Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

virus/malware removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

virus/malware removal

Unread postby wv2sc » March 4th, 2013, 8:04 pm

My friend's PC is unable to access google.com and bing.com, but can open other sites with no issues. I've run scans with AVGfree and Malwarebytes. AVG scan shows TrojanHorseBackDoor.Generic13.COQK - object is white-listed. location is /windows/system32/drivers/csc.sys. Any assistance would be greatly appreciated.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by Owner at 20:12:47 on 2013-03-03
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2038.1273 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Free Ride Games\GPlayer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: {07D90D00-A1D0-40FA-819C-7B82B03F4542} - <orphaned>
BHO: {0FB21A00-A1D0-40FA-819C-7B82B03F4542} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\owner\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{19D01C64-F168-4847-88E3-FE6167DFF604} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{AE7F6407-DC22-4FFE-AFF5-6CFC12193B02} : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{AE7F6407-DC22-4FFE-AFF5-6CFC12193B02}\053425850234F6D6075747562737 : DHCPNameServer = 192.168.1.5
TCP: Interfaces\{AE7F6407-DC22-4FFE-AFF5-6CFC12193B02}\1447966716534376 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{AE7F6407-DC22-4FFE-AFF5-6CFC12193B02}\33467616D696E67696E636 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AE7F6407-DC22-4FFE-AFF5-6CFC12193B02}\7796C6C696E6768616D6 : DHCPNameServer = 192.168.100.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
Hosts: 87.229.126.44 www.google.com
Hosts: 87.229.126.45 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\80t0krd4.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\free ride games\npGameTreatWidget.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - ExtSQL: !HIDDEN! 2012-03-20 20:30; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R2 X6XSEx_Pr143;X6XSEx_Pr143;c:\program files\free ride games\X6XSEx_Pr143.sys [2013-2-27 47432]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 124180]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-7 1343400]
.
=============== Created Last 30 ================
.
2013-03-03 20:42:13 -------- d-----w- c:\program files\BurnAware Free
2013-03-03 20:13:42 388096 ----a-r- c:\users\owner\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-03-03 20:13:42 -------- d-----w- c:\program files\Trend Micro
2013-03-03 20:04:00 -------- d-----w- c:\users\owner\appdata\roaming\AVG2013
2013-03-03 20:02:05 -------- d--h--w- C:\$AVG
2013-03-03 20:02:05 -------- d-----w- c:\programdata\AVG2013
2013-03-03 20:00:34 -------- d-----w- c:\program files\AVG
2013-03-03 19:23:05 -------- d-----w- c:\users\owner\appdata\local\Avg2013
2013-03-03 18:41:54 -------- d-----w- c:\users\owner\appdata\local\Programs
2013-03-03 18:16:36 -------- d-----w- C:\components
2013-03-03 16:15:29 3048563 ----a-w- C:\lx12core2641td.bin
2013-03-03 16:14:54 6851309 ----a-w- C:\u12iavi5645u5380lo.bin
2013-02-28 01:27:46 -------- d-----w- C:\Remote Programs
2013-02-28 01:27:18 1132448 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-02-28 01:27:18 -------- d-----w- c:\programdata\Free Ride Games
2013-02-28 01:27:14 58264 ------w- c:\windows\ExentInfo.exe
2013-02-28 01:27:14 -------- d-----w- c:\program files\Free Ride Games
2013-02-28 01:27:12 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2013-02-28 01:27:11 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2013-02-28 01:27:11 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2013-02-28 01:27:11 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2013-02-28 01:27:09 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2013-02-28 01:24:12 -------- d-----w- c:\users\owner\appdata\local\SwvUpdater
2013-02-28 01:23:35 -------- d-----w- c:\users\owner\appdata\local\Discount Buddy
2013-02-28 01:23:12 33958 ----a-w- c:\programdata\uninstaller.exe
2013-02-19 23:29:48 -------- d-----w- c:\programdata\Big Fish Games
2013-02-19 23:29:44 -------- d-----w- c:\program files\bfgclient
2013-02-19 23:19:35 -------- d-----w- c:\program files\Conduit
.
==================== Find3M ====================
.
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 17:27:56 4132864 ----a-w- c:\programdata\ReadOnlyInstaller.msi
.
============= FINISH: 20:13:19.25 ===============

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/7/2010 10:04:39 AM
System Uptime: 3/3/2013 7:44:51 PM (1 hours ago)
.
Motherboard: Gateway | |
Processor: Genuine Intel(R) CPU T2060 @ 1.60GHz | uFCPGA2 | 1600/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 116.929 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
==== System Restore Points ===================
.
RP104: 3/8/2012 11:30:37 PM - Scheduled Checkpoint
RP105: 3/24/2012 12:49:40 PM - Scheduled Checkpoint
RP106: 4/3/2012 8:33:53 PM - Scheduled Checkpoint
RP107: 7/18/2012 7:08:03 PM - Scheduled Checkpoint
RP108: 1/28/2013 5:13:26 PM - Scheduled Checkpoint
RP109: 1/30/2013 6:30:49 PM - Removed Apple Application Support
RP110: 1/30/2013 6:31:55 PM - Removed Apple Mobile Device Support
RP111: 1/30/2013 6:35:15 PM - Removed Apple Software Update
RP112: 1/30/2013 6:35:56 PM - Removed Bonjour
RP113: 1/30/2013 6:38:24 PM - Removed VoiceOver Kit
RP114: 1/30/2013 6:49:09 PM - Removed iTunes
RP115: 1/30/2013 7:56:19 PM - Installed AVG 2013
RP116: 1/30/2013 7:56:53 PM - Installed AVG 2013
RP117: 3/3/2013 2:03:58 PM - Removed ASPCA Reminder by We-Care.com v4.1.21.1
RP118: 3/3/2013 2:20:11 PM - Removed AVG 2013
RP119: 3/3/2013 2:23:10 PM - Removed AVG 2013
RP120: 3/3/2013 3:00:11 PM - Installed AVG 2013
RP121: 3/3/2013 3:00:46 PM - Installed AVG 2013
RP122: 3/3/2013 3:13:17 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
32 Bit HP CIO Components Installer
4500_G510af_Help
4500G510af
4500G510af_Software_Min
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
AVG 2013
Big Fish Games: Game Manager
BufferChm
BurnAware Free 6.0
CCleaner
Destinations
DeviceDiscovery
DocMgr
DocProc
Fax
Free Ride Games Player
GPBaseService2
Heroes of Hellas 3
HiJackThis
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510a-f
HP Product Detection
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPProductAssistant
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 22
MahJong Quest 3 The Balance of life
Mahjong World
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OCR Software by I.R.I.S. 13.0
QuickTime
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Click to Call
Skype™ 5.8
SmartWebPrinting
Software Version Updater
SolutionCenter
Spybot - Search & Destroy
Status
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
WebReg
.
==== Event Viewer Messages From Past Week ========
.
3/3/2013 7:45:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
3/3/2013 7:45:39 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
3/3/2013 7:45:31 PM, Error: Service Control Manager [7023] - The MicroSoft Logging State service terminated with the following error: The specified module could not be found.
3/3/2013 7:45:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the 29BE service to connect.
3/3/2013 7:45:28 PM, Error: Service Control Manager [7000] - The 29BE service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/3/2013 7:45:25 PM, Error: Service Control Manager [7023] - The Offline Files service terminated with the following error: The system cannot find the path specified.
2/27/2013 9:16:26 PM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
2/27/2013 9:15:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
.
==== End Of File ===========================
wv2sc
Regular Member
 
Posts: 22
Joined: March 4th, 2013, 7:50 pm
Advertisement
Register to Remove

Re: virus/malware removal

Unread postby deltalima » March 5th, 2013, 5:11 pm

checking you log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: virus/malware removal

Unread postby deltalima » March 5th, 2013, 5:19 pm

Hi wv2sc,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Windows 7 and Vista users
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

WVCheck
Please go to WVCheck.exe. Save it to your Desktop.
Alternate download "zip" file here.
  1. Double click WVCheck.exe, to run the process.
  2. Read the comments on the screen... then press Enter.
    The scan can take a while depending on the size of your hard drive.
  3. Once the program is done, Notepad will open with the scan report. Save the report to your Desktop.
  4. Please copy and paste the contents of the Notepad file in your next reply.

Next

CKScanner

  • Please download CKScanner from here to your Desktop.
  • Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files (Right click and choose "Run as administrator" in Vista/Win7).
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Next

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it (Right click and choose "Run as administrator" in Vista/Win7).
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Next

codecheck

  • Please download codecheck from here to your Desktop.
  • Make sure that codecheck.exe is on the your Desktop before running the application!
  • Double-click on codecheck.exe.
  • After a very short time a codecheck.txt icon will appear on your Desktop
  • Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Please let me know if the computer is used for business in any way.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: virus/malware removal

Unread postby wv2sc » March 5th, 2013, 8:07 pm

Hi deltalima,

Thanks for your assistance...I really appreciate it. This computer is not used for business. Following are the logs you requested:

Windows Validation Check
Version: 1.9.12.5
Log Created On: 1838_05-03-2013
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Do not download or install updates automatically.
-----------------------
Last success time for Automatic Updates for 'Detect', 'Download' and 'Install' could not be found.


