Jump to content

Requesting assistance with removing trojan ect.


Recommended Posts

Hi! :)

A while ago I used MBAM and I found and removed several malware including loggers, worms and trojans. However since then my computer has been running slowly, and especially my internet browser (firefox) has been laggy and slow.. most noticeable when my comp. runs applications/online interfaces which require alot of RAM, for example when streaming videos.

I suspect I didn't remove all the malware, or I have a similar problem. Could you please help me with this? It would be greatly appreciated!

It might be worth mentioning that I downloaded and use applications which are pirated/cracked.

I'm on a HP minipc with an Intel Atom @1.66Ghz and 1GB Ram. running on a 32bit os (windows 7 starter)

(PS: I Added MBAM log and Antivir log in a seperate file, in addition to the file with the attach and ark files)

So here it goes:

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_27

Run by Viktor Antoniussen at 21:13:47 on 2011-09-23

Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1012.288 [GMT 2:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\aestsrv.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\rundll32.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe

C:\Windows\system32\conhost.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: H - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [sandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [ZumoDrive] "c:\program files\hewlett-packard\hp clouddrive\ZumoLauncher.lnk"

mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [pdvserv] c:\windows\pdvserv\pdvserv.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpmedi~1.lnk - c:\program files\hewlett-packard\hp media suite\home\ArcStart.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

TCP: DhcpNameServer = 130.67.15.198 193.213.112.4

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8} : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8} : DhcpNameServer = 130.67.15.198 193.213.112.4

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\07279667164743034303B62797 : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\07279667164743034303B62797 : DhcpNameServer = 130.67.15.198 193.213.112.4

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\265727765627F5B696E676 : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\265727765627F5B696E676 : DhcpNameServer = 193.75.75.75 193.75.75.193

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\269626C696F64756B6F5750514D20514357544F5269626C696F64756B6 : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\269626C696F64756B6F5750514D20514357544F5269626C696F64756B6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\34C45524021555142545542535 : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\34C45524021555142545542535 : DhcpNameServer = 208.67.222.222 208.67.220.220 10.71.0.1

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\4556C656B6F6D6 : DhcpNameServer = 10.120.136.116

TCP: Interfaces\{4C502AE4-2514-4A23-A651-11172EFFBFBD} : NameServer = 156.154.70.22,156.154.71.22

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

mASetup: {4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} - c:\program files\hewlett-packard\hp media suite\home\HPMediaSuite.exe "/installer"

mASetup: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - c:\windows\system32\wscript.exe "c:\program files\hewlett-packard\hp media suite\home\PinItem.vbs"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\viktor antoniussen\appdata\roaming\mozilla\firefox\profiles\ols8k9nu.default\

FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 37592]

R1 DVMIO;DeviceVM IO Service;c:\windows\system32\drivers\dvmio.sys [2009-11-11 18136]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-4 66616]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2011-3-31 230944]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-31 267880]

R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-8-27 129808]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

.

=============== Created Last 30 ================

.

2011-09-23 07:39:48 -------- d-----w- C:\HP_TOOLS_mountHPSF

2011-09-22 16:51:02 -------- d-----w- c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}

2011-09-04 21:36:23 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-09-04 21:30:48 -------- d-----w- c:\program files\CCleaner

2011-09-04 21:27:48 388096 ----a-r- c:\users\viktor antoniussen\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-09-04 21:23:51 -------- d-----w- c:\program files\Malware removal programs

2011-09-04 12:36:40 -------- d-----w- c:\users\viktor antoniussen\appdata\roaming\Avira

2011-09-04 12:16:05 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-09-04 12:15:58 -------- d-----w- c:\programdata\Avira

2011-09-04 12:15:58 -------- d-----w- c:\program files\Avira

2011-09-04 12:10:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-02 10:07:14 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ec45e51c-ea9e-4fe0-9943-a40cc3e01d36}\mpengine.dll

2011-08-31 16:11:32 -------- d-----w- c:\program files\FGP

.

==================== Find3M ====================

.

2011-09-04 21:35:41 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-08-31 15:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-10 13:20:34 285256 ----a-w- c:\windows\system32\guard32.dll

2011-07-10 13:20:31 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-07-10 13:20:30 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-07-10 13:20:30 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys

.

============= FINISH: 21:15:52,62 ===============

Attach.zip

Antivirfull&Mbam quickscan.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Great, here we go:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7809

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

27.09.2011 19:32:25

mbam-log-2011-09-27 (19-32-25).txt

Scan type: Quick scan

Objects scanned: 174384

Time elapsed: 11 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

I'll post both the combofix log and the dds, and I'll attach a zip with the attach-file

Here is the combofix log:

ComboFix 11-09-27.01 - Viktor Antoniussen 27.09.2011 20:13:48.1.2 - x86

Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1012.362 [GMT 2:00]

Running from: c:\users\Viktor Antoniussen\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))

.

.

2011-09-27 18:28 . 2011-09-27 18:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-23 07:39 . 2011-09-23 07:39 -------- d-----w- C:\HP_TOOLS_mountHPSF

2011-09-22 16:51 . 2011-09-22 16:51 -------- d-----w- c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}

2011-09-04 21:36 . 2011-09-04 21:36 -------- d-----w- c:\program files\Common Files\Java

2011-09-04 21:36 . 2011-09-04 21:35 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-09-04 21:35 . 2011-09-04 21:35 -------- d-----w- c:\program files\Java

2011-09-04 21:30 . 2011-09-04 21:30 -------- d-----w- c:\program files\CCleaner

2011-09-04 21:27 . 2011-09-04 21:27 388096 ----a-r- c:\users\Viktor Antoniussen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-04 21:23 . 2011-09-05 21:22 -------- d-----w- c:\program files\Malware removal programs

2011-09-04 12:36 . 2011-09-04 12:36 -------- d-----w- c:\users\Viktor Antoniussen\AppData\Roaming\Avira

2011-09-04 12:16 . 2011-07-21 10:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-09-04 12:16 . 2011-07-21 10:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-09-04 12:15 . 2011-09-04 12:15 -------- d-----w- c:\programdata\Avira

2011-09-04 12:15 . 2011-09-04 12:15 -------- d-----w- c:\program files\Avira

2011-09-04 12:10 . 2011-09-04 12:10 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-02 10:07 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC45E51C-EA9E-4FE0-9943-A40CC3E01D36}\mpengine.dll

2011-08-31 16:11 . 2011-08-31 16:12 -------- d-----w- c:\program files\FGP

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-04 21:35 . 2010-07-27 10:00 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-08-31 15:00 . 2011-05-17 14:45 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-10 13:20 . 2011-05-02 18:36 285256 ----a-w- c:\windows\system32\guard32.dll

2011-07-10 13:20 . 2011-05-07 14:17 82400 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-07-10 13:20 . 2011-05-02 18:36 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-07-10 13:20 . 2011-05-02 18:36 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-07-10 13:20 . 2011-05-02 18:36 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-09-08 07:32 . 2011-04-26 18:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-08-27 434960]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-06-09 495708]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]

"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-07-02 602680]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-07-27 2034]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-07-10 2554696]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-2 91648]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\guard32.dll

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google-oppdatering-tjenesten (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-01 136176]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe [2009-08-24 406016]

R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-01 136176]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-07-10 238960]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-07-10 37592]

S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 18136]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]

S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-07-02 27192]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-05-07 230944]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-05-31 267880]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-23 550760]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-23 195944]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-23 21864]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-23 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - pxdcypoc

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}]

2010-06-24 02:47 687104 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]

2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-01 10:14]

.

