0193 1568\tab Page size: 0x1000\par 19:54:14.0193 1568\tab Boot type: Normal boot\par 19:54:14.0193 1568\tab ============================================================\par 19:54:16.0098 1568\tab Drive \\Device\\Harddisk0\\DR0 - Size: 0xAEA8CDDA00 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040\par 19:54:16.0117 1568\tab ============================================================\par 19:54:16.0117 1568\tab\\Device\\Harddisk0\\DR0:\par 19:54:16.0118 1568\tab MBR partitions:\par 19:54:16.0118 1568\tab\\Device\\Harddisk0\\DR0\\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000\par 19:54:16.0118 1568\tab\\Device\\Harddisk0\\DR0\\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000\par 19:54:16.0118 1568\tab ============================================================\par 19:54:16.0148 1568\tab C: <-> \\Device\\Harddisk0\\DR0\\Partition1\par 19:54:16.0175 1568\tab I: <-> \\Device\\Harddisk0\\DR0\\Partition0\par 19:54:16.0175 1568\tab ============================================================\par 19:54:16.0175 1568\tab Initialize success\par 19:54:16.0175 1568\tab ============================================================\par 19:57:38.0298 2428\tab ============================================================\par 19:57:38.0298 2428\tab Scan started\par 19:57:38.0298 2428\tab Mode: Manual; \par 19:57:38.0298 2428\tab ============================================================\par 19:57:39.0447 2428\tab !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\\Program Files\\SUPERAntiSpyware\\SASCORE64.EXE\par 19:57:39.0460 2428\tab !SASCORE - ok\par 19:57:41.0255 2428\tab 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\\Windows\\system32\\DRIVERS\\1394ohci.sys\par 19:57:41.0278 2428\tab 1394ohci - ok\par 19:57:41.0535 2428\tab ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\\Windows\\system32\\DRIVERS\\ACPI.sys\par 19:57:41.0560 2428\tab ACPI - ok\par 19:57:41.0602 2428\tab AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\\Windows\\system32\\DRIVERS\\acpipmi.sys\par 19:57:41.0624 2428\tab AcpiPmi - ok\par 19:57:41.0838 2428\tab AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe\par 19:57:45.0803 2428\tab AdobeARMservice - ok\par 19:57:47.0250 2428\tab AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe\par 19:57:47.0254 2428\tab AdobeFlashPlayerUpdateSvc - ok\par 19:57:47.0319 2428\tab adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\\Windows\\system32\\DRIVERS\\adp94xx.sys\par 19:57:47.0337 2428\tab adp94xx - ok\par 19:57:47.0409 2428\tab adpahci (597f78224ee9224ea1a13d6350ced962) C:\\Windows\\system32\\DRIVERS\\adpahci.sys\par 19:57:47.0414 2428\tab adpahci - ok\par 19:57:47.0442 2428\tab adpu320 (e109549c90f62fb570b9540c4b148e54) C:\\Windows\\system32\\DRIVERS\\adpu320.sys\par 19:57:47.0446 2428\tab adpu320 - ok\par 19:57:47.0476 2428\tab AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\\Windows\\System32\\aelupsvc.dll\par 19:57:47.0478 2428\tab AeLookupSvc - ok\par 19:57:47.0532 2428\tab AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\\Windows\\system32\\drivers\\afd.sys\par 19:57:47.0551 2428\tab AFD - ok\par 19:57:47.0588 2428\tab agp440 (608c14dba7299d8cb6ed035a68a15799) C:\\Windows\\system32\\DRIVERS\\agp440.sys\par 19:57:47.0592 2428\tab agp440 - ok\par 19:57:47.0609 2428\tab ALG (3290d6946b5e30e70414990574883ddb) C:\\Windows\\System32\\alg.exe\par 19:57:47.0613 2428\tab ALG - ok\par 19:57:47.0658 2428\tab aliide (5812713a477a3ad7363c7438ca2ee038) C:\\Windows\\system32\\DRIVERS\\aliide.sys\par 19:57:47.0659 2428\tab aliide - ok\par 19:57:47.0673 2428\tab amdide (1ff8b4431c353ce385c875f194924c0c) C:\\Windows\\system32\\DRIVERS\\amdide.sys\par 19:57:47.0675 2428\tab amdide - ok\par 19:57:47.0703 2428\tab AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\\Windows\\system32\\DRIVERS\\amdk8.sys\par 19:57:47.0706 2428\tab AmdK8 - ok\par 19:57:47.0719 2428\tab AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\\Windows\\system32\\DRIVERS\\amdppm.sys\par 19:57:47.0721 2428\tab AmdPPM - ok\par 19:57:47.0740 2428\tab amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\\Windows\\system32\\drivers\\amdsata.sys\par 19:57:47.0743 2428\tab amdsata - ok\par 19:57:47.0767 2428\tab amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\\Windows\\system32\\DRIVERS\\amdsbs.sys\par 19:57:47.0772 2428\tab amdsbs - ok\par 19:57:47.0785 2428\tab amdxata (db27766102c7bf7e95140a2aa81d042e) C:\\Windows\\system32\\drivers\\amdxata.sys\par 19:57:47.0788 2428\tab amdxata - ok\par 19:57:48.0143 2428\tab AntiVirSchedulerService (0a1cc583e8147004e4ad4625d7fbf88c) C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\sched.exe\par 19:57:48.0145 2428\tab AntiVirSchedulerService - ok\par 19:57:48.0190 2428\tab AntiVirService (c9a36ef935aced86aedf93e97e606911) C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\avguard.exe\par 19:57:48.0192 2428\tab AntiVirService - ok\par 19:57:48.0252 2428\tab AntiVirWebService (e38ba9fab3981a2115c53260b930fd3c) C:\\Program Files (x86)\\Avira\\AntiVir Desktop\\AVWEBGRD.EXE\par 19:57:48.0274 2428\tab AntiVirWebService - ok\par 19:57:48.0323 2428\tab AppID (42fd751b27fa0e9c69bb39f39e409594) C:\\Windows\\system32\\drivers\\appid.sys\par 19:57:48.0325 2428\tab AppID - ok\par 19:57:48.0346 2428\tab AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\\Windows\\System32\\appidsvc.dll\par 19:57:48.0349 2428\tab AppIDSvc - ok\par 19:57:48.0372 2428\tab Appinfo (d065be66822847b7f127d1f90158376e) C:\\Windows\\System32\\appinfo.dll\par 19:57:48.0375 2428\tab Appinfo - ok\par 19:57:48.0420 2428\tab Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\\Program Files (x86)\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe\par 19:57:48.0422 2428\tab Apple Mobile Device - ok\par 19:57:48.0473 2428\tab AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\\Windows\\System32\\appmgmts.dll\par 19:57:48.0477 2428\tab AppMgmt - ok\par 19:57:48.0500 2428\tab arc (c484f8ceb1717c540242531db7845c4e) C:\\Windows\\system32\\DRIVERS\\arc.sys\par 19:57:48.0503 2428\tab arc - ok\par 19:57:48.0515 2428\tab arcsas (019af6924aefe7839f61c830227fe79c) C:\\Windows\\system32\\DRIVERS\\arcsas.sys\par 19:57:48.0518 2428\tab arcsas - ok\par 19:57:48.0539 2428\tab AsyncMac (769765ce2cc62867468cea93969b2242) C:\\Windows\\system32\\DRIVERS\\asyncmac.sys\par 19:57:48.0541 2428\tab AsyncMac - ok\par 19:57:48.0556 2428\tab atapi (02062c0b390b7729edc9e69c680a6f3c) C:\\Windows\\system32\\DRIVERS\\atapi.sys\par 19:57:48.0559 2428\tab atapi - ok\par 19:57:48.0596 2428\tab AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\\Windows\\System32\\Audiosrv.dll\par 19:57:48.0601 2428\tab AudioEndpointBuilder - ok\par 19:57:48.0608 2428\tab AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\\Windows\\System32\\Audiosrv.dll\par 19:57:48.0613 2428\tab AudioSrv - ok\par 19:57:48.0701 2428\tab avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\\Windows\\system32\\DRIVERS\\avgntflt.sys\par 19:57:48.0704 2428\tab avgntflt - ok\par 19:57:48.0733 2428\tab avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\\Windows\\system32\\DRIVERS\\avipbb.sys\par 19:57:48.0736 2428\tab avipbb - ok\par 19:57:48.0771 2428\tab avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\\Windows\\system32\\DRIVERS\\avkmgr.sys\par 19:57:48.0773 2428\tab avkmgr - ok\par 19:57:48.0805 2428\tab AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\\Windows\\System32\\AxInstSV.dll\par 19:57:48.0810 2428\tab AxInstSV - ok\par 19:57:48.0843 2428\tab b06bdrv (3e5b191307609f7514148c6832bb0842) C:\\Windows\\system32\\DRIVERS\\bxvbda.sys\par 19:57:48.0863 2428\tab b06bdrv - ok\par 19:57:48.0901 2428\tab b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\\Windows\\system32\\DRIVERS\\b57nd60a.sys\par 19:57:48.0918 2428\tab b57nd60a - ok\par 19:57:48.0970 2428\tab BDESVC (fde360167101b4e45a96f939f388aeb0) C:\\Windows\\System32\\bdesvc.dll\par 19:57:48.0973 2428\tab BDESVC - ok\par 19:57:48.0994 2428\tab Beep (16a47ce2decc9b099349a5f840654746) C:\\Windows\\system32\\drivers\\Beep.sys\par 19:57:48.0996 2428\tab Beep - ok\par 19:57:49.0077 2428\tab BFE (4992c609a6315671463e30f6512bc022) C:\\Windows\\System32\\bfe.dll\par 19:57:49.0103 2428\tab BFE - ok\par 19:57:49.0298 2428\tab BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\\Windows\\System32\\qmgr.dll\par 19:57:49.0331 2428\tab BITS - ok\par 19:57:49.0378 2428\tab blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\\Windows\\system32\\DRIVERS\\blbdrive.sys\par 19:57:49.0381 2428\tab blbdrive - ok\par 19:57:49.0535 2428\tab Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\\Program Files\\Bonjour\\mDNSResponder.exe\par 19:57:49.0540 2428\tab Bonjour Service - ok\par 19:57:49.0572 2428\tab bowser (19d20159708e152267e53b66677a4995) C:\\Windows\\system32\\DRIVERS\\bowser.sys\par 19:57:49.0576 2428\tab bowser - ok\par 19:57:49.0601 2428\tab BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\\Windows\\system32\\DRIVERS\\BrFiltLo.sys\par 19:57:49.0603 2428\tab BrFiltLo - ok\par 19:57:49.0622 2428\tab BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\\Windows\\system32\\DRIVERS\\BrFiltUp.sys\par 19:57:49.0631 2428\tab BrFiltUp - ok\par 19:57:49.0660 2428\tab Browser (94fbc06f294d58d02361918418f996e3) C:\\Windows\\System32\\browser.dll\par 19:57:49.0662 2428\tab Browser - ok\par 19:57:49.0690 2428\tab Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\\Windows\\System32\\Drivers\\Brserid.sys\par 19:57:49.0703 2428\tab Brserid - ok\par 19:57:49.0713 2428\tab BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\\Windows\\System32\\Drivers\\BrSerWdm.sys\par 19:57:49.0715 2428\tab BrSerWdm - ok\par 19:57:49.0719 2428\tab BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\\Windows\\System32\\Drivers\\BrUsbMdm.sys\par 19:57:49.0720 2428\tab BrUsbMdm - ok\par 19:57:49.0733 2428\tab BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\\Windows\\System32\\Drivers\\BrUsbSer.sys\par 19:57:49.0735 2428\tab BrUsbSer - ok\par 19:57:49.0756 2428\tab BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\\Windows\\system32\\DRIVERS\\bthmodem.sys\par 19:57:49.0759 2428\tab BTHMODEM - ok\par 19:57:49.0794 2428\tab bthserv (95f9c2976059462cbbf227f7aab10de9) C:\\Windows\\system32\\bthserv.dll\par 19:57:49.0798 2428\tab bthserv - ok\par 19:57:49.0823 2428\tab cdfs (b8bd2bb284668c84865658c77574381a) C:\\Windows\\system32\\DRIVERS\\cdfs.sys\par 19:57:49.0826 2428\tab cdfs - ok\par 19:57:49.0848 2428\tab cdrom (83d2d75e1efb81b3450c18131443f7db) C:\\Windows\\system32\\DRIVERS\\cdrom.sys\par 19:57:49.0853 2428\tab cdrom - ok\par 19:57:49.0884 2428\tab CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\\Windows\\System32\\certprop.dll\par 19:57:49.0888 2428\tab CertPropSvc - ok\par 19:57:49.0916 2428\tab circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\\Windows\\system32\\DRIVERS\\circlass.sys\par 19:57:49.0918 2428\tab circlass - ok\par 19:57:49.0948 2428\tab CLFS (fe1ec06f2253f691fe36217c592a0206) C:\\Windows\\system32\\CLFS.sys\par 19:57:49.0964 2428\tab CLFS - ok\par 19:57:50.0024 2428\tab clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe\par 19:57:50.0028 2428\tab clr_optimization_v2.0.50727_32 - ok\par 19:57:50.0066 2428\tab clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe\par 19:57:50.0071 2428\tab clr_optimization_v2.0.50727_64 - ok\par 19:57:50.0139 2428\tab clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe\par 19:57:50.0165 2428\tab clr_optimization_v4.0.30319_32 - ok\par 19:57:50.0199 2428\tab clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscorsvw.exe\par 19:57:50.0203 2428\tab clr_optimization_v4.0.30319_64 - ok\par 19:57:50.0226 2428\tab CmBatt (0840155d0bddf1190f84a663c284bd33) C:\\Windows\\system32\\DRIVERS\\CmBatt.sys\par 19:57:50.0228 2428\tab CmBatt - ok\par 19:57:50.0249 2428\tab cmdide (e19d3f095812725d88f9001985b94edd) C:\\Windows\\system32\\DRIVERS\\cmdide.sys\par 19:57:50.0251 2428\tab cmdide - ok\par 19:57:50.0296 2428\tab CNG (ca7720b73446fddec5c69519c1174c98) C:\\Windows\\system32\\Drivers\\cng.sys\par 19:57:50.0311 2428\tab CNG - ok\par 19:57:50.0337 2428\tab Compbatt (102de219c3f61415f964c88e9085ad14) C:\\Windows\\system32\\DRIVERS\\compbatt.sys\par 19:57:50.0339 2428\tab Compbatt - ok\par 19:57:50.0370 2428\tab CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\\Windows\\system32\\DRIVERS\\CompositeBus.sys\par 19:57:50.0373 2428\tab CompositeBus - ok\par 19:57:50.0387 2428\tab COMSysApp - ok\par 19:57:50.0403 2428\tab crcdisk (1c827878a998c18847245fe1f34ee597) C:\\Windows\\system32\\DRIVERS\\crcdisk.sys\par 19:57:50.0405 2428\tab crcdisk - ok\par 19:57:50.0433 2428\tab CryptSvc (f02786b66375292e58c8777082d4396d) C:\\Windows\\system32\\cryptsvc.dll\par 19:57:50.0435 2428\tab CryptSvc - ok\par 19:57:50.0469 2428\tab CSC (4a6173c2279b498cd8f57cae504564cb) C:\\Windows\\system32\\drivers\\csc.sys\par 19:57:50.0488 2428\tab CSC - ok\par 19:57:50.0527 2428\tab CscService (873fbf927c06e5cee04dec617502f8fd) C:\\Windows\\System32\\cscsvc.dll\par 19:57:50.0546 2428\tab CscService - ok\par 19:57:50.0586 2428\tab DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\\Windows\\system32\\rpcss.dll\par 19:57:50.0605 2428\tab DcomLaunch - ok\par 19:57:50.0636 2428\tab defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\\Windows\\System32\\defragsvc.dll\par 19:57:50.0652 2428\tab defragsvc - ok\par 19:57:50.0699 2428\tab DfsC (9c253ce7311ca60fc11c774692a13208) C:\\Windows\\system32\\Drivers\\dfsc.sys\par 19:57:50.0702 2428\tab DfsC - ok\par 19:57:50.0738 2428\tab Dhcp (ce3b9562d997f69b330d181a8875960f) C:\\Windows\\system32\\dhcpcore.dll\par 19:57:50.0754 2428\tab Dhcp - ok\par 19:57:50.0774 2428\tab discache (13096b05847ec78f0977f2c0f79e9ab3) C:\\Windows\\system32\\drivers\\discache.sys\par 19:57:50.0777 2428\tab discache - ok\par 19:57:50.0801 2428\tab Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\\Windows\\system32\\DRIVERS\\disk.sys\par 19:57:50.0804 2428\tab Disk - ok\par 19:57:50.0836 