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 7/6/2011 9:32:57
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\SoftwareDistribution\Download\bd60fbfcf1ac006bf26f6afa5c1dff1a\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 20/10/2011 17:58:33
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 9/2/2011 17:4:13
Modification; 21/12/2010 0:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 13/7/2009 19:36:22
Modification; 13/7/2009 21:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_ff66c6b2047a22cd\slwga.dll
Size: 14336 bytes
Creation; 9/2/2011 17:4:13
Modification; 21/12/2010 0:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_ffc423831db91904\slwga.dll
Size: 14336 bytes
Creation; 9/2/2011 17:4:13
Modification; 21/12/2010 0:29:6
MD5; 2332de32759ebcc691850e092b2564a6
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 34b7e222e81fafa885f0c5f2cfa56861


-------- End of File, program close at 1842_05-03-2013 --------

CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.XMNALW
----- EOF -----

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-49JJT-2QK4K-3XBXV
Windows Product Key Hash: b/Fc4e7pLPmEntTB2+wXfajaphs=
Windows Product ID: 00371-220-3496814-86029
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7600.2.00010100.0.0.048
ID: {DEAC5832-04C5-47A5-AABD-D372CC93D51E}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000000
Build lab: 7600.win7_gdr.110408-1633
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{DEAC5832-04C5-47A5-AABD-D372CC93D51E}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010100.0.0.048</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3XBXV</PKey><PID>00371-220-3496814-86029</PID><PIDType>5</PIDType><SID>S-1-5-21-83052370-3400618856-1528395515</SID><SYSTEM><Manufacturer>Gateway </Manufacturer><Model>MT6707 </Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies LTD</Manufacturer><Version>77.11 </Version><SMBIOSVersion major="2" minor="4"/><Date>20070319000000.000000+000</Date></BIOS><HWID>7CBB3607018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>GATEWA</OEMID><OEMTableID>SYSTEM </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0014-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional 2007</Name><Ver>12</Ver><Val>2EEBC4435CF358A</Val><Hash>ptBnX6iI7pjdKROr45uWpbJzn+8=</Hash><Pid>89392-709-7649423-65430</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: 770bc271-8dc1-467d-b574-73cbacbeccd1
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00172-220-349681-00-1033-7600.0000-3412010
Installation ID: 021822963200053262449573259332483152868514821583904706
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 3XBXV
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 3/5/2013 6:47:52 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 1:28:2013 17:24
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NAAAAAEABAABAAIAAAABAAAAAgABAAEAJJRQ40j9ZJU2F0jk4hVQBs5PqFbcjALS3bT0SA==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC GATEWA SYSTEM
FACP GATEWA SYSTEM
HPET GATEWA SYSTEM
BOOT GATEWA SYSTEM
MCFG GATEWA SYSTEM
APIC GATEWA SYSTEM
SLIC GATEWA SYSTEM
SSDT GATEWA SYSTEM

Codecheck Version 1.0

03005
wv2sc
Regular Member
 
Posts: 22
Joined: March 4th, 2013, 7:50 pm

Re: virus/malware removal

Unread postby deltalima » March 6th, 2013, 5:11 am

Hi wv2sc,

I see you do not have Windows 7 Service Pack 1 installed, and Automatic Updates are disabled. What is the reason for this?


Security Check

  • Please download Security Check by screen317 from one of the links below:
  • Save it to your Desktop.
  • Right click SecurityCheck.exe And select " Run as administrator " , then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it (Right click and choose "Run as administrator" in Vista/Win7).
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file (Right click and choose "Run as administrator" in Vista/Win7). If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: virus/malware removal

Unread postby wv2sc » March 6th, 2013, 10:42 am

Hi deltalima,

I'm not sure why automatic updates are disabled. This pc belongs to one of my friends at church who uses it to play online games - I'm just trying to help her out. Should I enable automatic updates and install sp1?

Following are the scan logs:

Results of screen317's Security Check version 0.99.60
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Java(TM) 6 Update 22
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.63
Adobe Reader 10.1.2 Adobe Reader out of Date!
Mozilla Firefox (19.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

OTL logfile created on: 3/6/2013 8:44:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.89% Memory free
3.98 Gb Paging File | 2.97 Gb Available in Paging File | 74.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 115.02 Gb Free Space | 77.22% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()


========== Services (SafeList) ==========

SRV - (FastUserSwitchingCompatibility) -- C:\Windows\system32\FastUserSwitchingCompatibilityex.dll File not found
SRV - (29BE) -- \\.\globalroot\Device\HarddiskVolume2\Users\Owner\AppData\Local\Temp\29BE.tmp File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SBRE) -- C:\Windows\system32\drivers\SBREdrv.sys File not found
DRV - (d7716e80) -- C:\Windows\TEMP\9E07.tmp File not found
DRV - (7008ae98) -- C:\Windows\TEMP\2A6E.tmp File not found
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (X6XSEx_Pr143) -- C:\Program Files\Free Ride Games\X6XSEx_Pr143.sys (Exent Technologies Ltd.)
DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (RTL8187) -- C:\Windows\System32\drivers\RTL8187.sys (Realtek Semiconductor Corporation )
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 43 F6 01 D0 A1 FA 40 81 9C 7B 82 B0 3F 45 42 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 43 F6 01 D0 A1 FA 40 81 9C 7B 82 B0 3F 45 42 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 43 F6 01 D0 A1 FA 40 81 9C 7B 82 B0 3F 45 42 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 40 43 F6 01 D0 A1 FA 40 81 9C 7B 82 B0 3F 45 42 [binary data]

IE - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF 04 81 29 3D 18 CE 01 [binary data]
IE - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/20 19:30:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/03 14:48:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/30 19:30:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\facetheme
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/20 19:30:24 | 000,000,000 | ---D | M]

[2013/03/03 14:48:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/03/03 14:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/16 18:31:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/15 19:35:45 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/15 19:35:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/03/04 12:59:36 | 000,002,197 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google-search.xml
[2013/02/15 19:35:09 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/27 19:50:46 | 000,000,884 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 87.229.126.44 www.google.com
O1 - Hosts: 87.229.126.45 www.bing.com
O2 - BHO: (no name) - {07D90D00-A1D0-40FA-819C-7B82B03F4542} - No CLSID value found.
O2 - BHO: (no name) - {0FB21A00-A1D0-40FA-819C-7B82B03F4542} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\..\Toolbar\WebBrowser: (no name) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - No CLSID value found.
O3 - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\.DEFAULT..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-18..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-20..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-21-83052370-3400618856-1528395515-1000..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19D01C64-F168-4847-88E3-FE6167DFF604}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE7F6407-DC22-4FFE-AFF5-6CFC12193B02}: DhcpNameServer = 10.0.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (avgrmbr.nt /mbr C:\Windows\System32\avgrmbr.bin)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-83052370-3400618856-1528395515-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/06 08:43:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/03/05 18:49:23 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/03/05 18:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/03/05 18:46:28 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Owner\Desktop\MGADiag.exe
[2013/03/03 20:34:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\QuickScan
[2013/03/03 20:11:45 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2013/03/03 15:42:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Free
[2013/03/03 15:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\BurnAware Free
[2013/03/03 15:13:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/03/03 15:13:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/03/03 15:04:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG2013
[2013/03/03 15:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/03/03 15:02:05 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/03/03 15:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/03/03 15:00:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/03/03 14:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/03/03 14:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/03/03 14:23:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Avg2013
[2013/03/03 13:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/03 13:41:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs
[2013/03/03 13:16:36 | 000,000,000 | ---D | C] -- C:\components
[2013/02/27 20:27:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
[2013/02/27 20:27:46 | 000,000,000 | ---D | C] -- C:\Remote Programs
[2013/02/27 20:27:18 | 001,132,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2013/02/27 20:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Free Ride Games
[2013/02/27 20:27:14 | 000,058,264 | ---- | C] (Exent Technologies Ltd.) -- C:\Windows\ExentInfo.exe
[2013/02/27 20:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\Free Ride Games
[2013/02/27 20:27:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013/02/27 20:24:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\SwvUpdater
[2013/02/27 20:23:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Discount Buddy
[2013/02/19 18:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/02/19 18:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2013/02/19 18:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2013/02/19 18:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2013/02/19 18:19:35 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[1 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/06 08:44:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/03/06 08:40:17 | 000,026,560 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 08:40:17 | 000,026,560 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 08:38:51 | 000,639,534 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/06 08:38:51 | 000,111,590 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/06 08:36:10 | 000,881,950 | ---- | M] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2013/03/06 08:33:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/06 08:33:01 | 1602,875,392 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/05 18:51:00 | 000,025,088 | ---- | M] () -- C:\Users\Owner\Desktop\codecheck.exe
[2013/03/05 18:46:36 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Owner\Desktop\MGADiag.exe
[2013/03/05 18:44:09 | 000,681,984 | ---- | M] () -- C:\Users\Owner\Desktop\CKScanner.exe
[2013/03/05 18:37:43 | 003,514,358 | ---- | M] () -- C:\Users\Owner\Desktop\WVCheck.exe
[2013/03/03 20:11:48 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
[2013/03/03 15:49:20 | 000,000,141 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\burnaware.ini
[2013/03/03 15:13:42 | 000,002,963 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2013/03/03 15:02:48 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/03/03 14:48:10 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/03 11:15:36 | 003,048,563 | ---- | M] () -- C:\lx12core2641td.bin
[2013/03/03 11:15:09 | 006,851,309 | ---- | M] () -- C:\u12iavi5645u5380lo.bin
[2013/03/03 11:14:33 | 000,002,605 | ---- | M] () -- C:\avg12infolx.ctf
[2013/03/03 11:14:15 | 000,000,705 | ---- | M] () -- C:\avg12infoavi.ctf
[2013/02/28 12:08:37 | 000,002,214 | ---- | M] () -- C:\Users\Owner\Desktop\Play MahJong Quest 3 The Balance of life.lnk
[2013/02/27 21:07:59 | 000,001,975 | ---- | M] () -- C:\Users\Owner\Desktop\Play Mahjong World.lnk
[2013/02/27 20:27:49 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Play Free Games.lnk
[2013/02/27 20:27:49 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\More FREE games.lnk
[2013/02/27 20:27:48 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2013/02/27 20:24:07 | 000,000,009 | ---- | M] () -- C:\END
[2013/02/27 20:23:12 | 000,033,958 | ---- | M] () -- C:\ProgramData\uninstaller.exe
[1 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/06 08:36:05 | 000,881,950 | ---- | C] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2013/03/05 18:50:59 | 000,025,088 | ---- | C] () -- C:\Users\Owner\Desktop\codecheck.exe
[2013/03/05 18:44:07 | 000,681,984 | ---- | C] () -- C:\Users\Owner\Desktop\CKScanner.exe
[2013/03/05 18:37:33 | 003,514,358 | ---- | C] () -- C:\Users\Owner\Desktop\WVCheck.exe
[2013/03/03 15:49:03 | 000,000,141 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\burnaware.ini
[2013/03/03 15:13:42 | 000,002,963 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk
[2013/03/03 15:02:48 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/03/03 14:48:10 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/03 14:48:10 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/03 11:15:29 | 003,048,563 | ---- | C] () -- C:\lx12core2641td.bin
[2013/03/03 11:14:54 | 006,851,309 | ---- | C] () -- C:\u12iavi5645u5380lo.bin
[2013/03/03 11:14:33 | 000,002,605 | ---- | C] () -- C:\avg12infolx.ctf
[2013/03/03 11:14:15 | 000,000,705 | ---- | C] () -- C:\avg12infoavi.ctf
[2013/02/27 21:06:48 | 000,002,214 | ---- | C] () -- C:\Users\Owner\Desktop\Play MahJong Quest 3 The Balance of life.lnk
[2013/02/27 20:27:54 | 000,001,975 | ---- | C] () -- C:\Users\Owner\Desktop\Play Mahjong World.lnk
[2013/02/27 20:27:49 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Play Free Games.lnk
[2013/02/27 20:27:49 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\More FREE games.lnk
[2013/02/27 20:27:48 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/02/27 20:23:38 | 000,000,009 | ---- | C] () -- C:\END
[2013/02/27 20:23:12 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/02/19 18:29:52 | 000,001,873 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2013/02/19 18:29:52 | 000,001,224 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2013/01/30 19:31:26 | 000,409,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/11 12:27:56 | 004,132,864 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2012/03/20 19:22:35 | 000,171,257 | ---- | C] () -- C:\Windows\hpwins27.dat
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012/01/18 06:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011/12/06 14:53:23 | 000,012,384 | -HS- | C] () -- C:\Users\Owner\AppData\Local\308007g1s132n444o284o2iin6y7
[2011/12/06 14:53:23 | 000,012,384 | -HS- | C] () -- C:\ProgramData\308007g1s132n444o284o2iin6y7
[2011/10/27 16:54:20 | 000,000,112 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011/10/27 16:54:19 | 000,000,224 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011/10/27 16:53:55 | 000,000,448 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011/10/20 14:16:35 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/06/05 00:34:46 | 000,000,067 | ---- | C] () -- C:\ProgramData\467faa72
[2011/03/21 17:51:48 | 000,172,737 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2011/03/21 17:51:48 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011/03/21 17:45:43 | 000,172,876 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/03/21 17:45:43 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2011/03/04 11:11:52 | 000,000,600 | ---- | C] () -- C:\Users\Owner\AppData\Local\PUTTY.RND