2011-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-01 10:14]

.

2011-09-23 c:\windows\Tasks\HPCeeScheduleForViktor Antoniussen.job

- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 130.67.15.198 193.213.112.4

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}: NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\07279667164743034303B62797: NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\265727765627F5B696E676: NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\269626C696F64756B6F5750514D20514357544F5269626C696F64756B6: NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\34C45524021555142545542535: NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{4C502AE4-2514-4A23-A651-11172EFFBFBD}: NameServer = 156.154.70.22,156.154.71.22

FF - ProfilePath - c:\users\Viktor Antoniussen\AppData\Roaming\Mozilla\Firefox\Profiles\ols8k9nu.default\

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

HKLM-Run-pdvserv - c:\windows\pdvserv\pdvserv.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*]

"value"="?\04\03\1b\011\01'"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(532)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'lsass.exe'(600)

c:\windows\system32\guard32.dll

.

Completion time: 2011-09-27 20:35:07

ComboFix-quarantined-files.txt 2011-09-27 18:35

.

Pre-Run: 81 655 193 600 bytes free

Post-Run: 81 527 050 240 bytes free

.

- - End Of File - - 2351B6AA7AAE5BE2509E1E13449BD607

And the DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_27

Run by Viktor Antoniussen at 20:36:58 on 2011-09-27

Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1012.197 [GMT 2:00]

.

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\aestsrv.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\microsoft shared\virtualization handler\cvh.exe

C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\notepad.exe

C:\Windows\explorer.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [sandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [ZumoDrive] "c:\program files\hewlett-packard\hp clouddrive\ZumoLauncher.lnk"

mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpmedi~1.lnk - c:\program files\hewlett-packard\hp media suite\home\ArcStart.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

TCP: DhcpNameServer = 130.67.15.198 193.213.112.4

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8} : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8} : DhcpNameServer = 130.67.15.198 193.213.112.4

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\07279667164743034303B62797 : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\07279667164743034303B62797 : DhcpNameServer = 130.67.15.198 193.213.112.4

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\265727765627F5B696E676 : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\265727765627F5B696E676 : DhcpNameServer = 193.75.75.75 193.75.75.193

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\269626C696F64756B6F5750514D20514357544F5269626C696F64756B6 : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\269626C696F64756B6F5750514D20514357544F5269626C696F64756B6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\34C45524021555142545542535 : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\34C45524021555142545542535 : DhcpNameServer = 208.67.222.222 208.67.220.220 10.71.0.1

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\4556C656B6F6D6 : DhcpNameServer = 10.120.136.116

TCP: Interfaces\{4C502AE4-2514-4A23-A651-11172EFFBFBD} : NameServer = 156.154.70.22,156.154.71.22

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

mASetup: {4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} - c:\program files\hewlett-packard\hp media suite\home\HPMediaSuite.exe "/installer"

mASetup: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - c:\windows\system32\wscript.exe "c:\program files\hewlett-packard\hp media suite\home\PinItem.vbs"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\viktor antoniussen\appdata\roaming\mozilla\firefox\profiles\ols8k9nu.default\

FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 37592]

R1 DVMIO;DeviceVM IO Service;c:\windows\system32\drivers\dvmio.sys [2009-11-11 18136]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-3-31 81920]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-9-4 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-9-4 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-4 66616]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-6-19 103992]

R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2010-7-2 27192]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2011-3-31 230944]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-31 267880]

R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-8-27 129808]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google-oppdatering-tjenesten (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-1 136176]

S2 HP Support Assistant Service;HP Support Assistant Service;"c:\program files\hewlett-packard\hp support framework\hpsa_service.exe" --> c:\program files\hewlett-packard\hp support framework\hpsa_service.exe [?]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 2010 advanced\DfSdkS.exe [2011-5-20 406016]

S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-1 136176]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]

.

=============== Created Last 30 ================

.

2011-09-27 18:35:22 -------- d-sh--w- C:\$RECYCLE.BIN

2011-09-27 18:09:17 98816 ----a-w- c:\windows\sed.exe

2011-09-27 18:09:17 518144 ----a-w- c:\windows\SWREG.exe

2011-09-27 18:09:17 256000 ----a-w- c:\windows\PEV.exe

2011-09-27 18:09:17 208896 ----a-w- c:\windows\MBR.exe

2011-09-23 07:39:48 -------- d-----w- C:\HP_TOOLS_mountHPSF

2011-09-22 16:51:02 -------- d-----w- c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}

2011-09-04 21:36:23 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-09-04 21:30:48 -------- d-----w- c:\program files\CCleaner

2011-09-04 21:27:48 388096 ----a-r- c:\users\viktor antoniussen\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-09-04 21:23:51 -------- d-----w- c:\program files\Malware removal programs

2011-09-04 12:36:40 -------- d-----w- c:\users\viktor antoniussen\appdata\roaming\Avira

2011-09-04 12:16:05 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-09-04 12:15:58 -------- d-----w- c:\programdata\Avira

2011-09-04 12:15:58 -------- d-----w- c:\program files\Avira

2011-09-04 12:10:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-02 10:07:14 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ec45e51c-ea9e-4fe0-9943-a40cc3e01d36}\mpengine.dll

2011-08-31 16:11:32 -------- d-----w- c:\program files\FGP

.

==================== Find3M ====================

.

2011-09-04 21:35:41 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-08-31 15:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-10 13:20:34 285256 ----a-w- c:\windows\system32\guard32.dll

2011-07-10 13:20:31 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-07-10 13:20:30 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-07-10 13:20:30 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys

.

============= FINISH: 20:38:06,41 ===============

Attach.txt

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

  • 2 weeks later...

Hi,

Next, please run a free online scan with the ESET Online Scanner

Hi, I did what u said about the scanner, I may have messed up a little bit tho, I ran it twice. I checked all the boxes except the custom scan box when scanning for the first time, and I found 5 infected files with Win32 installcore.c and a hacktool patcher and something else I don't remember, weird since I came out clean from MBAM with similar infections.

However, my new scan with just the default boxes checked came out clean so I guess there wasn't much to log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

esets_scanner_update returned -1 esets_gle=12

(This was the log u asked for right?)