2428\tab Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\\Windows\\System32\\dnsrslvr.dll\par 19:57:50.0837 2428\tab Dnscache - ok\par 19:57:50.0872 2428\tab dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\\Windows\\System32\\dot3svc.dll\par 19:57:50.0876 2428\tab dot3svc - ok\par 19:57:50.0916 2428\tab Dot4 (b42ed0320c6e41102fde0005154849bb) C:\\Windows\\system32\\DRIVERS\\Dot4.sys\par 19:57:50.0920 2428\tab Dot4 - ok\par 19:57:50.0938 2428\tab Dot4Print (85135ad27e79b689335c08167d917cde) C:\\Windows\\system32\\DRIVERS\\Dot4Prt.sys\par 19:57:50.0940 2428\tab Dot4Print - ok\par 19:57:50.0965 2428\tab dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\\Windows\\system32\\DRIVERS\\dot4usb.sys\par 19:57:50.0967 2428\tab dot4usb - ok\par 19:57:50.0999 2428\tab DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\\Windows\\system32\\dps.dll\par 19:57:51.0001 2428\tab DPS - ok\par 19:57:51.0035 2428\tab drmkaud (9b19f34400d24df84c858a421c205754) C:\\Windows\\system32\\drivers\\drmkaud.sys\par 19:57:51.0037 2428\tab drmkaud - ok\par 19:57:51.0105 2428\tab dump_wmimmc - ok\par 19:57:51.0163 2428\tab DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\\Windows\\System32\\drivers\\dxgkrnl.sys\par 19:57:51.0189 2428\tab DXGKrnl - ok\par 19:57:51.0221 2428\tab EagleX64 - ok\par 19:57:51.0255 2428\tab EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\\Windows\\System32\\eapsvc.dll\par 19:57:51.0257 2428\tab EapHost - ok\par 19:57:51.0376 2428\tab ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\\Windows\\system32\\DRIVERS\\evbda.sys\par 19:57:51.0443 2428\tab ebdrv - ok\par 19:57:51.0529 2428\tab EFS (156f6159457d0aa7e59b62681b56eb90) C:\\Windows\\System32\\lsass.exe\par 19:57:51.0531 2428\tab EFS - ok\par 19:57:51.0594 2428\tab ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\\Windows\\ehome\\ehRecvr.exe\par 19:57:51.0614 2428\tab ehRecvr - ok\par 19:57:51.0646 2428\tab ehSched (4705e8ef9934482c5bb488ce28afc681) C:\\Windows\\ehome\\ehsched.exe\par 19:57:51.0649 2428\tab ehSched - ok\par 19:57:51.0743 2428\tab elxstor (0e5da5369a0fcaea12456dd852545184) C:\\Windows\\system32\\DRIVERS\\elxstor.sys\par 19:57:51.0754 2428\tab elxstor - ok\par 19:57:51.0771 2428\tab ErrDev (34a3c54752046e79a126e15c51db409b) C:\\Windows\\system32\\DRIVERS\\errdev.sys\par 19:57:51.0773 2428\tab ErrDev - ok\par 19:57:51.0827 2428\tab EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\\Windows\\system32\\es.dll\par 19:57:51.0832 2428\tab EventSystem - ok\par 19:57:51.0852 2428\tab exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\\Windows\\system32\\drivers\\exfat.sys\par 19:57:51.0857 2428\tab exfat - ok\par 19:57:51.0877 2428\tab fastfat (0adc83218b66a6db380c330836f3e36d) C:\\Windows\\system32\\drivers\\fastfat.sys\par 19:57:51.0890 2428\tab fastfat - ok\par 19:57:51.0950 2428\tab Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\\Windows\\system32\\fxssvc.exe\par 19:57:51.0973 2428\tab Fax - ok\par 19:57:52.0011 2428\tab fdc (d765d19cd8ef61f650c384f62fac00ab) C:\\Windows\\system32\\DRIVERS\\fdc.sys\par 19:57:52.0050 2428\tab fdc - ok\par 19:57:52.0063 2428\tab fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\\Windows\\system32\\fdPHost.dll\par 19:57:52.0065 2428\tab fdPHost - ok\par 19:57:52.0082 2428\tab FDResPub (802496cb59a30349f9a6dd22d6947644) C:\\Windows\\system32\\fdrespub.dll\par 19:57:52.0086 2428\tab FDResPub - ok\par 19:57:52.0105 2428\tab FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\\Windows\\system32\\drivers\\fileinfo.sys\par 19:57:52.0119 2428\tab FileInfo - ok\par 19:57:52.0134 2428\tab Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\\Windows\\system32\\drivers\\filetrace.sys\par 19:57:52.0136 2428\tab Filetrace - ok\par 19:57:52.0150 2428\tab flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\\Windows\\system32\\DRIVERS\\flpydisk.sys\par 19:57:52.0153 2428\tab flpydisk - ok\par 19:57:52.0190 2428\tab FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\\Windows\\system32\\drivers\\fltmgr.sys\par 19:57:52.0207 2428\tab FltMgr - ok\par 19:57:52.0271 2428\tab FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\\Windows\\system32\\FntCache.dll\par 19:57:52.0300 2428\tab FontCache - ok\par 19:57:52.0372 2428\tab FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\\Windows\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe\par 19:57:52.0374 2428\tab FontCache3.0.0.0 - ok\par 19:57:52.0401 2428\tab FsDepends (d43703496149971890703b4b1b723eac) C:\\Windows\\system32\\drivers\\FsDepends.sys\par 19:57:52.0404 2428\tab FsDepends - ok\par 19:57:52.0431 2428\tab Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\\Windows\\system32\\drivers\\Fs_Rec.sys\par 19:57:52.0434 2428\tab Fs_Rec - ok\par 19:57:52.0457 2428\tab fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\\Windows\\system32\\DRIVERS\\fvevol.sys\par 19:57:52.0474 2428\tab fvevol - ok\par 19:57:52.0491 2428\tab gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\\Windows\\system32\\DRIVERS\\gagp30kx.sys\par 19:57:52.0494 2428\tab gagp30kx - ok\par 19:57:52.0524 2428\tab GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\\Windows\\system32\\DRIVERS\\GEARAspiWDM.sys\par 19:57:52.0526 2428\tab GEARAspiWDM - ok\par 19:57:52.0571 2428\tab gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\\Windows\\System32\\gpsvc.dll\par 19:57:52.0591 2428\tab gpsvc - ok\par 19:57:52.0725 2428\tab gupdate (f02a533f517eb38333cb12a9e8963773) C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe\par 19:57:52.0730 2428\tab gupdate - ok\par 19:57:52.0751 2428\tab gupdatem (f02a533f517eb38333cb12a9e8963773) C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe\par 19:57:52.0753 2428\tab gupdatem - ok\par 19:57:52.0797 2428\tab hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\\Windows\\system32\\drivers\\hcw85cir.sys\par 19:57:52.0799 2428\tab hcw85cir - ok\par 19:57:52.0847 2428\tab HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\\Windows\\system32\\drivers\\HdAudio.sys\par 19:57:52.0865 2428\tab HdAudAddService - ok\par 19:57:52.0884 2428\tab HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\\Windows\\system32\\DRIVERS\\HDAudBus.sys\par 19:57:52.0887 2428\tab HDAudBus - ok\par 19:57:52.0901 2428\tab HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\\Windows\\system32\\DRIVERS\\HidBatt.sys\par 19:57:52.0903 2428\tab HidBatt - ok\par 19:57:52.0923 2428\tab HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\\Windows\\system32\\DRIVERS\\hidbth.sys\par 19:57:52.0936 2428\tab HidBth - ok\par 19:57:52.0955 2428\tab HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\\Windows\\system32\\DRIVERS\\hidir.sys\par 19:57:52.0957 2428\tab HidIr - ok\par 19:57:52.0981 2428\tab hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\\Windows\\system32\\hidserv.dll\par 19:57:52.0984 2428\tab hidserv - ok\par 19:57:53.0015 2428\tab HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\\Windows\\system32\\DRIVERS\\hidusb.sys\par 19:57:53.0018 2428\tab HidUsb - ok\par 19:57:53.0036 2428\tab hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\\Windows\\system32\\kmsvc.dll\par 19:57:53.0039 2428\tab hkmsvc - ok\par 19:57:53.0063 2428\tab HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\\Windows\\system32\\ListSvc.dll\par 19:57:53.0099 2428\tab HomeGroupListener - ok\par 19:57:53.0125 2428\tab HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\\Windows\\system32\\provsvc.dll\par 19:57:53.0145 2428\tab HomeGroupProvider - ok\par 19:57:53.0258 2428\tab hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\\Program Files (x86)\\HP\\Digital Imaging\\bin\\hpqcxs08.dll\par 19:57:53.0269 2428\tab hpqcxs08 - ok\par 19:57:53.0288 2428\tab hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\\Program Files (x86)\\HP\\Digital Imaging\\bin\\hpqddsvc.dll\par 19:57:53.0291 2428\tab hpqddsvc - ok\par 19:57:53.0308 2428\tab HpSAMD (0886d440058f203eba0e1825e4355914) C:\\Windows\\system32\\DRIVERS\\HpSAMD.sys\par 19:57:53.0311 2428\tab HpSAMD - ok\par 19:57:53.0370 2428\tab HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\\Windows\\system32\\drivers\\HTTP.sys\par 19:57:53.0397 2428\tab HTTP - ok\par 19:57:53.0414 2428\tab hwpolicy (f17766a19145f111856378df337a5d79) C:\\Windows\\system32\\drivers\\hwpolicy.sys\par 19:57:53.0417 2428\tab hwpolicy - ok\par 19:57:53.0456 2428\tab i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\\Windows\\system32\\DRIVERS\\i8042prt.sys\par 19:57:53.0459 2428\tab i8042prt - ok\par 19:57:53.0487 2428\tab iaStorV (b75e45c564e944a2657167d197ab29da) C:\\Windows\\system32\\drivers\\iaStorV.sys\par 19:57:53.0503 2428\tab iaStorV - ok\par 19:57:53.0588 2428\tab idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\\Windows\\Microsoft.NET\\Framework64\\v3.0\\Windows Communication Foundation\\infocard.exe\par 19:57:53.0615 2428\tab idsvc - ok\par 19:57:53.0796 2428\tab iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\\Windows\\system32\\DRIVERS\\iirsp.sys\par 19:57:53.0798 2428\tab iirsp - ok\par 19:57:53.0849 2428\tab IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\\Windows\\System32\\ikeext.dll\par 19:57:53.0876 2428\tab IKEEXT - ok\par 19:57:53.0909 2428\tab intelide (f00f20e70c6ec3aa366910083a0518aa) C:\\Windows\\system32\\DRIVERS\\intelide.sys\par 19:57:53.0911 2428\tab intelide - ok\par 19:57:53.0937 2428\tab intelppm (ada036632c664caa754079041cf1f8c1) C:\\Windows\\system32\\DRIVERS\\intelppm.sys\par 19:57:53.0939 2428\tab intelppm - ok\par 19:57:53.0964 2428\tab IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\\Windows\\system32\\ipbusenum.dll\par 19:57:53.0967 2428\tab IPBusEnum - ok\par 19:57:53.0982 2428\tab IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\\Windows\\system32\\DRIVERS\\ipfltdrv.sys\par 19:57:53.0985 2428\tab IpFilterDriver - ok\par 19:57:54.0026 2428\tab iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\\Windows\\System32\\iphlpsvc.dll\par 19:57:54.0046 2428\tab iphlpsvc - ok\par 19:57:54.0067 2428\tab IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\\Windows\\system32\\DRIVERS\\IPMIDrv.sys\par 19:57:54.0071 2428\tab IPMIDRV - ok\par 19:57:54.0090 2428\tab IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\\Windows\\system32\\drivers\\ipnat.sys\par 19:57:54.0094 2428\tab IPNAT - ok\par 19:57:54.0179 2428\tab iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\\Program Files\\iPod\\bin\\iPodService.exe\par 19:57:54.0205 2428\tab iPod Service - ok\par 19:57:54.0243 2428\tab IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\\Windows\\system32\\drivers\\irenum.sys\par 19:57:54.0246 2428\tab IRENUM - ok\par 19:57:54.0257 2428\tab isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\\Windows\\system32\\DRIVERS\\isapnp.sys\par 19:57:54.0259 2428\tab isapnp - ok\par 19:57:54.0285 2428\tab iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\\Windows\\system32\\DRIVERS\\msiscsi.sys\par 19:57:54.0298 2428\tab iScsiPrt - ok\par 19:57:54.0316 2428\tab kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\\Windows\\system32\\DRIVERS\\kbdclass.sys\par 19:57:54.0319 2428\tab kbdclass - ok\par 19:57:54.0336 2428\tab kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\\Windows\\system32\\DRIVERS\\kbdhid.sys\par 19:57:54.0345 2428\tab kbdhid - ok\par 19:57:54.0369 2428\tab KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\\Windows\\system32\\lsass.exe\par 19:57:54.0371 2428\tab KeyIso - ok\par 19:57:54.0404 2428\tab KSecDD (4f4b5fde429416877de7143044582eb5) C:\\Windows\\system32\\Drivers\\ksecdd.sys\par 19:57:54.0408 2428\tab KSecDD - ok\par 19:57:54.0430 2428\tab KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\\Windows\\system32\\Drivers\\ksecpkg.sys\par 19:57:54.0435 2428\tab KSecPkg - ok\par 19:57:54.0470 2428\tab ksthunk (6869281e78cb31a43e969f06b57347c4) C:\\Windows\\system32\\drivers\\ksthunk.sys\par 19:57:54.0473 2428\tab ksthunk - ok\par 19:57:54.0513 2428\tab KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\\Windows\\system32\\msdtckrm.dll\par 19:57:54.0530 2428\tab KtmRm - ok\par 19:57:54.0563 2428\tab LanmanServer (81f1d04d4d0e433099365127375fd501) C:\\Windows\\system32\\srvsvc.dll\par 19:57:54.0568 2428\tab LanmanServer - ok\par 19:57:54.0586 2428\tab LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\\Windows\\System32\\wkssvc.dll\par 19:57:54.0589 2428\tab LanmanWorkstation - ok\par 19:57:54.0611 2428\tab lltdio (1538831cf8ad2979a04c423779465827) C:\\Windows\\system32\\DRIVERS\\lltdio.sys\par 19:57:54.0613 2428\tab lltdio - ok\par 19:57:54.0631 2428\tab lltdsvc (c1185803384ab3feed115f79f109427f) C:\\Windows\\System32\\lltdsvc.dll\par 19:57:54.0668 2428\tab lltdsvc - ok\par 19:57:54.0679 2428\tab lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\\Windows\\System32\\lmhsvc.dll\par 19:57:54.0683 2428\tab lmhosts - ok\par 19:57:54.0706 2428\tab LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\\Windows\\system32\\DRIVERS\\lsi_fc.sys\par 19:57:54.0709 2428\tab LSI_FC - ok\par 19:57:54.0747 2428\tab LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\\Windows\\system32\\DRIVERS\\lsi_sas.sys\par 19:57:54.0749 2428\tab LSI_SAS - ok\par 19:57:54.0767 2428\tab LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\\Windows\\system32\\DRIVERS\\lsi_sas2.sys\par 19:57:54.0770 2428\tab LSI_SAS2 - ok\par 19:57:54.0787 2428\tab LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\\Windows\\system32\\DRIVERS\\lsi_scsi.sys\par 19:57:54.0791 2428\tab LSI_SCSI - ok\par 19:57:54.0806 2428\tab luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\\Windows\\system32\\drivers\\luafv.sys\par 19:57:54.0810 2428\tab luafv - ok\par 19:57:54.0924 2428\tab McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\\Program Files (x86)\\McAfee Security Scan\\3.0.207\\McCHSvc.exe\par 19:57:54.0936 2428\tab McComponentHostService - ok\par 19:57:54.0961 2428\tab Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\\Windows\\system32\\Mcx2Svc.dll\par 19:57:54.0964 2428\tab Mcx2Svc - ok\par 19:57:54.0979 2428\tab megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\\Windows\\system32\\DRIVERS\\megasas.sys\par 19:57:54.0982 2428\tab megasas - ok\par 19:57:55.0143 2428\tab MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\\Windows\\system32\\DRIVERS\\MegaSR.sys\par 19:57:55.0241 2428\tab MegaSR - ok\par 19:57:55.0371 2428\tab MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\\Windows\\system32\\mmcss.dll\par 19:57:55.0374 2428\tab MMCSS - ok\par 19:57:55.0439 2428\tab Modem (800ba92f7010378b09f9ed9270f07137) C:\\Windows\\system32\\drivers\\modem.sys\par 19:57:55.0443 2428\tab Modem - ok\par 19:57:55.0588 2428\tab monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\\Windows\\system32\\DRIVERS\\monitor.sys\par 19:57:55.0589 2428\tab monitor - ok\par 19:57:55.0719 2428\tab mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\\Windows\\system32\\DRIVERS\\mouclass.sys\par 19:57:55.0724 2428\tab mouclass - ok\par 19:57:55.0787 2428\tab mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\\Windows\\system32\\DRIVERS\\mouhid.sys\par 19:57:55.0790 2428\tab mouhid - ok\par 19:57:55.0810 2428\tab mountmgr (791af66c4d0e7c90a3646066386fb571) C:\\Windows\\system32\\drivers\\mountmgr.sys\par 19:57:55.0823 2428\tab mountmgr - ok\par 19:57:56.0760 2428\tab MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe\par 19:57:56.0763 2428\tab MozillaMaintenance - ok\par 19:57:58.0196 2428\tab mpio (609d1d87649ecc19796f4d76d4c15cea) C:\\Windows\\system32\\DRIVERS\\mpio.sys\par 19:57:58.0265 2428\tab mpio - ok\par 19:57:58.0717 2428\tab mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\\Windows\\system32\\drivers\\mpsdrv.sys\par 19:57:58.0756 2428\tab mpsdrv - ok\par 19:57:59.0099 2428\tab MpsSvc (aecab449567d1846dad63ece49e893e3) C:\\Windows\\system32\\mpssvc.dll\par 19:57:59.0114 2428\tab MpsSvc - ok\par 19:57:59.0131 2428\tab MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\\Windows\\system32\\drivers\\mrxdav.sys\par 19:57:59.0136 2428\tab MRxDAV - ok\par 19:57:59.0158 2428\tab mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\\Windows\\system32\\DRIVERS\\mrxsmb.sys\par 19:57:59.0163 2428\tab mrxsmb - ok\par 19:57:59.0184 2428\tab mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\\Windows\\system32\\DRIVERS\\mrxsmb10.sys\par 19:57:59.0195 2428\tab mrxsmb10 - ok\par 19:57:59.0210 2428\tab mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\\Windows\\system32\\DRIVERS\\mrxsmb20.sys\par 19:57:59.0213 2428\tab mrxsmb20 - ok\par 19:57:59.0224 2428\tab msahci (5c37497276e3b3a5488b23a326a754b7) C:\\Windows\\system32\\DRIVERS\\msahci.sys\par 19:57:59.0225 2428\tab msahci - ok\par 19:57:59.0245 2428\tab msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\\Windows\\system32\\DRIVERS\\msdsm.sys\par 19:57:59.0259 2428\tab msdsm - ok\par 19:57:59.0286 2428\tab MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\\Windows\\System32\\msdtc.exe\par 19:57:59.0288 2428\tab MSDTC - ok\par 19:57:59.0313 2428\tab Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\\Windows\\system32\\drivers\\Msfs.sys\par 19:57:59.0314 2428\tab Msfs - ok\par 19:57:59.0333 2428\tab mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\\Windows\\System32\\drivers\\mshidkmdf.sys\par 19:57:59.0335 2428\tab mshidkmdf - ok\par 19:57:59.0353 2428\tab msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\\Windows\\system32\\DRIVERS\\msisadrv.sys\par 19:57:59.0353 2428\tab msisadrv - ok\par 19:57:59.0380 2428\tab MSiSCSI (808e98ff49b155c522e6400953177b08) C:\\Windows\\system32\\iscsiexe.dll\par 19:57:59.0382 2428\tab MSiSCSI - ok\par 19:57:59.0386 2428\tab msiserver - ok\par 19:57:59.0433 2428\tab MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\\Windows\\system32\\drivers\\MSKSSRV.sys\par 19:57:59.0434 2428\tab MSKSSRV - ok\par 19:57:59.0438 2428\tab MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\\Windows\\system32\\drivers\\MSPCLOCK.sys\par 19:57:59.0439 2428\tab MSPCLOCK - ok\par 19:57:59.0465 2428\tab MSPQM (4ed981241db27c3383d72092b618a1d0) C:\\Windows\\system32\\drivers\\MSPQM.sys\par 19:57:59.0488 2428\tab MSPQM - ok\par 19:57:59.0648 2428\tab MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\\Windows\\system32\\drivers\\MsRPC.sys\par 19:57:59.0667 2428\tab MsRPC - ok\par 19:58:00.0284 2428\tab mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\\Windows\\system32\\DRIVERS\\mssmbios.sys\par 19:58:00.0285 2428\tab mssmbios - ok\par 19:58:00.0499 2428\tab MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\\Windows\\system32\\drivers\\MSTEE.sys\par 19:58:00.0503 2428\tab MSTEE - ok\par 19:58:00.0536 2428\tab MTConfig (7ea404308934e675bffde8edf0757bcd) C:\\Windows\\system32\\DRIVERS\\MTConfig.sys\par 19:58:00.0538 2428\tab MTConfig - ok\par 19:58:00.0572 2428\tab Mup (f9a18612fd3526fe473c1bda678d61c8) C:\\Windows\\system32\\Drivers\\mup.sys\par 19:58:00.0580 2428\tab Mup - ok\par 19:58:00.0616 2428\tab napagent (4987e079a4530fa737a128be54b63b12) C:\\Windows\\system32\\qagentRT.dll\par 19:58:00.0632 2428\tab napagent - ok\par 19:58:00.0667 2428\tab NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\\Windows\\system32\\DRIVERS\\nwifi.sys\par 19:58:00.0680 2428\tab NativeWifiP - ok\par 19:58:02.0174 2428\tab NDIS (cad515dbd07d082bb317d9928ce8962c) C:\\Windows\\system32\\drivers\\ndis.sys\par 19:58:04.0767 2428\tab NDIS - ok\par 19:58:04.0861 2428\tab NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\\Windows\\system32\\DRIVERS\\ndiscap.sys\par 19:58:04.0867 2428\tab NdisCap - ok\par 19:58:04.0922 2428\tab NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\\Windows\\system32\\DRIVERS\\ndistapi.sys\par 19:58:04.0927 2428\tab NdisTapi - ok\par 19:58:04.0968 2428\tab Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\\Windows\\system32\\DRIVERS\\ndisuio.sys\par 19:58:05.0178 2428\tab Ndisuio - ok\par 19:58:05.0572 2428\tab NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\\Windows\\system32\\DRIVERS\\ndiswan.sys\par 19:58:05.0597 2428\tab NdisWan - ok\par 19:58:05.0617 2428\tab NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\\Windows\\system32\\drivers\\NDProxy.sys\par 19:58:05.0667 2428\tab NDProxy - ok\par 19:58:05.0722 2428\tab Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\\Windows\\system32\\HPZinw12.dll\par 19:58:05.0734 2428\tab Net Driver HPZ12 - ok\par 19:58:05.0766 2428\tab NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\\Windows\\system32\\DRIVERS\\netbios.sys\par 19:58:05.0773 2428\tab NetBIOS - ok\par 19:58:05.0809 2428\tab NetBT (9162b273a44ab9dce5b44362731d062a) C:\\Windows\\system32\\DRIVERS\\netbt.sys\par 19:58:06.0038 2428\tab NetBT - ok\par 19:58:06.0100 2428\tab Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\\Windows\\system32\\lsass.exe\par 19:58:06.0109 2428\tab Netlogon - ok\par 19:58:06.0240 2428\tab Netman (847d3ae376c0817161a14a82c8922a9e) C:\\Windows\\System32\\netman.dll\par 19:58:06.0280 2428\tab Netman - ok\par 19:58:06.0315 2428\tab netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\\Windows\\System32\\netprofm.dll\par 19:58:06.0341 2428\tab netprofm - ok\par 19:58:06.0413 2428\tab NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\\Windows\\Microsoft.NET\\Framework64\\v3.0\\Windows Communication Foundation\\SMSvcHost.exe\par 19:58:06.0553 2428\tab NetTcpPortSharing - ok\par 19:58:06.0912 2428\tab nfrd960 (77889813be4d166cdab78ddba990da92) C:\\Windows\\system32\\DRIVERS\\nfrd960.sys\par 19:58:06.0928 2428\tab nfrd960 - ok\par 19:58:06.0982 2428\tab NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\\Windows\\System32\\nlasvc.dll\par 19:58:07.0006 2428\tab NlaSvc - ok\par 19:58:07.0025 2428\tab Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\\Windows\\system32\\drivers\\Npfs.sys\par 19:58:07.0033 2428\tab Npfs - ok\par 19:58:07.0077 2428\tab npggsvc - ok\par 19:58:07.0113 2428\tab NPPTNT2 - ok\par 19:58:07.0136 2428\tab nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\\Windows\\system32\\nsisvc.dll\par 19:58:07.0143 2428\tab nsi - ok\par 19:58:07.0172 2428\tab nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\\Windows\\system32\\drivers\\nsiproxy.sys\par 19:58:07.0181 2428\tab nsiproxy - ok\par 19:58:07.0368 2428\tab Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\\Windows\\system32\\drivers\\Ntfs.sys\par 19:58:07.0468 2428\tab Ntfs - ok\par 19:58:07.0615 2428\tab Null (9899284589f75fa8724ff3d16aed75c1) C:\\Windows\\system32\\drivers\\Null.sys\par 19:58:07.0627 2428\tab Null - ok\par 19:58:07.0726 2428\tab NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\\Windows\\system32\\DRIVERS\\nvm62x64.sys\par 19:58:07.0756 2428\tab NVENETFD - ok\par 19:58:09.0026 2428\tab nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\\Windows\\system32\\DRIVERS\\nvlddmkm.sys\par 19:58:09.0383 2428\tab nvlddmkm - ok\par 19:58:09.0742 2428\tab nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\\Windows\\system32\\drivers\\nvraid.sys\par 19:58:09.0749 2428\tab nvraid - ok\par 19:58:09.0794 2428\tab nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\\Windows\\system32\\DRIVERS\\nvsmu.sys\par 19:58:09.0799 2428\tab nvsmu - ok\par 19:58:09.0830 2428\tab nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\\Windows\\system32\\drivers\\nvstor.sys\par 19:58:09.0869 2428\tab nvstor - ok\par 19:58:09.0970 2428\tab nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\\Windows\\system32\\nvvsvc.exe\par 19:58:10.0025 2428\tab nvsvc - ok\par 19:58:10.0346 2428\tab nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\\Program Files (x86)\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe\par 19:58:10.0436 2428\tab nvUpdatusService - ok\par 19:58:10.0566 2428\tab nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\\Windows\\system32\\DRIVERS\\nv_agp.sys\par 19:58:10.0580 2428\tab nv_agp - ok\par 19:58:10.0596 2428\tab ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\\Windows\\system32\\DRIVERS\\ohci1394.sys\par 19:58:10.0608 2428\tab ohci1394 - ok\par 19:58:10.0702 2428\tab p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\\Windows\\system32\\pnrpsvc.dll\par 19:58:10.0729 2428\tab p2pimsvc - ok\par 19:58:10.0767 2428\tab p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\\Windows\\system32\\p2psvc.dll\par 19:58:10.0796 2428\tab p2psvc - ok\par 19:58:10.0828 2428\tab Parport (0086431c29c35be1dbc43f52cc273887) C:\\Windows\\system32\\DRIVERS\\parport.sys\par 19:58:10.0885 2428\tab Parport - ok\par 19:58:10.0912 2428\tab partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\\Windows\\system32\\drivers\\partmgr.sys\par 19:58:10.0928 2428\tab partmgr - ok\par 19:58:10.0962 2428\tab PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\\Windows\\System32\\pcasvc.dll\par 19:58:10.0981 2428\tab PcaSvc - ok\par 19:58:11.0011 2428\tab pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\\Windows\\system32\\DRIVERS\\pci.sys\par 19:58:11.0040 2428\tab pci - ok\par 19:58:11.0056 2428\tab pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\\Windows\\system32\\DRIVERS\\pciide.sys\par 19:58:11.0063 2428\tab pciide - ok\par 19:58:11.0105 2428\tab pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\\Windows\\system32\\DRIVERS\\pcmcia.sys\par 19:58:11.0129 2428\tab pcmcia - ok\par 19:58:11.0148 2428\tab pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\\Windows\\system32\\drivers\\pcw.sys\par 19:58:11.0158 2428\tab pcw - ok\par 19:58:11.0238 2428\tab PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\\Windows\\system32\\drivers\\peauth.sys\par 19:58:11.0287 2428\tab PEAUTH - ok\par 19:58:11.0421 2428\tab PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\\Windows\\system32\\peerdistsvc.dll\par 19:58:11.0475 2428\tab PeerDistSvc - ok\par 19:58:11.0613 2428\tab PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\\Windows\\SysWow64\\perfhost.exe\par 19:58:11.0636 2428\tab PerfHost - ok\par 19:58:11.0821 2428\tab pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\\Windows\\system32\\pla.dll\par 19:58:11.0883 2428\tab pla - ok\par 19:58:12.0032 2428\tab PlugPlay (98b1721b8718164293b9701b98c52d77) C:\\Windows\\system32\\umpnpmgr.dll\par 19:58:12.0062 2428\tab PlugPlay - ok\par 19:58:12.0118 2428\tab Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\\Windows\\system32\\HPZipm12.dll\par 19:58:12.0139 2428\tab Pml Driver HPZ12 - ok\par 19:58:12.0167 2428\tab PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\\Windows\\system32\\pnrpauto.dll\par 19:58:12.0178 2428\tab PNRPAutoReg - ok\par 19:58:12.0227 2428\tab PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\\Windows\\system32\\pnrpsvc.dll\par 19:58:12.0233 2428\tab PNRPsvc - ok\par 19:58:12.0310 2428\tab PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\\Windows\\System32\\ipsecsvc.dll\par 19:58:12.0360 2428\tab PolicyAgent - ok\par 19:58:12.0403 2428\tab Power (6ba9d927dded70bd1a9caded45f8b184) C:\\Windows\\system32\\umpo.dll\par 19:58:12.0419 2428\tab Power - ok\par 19:58:12.0481 2428\tab PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\\Windows\\system32\\DRIVERS\\raspptp.sys\par 19:58:12.0503 2428\tab PptpMiniport - ok\par 19:58:12.0538 2428\tab Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\\Windows\\system32\\DRIVERS\\processr.sys\par 19:58:12.0550 2428\tab Processor - ok\par 19:58:12.0597 2428\tab ProfSvc (97293447431311c06703368ad0f6c4be) C:\\Windows\\system32\\profsvc.dll\par 19:58:12.0624 2428\tab ProfSvc - ok\par 19:58:12.0701 2428\tab ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\\Windows\\system32\\lsass.exe\par 19:58:12.0703 2428\tab ProtectedStorage - ok\par 19:58:12.0729 2428\tab Psched (ee992183bd8eaefd9973f352e587a299) C:\\Windows\\system32\\DRIVERS\\pacer.sys\par 19:58:12.0744 2428\tab Psched - ok\par 19:58:12.0819 2428\tab ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\\Windows\\system32\\DRIVERS\\ql2300.sys\par 19:58:12.0943 2428\tab ql2300 - ok\par 19:58:13.0121 2428\tab ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\\Windows\\system32\\DRIVERS\\ql40xx.sys\par 19:58:13.0142 2428\tab ql40xx - ok\par 19:58:13.0185 2428\tab QWAVE (906191634e99aea92c4816150bda3732) C:\\Windows\\system32\\qwave.dll\par 19:58:13.0215 2428\tab QWAVE - ok\par 19:58:13.0232 2428\tab QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\\Windows\\system32\\drivers\\qwavedrv.sys\par 19:58:13.0242 2428\tab QWAVEdrv - ok\par 19:58:13.0258 2428\tab RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\\Windows\\system32\\DRIVERS\\rasacd.sys\par 19:58:13.0263 2428\tab RasAcd - ok\par 19:58:13.0307 2428\tab RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\\Windows\\system32\\DRIVERS\\AgileVpn.sys\par 19:58:13.0319 2428\tab RasAgileVpn - ok\par 19:58:13.0344 2428\tab RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\\Windows\\System32\\rasauto.dll\par 19:58:13.0355 2428\tab RasAuto - ok\par 19:58:13.0391 2428\tab Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\\Windows\\system32\\DRIVERS\\rasl2tp.sys\par 19:58:13.0414 2428\tab Rasl2tp - ok\par 19:58:13.0465 2428\tab RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\\Windows\\System32\\rasmans.dll\par 19:58:13.0494 2428\tab RasMan - ok\par 19:58:13.0519 2428\tab RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\\Windows\\system32\\DRIVERS\\raspppoe.sys\par 19:58:13.0542 2428\tab RasPppoe - ok\par 19:58:13.0565 2428\tab RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\\Windows\\system32\\DRIVERS\\rassstp.sys\par 19:58:13.0577 2428\tab RasSstp - ok\par 19:58:13.0619 2428\tab rdbss (3bac8142102c15d59a87757c1d41dce5) C:\\Windows\\system32\\DRIVERS\\rdbss.sys\par 19:58:13.0700 2428\tab rdbss - ok\par 19:58:13.0718 2428\tab rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\\Windows\\system32\\DRIVERS\\rdpbus.sys\par 19:58:13.0726 2428\tab rdpbus - ok\par 19:58:13.0743 2428\tab RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\\Windows\\system32\\DRIVERS\\RDPCDD.sys\par 19:58:13.0748 2428\tab RDPCDD - ok\par 19:58:13.0775 2428\tab RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\\Windows\\system32\\drivers\\rdpdr.sys\par 19:58:13.0788 2428\tab RDPDR - ok\par 19:58:13.0804 2428\tab RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\\Windows\\system32\\drivers\\rdpencdd.sys\par 19:58:13.0808 2428\tab RDPENCDD - ok\par 19:58:13.0829 2428\tab RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\\Windows\\system32\\drivers\\rdprefmp.sys\par 19:58:13.0837 2428\tab RDPREFMP - ok\par 19:58:13.0894 2428\tab RDPWD (447de7e3dea39d422c1504f245b668b1) C:\\Windows\\system32\\drivers\\RDPWD.sys\par 19:58:13.0922 2428\tab RDPWD - ok\par 19:58:13.0957 2428\tab rdyboost (634b9a2181d98f15941236886164ec8b) C:\\Windows\\system32\\drivers\\rdyboost.sys\par 19:58:13.0983 2428\tab rdyboost - ok\par 19:58:14.0023 2428\tab RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\\Windows\\System32\\mprdim.dll\par 19:58:14.0035 2428\tab RemoteAccess - ok\par 19:58:14.0064 2428\tab RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\\Windows\\system32\\regsvc.dll\par 19:58:14.0080 2428\tab RemoteRegistry - ok\par 19:58:14.0103 2428\tab RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\\Windows\\System32\\RpcEpMap.dll\par 19:58:14.0113 2428\tab RpcEptMapper - ok\par 19:58:14.0128 2428\tab RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\\Windows\\system32\\locator.exe\par 19:58:14.0134 2428\tab RpcLocator - ok\par 19:58:14.0202 2428\tab RpcSs (7266972e86890e2b30c0c322e906b027) C:\\Windows\\system32\\rpcss.dll\par 19:58:14.0224 2428\tab RpcSs - ok\par 19:58:14.0251 2428\tab rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\\Windows\\system32\\DRIVERS\\rspndr.sys\par 19:58:14.0266 2428\tab rspndr - ok\par 19:58:14.0354 2428\tab RTL8192su (fc00c0de6dc83de1b2b01420e2195b21) C:\\Windows\\system32\\DRIVERS\\RTL8192su.sys\par 19:58:14.0396 2428\tab RTL8192su - ok\par 19:58:14.0416 2428\tab s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\\Windows\\system32\\DRIVERS\\vms3cap.sys\par 19:58:14.0423 2428\tab s3cap - ok\par 19:58:14.0448 2428\tab SamSs (156f6159457d0aa7e59b62681b56eb90) C:\\Windows\\system32\\lsass.exe\par 19:58:14.0451 2428\tab SamSs - ok\par 19:58:14.0557 2428\tab SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\\Program Files\\SUPERAntiSpyware\\SASDIFSV64.SYS\par 19:58:14.0564 2428\tab SASDIFSV - ok\par 19:58:14.0591 2428\tab SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\\Program Files\\SUPERAntiSpyware\\SASKUTIL64.SYS\par 19:58:14.0633 2428\tab SASKUTIL - ok\par 19:58:14.0876 2428\tab sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\\Windows\\system32\\DRIVERS\\sbp2port.sys\par 19:58:14.0885 2428\tab sbp2port - ok\par 19:58:14.0920 2428\tab SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\\Windows\\System32\\SCardSvr.dll\par 19:58:14.0932 2428\tab SCardSvr - ok\par 19:58:14.0950 2428\tab scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\\Windows\\system32\\DRIVERS\\scfilter.sys\par 19:58:14.0957 2428\tab scfilter - ok\par 19:58:15.0075 2428\tab Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\\Windows\\system32\\schedsvc.dll\par 19:58:15.0167 2428\tab Schedule - ok\par 19:58:15.0284 2428\tab SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\\Windows\\System32\\certprop.dll\par 19:58:15.0294 2428\tab SCPolicySvc - ok\par 19:58:15.0395 2428\tab SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\\Windows\\System32\\SDRSVC.dll\par 19:58:15.0416 2428\tab SDRSVC - ok\par 19:58:15.0495 2428\tab secdrv (3ea8a16169c26afbeb544e0e48421186) C:\\Windows\\system32\\drivers\\secdrv.sys\par 19:58:15.0503 2428\tab secdrv - ok\par 19:58:15.0520 2428\tab seclogon (463b386ebc70f98da5dff85f7e654346) C:\\Windows\\system32\\seclogon.dll\par 19:58:15.0531 2428\tab seclogon - ok\par 19:58:15.0545 2428\tab SENS (c32ab8fa018ef34c0f113bd501436d21) C:\\Windows\\System32\\sens.dll\par 19:58:15.0559 2428\tab SENS - ok\par 19:58:15.0577 2428\tab SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\\Windows\\system32\\sensrsvc.dll\par 19:58:15.0585 2428\tab SensrSvc - ok\par 19:58:15.0606 2428\tab Serenum (cb624c0035412af0debec78c41f5ca1b) C:\\Windows\\system32\\DRIVERS\\serenum.sys\par 19:58:15.0614 2428\tab Serenum - ok\par 19:58:15.0661 2428\tab Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\\Windows\\system32\\DRIVERS\\serial.sys\par 19:58:15.0675 2428\tab Serial - ok\par 19:58:15.0715 2428\tab sermouse (1c545a7d0691cc4a027396535691c3e3) C:\\Windows\\system32\\DRIVERS\\sermouse.sys\par 19:58:15.0723 2428\tab sermouse - ok\par 19:58:15.0752 2428\tab SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\\Windows\\system32\\sessenv.dll\par 19:58:15.0761 2428\tab SessionEnv - ok\par 19:58:15.0772 2428\tab sffdisk (a554811bcd09279536440c964ae35bbf) C:\\Windows\\system32\\DRIVERS\\sffdisk.sys\par 19:58:15.0778 2428\tab sffdisk - ok\par 19:58:15.0795 2428\tab sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\\Windows\\system32\\DRIVERS\\sffp_mmc.sys\par 19:58:15.0806 2428\tab sffp_mmc - ok\par 19:58:15.0823 2428\tab sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\\Windows\\system32\\DRIVERS\\sffp_sd.sys\par 19:58:15.0890 2428\tab sffp_sd - ok\par 19:58:15.0906 2428\tab sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\\Windows\\system32\\DRIVERS\\sfloppy.sys\par 19:58:15.0914 2428\tab sfloppy - ok\par 19:58:15.0963 2428\tab SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\\Windows\\System32\\ipnathlp.dll\par 19:58:15.0993 2428\tab SharedAccess - ok\par 19:58:16.0039 2428\tab ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\\Windows\\System32\\shsvcs.dll\par 19:58:16.0072 2428\tab ShellHWDetection - ok\par 19:58:16.0091 2428\tab SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\\Windows\\system32\\DRIVERS\\SiSRaid2.sys\par 19:58:16.0110 2428\tab SiSRaid2 - ok\par 19:58:16.0128 2428\tab SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\\Windows\\system32\\DRIVERS\\sisraid4.sys\par 19:58:16.0140 2428\tab SiSRaid4 - ok\par 19:58:16.0167 2428\tab Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\\Windows\\system32\\DRIVERS\\smb.sys\par 19:58:16.0179 2428\tab Smb - ok\par 19:58:16.0213 2428\tab SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\\Windows\\System32\\snmptrap.exe\par 19:58:16.0222 2428\tab SNMPTRAP - ok\par 19:58:16.0238 2428\tab spldr (b9e31e5cacdfe584f34f730a677803f9) C:\\Windows\\system32\\drivers\\spldr.sys\par 19:58:16.0246 2428\tab spldr - ok\par 19:58:16.0314 2428\tab Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\\Windows\\System32\\spoolsv.exe\par 19:58:16.0381 2428\tab Spooler - ok\par 19:58:16.0832 2428\tab sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\\Windows\\system32\\sppsvc.exe\par 19:58:17.0053 2428\tab sppsvc - ok\par 19:58:17.0206 2428\tab sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\\Windows\\system32\\sppuinotify.dll\par 19:58:17.0225 2428\tab sppuinotify - ok\par 19:58:17.0316 2428\tab srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\\Windows\\system32\\DRIVERS\\srv.sys\par 19:58:17.0371 2428\tab srv - ok\par 19:58:17.0418 2428\tab srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\\Windows\\system32\\DRIVERS\\srv2.sys\par 19:58:17.0475 2428\tab srv2 - ok\par 19:58:17.0539 2428\tab SrvHsfPCIe (a42b22601cc2754428b5f82e040fd1c7) C:\\Windows\\system32\\DRIVERS\\VSTBS36.SYS\par 19:58:17.0576 2428\tab SrvHsfPCIe - ok\par 19:58:17.0782 2428\tab SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\\Windows\\system32\\DRIVERS\\VSTDPV6.SYS\par 19:58:17.0913 2428\tab SrvHsfV92 - ok\par 19:58:18.0098 2428\tab SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\\Windows\\system32\\DRIVERS\\VSTCNXT6.SYS\par 19:58:18.0144 2428\tab SrvHsfWinac - ok\par 19:58:18.0180 2428\tab srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\\Windows\\system32\\DRIVERS\\srvnet.sys\par 19:58:18.0244 2428\tab srvnet - ok\par 19:58:18.0283 2428\tab SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\\Windows\\System32\\ssdpsrv.dll\par 19:58:18.0298 2428\tab SSDPSRV - ok\par 19:58:18.0314 2428\tab SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\\Windows\\system32\\sstpsvc.dll\par 19:58:18.0323 2428\tab SstpSvc - ok\par 19:58:18.0385 2428\tab Steam Client Service - ok\par 19:58:18.0474 2428\tab Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe\par 19:58:18.0499 2428\tab Stereo Service - ok\par 19:58:18.0515 2428\tab stexstor (f3817967ed533d08327dc73bc4d5542a) C:\\Windows\\system32\\DRIVERS\\stexstor.sys\par 19:58:18.0523 2428\tab stexstor - ok\par 19:58:18.0614 2428\tab stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\\Windows\\System32\\wiaservc.dll\par 19:58:18.0661 2428\tab stisvc - ok\par 19:58:18.0782 2428\tab storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\\Windows\\system32\\DRIVERS\\vmstorfl.sys\par 19:58:18.0791 2428\tab storflt - ok\par 19:58:18.0811 2428\tab storvsc (8fccbefc5c440b3c23454656e551b09a) C:\\Windows\\system32\\DRIVERS\\storvsc.sys\par 19:58:18.0823 2428\tab storvsc - ok\par 19:58:18.0841 2428\tab swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\\Windows\\system32\\DRIVERS\\swenum.sys\par 19:58:18.0849 2428\tab swenum - ok\par 19:58:18.0898 2428\tab swprv (e08e46fdd841b7184194011ca1955a0b) C:\\Windows\\System32\\swprv.dll\par 19:58:18.0932 2428\tab swprv - ok\par 19:58:19.0082 2428\tab SysMain (3c1284516a62078fb68f768de4f1a7be) C:\\Windows\\system32\\sysmain.dll\par 19:58:19.0175 2428\tab SysMain - ok\par 19:58:19.0313 2428\tab TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\\Windows\\System32\\TabSvc.dll\par 19:58:19.0327 2428\tab TabletInputService - ok\par 19:58:19.0400 2428\tab TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\\Windows\\System32\\tapisrv.dll\par 19:58:19.0430 2428\tab TapiSrv - ok\par 19:58:19.0453 2428\tab TBS (1be03ac720f4d302ea01d40f588162f6) C:\\Windows\\System32\\tbssvc.dll\par 19:58:19.0465 2428\tab TBS - ok\par 19:58:19.0737 2428\tab Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\\Windows\\system32\\drivers\\tcpip.sys\par 19:58:19.0832 2428\tab Tcpip - ok\par 19:58:20.0208 2428\tab TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\\Windows\\system32\\DRIVERS\\tcpip.sys\par 19:58:20.0229 2428\tab TCPIP6 - ok\par 19:58:20.0372 2428\tab tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\\Windows\\system32\\drivers\\tcpipreg.sys\par 19:58:20.0382 2428\tab tcpipreg - ok\par 19:58:20.0413 2428\tab TDPIPE (3371d21011695b16333a3934340c4e7c) C:\\Windows\\system32\\drivers\\tdpipe.sys\par 19:58:20.0420 2428\tab TDPIPE - ok\par 19:58:20.0440 2428\tab TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\\Windows\\system32\\drivers\\tdtcp.sys\par 19:58:20.0448 2428\tab TDTCP - ok\par 19:58:20.0474 2428\tab tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\\Windows\\system32\\DRIVERS\\tdx.sys\par 19:58:20.0486 2428\tab tdx - ok\par 19:58:20.0510 2428\tab TermDD (c448651339196c0e869a355171875522) C:\\Windows\\system32\\DRIVERS\\termdd.sys\par 19:58:20.0530 2428\tab TermDD - ok\par 19:58:20.0622 2428\tab TermService (0f05ec2887bfe197ad82a13287d2f404) C:\\Windows\\System32\\termsrv.dll\par 19:58:20.0673 2428\tab TermService - ok\par 19:58:20.0700 2428\tab Themes (f0344071948d1a1fa732231785a0664c) C:\\Windows\\system32\\themeservice.dll\par 19:58:20.0712 2428\tab Themes - ok\par 19:58:20.0741 2428\tab THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\\Windows\\system32\\mmcss.dll\par 19:58:20.0752 2428\tab THREADORDER - ok\par 19:58:20.0779 2428\tab TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\\Windows\\System32\\trkwks.dll\par 19:58:20.0795 2428\tab TrkWks - ok\par 19:58:20.0870 2428\tab TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\\Windows\\servicing\\TrustedInstaller.exe\par 19:58:20.0892 2428\tab TrustedInstaller - ok\par 19:58:20.0929 2428\tab tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\\Windows\\system32\\DRIVERS\\tssecsrv.sys\par 19:58:20.0938 2428\tab tssecsrv - ok\par 19:58:20.0982 2428\tab tunnel (3836171a2cdf3af8ef10856db9835a70) C:\\Windows\\system32\\DRIVERS\\tunnel.sys\par 19:58:21.0005 2428\tab tunnel - ok\par 19:58:21.0031 2428\tab uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\\Windows\\system32\\DRIVERS\\uagp35.sys\par 19:58:21.0043 2428\tab uagp35 - ok\par 19:58:21.0078 2428\tab udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\\Windows\\system32\\DRIVERS\\udfs.sys\par 19:58:21.0122 2428\tab udfs - ok\par 19:58:21.0160 2428\tab UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\\Windows\\system32\\UI0Detect.exe\par 19:58:21.0173 2428\tab UI0Detect - ok\par 19:58:21.0192 2428\tab uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\\Windows\\system32\\DRIVERS\\uliagpkx.sys\par 19:58:21.0203 2428\tab uliagpkx - ok\par 19:58:21.0230 2428\tab umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\\Windows\\system32\\DRIVERS\\umbus.sys\par 19:58:21.0241 2428\tab umbus - ok\par 19:58:21.0252 2428\tab UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\\Windows\\system32\\DRIVERS\\umpass.sys\par 19:58:21.0258 2428\tab UmPass - ok\par 19:58:21.0302 2428\tab UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\\Windows\\System32\\umrdp.dll\par 19:58:21.0314 2428\tab UmRdpService - ok\par 19:58:21.0364 2428\tab upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\\Windows\\System32\\upnphost.dll\par 19:58:21.0382 2428\tab upnphost - ok\par 19:58:21.0423 2428\tab USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\\Windows\\system32\\Drivers\\usbaapl64.sys\par 19:58:21.0433 2428\tab USBAAPL64 - ok\par 19:58:21.0459 2428\tab usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\\Windows\\system32\\DRIVERS\\usbccgp.sys\par 19:58:21.0471 2428\tab usbccgp - ok\par 19:58:21.0506 2428\tab usbcir (af0892a803fdda7492f595368e3b68e7) C:\\Windows\\system32\\DRIVERS\\usbcir.sys\par 19:58:21.0533 2428\tab usbcir - ok\par 19:58:21.0555 2428\tab usbehci (92969ba5ac44e229c55a332864f79677) C:\\Windows\\system32\\DRIVERS\\usbehci.sys\par 19:58:21.0564 2428\tab usbehci - ok\par 19:58:21.0611 2428\tab usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\\Windows\\system32\\DRIVERS\\usbhub.sys\par 19:58:21.0666 2428\tab usbhub - ok\par 19:58:21.0687 2428\tab usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\\Windows\\system32\\DRIVERS\\usbohci.sys\par 19:58:21.0695 2428\tab usbohci - ok\par 19:58:21.0717 2428\tab usbprint (73188f58fb384e75c4063d29413cee3d) C:\\Windows\\system32\\DRIVERS\\usbprint.sys\par 19:58:21.0725 2428\tab usbprint - ok\par 19:58:21.0766 2428\tab usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\\Windows\\system32\\DRIVERS\\usbscan.sys\par 19:58:21.0775 2428\tab usbscan - ok\par 19:58:21.0801 2428\tab USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\\Windows\\system32\\DRIVERS\\USBSTOR.SYS\par 19:58:21.0825 2428\tab USBSTOR - ok\par 19:58:21.0840 2428\tab usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\\Windows\\system32\\drivers\\usbuhci.sys\par 19:58:21.0850 2428\tab usbuhci - ok\par 19:58:21.0891 2428\tab UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\\Windows\\System32\\uxsms.dll\par 19:58:21.0899 2428\tab UxSms - ok\par 19:58:21.0925 2428\tab VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\\Windows\\system32\\lsass.exe\par 19:58:21.0928 2428\tab VaultSvc - ok\par 19:58:21.0950 2428\tab vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\\Windows\\system32\\DRIVERS\\vdrvroot.sys\par 19:58:21.0958 2428\tab vdrvroot - ok\par 19:58:22.0032 2428\tab vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\\Windows\\System32\\vds.exe\par 19:58:22.0065 2428\tab vds - ok\par 19:58:22.0087 2428\tab vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\\Windows\\system32\\DRIVERS\\vgapnp.sys\par 19:58:22.0095 2428\tab vga - ok\par 19:58:22.0115 2428\tab VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\\Windows\\System32\\drivers\\vga.sys\par 19:58:22.0133 2428\tab VgaSave - ok\par 19:58:22.0160 2428\tab vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\\Windows\\system32\\DRIVERS\\vhdmp.sys\par 19:58:22.0190 2428\tab vhdmp - ok\par 19:58:22.0205 2428\tab viaide (e5689d93ffe4e5d66c0178761240dd54) C:\\Windows\\system32\\DRIVERS\\viaide.sys\par 19:58:22.0213 2428\tab viaide - ok\par 19:58:22.0237 2428\tab vmbus (1501699d7eda984abc4155a7da5738d1) C:\\Windows\\system32\\DRIVERS\\vmbus.sys\par 19:58:22.0249 2428\tab vmbus - ok\par 19:58:22.0267 2428\tab VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\\Windows\\system32\\DRIVERS\\VMBusHID.sys\par 19:58:22.0273 2428\tab VMBusHID - ok\par 19:58:22.0299 2428\tab volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\\Windows\\system32\\DRIVERS\\volmgr.sys\par 19:58:22.0308 2428\tab volmgr - ok\par 19:58:22.0351 2428\tab volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\\Windows\\system32\\drivers\\volmgrx.sys\par 19:58:22.0384 2428\tab volmgrx - ok\par 19:58:22.0430 2428\tab volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\\Windows\\system32\\DRIVERS\\volsnap.sys\par 19:58:22.0463 2428\tab volsnap - ok\par 19:58:22.0490 2428\tab vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\\Windows\\system32\\DRIVERS\\vsmraid.sys\par 19:58:22.0514 2428\tab vsmraid - ok\par 19:58:22.0723 2428\tab VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\\Windows\\system32\\vssvc.exe\par 19:58:22.0786 2428\tab VSS - ok\par 19:58:22.0826 2428\tab vtany - ok\par 19:58:22.0996 2428\tab vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\\Windows\\System32\\drivers\\vwifibus.sys\par 19:58:23.0006 2428\tab vwifibus - ok\par 19:58:23.0029 2428\tab vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\\Windows\\system32\\DRIVERS\\vwififlt.sys\par 19:58:23.0040 2428\tab vwififlt - ok\par 19:58:23.0091 2428\tab W32Time (1c9d80cc3849b3788048078c26486e1a) C:\\Windows\\system32\\w32time.dll\par 19:58:23.0123 2428\tab W32Time - ok\par 19:58:23.0140 2428\tab WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\\Windows\\system32\\DRIVERS\\wacompen.sys\par 19:58:23.0148 2428\tab WacomPen - ok\par 19:58:23.0190 2428\tab WANARP (47ca49400643effd3f1c9a27e1d69324) C:\\Windows\\system32\\DRIVERS\\wanarp.sys\par 19:58:23.0214 2428\tab WANARP - ok\par 19:58:23.0223 2428\tab Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\\Windows\\system32\\DRIVERS\\wanarp.sys\par 19:58:23.0225 2428\tab Wanarpv6 - ok\par 19:58:23.0394 2428\tab WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\\Windows\\system32\\Wat\\WatAdminSvc.exe\par 19:58:23.0504 2428\tab WatAdminSvc - ok\par 19:58:23.0692 2428\tab wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\\Windows\\system32\\wbengine.exe\par 19:58:23.0748 2428\tab wbengine - ok\par 19:58:23.0921 2428\tab WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\\Windows\\System32\\wbiosrvc.dll\par 19:58:23.0949 2428\tab WbioSrvc - ok\par 19:58:23.0982 2428\tab wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\\Windows\\System32\\wcncsvc.dll\par 19:58:24.0009 2428\tab wcncsvc - ok\par 19:58:24.0030 2428\tab WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\\Windows\\System32\\WcsPlugInService.dll\par 19:58:24.0039 2428\tab WcsPlugInService - ok\par 19:58:24.0077 2428\tab Wd (72889e16ff12ba0f235467d6091b17dc) C:\\Windows\\system32\\DRIVERS\\wd.sys\par 19:58:24.0089 2428\tab Wd - ok\par 19:58:24.0163 2428\tab Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\\Windows\\system32\\drivers\\Wdf01000.sys\par 19:58:24.0214 2428\tab Wdf01000 - ok\par 19:58:24.0244 2428\tab WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\\Windows\\system32\\wdi.dll\par 19:58:24.0258 2428\tab WdiServiceHost - ok\par 19:58:24.0263 2428\tab WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\\Windows\\system32\\wdi.dll\par 19:58:24.0268 2428\tab WdiSystemHost - ok\par 19:58:24.0308 2428\tab WebClient (733006127f235be7c35354ebee7b9a7b) C:\\Windows\\System32\\webclnt.dll\par 19:58:24.0337 2428\tab WebClient - ok\par 19:58:24.0371 2428\tab Wecsvc (c749025a679c5103e575e3b48e092c43) C:\\Windows\\system32\\wecsvc.dll\par 19:58:24.0394 2428\tab Wecsvc - ok\par 19:58:24.0408 2428\tab wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\\Windows\\System32\\wercplsupport.dll\par 19:58:24.0421 2428\tab wercplsupport - ok\par 19:58:24.0441 2428\tab WerSvc (6d137963730144698cbd10f202e9f251) C:\\Windows\\System32\\WerSvc.dll\par 19:58:24.0455 2428\tab WerSvc - ok\par 19:58:24.0488 2428\tab WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\\Windows\\system32\\DRIVERS\\wfplwf.sys\par 19:58:24.0499 2428\tab WfpLwf - ok\par 19:58:24.0515 2428\tab WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\\Windows\\system32\\drivers\\wimmount.sys\par 19:58:24.0526 2428\tab WIMMount - ok\par 19:58:24.0552 2428\tab WinDefend - ok\par 19:58:24.0565 2428\tab WinHttpAutoProxySvc - ok\par 19:58:24.0668 2428\tab Winmgmt (19b07e7e8915d701225da41cb3877306) C:\\Windows\\system32\\wbem\\WMIsvc.dll\par 19:58:24.0695 2428\tab Winmgmt - ok\par 19:58:24.0955 2428\tab WinRM (41fbb751936b387f9179e7f03a74fe29) C:\\Windows\\system32\\WsmSvc.dll\par 19:58:25.0032 2428\tab WinRM - ok\par 19:58:25.0389 2428\tab Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\\Windows\\System32\\wlansvc.dll\par 19:58:25.0437 2428\tab Wlansvc - ok\par 19:58:25.0491 2428\tab WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\\Windows\\system32\\DRIVERS\\wmiacpi.sys\par 19:58:25.0496 2428\tab WmiAcpi - ok\par 19:58:25.0571 2428\tab wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\\Windows\\system32\\wbem\\WmiApSrv.exe\par 19:58:25.0598 2428\tab wmiApSrv - ok\par 19:58:25.0668 2428\tab WMPNetworkSvc - ok\par 19:58:25.0731 2428\tab WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\\Windows\\System32\\wpcsvc.dll\par 19:58:25.0741 2428\tab WPCSvc - ok\par 19:58:25.0774 2428\tab WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\\Windows\\system32\\wpdbusenum.dll\par 19:58:25.0802 2428\tab WPDBusEnum - ok\par 19:58:25.0821 2428\tab ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\\Windows\\system32\\drivers\\ws2ifsl.sys\par 19:58:25.0850 2428\tab ws2ifsl - ok\par 19:58:25.0874 2428\tab wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\\Windows\\System32\\wscsvc.dll\par 19:58:25.0889 2428\tab wscsvc - ok\par 19:58:25.0895 2428\tab WSearch - ok\par 19:58:26.0026 2428\tab wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\\Windows\\system32\\wuaueng.dll\par 19:58:26.0127 2428\tab wuauserv - ok\par 19:58:26.0259 2428\tab WudfPf (7cadc74271dd6461c452c271b30bd378) C:\\Windows\\system32\\drivers\\WudfPf.sys\par 19:58:26.0281 2428\tab WudfPf - ok\par 19:58:26.0319 2428\tab WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\\Windows\\system32\\DRIVERS\\WUDFRd.sys\par 19:58:26.0343 2428\tab WUDFRd - ok\par 19:58:26.0377 2428\tab wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\\Windows\\System32\\WUDFSvc.dll\par 19:58:26.0399 2428\tab wudfsvc - ok\par 19:58:26.0443 2428\tab WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\\Windows\\System32\\wwansvc.dll\par 19:58:26.0469 2428\tab WwanSvc - ok\par 19:58:26.0497 2428\tab xsherlock - ok\par 19:58:26.0512 2428\tab xspirit - ok\par 19:58:26.0548 2428\tab MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \\Device\\Harddisk0\\DR0\par 19:58:26.0572 2428\tab\\Device\\Harddisk0\\DR0 ( Rootkit.Boot.Pihar.c ) - infected\par 19:58:26.0572 2428\tab\\Device\\Harddisk0\\DR0 - detected Rootkit.Boot.Pihar.c (0)\par 19:58:26.0598 2428\tab Boot (0x1200) (5f35d90b0ab8157488fa58d07b0bc982) \\Device\\Harddisk0\\DR0\\Partition0\par 19:58:26.0602 2428\tab\\Device\\Harddisk0\\DR0\\Partition0 - ok\par 19:58:26.0616 2428\tab Boot (0x1200) (338a0e5de7d59309f79e937f0ae3e543) \\Device\\Harddisk0\\DR0\\Partition1\par 19:58:26.0631 2428\tab\\Device\\Harddisk0\\DR0\\Partition1 - ok\par 19:58:26.0632 2428\tab ============================================================\par 19:58:26.0632 2428\tab Scan finished\par 19:58:26.0632 2428\tab ============================================================\par 19:58:26.0652 5784\tab Detected object count: 1\par 19:58:26.0652 5784\tab Actual detected object count: 1\par 19:58:49.0751 5784\tab\\Device\\Harddisk0\\DR0\\# - copied to quarantine\par 19:58:49.0752 5784\tab\\Device\\Harddisk0\\DR0 - copied to quarantine\par 19:58:49.0969 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\cmd.dll - copied to quarantine\par 19:58:49.0975 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\cmd64.dll - copied to quarantine\par 19:58:49.0987 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\sub.dll - copied to quarantine\par 19:58:49.0998 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\subx.dll - copied to quarantine\par 19:58:50.0034 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\drv32 - copied to quarantine\par 19:58:50.0055 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\drv64 - copied to quarantine\par 19:58:50.0058 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\servers.dat - copied to quarantine\par 19:58:50.0061 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\config.ini - copied to quarantine\par 19:58:50.0066 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\ldr16 - copied to quarantine\par 19:58:50.0076 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\ldr32 - copied to quarantine\par 19:58:50.0083 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\ldr64 - copied to quarantine\par 19:58:50.0087 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\s - copied to quarantine\par 19:58:50.0091 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\ldrm - copied to quarantine\par 19:58:50.0095 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\u - copied to quarantine\par 19:58:50.0122 5784\tab\\Device\\Harddisk0\\DR0\\TDLFS\\ph.dll - copied to quarantine\par 19:58:50.0152 5784\tab\\Device\\Harddisk0\\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot\par 19:58:50.0243 5784\tab\\Device\\Harddisk0\\DR0 - ok\par 19:58:50.0263 5784\tab\\Device\\Harddisk0\\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure \par \pard\sa200\sl276\slmult1\cf0\lang9\f1\fs22\par }
- July 19, 2012
- 25 replies
Please help! random advertisement playing in background, possible malware =[