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 09:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0C65EA0E
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:A3E39C6A

< End of report >

OTL Extras logfile created on: 3/6/2013 8:44:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.89% Memory free
3.98 Gb Paging File | 2.97 Gb Available in Paging File | 74.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 115.02 Gb Free Space | 77.22% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-83052370-3400618856-1528395515-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B03EAF-3F80-43BD-8A99-C0F6112DBA5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{03E3FFAA-73EC-4A1E-A277-A58F2A1E813B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D348670-5BD0-47F1-85A3-61251D9D55AF}" = rport=139 | protocol=6 | dir=out | app=system |
"{115BFF4D-480C-42F0-8030-3CA13BA89574}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{157B95F5-9F9F-4CE2-9F37-87D611E90120}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{175998AC-94EA-4936-B475-977022162702}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1AF365CA-F6CE-417E-9ACE-CB89655884B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1FFA1AD6-CB9A-4030-B214-4321201C2550}" = rport=137 | protocol=17 | dir=out | app=system |
"{267FDA3E-8B32-44E7-842B-6E2A60688D5A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{278DF1C3-1B15-4E6A-9E91-F0FA2471D771}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2D342290-6D6F-492C-BE0D-794E1FEDA177}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FB087E1-C840-49A3-8AE7-C7F000A96EB1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{37205DCE-2265-4D19-9653-923BBE632D69}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{414CCBEC-412C-4746-8B0B-14311DB0EC86}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{417C3B2D-898A-451C-BECA-3DF1D340020E}" = rport=445 | protocol=6 | dir=out | app=system |
"{49772216-7E4B-4F04-A94B-CDC520C4B571}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52CBAFAF-C9E3-4A98-B6AB-0181C97DF5B3}" = lport=139 | protocol=6 | dir=in | app=system |
"{59C8353A-8027-4DA4-83D3-DEBC76AD469D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6C98103A-DA98-4BB9-8023-50146D33A9EA}" = lport=138 | protocol=17 | dir=in | app=system |
"{6D488B76-378D-4BA4-993F-F209DE2B1C59}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B64A764-DA7E-4E11-BA89-E48AAEFC20C3}" = lport=445 | protocol=6 | dir=in | app=system |
"{9C6186D5-2C54-421A-BE1E-13A8C68ABCB6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C5E03B44-75AC-448B-BC9E-1E785DD8A125}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CE9CF4CB-0704-48A9-8796-AFE93C12B582}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D3A60507-DB9D-44D6-8AF2-D021074D5D1A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E46BACE5-E9D4-49F6-927B-CBC895E1ADD1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E49A01BE-BD96-4F3A-9B6E-0EAA028FB41F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E74D70E2-FC23-4450-88BC-40532C4BDDA3}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EAEB5434-7F57-4386-B091-ACB7F6472B4F}" = rport=138 | protocol=17 | dir=out | app=system |
"{EBEB5B6F-D6A8-4D90-9257-DB9B9C2C5030}" = lport=137 | protocol=17 | dir=in | app=system |
"{F0F96547-16F7-4EB8-8DF5-BC9EDA02173A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F484B1C4-E831-46E2-8FC6-C23D8A93F631}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0076F6D4-A875-4B62-A415-1915D5480142}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{01D7A2A3-83ED-4DCF-85BC-E97D25A0750A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{08E3AF04-F1E1-4959-A0B9-70C0AF605EB3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{15346252-0113-4AA3-AB83-9F9E51DD9841}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{15C83292-D15E-40F4-B734-1B9961914322}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{1AEF9D42-4FCF-46E0-8BDF-800CAE61079C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1BE236D1-2C18-46FD-AD3B-CCD67ED57EF1}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{2336B140-1832-4E41-A36C-49C24FF1CCB3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{261C496E-D159-4B6A-ACFB-325EFF9E235A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{2EFC2EB1-70D7-40A2-A564-8F31B035CAC3}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{31502C60-8EF3-4DF1-98C9-21C4900283DC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{32732F31-B34D-41E6-A3EE-44192E9AAD6D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{38730ABC-42BE-45E4-9E9E-38E9F68BFCB9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{3A40CD91-C2C8-42DE-A1DB-508206E94C4B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{3B959EFE-2BDC-4592-A9F5-7249BFA60265}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{43D55F4B-EB46-49C7-90C8-E1C2EF11B803}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{47D850D2-712D-4786-8103-39DAB1949417}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{48167DAD-D7FD-4D76-95DF-EA3410B8D977}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53C9FA31-E196-4FFC-9445-09F74E6BC841}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{5AFFD7DB-D1E8-4439-B736-B5CBB13672FE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{5C121DC4-A621-4FD6-A05D-74863468752D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{628C0118-FE3F-4CFA-9482-8C080E4DA864}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{641EEC75-8808-4588-83A5-E7190EF216B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{663516F8-143C-4444-8F8B-A599B7332217}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{6CC7B95C-43CE-4866-AC27-80A0566C2F70}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{7235463C-1DF1-42B8-8A03-80CF619FFD2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{76BE26C5-1901-4F4A-AD06-E6D15A26EA06}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{8A42BA0C-B3EF-4D23-B9BA-1A2D762A2DCF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8B77F07E-61A7-4790-84BF-DA9A9CE17452}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{8BA9AC29-FBA6-4C0F-8D94-CDAD191DB308}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9216164B-44B0-47EE-A40E-6D0E8978B5A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{932ACF84-69A6-478A-B6A6-F63ACE719149}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{97F0DD18-8232-419A-9CE0-637C3BE6293C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9D0A7735-CC07-41F5-99DF-B4EB66D12C5A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{9E9898CA-9CC4-406B-AD02-ACC2D2475C00}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{9EA9C5FB-DEF0-4072-9A5A-36FCB6BF24B4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{9F5156AB-4DC9-4B0F-9A63-054647AFE93D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{A47CC180-AD60-42A8-AABC-F2E2929A22D1}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{A63C9BE6-C6CF-4A0A-8F52-3F2EF2EEEE85}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{B94671F0-3462-4B1C-9A0C-8D75ABBDF980}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B9AB88E8-5E39-4EB1-A103-B90B61E80586}" = protocol=6 | dir=out | app=system |
"{C5E59B1A-614D-4E5F-A37E-789FA0148968}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{D2C07E57-C3DC-4620-9DF6-A78170CE808E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{D7E70CE8-BF16-4B62-B531-D07F91766C5C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{DC7EABDD-3052-41E2-8388-8C1CFB175DB0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{E3D57092-0588-43F7-87B1-6D7164F0AE0D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA6B2BC0-F032-4B26-82FF-2D90DE26E22D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBDFED27-7DE1-47C2-85C8-6271C2D9A3A3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{EBE9EF68-6D61-473C-AA23-7AEA9CE96F79}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{F60ADFB5-1E93-46EF-A29F-49DB0CB896B9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F900089C-F3CB-42B2-8518-4BD5750B5232}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FE680280-E5DD-47FB-9AA9-315A6135D2EA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"TCP Query User{1A6F7DC9-97DC-4F85-855E-922EF4C26C75}C:\users\owner\appdata\local\temp\{86d4b82a-abed-442a-be86-96357b70f4fe}\askpartnercobrandingtool.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\{86d4b82a-abed-442a-be86-96357b70f4fe}\askpartnercobrandingtool.exe |
"TCP Query User{396621FD-FCC0-4F6E-89A2-53807942196C}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{8B55B197-3ED7-44B7-9E89-6BE0E0A965F4}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{8F788716-C7DD-43F2-95BE-F75142A79EDF}C:\program files\common files\java\java update\jucheck.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jucheck.exe |
"TCP Query User{99391F2C-EB8E-4C6F-9801-ECA39E6BC50A}C:\program files\common files\java\java update\jaucheck.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jaucheck.exe |
"TCP Query User{A67CFB76-34C4-4158-8910-2D581B07B9EC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{A7E48357-72E7-4749-9740-853882B832FC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BA0C1148-FC98-41FC-A7E2-644F29BDC480}C:\program files\common files\java\java update\jusched.exe" = protocol=6 | dir=in | app=c:\program files\common files\java\java update\jusched.exe |
"TCP Query User{D8268E6C-4432-447E-AD33-1E67D0FF2B78}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{09FB85EC-E6D2-4585-A1F4-F27E129C8973}C:\program files\common files\java\java update\jucheck.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jucheck.exe |
"UDP Query User{5D6E7B9C-4BA5-4D26-A25A-26B5F924C48C}C:\users\owner\appdata\local\temp\{86d4b82a-abed-442a-be86-96357b70f4fe}\askpartnercobrandingtool.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\{86d4b82a-abed-442a-be86-96357b70f4fe}\askpartnercobrandingtool.exe |
"UDP Query User{7AFCEEE7-6275-45DD-B294-6B668A399419}C:\program files\common files\java\java update\jaucheck.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jaucheck.exe |
"UDP Query User{8CD75335-4B83-4D40-9211-AA536282C68F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{8D407508-9EE0-448B-B17E-535304735D2F}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{AED8C75D-19A5-49F5-BC71-EA7201441ACF}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{CFFAACBD-12B1-40CC-BD4F-52756E471DC1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E788695D-6082-4082-9962-267DA1414908}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{F2B3EE2B-BC34-4786-B50B-581A1090F265}C:\program files\common files\java\java update\jusched.exe" = protocol=17 | dir=in | app=c:\program files\common files\java\java update\jusched.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22644FC4-9EA9-4F67-A76C-91C51E9E0963}" = AVG 2013
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EB6F78A-66E3-434f-BD0E-76C7D078DB5E}" = 4500G510af_Software_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{607398CF-354B-4E21-B1BC-549424BFD04C}" = TIPCI
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F8CBBFB-7986-4140-91EC-D8C7F1EC8DF3}" = AVG 2013
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{8B9F50F9-BA6F-47c5-990B-76A74A1C68B0}" = 4500G510af
"{90120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0014-0000-0000-0000000FF1CE}_PRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PRO_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C175D5B0-ED04-42C9-B23F-D8BD406173E7}" = 4500_G510af_Help
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C98517B6-DCE9-49B7-B19E-E384178D3986}" = HP Officejet 4500 G510a-f
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG" = AVG 2013
"BFGC" = Big Fish Games: Game Manager
"BurnAware Free_is1" = BurnAware Free 6.0
"CCleaner" = CCleaner
"exent_598050" = Mahjong World
"exent_643650" = MahJong Quest 3 The Balance of life
"exent_750650" = Heroes of Hellas 3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{607398CF-354B-4E21-B1BC-549424BFD04C}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 19.0 (x86 en-US)" = Mozilla Firefox 19.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PRO" = Microsoft Office Professional 2007