I'll do the rest now. Thanks again!

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.24

Windows 7 x86

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

Avira AntiVir Personal - Free Antivirus

ESET Online Scanner v3

COMODO Internet Security

WMI entry may not exist for antivirus; attempting automatic update.

Avira successfully updated!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Wise Registry Cleaner 5.9.4

Java 6 Update 27

Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date!

Mozilla Thunderbird (6.0.2) Thunderbird Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

Link to post
Share on other sites

  • Staff

Hi,

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Adobe Flash Player ( 10.3.183.7)

Restart your computer.

Get the latest version of Adobe Flash Player.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

Hey. Just found out my hotmail account has been shut down in order to prevent my account from spreading spam. I opened it and saw several delivery status notification failures, with spam messages, which means I'm compromized with a backdoor trojan right? I'll answer you asap the next times, in order to correct this if possible.

Link to post
Share on other sites

  • Staff

Hi,

If your computer is compromised then a backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

Hey!

I don't have the money for a new OS and and I don't have a cd-rom. I have a external harddisk however but wouldn't it be compromized too? There's some important work on it which needs to be keept clean. Unless I have another option I'd like to continue with the cleaning process! I understand that you can't guarantee 100% safety

Link to post
Share on other sites

  • Staff

Okay.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

-screen317

Link to post
Share on other sites

Okay.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

-screen317

Hey I just copied the first report,

00:04:54.0558 6180 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01

00:04:55.0252 6180 ============================================================

00:04:55.0252 6180 Current date / time: 2011/10/30 00:04:55.0252

00:04:55.0252 6180 SystemInfo:

00:04:55.0252 6180

00:04:55.0253 6180 OS Version: 6.1.7600 ServicePack: 0.0

00:04:55.0253 6180 Product type: Workstation

00:04:55.0253 6180 ComputerName: MASKINEN

00:04:55.0254 6180 UserName: Viktor Antoniussen

00:04:55.0254 6180 Windows directory: C:\Windows

00:04:55.0254 6180 System windows directory: C:\Windows

00:04:55.0254 6180 Processor architecture: Intel x86

00:04:55.0254 6180 Number of processors: 2

00:04:55.0254 6180 Page size: 0x1000

00:04:55.0254 6180 Boot type: Normal boot

00:04:55.0254 6180 ============================================================

00:04:56.0627 6180 Initialize success

00:27:26.0735 6664 ============================================================

00:27:26.0735 6664 Scan started

00:27:26.0735 6664 Mode: Manual;

00:27:26.0735 6664 ============================================================

00:27:28.0518 6664 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

00:27:28.0610 6664 1394ohci - ok

00:27:28.0669 6664 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

00:27:28.0681 6664 ACPI - ok

00:27:28.0738 6664 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

00:27:28.0782 6664 AcpiPmi - ok

00:27:28.0854 6664 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

00:27:28.0910 6664 adp94xx - ok

00:27:29.0002 6664 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

00:27:29.0056 6664 adpahci - ok

00:27:29.0139 6664 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

00:27:29.0172 6664 adpu320 - ok

00:27:29.0297 6664 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

00:27:29.0307 6664 AFD - ok

00:27:29.0441 6664 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

00:27:29.0489 6664 agp440 - ok

00:27:29.0553 6664 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

00:27:29.0592 6664 aic78xx - ok

00:27:29.0632 6664 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

00:27:29.0659 6664 aliide - ok

00:27:29.0697 6664 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

00:27:29.0741 6664 amdagp - ok

00:27:30.0077 6664 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

00:27:30.0113 6664 amdide - ok

00:27:30.0149 6664 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

00:27:30.0193 6664 AmdK8 - ok

00:27:30.0220 6664 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

00:27:30.0256 6664 AmdPPM - ok

00:27:30.0302 6664 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

00:27:30.0352 6664 amdsata - ok

00:27:30.0401 6664 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

00:27:30.0442 6664 amdsbs - ok

00:27:30.0479 6664 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

00:27:30.0485 6664 amdxata - ok

00:27:30.0656 6664 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

00:27:30.0704 6664 AppID - ok

00:27:30.0836 6664 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

00:27:30.0868 6664 arc - ok

00:27:30.0936 6664 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

00:27:30.0988 6664 arcsas - ok

00:27:31.0061 6664 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

00:27:31.0088 6664 AsyncMac - ok

00:27:31.0157 6664 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

00:27:31.0164 6664 atapi - ok

00:27:31.0244 6664 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys

00:27:31.0250 6664 avgntflt - ok

00:27:31.0295 6664 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys

00:27:31.0333 6664 avipbb - ok

00:27:31.0426 6664 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

00:27:31.0498 6664 b06bdrv - ok

00:27:31.0635 6664 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

00:27:31.0676 6664 b57nd60x - ok

00:27:31.0824 6664 BCM43XX (9c3b534854f0152ed4711d936a2192eb) C:\Windows\system32\DRIVERS\bcmwl6.sys

00:27:31.0981 6664 BCM43XX - ok

00:27:32.0087 6664 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

00:27:32.0131 6664 Beep - ok

00:27:32.0203 6664 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

00:27:32.0235 6664 blbdrive - ok

00:27:32.0280 6664 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

00:27:32.0287 6664 bowser - ok

00:27:32.0330 6664 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

00:27:32.0350 6664 BrFiltLo - ok

00:27:32.0402 6664 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

00:27:32.0420 6664 BrFiltUp - ok

00:27:32.0486 6664 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

00:27:32.0533 6664 Brserid - ok

00:27:32.0570 6664 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

00:27:32.0622 6664 BrSerWdm - ok

00:27:32.0676 6664 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

00:27:32.0702 6664 BrUsbMdm - ok

00:27:32.0747 6664 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

00:27:32.0778 6664 BrUsbSer - ok

00:27:32.0822 6664 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

00:27:32.0854 6664 BTHMODEM - ok

00:27:32.0967 6664 catchme - ok

00:27:33.0077 6664 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

00:27:33.0114 6664 cdfs - ok

00:27:33.0162 6664 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

00:27:33.0205 6664 cdrom - ok

00:27:33.0296 6664 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

00:27:33.0332 6664 circlass - ok

00:27:33.0416 6664 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

00:27:33.0424 6664 CLFS - ok

00:27:33.0494 6664 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

00:27:33.0518 6664 CmBatt - ok

00:27:33.0587 6664 cmdGuard (544747035c7fa83d9e9d0a13f6e58bc4) C:\Windows\system32\DRIVERS\cmdguard.sys

00:27:33.0594 6664 cmdGuard - ok

00:27:33.0644 6664 cmdHlp (7faba2d3b4912b8762d1fec63ad12525) C:\Windows\system32\DRIVERS\cmdhlp.sys