michael123 replied to michael123's topic in Resolved Malware Removal Logs

Info.txt info.txt logfile of random's system information tool 1.09 2012-07-18 20:08:34 ======Uninstall list====== -->MsiExec /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9} 64 Bit HP CIO Components Installer-->MsiExec.exe /I{55D55008-E5F6-47D6-B16F-B2A40D4D145F} Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{47FA2C44-D148-4DBC-AF60-B91934AA4842} Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe -maintain plugin Adobe Reader X (10.1.3)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001} Adobe Shockwave Player 11.6-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe" Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2} Apple Mobile Device Support-->MsiExec.exe /I{75104836-CAC7-444E-A39E-3F54151942F5} Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE} Avira Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE Belkin Connect Wireless USB Adapter-->"C:\Program Files (x86)\InstallShield Installation Information\{08B73C99-D071-488F-8861-5DDA897C510D}\setup.exe" -runfromtemp -l0x0409 -removeonly Belkin Connect Wireless USB Adapter-->MsiExec.exe /X{08B73C99-D071-488F-8861-5DDA897C510D} Belkin Wireless G USB Adapter Driver-->C:\Program Files (x86)\InstallShield Installation Information\{D593C72C-435B-4171-8106-9CA8AA34D716}\Install.exe -uninst -l0x9 Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D} CCleaner-->"C:\Program Files\CCleaner\uninst.exe" Counter-Strike: Condition Zero-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/80 Counter-Strike: Source-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/240 Diablo III-->C:\Program Files (x86)\Common Files\Blizzard Entertainment\Diablo III (2)\Uninstall.exe DVDVideoSoftTB Toolbar-->C:\Program Files (x86)\DVDVideoSoftTB\uninstall.exe toolbar ERUNT 1.1j-->C:\desktop\unins000.exe Free Studio version 5.3.3-->C:\Program Files (x86)\Common Files\DVDVideoSoft\Uninstall.exe Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\Installer\setup.exe" --uninstall --multi-install --chrome --system-level --verbose-logging Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Half-Life-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/70 HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall HP Customer Participation Program 13.0-->C:\Program Files (x86)\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3-->C:\Program Files (x86)\HP\Digital Imaging\{A00C9114-40E6-4C70-A619-7DF264B23485}\setup\hpzscr40.exe -datfile hposcr28.dat -onestop -forcereboot HP Imaging Device Functions 13.0-->C:\Program Files (x86)\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Essential 3.5-->C:\Program Files (x86)\HP\Digital Imaging\PhotosmartEssential\hpzscr01.exe -datfile hpqbud13.dat -forcereboot HP Smart Web Printing 4.51-->C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat HP Solution Center 13.0-->C:\Program Files (x86)\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4} ijji - Gunz-->C:\ijji\ENGLISH\Gunz\Uninstall.exe iTunes-->MsiExec.exe /I{5E11C972-1E76-45FE-8F92-14E0D1140B1B} Java 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216027FF} Java 7 Update 4-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217004FF} JavaFX 2.1.0-->MsiExec.exe /X{1111706F-666A-4037-7777-210328764D10} League of Legends-->"C:\Program Files (x86)\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -runfromtemp -l0x0409 -removeonly Malwarebytes Anti-Malware version 1.60.0.1800-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe" McAfee Security Scan Plus-->"C:\Program Files (x86)\McAfee Security Scan\uninstall.exe" Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Mozilla Firefox 14.0.1 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe" MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nexon Game Manager-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:0 -locale:US -load_from_local NVIDIA 3D Vision Controller Driver 296.10-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.NVIRUSB NVIDIA 3D Vision Driver 296.10-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.3DVision NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI NVIDIA Graphics Driver 296.10-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver NVIDIA PhysX System Software 9.12.0213-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.PhysX NVIDIA PhysX-->MsiExec.exe /X{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9} NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask NVIDIA Update 1.7.11-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Update Premiumplay Codec-C-->C:\Program Files (x86)\Premiumplay Codec-C\Uninstall.exe PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A} REACTOR-->"C:\Program Files (x86)\InstallShield Installation Information\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}\setup.exe" -runfromtemp -l0x0009 -removeonly Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client Shop for HP Supplies-->C:\Program Files (x86)\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120} Skype™ 5.6-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A} Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} Stellar Phoenix Photo Recovery-->"C:\Program Files (x86)\Stellar Phoenix Photo Recovery\unins000.exe" SuddenAttack-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -game:33583123 -locale:US SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe" swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726} Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} WinRAR 4.01 (32-bit)-->C:\Program Files (x86)\WinRAR\uninstall.exe ======System event log====== Computer Name: BugsBunny-PC Event Code: 7023 Message: The IP Helper service terminated with the following error: The specified module could not be found. Record Number: 41259 Source Name: Service Control Manager Time Written: 20120121185447.573400-000 Event Type: Error User: Computer Name: BugsBunny-PC Event Code: 4001 Message: WLAN AutoConfig service has successfully stopped. Record Number: 41159 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120121183458.773200-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: BugsBunny-PC Event Code: 7016 Message: The NVIDIA Display Driver Service service has reported an invalid current state 32. Record Number: 41142 Source Name: Service Control Manager Time Written: 20120121183457.915200-000 Event Type: Error User: Computer Name: BugsBunny-PC Event Code: 1 Message: Unexpected failure. Error code: 490@01010004 Record Number: 41117 Source Name: VDS Basic Provider Time Written: 20120121183043.000000-000 Event Type: Error User: Computer Name: BugsBunny-PC Event Code: 4001 Message: WLAN AutoConfig service has successfully stopped. Record Number: 41007 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20120121182429.345400-000 Event Type: Warning User: NT AUTHORITY\SYSTEM =====Application event log===== Computer Name: BugsBunny-PC Event Code: 6005 Message: The winlogon notification subscriber <TrustedInstaller> is taking long time to handle the notification event (CreateSession). Record Number: 306 Source Name: Microsoft-Windows-Winlogon Time Written: 20110925021213.000000-000 Event Type: Warning User: Computer Name: BugsBunny-PC Event Code: 1530 Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-1389837607-2242571852-52406370-1001: Process 496 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1389837607-2242571852-52406370-1001 Process 2764 (\Device\HarddiskVolume2\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe) has opened key \REGISTRY\USER\S-1-5-21-1389837607-2242571852-52406370-1001\Software\Intel\LANDesk\VirusProtect6\CurrentVersion\Custom Tasks Record Number: 294 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20110925020542.807600-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: BugsBunny-PC Event Code: 4621 Message: The COM+ Event System could not remove the EventSystem.EventSubscription object {4754316E-C139-4747-A79E-6771CEF63EF3}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. Object name: SLSVC_LOGON Object description: The HRESULT was 80070005. Record Number: 259 Source Name: Microsoft-Windows-EventSystem Time Written: 20110925011757.000000-000 Event Type: Error User: Computer Name: BugsBunny-PC Event Code: 1008 Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. Record Number: 168 Source Name: Microsoft-Windows-Search Time Written: 20110925002723.000000-000 Event Type: Warning User: Computer Name: BugsBunny-PC Event Code: 11 Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 360) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application. Record Number: 167 Source Name: Microsoft-Windows-RPC-Events Time Written: 20110925002718.257000-000 Event Type: Warning User: NT AUTHORITY\LOCAL SERVICE =====Security event log===== Computer Name: 37L4247E29-32 Event Code: 4735 Message: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: 37L4247E29-32$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: - Record Number: 5 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110925031120.330000-000 Event Type: Audit Success User: Computer Name: 37L4247E29-32 Event Code: 4731 Message: A security-enabled local group was created. Subject: Security ID: S-1-5-18 Account Name: 37L4247E29-32$ Account Domain: WORKGROUP Logon ID: 0x3e7 New Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Attributes: SAM Account Name: Backup Operators SID History: - Additional Information: Privileges: - Record Number: 4 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110925031120.330000-000 Event Type: Audit Success User: Computer Name: 37L4247E29-32 Event Code: 4902 Message: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x3138d Record Number: 3 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110925031119.971200-000 Event Type: Audit Success User: Computer Name: 37L4247E29-32 Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 2 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110925031117.600000-000 Event Type: Audit Success User: Computer Name: 37L4247E29-32 Event Code: 4608 Message: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Record Number: 1 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20110925031117.522000-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=AMD64 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=4 "PROCESSOR_LEVEL"=16 "PROCESSOR_IDENTIFIER"=AMD64 Family 16 Model 2 Stepping 3, AuthenticAMD "PROCESSOR_REVISION"=0203 "asl.log"=Destination=file checkup.txt Results of screen317's Security Check version 0.99.43 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Out of date HijackThis installed! Malwarebytes Anti-Malware version 1.60.0.1800 HijackThis 2.0.2 JavaFX 2.1.0 Java 6 Update 29 Java 7 Update 4 Java version out of Date! Adobe Reader X (10.1.3) Mozilla Firefox (14.0.1) Google Chrome 20.0.1132.57 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
- July 19, 2012
- 25 replies
Please help! random advertisement playing in background, possible malware =[