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/30/2013 7:39:38 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 1/30/2013 7:39:38 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 1/30/2013 7:39:39 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 1/30/2013 7:39:39 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 1/30/2013 8:34:02 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mscorsvw.exe, version: 4.0.30319.1, time
stamp: 0x4ba1da21 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x10012815 Faulting process id: 0xa18 Faulting application
start time: 0x01cdff4aab253788 Faulting application path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Faulting
module path: unknown Report Id: e8eb9c02-6b3d-11e2-9412-00e0b8c6b702

Error - 1/30/2013 8:54:17 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mscorsvw.exe, version: 4.0.30319.1, time
stamp: 0x4ba1da21 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x10012815 Faulting process id: 0x324 Faulting application
start time: 0x01cdff4d7e7b217a Faulting application path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Faulting
module path: unknown Report Id: bcdc94ef-6b40-11e2-a2b5-00e0b8c6b702

Error - 2/19/2013 7:16:08 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 2/27/2013 9:27:53 PM | Computer Name = Owner-PC | Source = Application on Demand - GPlayer | ID = 0
Description =

Error - 2/28/2013 1:20:55 PM | Computer Name = Owner-PC | Source = Application on Demand - iexplore | ID = 0
Description =

Error - 3/4/2013 8:42:21 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
- search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 3/5/2013 7:34:32 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description = The MicroSoft Logging State service terminated with the following
error: %%126

Error - 3/5/2013 7:34:33 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 3/5/2013 7:34:38 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE

Error - 3/5/2013 11:33:57 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 3/6/2013 9:33:06 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description = The Offline Files service terminated with the following error: %%3

Error - 3/6/2013 9:33:08 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the 29BE
service to connect.

Error - 3/6/2013 9:33:08 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The 29BE service failed to start due to the following error: %%1053

Error - 3/6/2013 9:33:10 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description = The MicroSoft Logging State service terminated with the following
error: %%126

Error - 3/6/2013 9:33:10 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 3/6/2013 9:33:13 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SBRE


< End of report >

GMER 2.1.19155 - http://www.gmer.net
Rootkit scan 2013-03-06 09:37:51
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1600BEVS-22RST0 rev.04.01G04 149.05GB
Running: p6rr991x.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgloapow.sys


---- System - GMER 2.1 ----

SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x8E9B514A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x8E9B521A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x8E9B4D7C]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0x8E9B4F6A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0x8E9B5000]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x8E9B4E32]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x8E9B4ECE]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x8E9B509C]

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82A85569 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AAA092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4A0 82AB1AB0 8 Bytes [4A, 51, 9B, 8E, 1A, 52, 9B, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82AB1AF8 4 Bytes [7C, 4D, 9B, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 7A8 82AB1DB8 8 Bytes [6A, 4F, 9B, 8E, 00, 50, 9B, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82AB1DC8 8 Bytes [32, 4E, 9B, 8E, CE, 4E, 9B, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 82AB1E3C 4 Bytes [9C, 50, 9B, 8E]

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73512494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [734F5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [734F56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7351250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73508573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73504D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [735050CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [735051A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [735066D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [735082CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73508819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7350907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7350E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll
IAT C:\Windows\Explorer.EXE[1792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73504C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\Ntfs \Ntfs X6XSEx_Pr143.Sys
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!

---- EOF - GMER 2.1 ----
wv2sc
Regular Member
 
Posts: 22
Joined: March 4th, 2013, 7:50 pm

Re: virus/malware removal

Unread postby deltalima » March 6th, 2013, 11:38 am

Hi wv2sc,

Should I enable automatic updates and install sp1?


Not yet. It is vital that Windows is always updated with the latest security patches but we don't want to make changes to an infected machine.
As the final stage of the cleanup SP1 should be installed and automatic updates enabled.

Before that though,

Your logs show signs of a Remote Access Infection on your computer.

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!


These indicate you are infected with .... TDL4 rootkit

http://www.symantec.com/security_response/writeup.jsp?docid=2008-091809-0911-99


A Remote Access Infection will allow the person who infected your computer to use your computer as if he was sat in front of it, and he may ....

  • Steal bank account details.
  • Steal credit card numbers.
  • Steal your personal details.
  • Modify your computer to make it easier to infect.
  • Use your computer as part of a botnet, to distribute porn or spam.
  • Anything else he cares to think of ..... and most attackers are very inventive people.

You are strongly advised to do the following immediately ....

  • Disconnect the infected computer from the internet and from any networked computers.
  • Call all of your banks, credit card companies, and financial institutions, and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change all your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do not change passwords or do any transactions while using the infected computer, because the attacker will get the new passwords and transaction information.

The only way to remove these type of infections and leave yourself with a secure computer, is to re-format your hard drive and re-install Windows.

It is impossible to discover all of the modifications that your attacker may have made to your computer while he had access to it, and though we may be able to remove all the obvious signs of infection from your computer, and leave you with an apparently fully functioning machine, that does not mean it is secure.

If you use your computer for any of the following ....

  • Online Banking.
  • Finances or credit of any kind.
  • Filling out your tax forms online or offline.
  • Filling out Social Security or Personal Insurance forms online or offline.
  • Making online purchases or payments of any type.
  • Anything involving the use of confidential data.

.... then a re-format and re-install should be the only choice you should make.

If you insist, we are prepared to help you "clean" your machine, but we strongly advise you against this course of action, and you must understand that although we may be able to restore your computer to a usable condition, it will NOT be secure until a re-format and re-install is performed, and should not be used for any of the activities listed above.

To help you decide, please take some time to read the following articles, then let me know how you want to proceed.

User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: virus/malware removal

Unread postby wv2sc » March 6th, 2013, 7:08 pm

Hi deltalima,

Thanks again for all your help. I spoke with my friend (elderly lady at church) regarding the infection. Fortunately, she did not use the computer to make online purchases, access online banking, etc. She only used the computer to play free games online.

I've explained to her that the computer isn't secure and won't be secure unless it's re-formatted. This computer was given to her by a friend and the OS disc wasn't included, so re-formatting isn't an option since she doesn't want to purchase an OS.

If you're willing to help me "clean" the machine, I'd greatly appreciate it.
wv2sc
Regular Member
 
Posts: 22
Joined: March 4th, 2013, 7:50 pm

Re: virus/malware removal

Unread postby deltalima » March 6th, 2013, 7:19 pm

Hi wv2sc,

If you're willing to help me "clean" the machine, I'd greatly appreciate it.


OK, let's get started.

Please download TDSSKiller and save it to your Desktop.

  • Right click TDSSKiller.exe and select " Run as administrator " to run it.
  • Under Additional Options check Verify file digital signatures
  • IMPORTANT: Ensure Detect TDLFS file system remains UNchecked.
  • Click Start scan and allow it to scan for Malicious objects.