00:27:33.0647 6664 cmdHlp - ok

00:27:33.0691 6664 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

00:27:33.0722 6664 cmdide - ok

00:27:33.0792 6664 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

00:27:33.0805 6664 CNG - ok

00:27:33.0858 6664 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

00:27:33.0863 6664 Compbatt - ok

00:27:33.0910 6664 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

00:27:33.0939 6664 CompositeBus - ok

00:27:33.0983 6664 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

00:27:34.0011 6664 crcdisk - ok

00:27:34.0138 6664 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

00:27:34.0144 6664 DfsC - ok

00:27:34.0194 6664 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

00:27:34.0198 6664 discache - ok

00:27:34.0237 6664 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

00:27:34.0242 6664 Disk - ok

00:27:34.0320 6664 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

00:27:34.0371 6664 Dot4 - ok

00:27:34.0427 6664 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys

00:27:34.0471 6664 Dot4Print - ok

00:27:34.0510 6664 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys

00:27:34.0538 6664 dot4usb - ok

00:27:34.0598 6664 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

00:27:34.0630 6664 drmkaud - ok

00:27:34.0681 6664 DVMIO (ff7a7a1e0f9a0ab892a454ffb9d14bbe) C:\Windows\system32\DRIVERS\dvmio.sys

00:27:34.0712 6664 DVMIO - ok

00:27:34.0786 6664 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

00:27:34.0914 6664 DXGKrnl - ok

00:27:35.0142 6664 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

00:27:35.0310 6664 ebdrv - ok

00:27:35.0438 6664 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

00:27:35.0482 6664 elxstor - ok

00:27:35.0524 6664 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

00:27:35.0548 6664 ErrDev - ok

00:27:35.0647 6664 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

00:27:35.0694 6664 exfat - ok

00:27:35.0740 6664 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

00:27:35.0747 6664 fastfat - ok

00:27:35.0794 6664 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

00:27:35.0824 6664 fdc - ok

00:27:35.0901 6664 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

00:27:35.0907 6664 FileInfo - ok

00:27:35.0941 6664 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

00:27:35.0965 6664 Filetrace - ok

00:27:36.0015 6664 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

00:27:36.0046 6664 flpydisk - ok

00:27:36.0108 6664 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

00:27:36.0116 6664 FltMgr - ok

00:27:36.0168 6664 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

00:27:36.0201 6664 FsDepends - ok

00:27:36.0245 6664 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

00:27:36.0281 6664 Fs_Rec - ok

00:27:36.0337 6664 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

00:27:36.0343 6664 fvevol - ok

00:27:36.0388 6664 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

00:27:36.0427 6664 gagp30kx - ok

00:27:36.0520 6664 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

00:27:36.0555 6664 hcw85cir - ok

00:27:36.0619 6664 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

00:27:36.0674 6664 HdAudAddService - ok

00:27:36.0721 6664 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

00:27:36.0780 6664 HDAudBus - ok

00:27:36.0884 6664 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

00:27:36.0919 6664 HidBatt - ok

00:27:36.0979 6664 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

00:27:37.0016 6664 HidBth - ok

00:27:37.0076 6664 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

00:27:37.0123 6664 HidIr - ok

00:27:37.0228 6664 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

00:27:37.0271 6664 HidUsb - ok

00:27:37.0549 6664 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

00:27:37.0585 6664 HpSAMD - ok

00:27:37.0674 6664 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

00:27:37.0687 6664 HTTP - ok

00:27:37.0722 6664 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

00:27:37.0724 6664 hwpolicy - ok

00:27:37.0774 6664 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

00:27:37.0808 6664 i8042prt - ok

00:27:37.0890 6664 iaStor (0baa4115dfffd6a6d809a89d65e1281a) C:\Windows\system32\DRIVERS\iaStor.sys

00:27:37.0895 6664 iaStor - ok

00:27:37.0959 6664 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

00:27:38.0017 6664 iaStorV - ok

00:27:38.0224 6664 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\Windows\system32\DRIVERS\igdkmd32.sys

00:27:38.0449 6664 igfx - ok

00:27:38.0563 6664 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

00:27:38.0621 6664 iirsp - ok

00:27:38.0689 6664 inspect (aa686b40a4f837bc66ad3183b2bbd981) C:\Windows\system32\DRIVERS\inspect.sys

00:27:38.0692 6664 inspect - ok

00:27:38.0737 6664 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

00:27:38.0768 6664 intelide - ok

00:27:38.0820 6664 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

00:27:38.0856 6664 intelppm - ok

00:27:38.0958 6664 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:27:39.0011 6664 IpFilterDriver - ok

00:27:39.0073 6664 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

00:27:39.0126 6664 IPMIDRV - ok

00:27:39.0197 6664 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

00:27:39.0236 6664 IPNAT - ok

00:27:39.0288 6664 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

00:27:39.0314 6664 IRENUM - ok

00:27:39.0363 6664 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

00:27:39.0409 6664 isapnp - ok

00:27:39.0468 6664 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

00:27:39.0508 6664 iScsiPrt - ok

00:27:39.0555 6664 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

00:27:39.0602 6664 kbdclass - ok

00:27:39.0653 6664 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

00:27:39.0692 6664 kbdhid - ok

00:27:39.0751 6664 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

00:27:39.0757 6664 KSecDD - ok

00:27:39.0809 6664 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

00:27:39.0816 6664 KSecPkg - ok

00:27:39.0903 6664 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

00:27:39.0941 6664 lltdio - ok

00:27:40.0094 6664 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

00:27:40.0136 6664 LSI_FC - ok

00:27:40.0211 6664 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

00:27:40.0270 6664 LSI_SAS - ok

00:27:40.0323 6664 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

00:27:40.0371 6664 LSI_SAS2 - ok

00:27:40.0414 6664 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

00:27:40.0447 6664 LSI_SCSI - ok

00:27:40.0508 6664 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

00:27:40.0514 6664 luafv - ok

00:27:40.0562 6664 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

00:27:40.0590 6664 megasas - ok

00:27:40.0644 6664 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

00:27:40.0682 6664 MegaSR - ok

00:27:40.0737 6664 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

00:27:40.0751 6664 Modem - ok

00:27:40.0803 6664 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

00:27:40.0809 6664 monitor - ok

00:27:40.0868 6664 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

00:27:40.0910 6664 mouclass - ok

00:27:40.0963 6664 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

00:27:40.0988 6664 mouhid - ok

00:27:41.0030 6664 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

00:27:41.0035 6664 mountmgr - ok

00:27:41.0076 6664 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

00:27:41.0113 6664 mpio - ok

00:27:41.0158 6664 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

00:27:41.0187 6664 mpsdrv - ok

00:27:41.0245 6664 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

00:27:41.0280 6664 MRxDAV - ok

00:27:41.0336 6664 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

00:27:41.0342 6664 mrxsmb - ok

00:27:41.0384 6664 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:27:41.0393 6664 mrxsmb10 - ok