michael123 replied to michael123's topic in Resolved Malware Removal Logs

Thank you soooo much for the reply! I have no idea wat i just did , but i have followed your directions step by step. Here are the logs you've asked for : aswMBR report; aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-18 16:21:36 ----------------------------- 16:21:36.153 OS Version: Windows x64 6.1.7600 16:21:36.153 Number of processors: 4 586 0x203 16:21:36.153 ComputerName: BUGSBUNNY-PC UserName: Bugs Bunny 16:21:37.676 Initialize success 16:23:09.918 AVAST engine defs: 12071800 16:24:40.254 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064 16:24:40.258 Disk 0 Vendor: NVIDIA__ Size: 715404MB BusType: 8 16:24:40.262 Device \Driver\nvraid -> MajorFunction fffffa8005fb15e8 16:24:40.266 Disk 0 MBR read successfully 16:24:40.270 Disk 0 MBR scan 16:24:40.279 Disk 0 Windows 7 default MBR code 16:24:40.291 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 16:24:40.309 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848 16:24:40.349 Disk 0 scanning C:\Windows\system32\drivers 16:24:58.318 Service scanning 16:25:25.452 Modules scanning 16:25:25.464 Disk 0 trace - called modules: 16:25:25.472 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8005fb15e8]<< 16:25:25.482 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800522d060] 16:25:25.487 3 CLASSPNP.SYS[fffff88000e0143f] -> nt!IofCallDriver -> \Device\00000064[0xfffffa8004fc5060] 16:25:25.492 \Driver\nvraid[0xfffffa8005ec4e70] -> IRP_MJ_CREATE -> 0xfffffa8005fb15e8 16:25:27.680 AVAST engine scan C:\Windows 16:25:34.511 AVAST engine scan C:\Windows\system32 16:32:02.488 AVAST engine scan C:\Windows\system32\drivers 16:32:23.087 AVAST engine scan C:\Users\Bugs Bunny 16:36:59.401 AVAST engine scan C:\ProgramData 16:38:06.886 Scan finished successfully 19:52:23.873 Disk 0 MBR has been saved successfully to "C:\Users\Bugs Bunny\Documents\MBR.dat" 19:52:23.878 The log file has been saved successfully to "C:\Users\Bugs Bunny\Documents\aswMBR.txt" 19:52:34.608 Disk 0 MBR has been saved successfully to "C:\Users\Bugs Bunny\Desktop\MBR.dat" 19:52:34.614 The log file has been saved successfully to "C:\Users\Bugs Bunny\Desktop\aswMBR.txt" RKreport.txt log; RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User: Bugs Bunny [Admin rights] Mode: Scan -- Date: 07/18/2012 20:06:38 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [sUSP PATH] ERUNT AutoBackup.lnk @Bugs Bunny : C:\desktop\AUTOBACK.EXE -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: NVIDIA STRIPE 698.63G +++++ --- User --- [MBR] 8ddca4e5b1d54e3e1a7fffcd96ad90b0 [bSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 715302 Mo Error reading LL1 MBR! Error reading LL2 MBR! +++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt Log.txt; Logfile of random's system information tool 1.09 (written by random/random) Run by Bugs Bunny at 2012-07-18 20:08:27 Microsoft Windows 7 Ultimate System drive C: has 607 GB (85%) free of 715 GB Total RAM: 4863 MB (68% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:08:32 PM, on 7/18/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files\trend micro\Bugs Bunny.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: CrossriderApp0000435 - {11111111-1111-1111-1111-110011041135} - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1389837607-2242571852-52406370-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1389837607-2242571852-52406370-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: Dropbox.lnk = Bugs Bunny\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: ERUNT AutoBackup.lnk = C:\desktop\AUTOBACK.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe O8 - Extra context menu item: Free YouTube Download - C:\Users\Bugs Bunny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bugs Bunny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\system32\xsherlock.xem -- End of file - 10994 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\AUDIODG.EXE 0x2cc C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService "C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe" C:\Windows\system32\nvvsvc.exe -session -first C:\Windows\System32\spoolsv.exe "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" "taskhost.exe" C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe" "C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe" "C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1 "C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_000007a0 \??\C:\Windows\system32\conhost.exe "-2090980931535698363983461302151267386-19194347817404423691752995279817890251 "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-1b9fdd87-d60b-4528-a1f9-f2ea7ad5c16e -SystemEventPortName:HostProcess-831c850d-4b67-4a99-acb2-ccfa6e993cab -IoCancelEventPortName:HostProcess-d265817b-3eea-4f3e-b162-4482173d26a3 -NonStateChangingEventPortName:HostProcess-694b9c78-5b8b-43db-8489-ccfc1cf98c48 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:ad02dba2-aff8-4397-9a26-ee643ba71c81 "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe" "C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe" "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Deskjet F4200 series#1323038899" -Startup "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" C:\Windows\System32\svchost.exe -k secsvcs "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\system32\wbem\wmiprvse.exe "C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520 "C:\Windows\system32\wuauclt.exe" "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" "C:\Users\Bugs Bunny\Desktop\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5f957f63-c1a7-47b5-9bef-89507b8472fc.job C:\Windows\tasks\SUPERAntiSpyware Scheduled Task d921bfdc-0aea-458e-9479-8d3b230d2d3a.job =========Mozilla firefox========= ProfilePath - C:\Users\Bugs Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\rdp52gji.default prefs.js - "browser.search.useDBForOrder" - true prefs.js - "browser.startup.homepage" - "http://www.ask.com?o=10148&l=dis&tb=AVR-3" prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.3.300.265 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer] "Description"=Adobe Shockwave Player "Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.4.1] "Description"= "Path"=C:\Windows\SysWOW64\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=C:\Windows\system32\Wat\npWatWeb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nexon.net/NxGame] "Description"=Nexon Game Controller "Path"=C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision] "Description"=NVIDIA stereo images plugin for Mozilla browsers "Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] "Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers "Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin] "Description"=This plugin detects and launches Pando Media Booster "Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.3.300.265 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=C:\Windows\system32\Wat\npWatWeb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll C:\Program Files (x86)\Mozilla Firefox\extensions\ {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files (x86)\Mozilla Firefox\components\ binary.manifest browsercomps.dll npijjiFFPlugin1.xpt nsIQTScriptablePlugin.xpt C:\Program Files (x86)\Mozilla Firefox\plugins\ npijjiautoinstallpluginff.dll npijjiFFPlugin1.dll nppl3260.xpt QuickTimePlugin.class C:\Program Files (x86)\Mozilla Firefox\searchplugins\ amazondotcom.xml babylon.xml bing.xml bing.xml.old eBay.xml google.xml twitter.xml wikipedia.xml yahoo.xml C:\Users\Bugs Bunny\AppData\Roaming\Mozilla\Firefox\Profiles\rdp52gji.default\searchplugins\ bing-zugo.xml conduit.xml s-amazon.xml swagbuckscom.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135}] Premiumplay Codec-C - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll [2011-12-14 463872] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04 453504] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] DVDVideoSoftTB Toolbar - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll [2011-05-09 176936] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-11-14 3843232] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-04 1514152] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04 157576] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}] HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-04 1514152] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "MRT"=C:\Windows\system32\MRT.exe [2012-07-18 59701280] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-07-09 5661056] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\Program Files (x86)\Steam\Steam.exe [2011-12-31 1242448] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712] "Malwarebytes' Anti-Malware (reboot)"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2011-12-24 981680] "HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840] "hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528] "APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-11-02 59240] "iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2012-01-16 421736] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296] ""= [] "ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2012-01-04 1391272] "avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2012-05-02 348624] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe C:\Users\Bugs Bunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Dropbox.lnk - C:\Users\Bugs Bunny\AppData\Roaming\Dropbox\bin\Dropbox.exe ERUNT AutoBackup.lnk - C:\desktop\AUTOBACK.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "vidc.uyvy"=msyuv.dll "vidc.yuy2"=msyuv.dll "vidc.yvyu"=msyuv.dll "vidc.iyuv"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "vidc.yvu9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2012-07-18 20:08:28 ----D---- C:\Program Files\trend micro 2012-07-18 20:08:27 ----D---- C:\rsit 2012-07-18 19:58:48 ----D---- C:\TDSSKiller_Quarantine 2012-07-18 19:54:13 ----A---- C:\TDSSKiller.2.7.46.0_18.07.2012_19.54.13_log.txt 2012-07-18 16:15:49 ----D---- C:\Users\Bugs Bunny\AppData\Roaming\Avira 2012-07-18 16:13:22 ----D---- C:\desktop 2012-07-18 16:02:36 ----D---- C:\Program Files (x86)\Ask.com 2012-07-18 16:02:03 ----A---- C:\Windows\system32\drivers\avkmgr.sys 2012-07-18 16:02:02 ----A---- C:\Windows\system32\drivers\avipbb.sys 2012-07-18 16:02:02 ----A---- C:\Windows\system32\drivers\avgntflt.sys 2012-07-18 16:01:55 ----D---- C:\ProgramData\Avira 2012-07-18 16:01:55 ----D---- C:\Program Files (x86)\Avira 2012-07-18 12:54:16 ----D---- C:\Program Files (x86)\GUMDB22.tmp 2012-07-18 12:24:40 ----A---- C:\Windows\system32\win32k.sys 2012-07-18 12:23:19 ----A---- C:\Windows\system32\MRT.INI 2012-07-18 12:19:54 ----A---- C:\Windows\SYSWOW64\mshtmled.dll 2012-07-18 12:19:54 ----A---- C:\Windows\system32\mshtmled.dll 2012-07-18 12:19:53 ----A---- C:\Windows\SYSWOW64\url.dll 2012-07-18 12:19:53 ----A---- C:\Windows\system32\url.dll 2012-07-18 12:19:52 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2012-07-18 12:19:52 ----A---- C:\Windows\SYSWOW64\ieui.dll 2012-07-18 12:19:52 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2012-07-18 12:19:52 ----A---- C:\Windows\system32\urlmon.dll 2012-07-18 12:19:52 ----A---- C:\Windows\system32\ieui.dll 2012-07-18 12:19:52 ----A---- C:\Windows\system32\iertutil.dll 2012-07-18 12:19:51 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe 2012-07-18 12:19:51 ----A---- C:\Windows\system32\ieUnatt.exe 2012-07-18 12:19:50 ----A---- C:\Windows\SYSWOW64\wininet.dll 2012-07-18 12:19:50 ----A---- C:\Windows\system32\wininet.dll 2012-07-18 12:19:50 ----A---- C:\Windows\system32\jsproxy.dll 2012-07-18 12:19:49 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2012-07-18 12:19:49 ----A---- C:\Windows\SYSWOW64\jscript.dll 2012-07-18 12:19:49 ----A---- C:\Windows\system32\jscript9.dll 2012-07-18 12:19:49 ----A---- C:\Windows\system32\jscript.dll 2012-07-18 12:19:48 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2012-07-18 12:19:48 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2012-07-18 12:19:46 ----A---- C:\Windows\system32\mshtml.dll 2012-07-18 12:19:45 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2012-07-18 12:19:45 ----A---- C:\Windows\system32\ieframe.dll 2012-07-18 11:53:15 ----A---- C:\Windows\system32\FNTCACHE.DAT 2012-07-18 11:48:58 ----D---- C:\Users\Bugs Bunny\AppData\Roaming\SUPERAntiSpyware.com 2012-07-18 11:48:50 ----D---- C:\ProgramData\SUPERAntiSpyware.com 2012-07-18 11:48:50 ----D---- C:\Program Files\SUPERAntiSpyware 2012-07-18 11:29:48 ----D---- C:\Program Files (x86)\Trend Micro 2012-07-18 08:41:12 ----A---- C:\Windows\svchost.exe 2012-07-18 07:18:56 ----D---- C:\Program Files\Enigma Software Group 2012-07-18 07:16:40 ----D---- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP 2012-07-18 07:14:42 ----D---- C:\Users\Bugs Bunny\AppData\Roaming\SpeedyPC Software 2012-07-18 07:14:42 ----D---- C:\Users\Bugs Bunny\AppData\Roaming\DriverCure 2012-07-18 07:14:15 ----D---- C:\ProgramData\SpeedyPC Software 2012-07-18 07:14:15 ----D---- C:\Program Files (x86)\SpeedyPC Software 2012-07-18 04:17:35 ----D---- C:\ProgramData\Spybot - Search & Destroy 2012-07-18 04:17:35 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2012-07-17 23:31:58 ----D---- C:\Windows\Minidump 2012-07-17 22:43:33 ----D---- C:\ProgramData\PMB Files 2012-07-17 22:01:00 ----A---- C:\Windows\SYSWOW64\msxml6.dll 2012-07-17 22:01:00 ----A---- C:\Windows\SYSWOW64\msxml3.dll 2012-07-17 22:01:00 ----A---- C:\Windows\system32\msxml6.dll 2012-07-17 22:00:33 ----A---- C:\Windows\system32\shell32.dll 2012-07-17 22:00:26 ----A---- C:\Windows\SYSWOW64\shell32.dll 2012-07-17 22:00:11 ----A---- C:\Windows\system32\schannel.dll 2012-07-17 22:00:10 ----A---- C:\Windows\SYSWOW64\schannel.dll 2012-07-17 22:00:10 ----A---- C:\Windows\SYSWOW64\ncrypt.dll 2012-07-17 22:00:10 ----A---- C:\Windows\system32\ncrypt.dll 2012-07-17 22:00:10 ----A---- C:\Windows\system32\drivers\ksecpkg.sys 2012-07-17 22:00:10 ----A---- C:\Windows\system32\drivers\ksecdd.sys 2012-07-17 22:00:10 ----A---- C:\Windows\system32\drivers\cng.sys 2012-07-17 22:00:09 ----A---- C:\Windows\SYSWOW64\sspicli.dll 2012-07-17 22:00:09 ----A---- C:\Windows\SYSWOW64\secur32.dll 2012-07-13 01:36:12 ----D---- C:\Program Files (x86)\PC Tools Registry Mechanic 2012-07-12 22:37:39 ----D---- C:\Users\Bugs Bunny\AppData\Roaming\DivX 2012-07-12 22:36:54 ----D---- C:\Program Files\DivX 2012-07-12 22:35:58 ----D---- C:\Program Files (x86)\DivX 2012-07-12 22:35:24 ----D---- C:\ProgramData\DivX 2012-07-12 22:26:21 ----D---- C:\Program Files (x86)\MediaPlayerLite 2012-07-12 22:26:20 ----D---- C:\Program Files (x86)\Giant Savings 2012-07-12 22:21:40 ----D---- C:\Program Files (x86)\GUM91D3.tmp 2012-07-12 22:19:56 ----D---- C:\Program Files (x86)\QuickTime 2012-07-12 22:17:24 ----D---- C:\Program Files (x86)\Real 2012-07-12 22:16:45 ----D---- C:\Users\Bugs Bunny\AppData\Roaming\Real 2012-07-12 22:16:00 ----D---- C:\Program Files (x86)\Google 2012-07-12 22:10:25 ----D---- C:\ProgramData\Real 2012-07-11 04:00:11 ----A---- C:\Windows\system32\msxml3.dll 2012-07-11 04:00:11 ----A---- C:\Windows\system32\msxml3(63).dll 2012-06-24 12:52:19 ----A---- C:\Windows\system32\wups2.dll 2012-06-24 12:52:19 ----A---- C:\Windows\system32\wuauclt.exe 2012-06-24 12:52:18 ----A---- C:\Windows\system32\wucltux.dll 2012-06-24 12:52:18 ----A---- C:\Windows\system32\wuaueng.dll 2012-06-24 12:51:47 ----A---- C:\Windows\system32\wups.dll 2012-06-24 12:51:47 ----A---- C:\Windows\system32\wudriver.dll 2012-06-24 12:51:47 ----A---- C:\Windows\system32\wuapi.dll 2012-06-24 12:51:16 ----A---- C:\Windows\system32\wuwebv.dll 2012-06-24 12:51:16 ----A---- C:\Windows\system32\wuapp.exe ======List of files/folders modified in the last 1 month====== 2012-07-18 20:08:32 ----D---- C:\Windows\Prefetch 2012-07-18 20:08:31 ----D---- C:\Windows\Temp 2012-07-18 20:08:28 ----RD---- C:\Program Files 2012-07-18 20:07:21 ----D---- C:\Windows\System32 2012-07-18 20:07:21 ----D---- C:\Windows\inf 2012-07-18 20:07:21 ----A---- C:\Windows\system32\PerfStringBackup.INI 2012-07-18 20:04:39 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service 2012-07-18 20:04:28 ----D---- C:\Program Files (x86)\Mozilla Firefox 2012-07-18 20:03:08 ----D---- C:\Users\Bugs Bunny\AppData\Roaming\Dropbox 2012-07-18 20:02:19 ----D---- C:\ProgramData\NVIDIA 2012-07-18 20:00:39 ----D---- C:\Windows\system32\config 2012-07-18 19:57:17 ----SHD---- C:\System Volume Information 2012-07-18 19:54:15 ----D---- C:\Windows\system32\drivers 2012-07-18 18:00:01 ----D---- C:\Windows\system32\LogFiles 2012-07-18 16:04:35 ----SHD---- C:\$Recycle.Bin 2012-07-18 16:03:31 ----D---- C:\Windows\system32\catroot 2012-07-18 16:03:04 ----SHD---- C:\Windows\Installer 2012-07-18 16:02:39 ----HD---- C:\Config.Msi 2012-07-18 16:02:36 ----RD---- C:\Program Files (x86) 2012-07-18 16:01:55 ----HD---- C:\ProgramData 2012-07-18 16:00:13 ----D---- C:\Windows 2012-07-18 15:52:53 ----D---- C:\Program Files (x86)\Common Files 2012-07-18 15:52:42 ----D---- C:\Windows\SysWOW64 2012-07-18 12:49:09 ----D---- C:\Windows\winsxs 2012-07-18 12:44:55 ----D---- C:\Program Files (x86)\Internet Explorer 2012-07-18 12:44:54 ----D---- C:\Windows\SYSWOW64\migration 2012-07-18 12:44:50 ----D---- C:\Windows\system32\migration 2012-07-18 12:44:47 ----D---- C:\Program Files\Internet Explorer 2012-07-18 12:24:57 ----D---- C:\Windows\system32\catroot2 2012-07-18 12:20:56 ----D---- C:\Windows\debug 2012-07-18 12:20:54 ----A---- C:\Windows\system32\MRT.exe 2012-07-18 11:49:13 ----D---- C:\Windows\Tasks 2012-07-18 11:49:13 ----D---- C:\Windows\system32\Tasks 2012-07-18 11:37:14 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2012-07-18 11:37:08 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe 2012-07-18 11:18:21 ----D---- C:\Windows\system32\wfp 2012-07-18 11:18:20 ----RSD---- C:\Windows\Media 2012-07-18 11:18:13 ----D---- C:\Windows\system32\wbem 2012-07-18 11:16:25 ----D---- C:\Windows\system32\DriverStore 2012-07-18 11:16:25 ----D---- C:\Windows\system32\drivers\etc 2012-07-18 11:16:01 ----D---- C:\Windows\system32\Macromed 2012-07-18 11:16:00 ----D---- C:\Windows\system32\CodeIntegrity 2012-07-18 11:15:40 ----D---- C:\ProgramData\McAfee Security Scan 2012-07-18 11:15:40 ----D---- C:\Program Files (x86)\Steam 2012-07-18 11:15:40 ----D---- C:\Program Files (x86)\Premiumplay Codec-C 2012-07-18 11:15:40 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-18 11:15:38 ----D---- C:\Program Files (x86)\CrossriderWebApps 2012-07-18 11:14:01 ----D---- C:\Windows\registration 2012-07-18 11:13:07 ----D---- C:\Windows\SYSWOW64\Macromed 2012-07-18 11:11:22 ----D---- C:\Windows\system32\sysprep 2012-07-18 11:10:50 ----RD---- C:\Users 2012-07-18 11:10:31 ----D---- C:\Users\Bugs Bunny\AppData\Roaming\Skype 2012-07-18 11:10:26 ----SD---- C:\Users\Bugs Bunny\AppData\Roaming\Microsoft 2012-07-18 11:10:25 ----D---- C:\Users\Bugs Bunny\AppData\Roaming\Malwarebytes 2012-07-18 11:08:44 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2012-07-18 01:51:09 ----D---- C:\Windows\Logs 2012-07-17 21:52:04 ----D---- C:\Windows\SYSWOW64\wbem 2012-07-17 21:49:54 ----D---- C:\Windows\Downloaded Program Files 2012-07-13 19:03:07 ----AD---- C:\ProgramData\TEMP 2012-07-01 15:29:28 ----D---- C:\Windows\system32\FxsTmp 2012-06-25 14:00:36 ----D---- C:\Windows\rescache 2012-06-25 13:19:32 ----D---- C:\Windows\system32\en-US ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-13 214096] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2012-04-27 132832] R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-13 514048] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2012-04-25 98848] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960] R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-29 28704] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-01-06 676864] R3 SrvHsfPCIe;SrvHsfPCIe; C:\Windows\system32\DRIVERS\VSTBS36.SYS [2009-06-10 287744] R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-13 145920] S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-13 19968] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-13 43008] S3 dump_wmimmc;dump_wmimmc; \??\C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [] S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [] S3 NPPTNT2;NPPTNT2; \??\C:\Windows\syswow64\npptNT2.sys [2004-12-31 4682] S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-13 12352] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-13 165376] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-13 6656] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-13 34896] S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-08-02 51712] S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-13 200272] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-13 21760] S3 vtany;vtany; \??\C:\Windows\vtany.sys [] S3 xspirit;xspirit; \??\C:\Windows\xspirit.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-02 86224] R2 AntiVirService;Avira Realtime Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-05-02 110032] R2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-02 465360] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 27136] R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-13 27136] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-02-29 889664] R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272] R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-13 27136] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-18 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 250056] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-18 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120] S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2011-07-17 4390376] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 27136] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 27136] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-24 1255736] S3 xsherlock;xsherlock; C:\Windows\syswow64\xsherlock.xem [2012-05-27 670816] S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144] S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 27136] S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184] S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 934760] S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-03-15 489256] -----------------EOF-----------------
- July 19, 2012
- 25 replies
Please help! random advertisement playing in background, possible malware =[