    • If Malicious objects are detected, the default action will be Cure, ensure Cure is selected then click Continue
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue
    • If Unsigned files are detected, the default action will be Skip, ensure Skip is selected then click Continue

    DO NOT change the default actions.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents in your next reply
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: virus/malware removal

Unread postby wv2sc » March 6th, 2013, 11:20 pm

Hi deltalima,

Thanks again. TDSSKiller created two log files after curing a malicious object and rebooting. Both logs are attached below:

22:09:55.0544 0568 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:09:55.0924 0568 ============================================================
22:09:55.0924 0568 Current date / time: 2013/03/06 22:09:55.0924
22:09:55.0924 0568 SystemInfo:
22:09:55.0924 0568
22:09:55.0924 0568 OS Version: 6.1.7600 ServicePack: 0.0
22:09:55.0924 0568 Product type: Workstation
22:09:55.0924 0568 ComputerName: OWNER-PC
22:09:55.0924 0568 UserName: Owner
22:09:55.0924 0568 Windows directory: C:\Windows
22:09:55.0924 0568 System windows directory: C:\Windows
22:09:55.0924 0568 Processor architecture: Intel x86
22:09:55.0924 0568 Number of processors: 2
22:09:55.0924 0568 Page size: 0x1000
22:09:55.0924 0568 Boot type: Normal boot
22:09:55.0924 0568 ============================================================
22:09:57.0874 0568 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:09:57.0884 0568 ============================================================
22:09:57.0884 0568 \Device\Harddisk0\DR0:
22:09:57.0884 0568 MBR partitions:
22:09:57.0884 0568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:09:57.0884 0568 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
22:09:57.0884 0568 ============================================================
22:09:57.0914 0568 C: <-> \Device\Harddisk0\DR0\Partition2
22:09:57.0914 0568 ============================================================
22:09:57.0914 0568 Initialize success
22:09:57.0914 0568 ============================================================
22:10:56.0484 2800 ============================================================
22:10:56.0484 2800 Scan started
22:10:56.0484 2800 Mode: Manual; SigCheck;
22:10:56.0484 2800 ============================================================
22:10:57.0774 2800 ================ Scan system memory ========================
22:10:57.0774 2800 System memory - ok
22:10:57.0774 2800 ================ Scan services =============================
22:10:57.0974 2800 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:10:58.0164 2800 1394ohci - ok
22:10:58.0204 2800 29BE - ok
22:10:58.0234 2800 7008ae98 - ok
22:10:58.0274 2800 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:10:58.0294 2800 ACPI - ok
22:10:58.0344 2800 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:10:58.0434 2800 AcpiPmi - ok
22:10:58.0534 2800 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:10:58.0554 2800 AdobeARMservice - ok
22:10:58.0604 2800 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:10:58.0644 2800 adp94xx - ok
22:10:58.0704 2800 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:10:58.0734 2800 adpahci - ok
22:10:58.0754 2800 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:10:58.0784 2800 adpu320 - ok
22:10:58.0824 2800 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:10:58.0894 2800 AeLookupSvc - ok
22:10:58.0954 2800 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\Windows\system32\drivers\afd.sys
22:10:59.0024 2800 AFD - ok
22:10:59.0054 2800 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:10:59.0074 2800 agp440 - ok
22:10:59.0094 2800 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
22:10:59.0114 2800 aic78xx - ok
22:10:59.0144 2800 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
22:10:59.0224 2800 ALG - ok
22:10:59.0254 2800 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:10:59.0264 2800 aliide - ok
22:10:59.0294 2800 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
22:10:59.0314 2800 amdagp - ok
22:10:59.0324 2800 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:10:59.0344 2800 amdide - ok
22:10:59.0384 2800 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:10:59.0434 2800 AmdK8 - ok
22:10:59.0464 2800 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:10:59.0514 2800 AmdPPM - ok
22:10:59.0574 2800 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:10:59.0594 2800 amdsata - ok
22:10:59.0624 2800 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:10:59.0644 2800 amdsbs - ok
22:10:59.0664 2800 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:10:59.0684 2800 amdxata - ok
22:10:59.0724 2800 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
22:10:59.0824 2800 AppID - ok
22:10:59.0854 2800 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:11:00.0004 2800 AppIDSvc - ok
22:11:00.0034 2800 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
22:11:00.0104 2800 Appinfo - ok
22:11:00.0154 2800 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
22:11:00.0214 2800 AppMgmt - ok
22:11:00.0254 2800 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:11:00.0284 2800 arc - ok
22:11:00.0304 2800 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:11:00.0324 2800 arcsas - ok
22:11:00.0354 2800 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:11:00.0494 2800 AsyncMac - ok
22:11:00.0514 2800 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:11:00.0534 2800 atapi - ok
22:11:00.0584 2800 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:11:00.0674 2800 AudioEndpointBuilder - ok
22:11:00.0734 2800 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:11:00.0784 2800 Audiosrv - ok
22:11:01.0054 2800 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
22:11:01.0234 2800 AVGIDSAgent - ok
22:11:01.0304 2800 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
22:11:01.0414 2800 AVGIDSDriver - ok
22:11:01.0434 2800 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
22:11:01.0454 2800 AVGIDSHX - ok
22:11:01.0474 2800 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
22:11:01.0484 2800 AVGIDSShim - ok
22:11:01.0524 2800 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
22:11:01.0544 2800 Avgldx86 - ok
22:11:01.0594 2800 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
22:11:01.0614 2800 Avglogx - ok
22:11:01.0634 2800 [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
22:11:01.0654 2800 Avgmfx86 - ok
22:11:01.0694 2800 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
22:11:01.0704 2800 Avgrkx86 - ok
22:11:01.0724 2800 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
22:11:01.0744 2800 Avgtdix - ok
22:11:01.0774 2800 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
22:11:01.0794 2800 avgwd - ok
22:11:01.0834 2800 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:11:01.0934 2800 AxInstSV - ok
22:11:01.0984 2800 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
22:11:02.0064 2800 b06bdrv - ok
22:11:02.0114 2800 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:11:02.0154 2800 b57nd60x - ok
22:11:02.0224 2800 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:11:02.0284 2800 BDESVC - ok
22:11:02.0334 2800 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:11:02.0404 2800 Beep - ok
22:11:02.0444 2800 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
22:11:02.0544 2800 BFE - ok
22:11:02.0594 2800 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
22:11:02.0704 2800 BITS - ok
22:11:02.0734 2800 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:11:02.0774 2800 blbdrive - ok
22:11:02.0814 2800 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:11:02.0854 2800 bowser - ok
22:11:02.0884 2800 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:11:02.0924 2800 BrFiltLo - ok
22:11:02.0964 2800 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:11:03.0054 2800 BrFiltUp - ok
22:11:03.0104 2800 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
22:11:03.0174 2800 Browser - ok
22:11:03.0214 2800 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:11:03.0264 2800 Brserid - ok
22:11:03.0284 2800 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:11:03.0334 2800 BrSerWdm - ok
22:11:03.0364 2800 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:11:03.0414 2800 BrUsbMdm - ok
22:11:03.0434 2800 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:11:03.0484 2800 BrUsbSer - ok
22:11:03.0514 2800 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:11:03.0554 2800 BTHMODEM - ok
22:11:03.0614 2800 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:11:03.0684 2800 bthserv - ok
22:11:03.0714 2800 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:11:03.0794 2800 cdfs - ok
22:11:03.0844 2800 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:11:03.0874 2800 cdrom - ok
22:11:03.0904 2800 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
22:11:03.0974 2800 CertPropSvc - ok
22:11:04.0004 2800 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:11:04.0024 2800 circlass - ok
22:11:04.0054 2800 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:11:04.0074 2800 CLFS - ok
22:11:04.0174 2800 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:11:04.0204 2800 clr_optimization_v2.0.50727_32 - ok
22:11:04.0274 2800 [ 816EB647B5E904DCA55D66ABF13FF70B ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:11:04.0324 2800 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - warning
22:11:04.0324 2800 clr_optimization_v4.0.30319_32 - detected UnsignedFile.Multi.Generic (1)
22:11:04.0364 2800 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:11:04.0404 2800 CmBatt - ok
22:11:04.0444 2800 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:11:04.0464 2800 cmdide - ok
22:11:04.0494 2800 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys
22:11:04.0534 2800 CNG - ok
22:11:04.0554 2800 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:11:04.0574 2800 Compbatt - ok
22:11:04.0604 2800 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:11:04.0634 2800 CompositeBus - ok
22:11:04.0654 2800 COMSysApp - ok
22:11:04.0684 2800 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:11:04.0704 2800 crcdisk - ok
22:11:04.0754 2800 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:11:04.0824 2800 CryptSvc - ok
22:11:04.0884 2800 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
22:11:04.0964 2800 CscService - ok
22:11:04.0994 2800 d7716e80 - ok
22:11:05.0044 2800 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
22:11:05.0124 2800 DcomLaunch - ok
22:11:05.0164 2800 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:11:05.0234 2800 defragsvc - ok
22:11:05.0284 2800 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:11:05.0344 2800 DfsC - ok
22:11:05.0404 2800 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:11:05.0494 2800 Dhcp - ok
22:11:05.0534 2800 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:11:05.0594 2800 discache - ok
22:11:05.0654 2800 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:11:05.0674 2800 Disk - ok
22:11:05.0714 2800 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:11:05.0794 2800 Dnscache - ok
22:11:05.0834 2800 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
22:11:05.0904 2800 dot3svc - ok
22:11:05.0984 2800 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
22:11:06.0024 2800 Dot4 - ok
22:11:06.0064 2800 [ C25FEA07A8E7767E8B89AB96A3B96519 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:11:06.0114 2800 Dot4Print - ok
22:11:06.0144 2800 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
22:11:06.0184 2800 dot4usb - ok
22:11:06.0214 2800 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
22:11:06.0294 2800 DPS - ok
22:11:06.0344 2800 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:11:06.0384 2800 drmkaud - ok
22:11:06.0444 2800 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:11:06.0484 2800 DXGKrnl - ok
22:11:06.0504 2800 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:11:06.0574 2800 EapHost - ok
22:11:06.0714 2800 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
22:11:06.0884 2800 ebdrv - ok
22:11:06.0934 2800 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe
22:11:06.0984 2800 EFS - ok
22:11:07.0064 2800 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:11:07.0144 2800 ehRecvr - ok
22:11:07.0174 2800 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
22:11:07.0234 2800 ehSched - ok
22:11:07.0284 2800 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:11:07.0324 2800 elxstor - ok