00:27:41.0428 6664 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:27:41.0434 6664 mrxsmb20 - ok

00:27:41.0488 6664 msahci (5d9e758baefb5a4f3639e755c66625aa) C:\Windows\system32\DRIVERS\msahci.sys

00:27:41.0495 6664 msahci - ok

00:27:41.0554 6664 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

00:27:41.0600 6664 msdsm - ok

00:27:41.0703 6664 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

00:27:41.0708 6664 Msfs - ok

00:27:41.0742 6664 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

00:27:41.0781 6664 mshidkmdf - ok

00:27:41.0823 6664 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

00:27:41.0827 6664 msisadrv - ok

00:27:41.0891 6664 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

00:27:41.0930 6664 MSKSSRV - ok

00:27:41.0957 6664 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

00:27:41.0972 6664 MSPCLOCK - ok

00:27:42.0016 6664 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

00:27:42.0038 6664 MSPQM - ok

00:27:42.0082 6664 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

00:27:42.0089 6664 MsRPC - ok

00:27:42.0144 6664 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

00:27:42.0179 6664 mssmbios - ok

00:27:42.0233 6664 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

00:27:42.0261 6664 MSTEE - ok

00:27:42.0330 6664 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

00:27:42.0368 6664 MTConfig - ok

00:27:42.0413 6664 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

00:27:42.0420 6664 Mup - ok

00:27:42.0491 6664 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

00:27:42.0550 6664 NativeWifiP - ok

00:27:42.0609 6664 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

00:27:42.0644 6664 NDIS - ok

00:27:42.0686 6664 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

00:27:42.0713 6664 NdisCap - ok

00:27:42.0761 6664 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

00:27:42.0773 6664 NdisTapi - ok

00:27:42.0813 6664 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

00:27:42.0846 6664 Ndisuio - ok

00:27:42.0893 6664 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

00:27:42.0934 6664 NdisWan - ok

00:27:43.0046 6664 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

00:27:43.0080 6664 NDProxy - ok

00:27:43.0153 6664 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

00:27:43.0162 6664 NetBIOS - ok

00:27:43.0219 6664 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

00:27:43.0228 6664 NetBT - ok

00:27:43.0548 6664 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys

00:27:43.0893 6664 netw5v32 - ok

00:27:44.0017 6664 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

00:27:44.0048 6664 nfrd960 - ok

00:27:44.0133 6664 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

00:27:44.0141 6664 Npfs - ok

00:27:44.0231 6664 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

00:27:44.0235 6664 nsiproxy - ok

00:27:44.0373 6664 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

00:27:44.0418 6664 Ntfs - ok

00:27:44.0481 6664 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

00:27:44.0510 6664 Null - ok

00:27:44.0577 6664 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

00:27:44.0595 6664 nvraid - ok

00:27:44.0645 6664 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

00:27:44.0694 6664 nvstor - ok

00:27:44.0778 6664 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

00:27:44.0817 6664 nv_agp - ok

00:27:44.0966 6664 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

00:27:45.0005 6664 ohci1394 - ok

00:27:45.0144 6664 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

00:27:45.0161 6664 Parport - ok

00:27:45.0218 6664 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

00:27:45.0234 6664 partmgr - ok

00:27:45.0290 6664 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

00:27:45.0314 6664 Parvdm - ok

00:27:45.0423 6664 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

00:27:45.0459 6664 pci - ok

00:27:45.0519 6664 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

00:27:45.0558 6664 pciide - ok

00:27:45.0606 6664 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

00:27:45.0651 6664 pcmcia - ok

00:27:45.0699 6664 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

00:27:45.0706 6664 pcw - ok

00:27:45.0773 6664 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

00:27:45.0885 6664 PEAUTH - ok

00:27:46.0167 6664 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

00:27:46.0221 6664 PptpMiniport - ok

00:27:46.0274 6664 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

00:27:46.0325 6664 Processor - ok

00:27:46.0483 6664 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

00:27:46.0491 6664 Psched - ok

00:27:46.0583 6664 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

00:27:46.0708 6664 ql2300 - ok

00:27:46.0807 6664 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

00:27:46.0861 6664 ql40xx - ok

00:27:46.0950 6664 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

00:27:46.0985 6664 QWAVEdrv - ok

00:27:47.0041 6664 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

00:27:47.0083 6664 RasAcd - ok

00:27:47.0199 6664 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

00:27:47.0233 6664 RasAgileVpn - ok

00:27:47.0302 6664 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

00:27:47.0332 6664 Rasl2tp - ok

00:27:47.0397 6664 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

00:27:47.0403 6664 RasPppoe - ok

00:27:47.0451 6664 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

00:27:47.0481 6664 RasSstp - ok

00:27:47.0538 6664 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

00:27:47.0556 6664 rdbss - ok

00:27:47.0618 6664 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

00:27:47.0642 6664 rdpbus - ok

00:27:47.0697 6664 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

00:27:47.0701 6664 RDPCDD - ok

00:27:47.0767 6664 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

00:27:47.0770 6664 RDPENCDD - ok

00:27:47.0850 6664 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

00:27:47.0853 6664 RDPREFMP - ok

00:27:47.0918 6664 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

00:27:47.0959 6664 RDPWD - ok

00:27:48.0047 6664 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

00:27:48.0055 6664 rdyboost - ok

00:27:48.0260 6664 RSPCIESTOR (2ad7b2b3d7a10ae3d534877d543eed74) C:\Windows\system32\DRIVERS\RtsPStor.sys

00:27:48.0306 6664 RSPCIESTOR - ok

00:27:48.0396 6664 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

00:27:48.0431 6664 rspndr - ok

00:27:48.0497 6664 RTL8167 (0516998076ad894ae7e362c3110aa071) C:\Windows\system32\DRIVERS\Rt86win7.sys

00:27:48.0536 6664 RTL8167 - ok

00:27:48.0687 6664 SbieDrv (a4aac62e6c1a5a56ae41b6c0570ab68b) C:\Program Files\Sandboxie\SbieDrv.sys

00:27:48.0738 6664 SbieDrv - ok

00:27:48.0891 6664 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

00:27:48.0928 6664 sbp2port - ok

00:27:49.0050 6664 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

00:27:49.0084 6664 scfilter - ok

00:27:49.0198 6664 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys

00:27:49.0244 6664 sdbus - ok

00:27:49.0341 6664 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

00:27:49.0378 6664 secdrv - ok

00:27:49.0475 6664 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

00:27:49.0488 6664 Serenum - ok

00:27:49.0529 6664 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

00:27:49.0574 6664 Serial - ok

00:27:49.0615 6664 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

00:27:49.0638 6664 sermouse - ok

00:27:49.0771 6664 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

00:27:49.0807 6664 sffdisk - ok

00:27:49.0874 6664 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

00:27:49.0912 6664 sffp_mmc - ok

00:27:49.0976 6664 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys

00:27:50.0003 6664 sffp_sd - ok

00:27:50.0063 6664 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

00:27:50.0086 6664 sfloppy - ok

00:27:50.0159 6664 Sftfs (cc895997c0995a07b6b2779a3b21918b) C:\Windows\system32\DRIVERS\Sftfslh.sys