michael123 replied to michael123's topic in Malwarebytes for Windows Support Forum

oo im sry i accidently read the last comment wrong and quoted rather than reply ~
- July 18, 2012
- 5 replies
- - advertisements
  - malware
  - (and 2 more)
    Tagged with:
    
    advertisements
    
    malware
    
    virus
    
    babylon
Please help! random advertisement playing in background, possible malware =[

michael123 replied to michael123's topic in Malwarebytes for Windows Support Forum

DDS.txt . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1 Run by Bugs Bunny at 13:23:32 on 2012-07-18 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4863.3004 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\WUDFHost.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe -netsvcs C:\Windows\system32\conhost.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 uInternet Settings,ProxyOverride = *.local mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Premiumplay Codec-C: {11111111-1111-1111-1111-110011041135} - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\BUGSBU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bugs Bunny\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) Attach.txt . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 9/24/2011 8:27:29 PM System Uptime: 7/18/2012 12:46:48 PM (1 hours ago) . Motherboard: PEGATRON CORPORATION | | VIOLA Processor: AMD Phenom™ 9550 Quad-Core Processor | CPU 1 | 1100/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 699 GiB total, 594.155 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable I: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP158: 7/17/2012 11:49:12 PM - Configured League of Legends RP159: 7/17/2012 11:53:16 PM - Configured League of Legends RP160: 7/18/2012 12:09:46 AM - Configured League of Legends RP161: 7/18/2012 12:17:10 AM - Restore Operation RP162: 7/18/2012 12:42:44 AM - Removed BabylonObjectInstaller RP163: 7/18/2012 12:47:56 AM - Removed BabylonObjectInstaller RP164: 7/18/2012 12:48:58 AM - Windows Update RP165: 7/18/2012 1:26:12 AM - Restore Operation RP166: 7/18/2012 1:47:28 AM - Windows Update RP167: 7/18/2012 3:05:55 AM - Windows Update RP168: 7/18/2012 7:16:44 AM - Installed SpyHunter RP169: 7/18/2012 8:45:55 AM - Removed SpyHunter RP170: 7/18/2012 8:47:01 AM - Removed SpyHunter RP171: 7/18/2012 11:04:25 AM - Restore Operation RP172: 7/18/2012 12:18:32 PM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) Adobe Shockwave Player 11.6 Apple Application Support Apple Software Update Belkin Connect Wireless USB Adapter Belkin Wireless G USB Adapter Driver BufferChm Copy Counter-Strike: Condition Zero Counter-Strike: Source Destinations DeviceDiscovery Diablo III
- July 18, 2012
- 5 replies
- - advertisements
  - malware
  - (and 2 more)
    Tagged with:
    
    advertisements
    
    malware
    
    virus
    
    babylon
Please help! random advertisement playing in background, possible malware =[

michael123 posted a topic in Resolved Malware Removal Logs

Hello~ I've been recently getting a random advertisement / music playing in the background coming from absolutely nothing. I've tried restarting numerous times, and even restored to an earlier point in time 3 times lol. It was proven no help and continued to make the random audio. I suspected it to be a virus/ malware so i ran numerous tests with spybot, malwarebytes, ccleaner and many more. I've also detected a babylon and managed to partially get rid of it. ( not quite sure if its fully removed because it is still in firefox about:config and some files continue to come back even after countless resets. And on IE i was able to disable babylon from search provider, but was unable to delete it). Im not quite sure if babylon has anything to do with this =/ , but if you could plz help me get to the bottom of this, itd rly help alot~ As you may already know, i dont know too much about computers =/ so a step by step direction would be greatly appreciated TY~ Also a system recovery is not responding and will not load for some reason =/ DDS.txt . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1 Run by Bugs Bunny at 13:23:32 on 2012-07-18 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4863.3004 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\WUDFHost.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe -netsvcs C:\Windows\system32\conhost.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe C:\Program Files (x86)\Symantec AntiVirus\VPTray.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 uInternet Settings,ProxyOverride = *.local mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Premiumplay Codec-C: {11111111-1111-1111-1111-110011041135} - C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" mRun: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\BUGSBU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bugs Bunny\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) Attach.txt . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 9/24/2011 8:27:29 PM System Uptime: 7/18/2012 12:46:48 PM (1 hours ago) . Motherboard: PEGATRON CORPORATION | | VIOLA Processor: AMD Phenom™ 9550 Quad-Core Processor | CPU 1 | 1100/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 699 GiB total, 594.155 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable I: is FIXED (NTFS) - 0 GiB total, 0.07 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP158: 7/17/2012 11:49:12 PM - Configured League of Legends RP159: 7/17/2012 11:53:16 PM - Configured League of Legends RP160: 7/18/2012 12:09:46 AM - Configured League of Legends RP161: 7/18/2012 12:17:10 AM - Restore Operation RP162: 7/18/2012 12:42:44 AM - Removed BabylonObjectInstaller RP163: 7/18/2012 12:47:56 AM - Removed BabylonObjectInstaller RP164: 7/18/2012 12:48:58 AM - Windows Update RP165: 7/18/2012 1:26:12 AM - Restore Operation RP166: 7/18/2012 1:47:28 AM - Windows Update RP167: 7/18/2012 3:05:55 AM - Windows Update RP168: 7/18/2012 7:16:44 AM - Installed SpyHunter RP169: 7/18/2012 8:45:55 AM - Removed SpyHunter RP170: 7/18/2012 8:47:01 AM - Removed SpyHunter RP171: 7/18/2012 11:04:25 AM - Restore Operation RP172: 7/18/2012 12:18:32 PM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) Adobe Shockwave Player 11.6 Apple Application Support Apple Software Update Belkin Connect Wireless USB Adapter Belkin Wireless G USB Adapter Driver BufferChm Copy Counter-Strike: Condition Zero Counter-Strike: Source Destinations DeviceDiscovery Diablo III
- July 18, 2012
- 25 replies
Please help! random advertisement playing in background, possible malware =[

michael123 posted a topic in Malwarebytes for Windows Support Forum

Hello~ I've been recently getting a random advertisement / music playing in the background coming from absolutely nothing. I've tried restarting numerous times, and even restored to an earlier point in time 3 times lol. It was proven no help and continued to make the random audio. I suspected it to be a virus/ malware so i ran numerous tests with spybot, malwarebytes, ccleaner and many more. I've also detected a babylon and managed to partially get rid of it. ( not quite sure if its fully removed because it is still in firefox about:config and some files continue to come back even after countless resets. And on IE i was able to disable babylon from search provider, but was unable to delete it). Im not quite sure if babylon has anything to do with this =/ , but if you could plz help me get to the bottom of this, itd rly help alot~ As you may already know, i dont know too much about computers =/ so a step by step direction would be greatly appreciated TY~ Also a system recovery is not responding and will not load for some reason =/
- July 18, 2012
- 5 replies
- - advertisements
  - malware
  - (and 2 more)
    Tagged with:
    
    advertisements
    
    malware
    
    virus
    
    babylon

Sign In

michael123

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by michael123

Please help! random advertisement playing in background, possible malware =[

Please help! random advertisement playing in background, possible malware =[

Please help! random advertisement playing in background, possible malware =[

Please help! random advertisement playing in background, possible malware =[

Please help! random advertisement playing in background, possible malware =[

Please help! random advertisement playing in background, possible malware =[

Please help! random advertisement playing in background, possible malware =[

Please help! random advertisement playing in background, possible malware =[

Please help! random advertisement playing in background, possible malware =[

Please help! random advertisement playing in background, possible malware =[

Please help! random advertisement playing in background, possible malware =[

Please help! random advertisement playing in background, possible malware =[

Please help! random advertisement playing in background, possible malware =[

Please help! random advertisement playing in background, possible malware =[

Please help! random advertisement playing in background, possible malware =[

Please help! random advertisement playing in background, possible malware =[

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information