22:11:07.0334 2800 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:11:07.0374 2800 ErrDev - ok
22:11:07.0464 2800 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:11:07.0544 2800 EventSystem - ok
22:11:07.0574 2800 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:11:07.0624 2800 exfat - ok
22:11:07.0644 2800 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:11:07.0694 2800 fastfat - ok
22:11:07.0754 2800 FastUserSwitchingCompatibility - ok
22:11:07.0804 2800 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
22:11:07.0884 2800 Fax - ok
22:11:07.0914 2800 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:11:07.0954 2800 fdc - ok
22:11:07.0994 2800 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:11:08.0064 2800 fdPHost - ok
22:11:08.0084 2800 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:11:08.0144 2800 FDResPub - ok
22:11:08.0194 2800 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:11:08.0214 2800 FileInfo - ok
22:11:08.0224 2800 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:11:08.0274 2800 Filetrace - ok
22:11:08.0284 2800 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:11:08.0324 2800 flpydisk - ok
22:11:08.0364 2800 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:11:08.0384 2800 FltMgr - ok
22:11:08.0454 2800 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\Windows\system32\FntCache.dll
22:11:08.0564 2800 FontCache - ok
22:11:08.0614 2800 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:11:08.0634 2800 FontCache3.0.0.0 - ok
22:11:08.0654 2800 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:11:08.0674 2800 FsDepends - ok
22:11:08.0694 2800 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:11:08.0714 2800 Fs_Rec - ok
22:11:08.0764 2800 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:11:08.0784 2800 fvevol - ok
22:11:08.0824 2800 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:11:08.0844 2800 gagp30kx - ok
22:11:08.0904 2800 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:11:08.0914 2800 GEARAspiWDM - ok
22:11:08.0964 2800 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
22:11:09.0024 2800 gpsvc - ok
22:11:09.0054 2800 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:11:09.0124 2800 hcw85cir - ok
22:11:09.0184 2800 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:11:09.0244 2800 HdAudAddService - ok
22:11:09.0284 2800 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:11:09.0334 2800 HDAudBus - ok
22:11:09.0354 2800 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:11:09.0394 2800 HidBatt - ok
22:11:09.0434 2800 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:11:09.0484 2800 HidBth - ok
22:11:09.0524 2800 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:11:09.0574 2800 HidIr - ok
22:11:09.0614 2800 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
22:11:09.0654 2800 hidserv - ok
22:11:09.0694 2800 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:11:09.0734 2800 HidUsb - ok
22:11:09.0774 2800 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:11:09.0854 2800 hkmsvc - ok
22:11:09.0874 2800 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:11:09.0954 2800 HomeGroupListener - ok
22:11:10.0004 2800 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:11:10.0034 2800 HomeGroupProvider - ok
22:11:10.0184 2800 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:11:10.0224 2800 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
22:11:10.0224 2800 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
22:11:10.0264 2800 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:11:10.0304 2800 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
22:11:10.0304 2800 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
22:11:10.0334 2800 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:11:10.0354 2800 HpSAMD - ok
22:11:10.0404 2800 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:11:10.0464 2800 HTTP - ok
22:11:10.0484 2800 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:11:10.0504 2800 hwpolicy - ok
22:11:10.0554 2800 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:11:10.0574 2800 i8042prt - ok
22:11:10.0644 2800 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:11:10.0674 2800 iaStorV - ok
22:11:10.0754 2800 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:11:10.0814 2800 idsvc - ok
22:11:11.0134 2800 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
22:11:11.0394 2800 igfx - ok
22:11:11.0424 2800 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:11:11.0444 2800 iirsp - ok
22:11:11.0504 2800 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
22:11:11.0594 2800 IKEEXT - ok
22:11:11.0634 2800 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:11:11.0654 2800 intelide - ok
22:11:11.0714 2800 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:11:11.0764 2800 intelppm - ok
22:11:11.0804 2800 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:11:11.0874 2800 IPBusEnum - ok
22:11:11.0904 2800 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:11:11.0964 2800 IpFilterDriver - ok
22:11:12.0014 2800 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:11:12.0094 2800 iphlpsvc - ok
22:11:12.0124 2800 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:11:12.0144 2800 IPMIDRV - ok
22:11:12.0164 2800 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:11:12.0234 2800 IPNAT - ok
22:11:12.0274 2800 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:11:12.0304 2800 IRENUM - ok
22:11:12.0334 2800 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:11:12.0354 2800 isapnp - ok
22:11:12.0374 2800 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:11:12.0404 2800 iScsiPrt - ok
22:11:12.0434 2800 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:11:12.0454 2800 kbdclass - ok
22:11:12.0484 2800 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:11:12.0534 2800 kbdhid - ok
22:11:12.0564 2800 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe
22:11:12.0584 2800 KeyIso - ok
22:11:12.0604 2800 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:11:12.0624 2800 KSecDD - ok
22:11:12.0664 2800 [ 365C6154BBBC5377173F1CA7BFB6CC59 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:11:12.0684 2800 KSecPkg - ok
22:11:12.0744 2800 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:11:12.0824 2800 KtmRm - ok
22:11:12.0874 2800 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
22:11:12.0944 2800 LanmanServer - ok
22:11:12.0984 2800 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:11:13.0034 2800 LanmanWorkstation - ok
22:11:13.0064 2800 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:11:13.0134 2800 lltdio - ok
22:11:13.0174 2800 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:11:13.0234 2800 lltdsvc - ok
22:11:13.0244 2800 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:11:13.0304 2800 lmhosts - ok
22:11:13.0344 2800 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:11:13.0364 2800 LSI_FC - ok
22:11:13.0374 2800 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:11:13.0404 2800 LSI_SAS - ok
22:11:13.0424 2800 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:11:13.0444 2800 LSI_SAS2 - ok
22:11:13.0474 2800 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:11:13.0494 2800 LSI_SCSI - ok
22:11:13.0524 2800 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:11:13.0594 2800 luafv - ok
22:11:13.0664 2800 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
22:11:13.0694 2800 LVRS - ok
22:11:13.0884 2800 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
22:11:14.0114 2800 LVUVC - ok
22:11:14.0224 2800 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:11:14.0274 2800 Mcx2Svc - ok
22:11:14.0314 2800 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:11:14.0334 2800 megasas - ok
22:11:14.0384 2800 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:11:14.0404 2800 MegaSR - ok
22:11:14.0434 2800 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:11:14.0484 2800 MMCSS - ok
22:11:14.0504 2800 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:11:14.0564 2800 Modem - ok
22:11:14.0594 2800 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:11:14.0634 2800 monitor - ok
22:11:14.0684 2800 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:11:14.0704 2800 mouclass - ok
22:11:14.0724 2800 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:11:14.0764 2800 mouhid - ok
22:11:14.0794 2800 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:11:14.0814 2800 mountmgr - ok
22:11:14.0894 2800 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:11:14.0924 2800 MozillaMaintenance - ok
22:11:14.0944 2800 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:11:14.0964 2800 mpio - ok
22:11:14.0984 2800 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:11:15.0064 2800 mpsdrv - ok
22:11:15.0114 2800 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
22:11:15.0194 2800 MpsSvc - ok
22:11:15.0224 2800 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:11:15.0264 2800 MRxDAV - ok
22:11:15.0294 2800 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:11:15.0354 2800 mrxsmb - ok
22:11:15.0394 2800 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:11:15.0444 2800 mrxsmb10 - ok
22:11:15.0484 2800 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:11:15.0504 2800 mrxsmb20 - ok
22:11:15.0534 2800 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:11:15.0554 2800 msahci - ok
22:11:15.0574 2800 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:11:15.0604 2800 msdsm - ok
22:11:15.0634 2800 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:11:15.0684 2800 MSDTC - ok
22:11:15.0694 2800 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:11:15.0754 2800 Msfs - ok
22:11:15.0774 2800 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:11:15.0834 2800 mshidkmdf - ok
22:11:15.0864 2800 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:11:15.0884 2800 msisadrv - ok
22:11:15.0934 2800 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:11:15.0984 2800 MSiSCSI - ok
22:11:15.0994 2800 msiserver - ok
22:11:16.0024 2800 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:11:16.0084 2800 MSKSSRV - ok
22:11:16.0114 2800 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:11:16.0174 2800 MSPCLOCK - ok
22:11:16.0204 2800 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:11:16.0254 2800 MSPQM - ok
22:11:16.0284 2800 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:11:16.0304 2800 MsRPC - ok
22:11:16.0334 2800 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:11:16.0354 2800 mssmbios - ok
22:11:16.0374 2800 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:11:16.0424 2800 MSTEE - ok
22:11:16.0444 2800 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:11:16.0494 2800 MTConfig - ok
22:11:16.0514 2800 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:11:16.0534 2800 Mup - ok
22:11:16.0574 2800 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
22:11:16.0654 2800 napagent - ok
22:11:16.0724 2800 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:11:16.0784 2800 NativeWifiP - ok
22:11:16.0854 2800 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:11:16.0884 2800 NDIS - ok
22:11:16.0924 2800 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:11:16.0984 2800 NdisCap - ok
22:11:17.0024 2800 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:11:17.0094 2800 NdisTapi - ok
22:11:17.0124 2800 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:11:17.0174 2800 Ndisuio - ok
22:11:17.0184 2800 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:11:17.0244 2800 NdisWan - ok
22:11:17.0254 2800 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:11:17.0304 2800 NDProxy - ok
22:11:17.0374 2800 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:11:17.0404 2800 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:11:17.0404 2800 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:11:17.0454 2800 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:11:17.0514 2800 NetBIOS - ok
22:11:17.0554 2800 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:11:17.0614 2800 NetBT - ok
22:11:17.0644 2800 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe
22:11:17.0674 2800 Netlogon - ok
22:11:17.0764 2800 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:11:17.0824 2800 Netman - ok
22:11:17.0834 2800 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:11:17.0914 2800 netprofm - ok
22:11:17.0954 2800 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:11:17.0974 2800 NetTcpPortSharing - ok