00:27:50.0224 6664 Sftfs - ok

00:27:50.0304 6664 Sftplay (cf5e9798637795db59697f5e40fca993) C:\Windows\system32\DRIVERS\Sftplaylh.sys

00:27:50.0351 6664 Sftplay - ok

00:27:50.0395 6664 Sftredir (4c8076ff8938b365eeec9123969e0350) C:\Windows\system32\DRIVERS\Sftredirlh.sys

00:27:50.0402 6664 Sftredir - ok

00:27:50.0458 6664 Sftvol (6095a5f221eca9dada2c9ee80ec0d92d) C:\Windows\system32\DRIVERS\Sftvollh.sys

00:27:50.0487 6664 Sftvol - ok

00:27:50.0634 6664 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

00:27:50.0666 6664 sisagp - ok

00:27:50.0722 6664 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

00:27:50.0757 6664 SiSRaid2 - ok

00:27:50.0823 6664 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

00:27:50.0853 6664 SiSRaid4 - ok

00:27:50.0921 6664 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

00:27:50.0953 6664 Smb - ok

00:27:51.0054 6664 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

00:27:51.0059 6664 spldr - ok

00:27:51.0153 6664 sptd - ok

00:27:51.0219 6664 srv (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys

00:27:51.0230 6664 srv - ok

00:27:51.0282 6664 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys

00:27:51.0293 6664 srv2 - ok

00:27:51.0369 6664 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

00:27:51.0415 6664 SrvHsfHDA - ok

00:27:51.0492 6664 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

00:27:51.0581 6664 SrvHsfV92 - ok

00:27:51.0728 6664 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

00:27:51.0819 6664 SrvHsfWinac - ok

00:27:51.0871 6664 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys

00:27:51.0878 6664 srvnet - ok

00:27:51.0974 6664 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

00:27:52.0002 6664 ssmdrv - ok

00:27:52.0102 6664 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

00:27:52.0133 6664 stexstor - ok

00:27:52.0215 6664 STHDA (f71736dc79731c98698b93326e01a6bd) C:\Windows\system32\DRIVERS\stwrt.sys

00:27:52.0280 6664 STHDA - ok

00:27:52.0356 6664 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

00:27:52.0379 6664 swenum - ok

00:27:52.0515 6664 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\Windows\system32\DRIVERS\SynTP.sys

00:27:52.0638 6664 SynTP - ok

00:27:52.0874 6664 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

00:27:52.0921 6664 Tcpip - ok

00:27:53.0017 6664 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

00:27:53.0061 6664 TCPIP6 - ok

00:27:53.0167 6664 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

00:27:53.0205 6664 tcpipreg - ok

00:27:53.0284 6664 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

00:27:53.0319 6664 TDPIPE - ok

00:27:53.0399 6664 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

00:27:53.0497 6664 TDTCP - ok

00:27:53.0622 6664 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

00:27:53.0660 6664 tdx - ok

00:27:53.0720 6664 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

00:27:53.0759 6664 TermDD - ok

00:27:53.0933 6664 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

00:27:53.0946 6664 tssecsrv - ok

00:27:53.0991 6664 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

00:27:54.0033 6664 tunnel - ok

00:27:54.0101 6664 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

00:27:54.0139 6664 uagp35 - ok

00:27:54.0201 6664 udfs (2efee45a340e1590e37c2f2bac16d051) C:\Windows\system32\DRIVERS\udfs.sys

00:27:54.0252 6664 udfs - ok

00:27:54.0371 6664 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

00:27:54.0399 6664 uliagpkx - ok

00:27:54.0464 6664 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

00:27:54.0502 6664 umbus - ok

00:27:54.0549 6664 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

00:27:54.0560 6664 UmPass - ok

00:27:54.0628 6664 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

00:27:54.0662 6664 usbccgp - ok

00:27:54.0709 6664 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

00:27:54.0767 6664 usbcir - ok

00:27:54.0827 6664 usbehci (0eeedd78c2bedac75e8ed1ba8d77878b) C:\Windows\system32\DRIVERS\usbehci.sys

00:27:54.0855 6664 usbehci - ok

00:27:54.0930 6664 usbhub (ba50148445e5b2b3abdba208fc9b6fb5) C:\Windows\system32\DRIVERS\usbhub.sys

00:27:54.0979 6664 usbhub - ok

00:27:55.0051 6664 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

00:27:55.0082 6664 usbohci - ok

00:27:55.0149 6664 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

00:27:55.0177 6664 usbprint - ok

00:27:55.0234 6664 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

00:27:55.0264 6664 usbscan - ok

00:27:55.0358 6664 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:27:55.0396 6664 USBSTOR - ok

00:27:55.0452 6664 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

00:27:55.0491 6664 usbuhci - ok

00:27:55.0557 6664 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys

00:27:55.0594 6664 usbvideo - ok

00:27:55.0702 6664 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

00:27:55.0709 6664 vdrvroot - ok

00:27:55.0802 6664 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

00:27:55.0840 6664 vga - ok

00:27:55.0891 6664 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

00:27:55.0916 6664 VgaSave - ok

00:27:55.0973 6664 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

00:27:56.0043 6664 vhdmp - ok

00:27:56.0157 6664 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

00:27:56.0185 6664 viaagp - ok

00:27:56.0254 6664 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

00:27:56.0289 6664 ViaC7 - ok

00:27:56.0350 6664 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

00:27:56.0384 6664 viaide - ok

00:27:56.0447 6664 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

00:27:56.0452 6664 volmgr - ok

00:27:56.0516 6664 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

00:27:56.0526 6664 volmgrx - ok

00:27:56.0638 6664 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

00:27:56.0650 6664 volsnap - ok

00:27:56.0732 6664 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

00:27:56.0766 6664 vsmraid - ok

00:27:56.0875 6664 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

00:27:56.0902 6664 vwifibus - ok

00:27:56.0963 6664 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

00:27:57.0000 6664 vwififlt - ok

00:27:57.0064 6664 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

00:27:57.0074 6664 vwifimp - ok

00:27:57.0199 6664 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

00:27:57.0232 6664 WacomPen - ok

00:27:57.0290 6664 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

00:27:57.0323 6664 WANARP - ok

00:27:57.0354 6664 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

00:27:57.0359 6664 Wanarpv6 - ok

00:27:57.0541 6664 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

00:27:57.0546 6664 Wd - ok

00:27:57.0627 6664 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

00:27:57.0651 6664 Wdf01000 - ok

00:27:57.0858 6664 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

00:27:57.0886 6664 WfpLwf - ok

00:27:57.0942 6664 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

00:27:57.0958 6664 WIMMount - ok

00:27:58.0244 6664 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

00:27:58.0276 6664 WmiAcpi - ok

00:27:58.0479 6664 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

00:27:58.0529 6664 ws2ifsl - ok

00:27:58.0741 6664 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys

00:27:58.0780 6664 WSDPrintDevice - ok

00:27:58.0942 6664 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

00:27:58.0976 6664 WudfPf - ok

00:27:59.0055 6664 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

00:27:59.0157 6664 WUDFRd - ok

00:27:59.0502 6664 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys

00:27:59.0580 6664 yukonw7 - ok

00:27:59.0682 6664 MBR (0x1B8) (fb9a699d87d3105f851821e4e95c6518) \Device\Harddisk0\DR0

00:27:59.0698 6664 \Device\Harddisk0\DR0 - ok

00:27:59.0720 6664 Boot (0x1200) (c9546f2615296576f6e2c0cffc6a37e9) \Device\Harddisk0\DR0\Partition0

00:27:59.0723 6664 \Device\Harddisk0\DR0\Partition0 - ok

00:27:59.0742 6664 Boot (0x1200) (83a62cbe00c5162b96627e4105fefd21) \Device\Harddisk0\DR0\Partition1

00:27:59.0744 6664 \Device\Harddisk0\DR0\Partition1 - ok

00:27:59.0787 6664 Boot (0x1200) (49afdc2ae8ccf6011ce4d369bd724b09) \Device\Harddisk0\DR0\Partition2

00:27:59.0790 6664 \Device\Harddisk0\DR0\Partition2 - ok

00:27:59.0813 6664 Boot (0x1200) (12f5c342bd5fadba33a4ff0adebb4736) \Device\Harddisk0\DR0\Partition3

00:27:59.0814 6664 \Device\Harddisk0\DR0\Partition3 - ok

00:27:59.0816 6664 ============================================================

00:27:59.0816 6664 Scan finished

00:27:59.0816 6664 ============================================================

00:27:59.0867 4568 Detected object count: 0

00:27:59.0867 4568 Actual detected object count: 0

Link to post
Share on other sites

Posting combofix log, Mbam log, dds log and a dds (attach) zip. Combofix kept notifying me that I had to turn everything off. So before proceeding, I did ofcourse disable my antivir and my firewall. I waited 2 minutes for everything to shut off. However, in the log its seems as if It wasnt but I'm not sure. Problem?

After restart, I feel as if its running a little smoother/faster, not sure if I'm imagining things, we'll see.

MBAM quick scan

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8043

Windows 6.1.7600

Internet Explorer 9.0.8112.16421

30.10.2011 01:47:47

mbam-log-2011-10-30 (01-47-46).txt

Scan type: Quick scan

Objects scanned: 177856

Time elapsed: 12 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Combofix

ComboFix 11-10-29.05 - Viktor Antoniussen 30.10.2011 2:58.2.2 - x86

Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1012.389 [GMT 2:00]

Running from: c:\users\Viktor Antoniussen\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))

.

.

2011-10-30 01:14 . 2011-10-30 01:14 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-10-30 01:14 . 2011-10-30 01:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-30 01:14 . 2011-10-30 01:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-10-27 15:43 . 2011-10-07 17:47 33984 ----a-w- c:\windows\system32\cmdcsr.dll

2011-10-26 22:12 . 2011-10-27 15:39 -------- d-----w- c:\users\Viktor Antoniussen\AppData\Roaming\Skype

2011-10-26 22:12 . 2011-10-26 22:12 -------- d-----r- c:\program files\Skype

2011-10-26 22:11 . 2011-10-26 22:12 -------- d-----w- c:\programdata\Skype

2011-10-03 20:20 . 2011-10-03 20:21 -------- d-----w- C:\Output Files

2011-10-03 20:18 . 2011-10-03 20:18 -------- d-----w- c:\windows\system32\tempdir

2011-10-03 20:18 . 2009-03-18 12:54 1103360 ----a-w- c:\windows\system32\cidfont.dll

2011-10-03 20:18 . 2005-05-31 01:25 1503232 ----a-w- c:\windows\system32\ptj.exe

2011-10-03 20:18 . 2007-06-27 14:15 4369408 ----a-w- c:\windows\system32\pdftk.exe

2011-10-03 20:18 . 2005-12-22 14:32 235008 ----a-w- c:\windows\system32\office.exe

2011-10-03 20:18 . 2011-10-03 20:50 -------- d-----w- c:\program files\office Convert Pdf to Jpg Jpeg Tiff Free

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-21 15:09 . 2011-09-04 12:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-07 17:47 . 2011-05-07 14:17 82400 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-10-07 17:47 . 2011-05-02 18:36 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-10-07 17:47 . 2011-05-02 18:36 488208 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-10-07 17:47 . 2011-05-02 18:36 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-10-07 17:47 . 2011-05-02 18:36 300200 ----a-w- c:\windows\system32\guard32.dll

2011-10-03 03:06 . 2010-07-27 10:00 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-04 21:27 . 2011-09-04 21:27 388096 ----a-r- c:\users\Viktor Antoniussen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-31 15:00 . 2011-05-17 14:45 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-12 02:44 . 2011-09-02 10:07 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC45E51C-EA9E-4FE0-9943-A40CC3E01D36}\mpengine.dll

2011-10-06 18:45 . 2011-04-26 18:53 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-03-28 22:22 718848 ----a-w- c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-08-27 434960]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-06-09 495708]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]

"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-07-02 602680]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-07-27 2034]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-10-20 2497352]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-2 91648]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google-oppdatering-tjenesten (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-01 136176]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010 Advanced\Dfsdks.exe [2009-08-24 406016]

R3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-01 136176]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-10-07 488208]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-10-07 39640]

S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 18136]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]

S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-07-02 27192]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-05-07 230944]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-05-31 267880]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-23 550760]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-23 195944]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-23 21864]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-23 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 32200715

*Deregistered* - 32200715

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}]

2010-06-24 02:47 687104 ----a-w- c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]

2009-07-14 01:14 141824 ----a-w- c:\windows\System32\wscript.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-01 10:14]

.

2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-01 10:14]

.

2011-10-29 c:\windows\Tasks\HPCeeScheduleForViktor Antoniussen.job

- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]

.

.

------- Supplementary Scan -------

.

TCP: DhcpNameServer = 130.67.15.198 193.213.112.4

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}: NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\07279667164743034303B62797: NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\265727765627F5B696E676: NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\269626C696F64756B6F5750514D20514357544F5269626C696F64756B6: NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\34C45524021555142545542535: NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{4C502AE4-2514-4A23-A651-11172EFFBFBD}: NameServer = 156.154.70.22,156.154.71.22

FF - ProfilePath - c:\users\Viktor Antoniussen\AppData\Roaming\Mozilla\Firefox\Profiles\ols8k9nu.default\

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*]

"value"="?\04\03\1b\011\01'"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(560)

c:\windows\System32\guard32.dll

.