22:11:18.0004 2800 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:11:18.0024 2800 nfrd960 - ok
22:11:18.0054 2800 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
22:11:18.0104 2800 NlaSvc - ok
22:11:18.0124 2800 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:11:18.0174 2800 Npfs - ok
22:11:18.0204 2800 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:11:18.0254 2800 nsi - ok
22:11:18.0264 2800 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:11:18.0324 2800 nsiproxy - ok
22:11:18.0404 2800 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:11:18.0454 2800 Ntfs - ok
22:11:18.0474 2800 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:11:18.0524 2800 Null - ok
22:11:18.0594 2800 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:11:18.0614 2800 nvraid - ok
22:11:18.0664 2800 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:11:18.0684 2800 nvstor - ok
22:11:18.0724 2800 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:11:18.0744 2800 nv_agp - ok
22:11:18.0853 2800 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:11:18.0885 2800 odserv - ok
22:11:18.0916 2800 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:11:18.0978 2800 ohci1394 - ok
22:11:19.0025 2800 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:11:19.0041 2800 ose - ok
22:11:19.0087 2800 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:11:19.0165 2800 p2pimsvc - ok
22:11:19.0181 2800 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:11:19.0212 2800 p2psvc - ok
22:11:19.0243 2800 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:11:19.0290 2800 Parport - ok
22:11:19.0290 2800 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:11:19.0321 2800 partmgr - ok
22:11:19.0353 2800 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:11:19.0384 2800 Parvdm - ok
22:11:19.0399 2800 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:11:19.0431 2800 PcaSvc - ok
22:11:19.0446 2800 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
22:11:19.0477 2800 pci - ok
22:11:19.0493 2800 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:11:19.0509 2800 pciide - ok
22:11:19.0540 2800 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:11:19.0555 2800 pcmcia - ok
22:11:19.0571 2800 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:11:19.0602 2800 pcw - ok
22:11:19.0633 2800 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:11:19.0696 2800 PEAUTH - ok
22:11:19.0758 2800 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:11:19.0867 2800 PeerDistSvc - ok
22:11:19.0961 2800 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
22:11:20.0100 2800 pla - ok
22:11:20.0180 2800 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:11:20.0260 2800 PlugPlay - ok
22:11:20.0310 2800 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:11:20.0320 2800 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:11:20.0320 2800 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:11:20.0340 2800 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:11:20.0390 2800 PNRPAutoReg - ok
22:11:20.0420 2800 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:11:20.0450 2800 PNRPsvc - ok
22:11:20.0500 2800 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:11:20.0580 2800 PolicyAgent - ok
22:11:20.0630 2800 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
22:11:20.0680 2800 Power - ok
22:11:20.0720 2800 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:11:20.0800 2800 PptpMiniport - ok
22:11:20.0830 2800 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:11:20.0870 2800 Processor - ok
22:11:20.0920 2800 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
22:11:20.0970 2800 ProfSvc - ok
22:11:20.0990 2800 [ F42309C4191C506B71DB5D1126D26318 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:11:21.0020 2800 ProtectedStorage - ok
22:11:21.0040 2800 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:11:21.0090 2800 Psched - ok
22:11:21.0160 2800 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:11:21.0250 2800 ql2300 - ok
22:11:21.0270 2800 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:11:21.0300 2800 ql40xx - ok
22:11:21.0330 2800 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:11:21.0360 2800 QWAVE - ok
22:11:21.0380 2800 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:11:21.0410 2800 QWAVEdrv - ok
22:11:21.0440 2800 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:11:21.0480 2800 RasAcd - ok
22:11:21.0540 2800 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:11:21.0600 2800 RasAgileVpn - ok
22:11:21.0640 2800 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:11:21.0690 2800 RasAuto - ok
22:11:21.0710 2800 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:11:21.0760 2800 Rasl2tp - ok
22:11:21.0780 2800 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
22:11:21.0840 2800 RasMan - ok
22:11:21.0850 2800 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:11:21.0920 2800 RasPppoe - ok
22:11:21.0960 2800 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:11:22.0000 2800 RasSstp - ok
22:11:22.0020 2800 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:11:22.0070 2800 rdbss - ok
22:11:22.0090 2800 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:11:22.0116 2800 rdpbus - ok
22:11:22.0131 2800 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:11:22.0194 2800 RDPCDD - ok
22:11:22.0241 2800 [ C5FF95883FFEF704D50C40D21CFB3AB5 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:11:22.0319 2800 RDPDR - ok
22:11:22.0350 2800 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:11:22.0412 2800 RDPENCDD - ok
22:11:22.0443 2800 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:11:22.0506 2800 RDPREFMP - ok
22:11:22.0553 2800 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:11:22.0615 2800 RDPWD - ok
22:11:22.0662 2800 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:11:22.0693 2800 rdyboost - ok
22:11:22.0724 2800 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:11:22.0802 2800 RemoteAccess - ok
22:11:22.0833 2800 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:11:22.0911 2800 RemoteRegistry - ok
22:11:22.0958 2800 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:11:23.0021 2800 RpcEptMapper - ok
22:11:23.0052 2800 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:11:23.0114 2800 RpcLocator - ok
22:11:23.0145 2800 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
22:11:23.0208 2800 RpcSs - ok
22:11:23.0239 2800 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:11:23.0317 2800 rspndr - ok
22:11:23.0364 2800 [ 325590E7E9587459643BA24D2CF73BF2 ] RTL8187 C:\Windows\system32\DRIVERS\rtl8187.sys
22:11:23.0411 2800 RTL8187 - ok
22:11:23.0442 2800 [ 5423D8437051E89DD34749F242C98648 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
22:11:23.0504 2800 s3cap - ok
22:11:23.0520 2800 [ F42309C4191C506B71DB5D1126D26318 ] SamSs C:\Windows\system32\lsass.exe
22:11:23.0551 2800 SamSs - ok
22:11:23.0582 2800 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:11:23.0598 2800 sbp2port - ok
22:11:23.0645 2800 SBRE - ok
22:11:23.0691 2800 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:11:23.0769 2800 SCardSvr - ok
22:11:23.0801 2800 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:11:23.0847 2800 scfilter - ok
22:11:23.0910 2800 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
22:11:23.0957 2800 Schedule - ok
22:11:23.0988 2800 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:11:24.0035 2800 SCPolicySvc - ok
22:11:24.0050 2800 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:11:24.0128 2800 SDRSVC - ok
22:11:24.0175 2800 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:11:24.0222 2800 secdrv - ok
22:11:24.0253 2800 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:11:24.0331 2800 seclogon - ok
22:11:24.0362 2800 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
22:11:24.0425 2800 SENS - ok
22:11:24.0471 2800 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:11:24.0549 2800 SensrSvc - ok
22:11:24.0581 2800 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:11:24.0612 2800 Serenum - ok
22:11:24.0627 2800 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:11:24.0659 2800 Serial - ok
22:11:24.0690 2800 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:11:24.0737 2800 sermouse - ok
22:11:24.0799 2800 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
22:11:24.0861 2800 SessionEnv - ok
22:11:24.0877 2800 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:11:24.0924 2800 sffdisk - ok
22:11:24.0955 2800 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:11:24.0986 2800 sffp_mmc - ok
22:11:24.0986 2800 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:11:25.0033 2800 sffp_sd - ok
22:11:25.0064 2800 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:11:25.0111 2800 sfloppy - ok
22:11:25.0173 2800 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:11:25.0251 2800 SharedAccess - ok
22:11:25.0283 2800 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:11:25.0314 2800 ShellHWDetection - ok
22:11:25.0329 2800 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
22:11:25.0345 2800 sisagp - ok
22:11:25.0392 2800 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:11:25.0407 2800 SiSRaid2 - ok
22:11:25.0423 2800 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:11:25.0439 2800 SiSRaid4 - ok
22:11:25.0500 2800 [ DB0405D9AAD62F0762E0876AC142B7E1 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:11:25.0520 2800 SkypeUpdate - ok
22:11:25.0550 2800 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:11:25.0630 2800 Smb - ok
22:11:25.0710 2800 [ 19301C27F3425DC39F6C599F527E507D ] smserial C:\Windows\system32\DRIVERS\smserial.sys
22:11:25.0790 2800 smserial - ok
22:11:25.0850 2800 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:11:25.0890 2800 SNMPTRAP - ok
22:11:25.0920 2800 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:11:25.0930 2800 spldr - ok
22:11:25.0980 2800 [ D1BB750EB51694DE183E08B9C33BE5B2 ] Spooler C:\Windows\System32\spoolsv.exe
22:11:26.0030 2800 Spooler - ok
22:11:26.0150 2800 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
22:11:26.0330 2800 sppsvc - ok
22:11:26.0360 2800 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:11:26.0430 2800 sppuinotify - ok
22:11:26.0480 2800 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:11:26.0550 2800 srv - ok
22:11:26.0580 2800 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:11:26.0630 2800 srv2 - ok
22:11:26.0670 2800 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:11:26.0710 2800 srvnet - ok
22:11:26.0760 2800 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:11:26.0810 2800 SSDPSRV - ok
22:11:26.0830 2800 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:11:26.0870 2800 SstpSvc - ok
22:11:26.0900 2800 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:11:26.0920 2800 stexstor - ok
22:11:26.0970 2800 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
22:11:27.0030 2800 StiSvc - ok
22:11:27.0080 2800 [ 957E346CA948668F2496A6CCF6FF82CC ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
22:11:27.0100 2800 storflt - ok
22:11:27.0140 2800 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
22:11:27.0180 2800 StorSvc - ok
22:11:27.0210 2800 [ D5751969DC3E4B88BF482AC8EC9FE019 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
22:11:27.0230 2800 storvsc - ok
22:11:27.0250 2800 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:11:27.0270 2800 swenum - ok
22:11:27.0320 2800 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
22:11:27.0390 2800 swprv - ok
22:11:27.0460 2800 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
22:11:27.0551 2800 SysMain - ok
22:11:27.0582 2800 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:11:27.0629 2800 TabletInputService - ok
22:11:27.0660 2800 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
22:11:27.0723 2800 TapiSrv - ok
22:11:27.0738 2800 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
22:11:27.0785 2800 TBS - ok
22:11:27.0863 2800 [ C2DAAEB48F3A47C410B041A0D2382EE1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:11:27.0910 2800 Tcpip - ok
22:11:27.0972 2800 [ C2DAAEB48F3A47C410B041A0D2382EE1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:11:28.0035 2800 TCPIP6 - ok
22:11:28.0081 2800 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:11:28.0128 2800 tcpipreg - ok
22:11:28.0144 2800 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:11:28.0222 2800 TDPIPE - ok
22:11:28.0253 2800 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:11:28.0315 2800 TDTCP - ok
22:11:28.0347 2800 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:11:28.0425 2800 tdx - ok