- - - - - - - > 'lsass.exe'(608)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'Explorer.exe'(3488)

c:\windows\system32\guard32.dll

c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

Completion time: 2011-10-30 02:22:46

ComboFix-quarantined-files.txt 2011-10-30 01:22

ComboFix2.txt 2011-09-27 18:35

.

Pre-Run: 81 482 129 408 bytes free

Post-Run: 83 783 983 104 bytes free

.

- - End Of File - - 797926B96CA512DF65A6F4B131F27E04

DDS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Viktor Antoniussen at 10:22:58 on 2011-10-30

Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1012.252 [GMT 1:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}

FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\aestsrv.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\conhost.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe

C:\Windows\system32\conhost.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [sandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [ZumoDrive] "c:\program files\hewlett-packard\hp clouddrive\ZumoLauncher.lnk"

mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpmedi~1.lnk - c:\program files\hewlett-packard\hp media suite\home\ArcStart.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 130.67.15.198 193.213.112.4

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8} : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8} : DhcpNameServer = 130.67.15.198 193.213.112.4

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\07279667164743034303B62797 : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\07279667164743034303B62797 : DhcpNameServer = 130.67.15.198 193.213.112.4

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\265727765627F5B696E676 : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\265727765627F5B696E676 : DhcpNameServer = 193.75.75.75 193.75.75.193

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\269626C696F64756B6F5750514D20514357544F5269626C696F64756B6 : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\269626C696F64756B6F5750514D20514357544F5269626C696F64756B6 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\34C45524021555142545542535 : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\34C45524021555142545542535 : DhcpNameServer = 208.67.222.222 208.67.220.220 10.71.0.1

TCP: Interfaces\{45F33FB5-8073-4F7E-9D4F-DA17EF0B3BD8}\4556C656B6F6D6 : DhcpNameServer = 10.120.136.116

TCP: Interfaces\{4C502AE4-2514-4A23-A651-11172EFFBFBD} : NameServer = 156.154.70.22,156.154.71.22

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\guard32.dll c:\windows\system32\guard32.dll

mASetup: {4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} - c:\program files\hewlett-packard\hp media suite\home\HPMediaSuite.exe "/installer"

mASetup: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - c:\windows\system32\wscript.exe "c:\program files\hewlett-packard\hp media suite\home\PinItem.vbs"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\viktor antoniussen\appdata\roaming\mozilla\firefox\profiles\ols8k9nu.default\

FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 488208]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 39640]

R1 DVMIO;DeviceVM IO Service;c:\windows\system32\drivers\dvmio.sys [2009-11-11 18136]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-3-31 81920]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-9-4 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-9-4 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-9-4 66616]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-6-19 103992]

R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2010-7-2 27192]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2011-3-31 230944]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-31 267880]

R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-8-27 129808]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google-oppdatering-tjenesten (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-1 136176]

S2 HP Support Assistant Service;HP Support Assistant Service;"c:\program files\hewlett-packard\hp support framework\hpsa_service.exe" --> c:\program files\hewlett-packard\hp support framework\hpsa_service.exe [?]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 2010 advanced\DfSdkS.exe [2011-5-20 406016]

S3 gupdatem;Google-oppdatering-tjenesten (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-1 136176]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]

.

=============== Created Last 30 ================

.

2011-10-30 01:19:58 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-30 00:53:48 98816 ----a-w- c:\windows\sed.exe

2011-10-30 00:53:48 518144 ----a-w- c:\windows\SWREG.exe

2011-10-30 00:53:48 256000 ----a-w- c:\windows\PEV.exe

2011-10-30 00:53:48 208896 ----a-w- c:\windows\MBR.exe

2011-10-27 15:43:21 33984 ----a-w- c:\windows\system32\cmdcsr.dll

2011-10-26 22:12:08 -------- d-----r- c:\program files\Skype

2011-10-03 20:20:50 -------- d-----w- C:\Output Files

2011-10-03 20:18:19 -------- d-----w- c:\windows\system32\tempdir

2011-10-03 20:18:12 1103360 ----a-w- c:\windows\system32\cidfont.dll

2011-10-03 20:18:10 1503232 ----a-w- c:\windows\system32\ptj.exe

2011-10-03 20:18:07 4369408 ----a-w- c:\windows\system32\pdftk.exe

2011-10-03 20:18:06 235008 ----a-w- c:\windows\system32\office.exe

2011-10-03 20:18:03 -------- d-----w- c:\program files\office Convert Pdf to Jpg Jpeg Tiff Free

.

==================== Find3M ====================

.

2011-10-21 15:09:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-07 17:47:52 39640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-10-07 17:47:51 488208 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-10-07 17:47:50 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-10-07 17:47:10 300200 ----a-w- c:\windows\system32\guard32.dll

2011-10-03 03:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-08-31 15:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 10:25:36,83 ===============

Attach.txt

Link to post
Share on other sites

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

-screen317

Hey, it says that I shouldn't use Firefox because users experience probems, and recommends using Internet Explorer. Would that change anything or are you indifferent?

Link to post
Share on other sites

  • Staff

Hi,

PCPitStop noted several things that you can do to improve the shape your computer is in.

Pay particular attention to these items:

• Delete Temporary Files:

Please download CCleaner and save it to your desktop.

  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Please do NOT run a scan yet!

Now, open CCleaner:

  • Click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.

    [*]Then, click the "Applications" tab:

    • CHECK everything there.

    [*]Next, click the "Options" button in the left pane, then click the "Advanced" button:

    • CHECK : "Only delete files in Windows Temp folders older than 48 hours".

    [*]Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.

    [*]When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don’t know how to use it, you may cause irreparable damage to your system.

• Reduce System Restore space (Drive C):

Right click My Computer and click Properties. Select the System Restore tab, and move the slider to 3%. You're pretty much wasting disk space otherwise.

• Defragment Drive C:

Defragmenting is a must. It's one of the large reasons for system slowdowns. I use Defraggler to defragment. It is free to download and you can use it forever. I recommend installing it and defragmenting as soon as possible.

Also take the time to take a look at the other tips PCPitStop reported. I've just highlighted some of the more important ones.

Link to post
Share on other sites

Hi,

Also take the time to take a look at the other tips PCPitStop reported. I've just highlighted some of the more important ones.

I think its all clean now, hopefully it's running smoother now. I noticed firefox is the only program hanging up (goes unresponsive for a minute or so and then functions again, it happes pretty often), I.E. don't for some reason. Also it seems as if my e-mail account is still sending out spam to everyone. Why is that?

Is it be possible that I have to go safe mode and scan with MBAM again to get rid of it, or do you think it's not caused by a virus but something external?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.