22:11:28.0440 2800 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:11:28.0456 2800 TermDD - ok
22:11:28.0518 2800 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
22:11:28.0581 2800 TermService - ok
22:11:28.0596 2800 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
22:11:28.0627 2800 Themes - ok
22:11:28.0659 2800 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
22:11:28.0705 2800 THREADORDER - ok
22:11:28.0752 2800 [ C424F991494E5674F2E9B3CF9F5F55D1 ] tifm21 C:\Windows\system32\drivers\tifm21.sys
22:11:28.0815 2800 tifm21 - ok
22:11:28.0861 2800 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
22:11:28.0924 2800 TrkWks - ok
22:11:28.0986 2800 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:11:29.0017 2800 TrustedInstaller - ok
22:11:29.0049 2800 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:11:29.0095 2800 tssecsrv - ok
22:11:29.0127 2800 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:11:29.0189 2800 tunnel - ok
22:11:29.0205 2800 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:11:29.0236 2800 uagp35 - ok
22:11:29.0251 2800 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:11:29.0345 2800 udfs - ok
22:11:29.0407 2800 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:11:29.0470 2800 UI0Detect - ok
22:11:29.0501 2800 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:11:29.0532 2800 uliagpkx - ok
22:11:29.0563 2800 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:11:29.0610 2800 umbus - ok
22:11:29.0641 2800 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:11:29.0673 2800 UmPass - ok
22:11:29.0735 2800 [ 8ECACA5454844F66386F7BE4AE0D7CD1 ] UmRdpService C:\Windows\System32\umrdp.dll
22:11:29.0766 2800 UmRdpService - ok
22:11:29.0844 2800 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
22:11:29.0875 2800 UMVPFSrv - ok
22:11:29.0891 2800 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
22:11:29.0969 2800 upnphost - ok
22:11:30.0031 2800 [ 5C2BDC152BBAB34F36473DEAF7713F22 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
22:11:30.0063 2800 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
22:11:30.0063 2800 USBAAPL - detected UnsignedFile.Multi.Generic (1)
22:11:30.0109 2800 [ 2436A42AAB4AD48A9B714E5B0F344627 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:11:30.0156 2800 usbaudio - ok
22:11:30.0219 2800 [ C31AE588E403042632DC796CF09E30B0 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:11:30.0250 2800 usbccgp - ok
22:11:30.0297 2800 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:11:30.0328 2800 usbcir - ok
22:11:30.0359 2800 [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:11:30.0375 2800 usbehci - ok
22:11:30.0453 2800 [ BDCD7156EC37448F08633FD899823620 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:11:30.0468 2800 usbhub - ok
22:11:30.0499 2800 [ EB2D819A639015253C871CDA09D91D58 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:11:30.0546 2800 usbohci - ok
22:11:30.0562 2800 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:11:30.0609 2800 usbprint - ok
22:11:30.0687 2800 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:11:30.0702 2800 usbscan - ok
22:11:30.0749 2800 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:11:30.0811 2800 USBSTOR - ok
22:11:30.0843 2800 [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:11:30.0874 2800 usbuhci - ok
22:11:30.0905 2800 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
22:11:30.0952 2800 UxSms - ok
22:11:30.0967 2800 [ F42309C4191C506B71DB5D1126D26318 ] VaultSvc C:\Windows\system32\lsass.exe
22:11:30.0999 2800 VaultSvc - ok
22:11:31.0030 2800 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:11:31.0045 2800 vdrvroot - ok
22:11:31.0092 2800 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
22:11:31.0148 2800 vds - ok
22:11:31.0178 2800 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:11:31.0208 2800 vga - ok
22:11:31.0228 2800 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:11:31.0278 2800 VgaSave - ok
22:11:31.0298 2800 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:11:31.0328 2800 vhdmp - ok
22:11:31.0358 2800 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
22:11:31.0378 2800 viaagp - ok
22:11:31.0388 2800 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
22:11:31.0438 2800 ViaC7 - ok
22:11:31.0468 2800 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:11:31.0488 2800 viaide - ok
22:11:31.0518 2800 [ 379B349F65F453D2A6E75EA6B7448E49 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
22:11:31.0548 2800 vmbus - ok
22:11:31.0578 2800 [ EC2BBAB4B84D0738C6C83D2234DC36FE ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
22:11:31.0598 2800 VMBusHID - ok
22:11:31.0628 2800 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:11:31.0648 2800 volmgr - ok
22:11:31.0678 2800 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:11:31.0708 2800 volmgrx - ok
22:11:31.0738 2800 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
22:11:31.0758 2800 volsnap - ok
22:11:31.0798 2800 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:11:31.0818 2800 vsmraid - ok
22:11:31.0888 2800 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
22:11:31.0988 2800 VSS - ok
22:11:32.0018 2800 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
22:11:32.0068 2800 vwifibus - ok
22:11:32.0088 2800 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:11:32.0118 2800 vwififlt - ok
22:11:32.0168 2800 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:11:32.0198 2800 vwifimp - ok
22:11:32.0218 2800 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
22:11:32.0298 2800 W32Time - ok
22:11:32.0328 2800 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:11:32.0348 2800 WacomPen - ok
22:11:32.0388 2800 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:11:32.0448 2800 WANARP - ok
22:11:32.0448 2800 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:11:32.0498 2800 Wanarpv6 - ok
22:11:32.0578 2800 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:11:32.0668 2800 WatAdminSvc - ok
22:11:32.0728 2800 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
22:11:32.0828 2800 wbengine - ok
22:11:32.0848 2800 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:11:32.0908 2800 WbioSrvc - ok
22:11:32.0958 2800 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:11:33.0048 2800 wcncsvc - ok
22:11:33.0068 2800 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:11:33.0128 2800 WcsPlugInService - ok
22:11:33.0158 2800 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:11:33.0168 2800 Wd - ok
22:11:33.0208 2800 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:11:33.0238 2800 Wdf01000 - ok
22:11:33.0268 2800 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:11:33.0318 2800 WdiServiceHost - ok
22:11:33.0318 2800 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:11:33.0358 2800 WdiSystemHost - ok
22:11:33.0398 2800 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\Windows\System32\webclnt.dll
22:11:33.0448 2800 WebClient - ok
22:11:33.0468 2800 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:11:33.0528 2800 Wecsvc - ok
22:11:33.0538 2800 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:11:33.0598 2800 wercplsupport - ok
22:11:33.0608 2800 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
22:11:33.0668 2800 WerSvc - ok
22:11:33.0718 2800 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:11:33.0768 2800 WfpLwf - ok
22:11:33.0788 2800 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:11:33.0808 2800 WIMMount - ok
22:11:33.0818 2800 WinHttpAutoProxySvc - ok
22:11:33.0888 2800 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:11:33.0938 2800 Winmgmt - ok
22:11:34.0008 2800 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
22:11:34.0118 2800 WinRM - ok
22:11:34.0158 2800 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:11:34.0188 2800 WinUsb - ok
22:11:34.0248 2800 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:11:34.0298 2800 Wlansvc - ok
22:11:34.0298 2800 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:11:34.0348 2800 WmiAcpi - ok
22:11:34.0388 2800 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:11:34.0428 2800 wmiApSrv - ok
22:11:34.0528 2800 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:11:34.0638 2800 WMPNetworkSvc - ok
22:11:34.0698 2800 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:11:34.0728 2800 WPCSvc - ok
22:11:34.0748 2800 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:11:34.0778 2800 WPDBusEnum - ok
22:11:34.0818 2800 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:11:34.0888 2800 ws2ifsl - ok
22:11:34.0938 2800 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
22:11:34.0978 2800 WSDPrintDevice - ok
22:11:34.0988 2800 WSearch - ok
22:11:35.0088 2800 [ A33408CC036F9C08142B11BE5E93F0A1 ] wuauserv C:\Windows\system32\wuaueng.dll
22:11:35.0238 2800 wuauserv - ok
22:11:35.0268 2800 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:11:35.0318 2800 WudfPf - ok
22:11:35.0348 2800 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:11:35.0398 2800 WUDFRd - ok
22:11:35.0438 2800 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:11:35.0508 2800 wudfsvc - ok
22:11:35.0538 2800 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:11:35.0598 2800 WwanSvc - ok
22:11:35.0658 2800 [ A1911838153A7A81ABECB774C1430FC8 ] X6XSEx_Pr143 C:\Program Files\Free Ride Games\X6XSEx_Pr143.Sys
22:11:35.0668 2800 X6XSEx_Pr143 - ok
22:11:35.0729 2800 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
22:11:35.0760 2800 yukonw7 - ok
22:11:35.0791 2800 ================ Scan global ===============================
22:11:35.0823 2800 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
22:11:35.0854 2800 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
22:11:35.0869 2800 [ 008F51AE989C3DF1CBAF8B39DC423CCC ] C:\Windows\system32\winsrv.dll
22:11:35.0901 2800 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:11:35.0947 2800 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:11:35.0947 2800 [Global] - ok
22:11:35.0947 2800 ================ Scan MBR ==================================
22:11:35.0979 2800 [ DE1996B5390BAC8242E23168F828C750 ] \Device\Harddisk0\DR0
22:11:36.0010 2800 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
22:11:36.0010 2800 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
22:11:36.0010 2800 ================ Scan VBR ==================================
22:11:36.0041 2800 [ A88D975FED8CAD613E5910CAB7C9652F ] \Device\Harddisk0\DR0\Partition1
22:11:36.0041 2800 \Device\Harddisk0\DR0\Partition1 - ok
22:11:36.0057 2800 [ AF8FAD3B4F10CDFEA7B4A705C6B25282 ] \Device\Harddisk0\DR0\Partition2
22:11:36.0057 2800 \Device\Harddisk0\DR0\Partition2 - ok
22:11:36.0057 2800 ============================================================
22:11:36.0057 2800 Scan finished
22:11:36.0057 2800 ============================================================
22:11:36.0088 2828 Detected object count: 7
22:11:36.0088 2828 Actual detected object count: 7
22:12:25.0332 2828 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - skipped by user
22:12:25.0332 2828 clr_optimization_v4.0.30319_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:12:25.0332 2828 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
22:12:25.0332 2828 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:12:25.0332 2828 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
22:12:25.0332 2828 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:12:25.0332 2828 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:12:25.0332 2828 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:12:25.0332 2828 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:12:25.0348 2828 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:12:25.0348 2828 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
22:12:25.0348 2828 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:12:26.0497 2828 \Device\Harddisk0\DR0\# - copied to quarantine
22:12:26.0497 2828 \Device\Harddisk0\DR0 - copied to quarantine
22:12:26.0607 2828 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
22:12:26.0617 2828 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
22:12:26.0617 2828 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
22:12:26.0617 2828 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:12:26.0627 2828 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:12:26.0627 2828 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:12:26.0627 2828 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:12:26.0647 2828 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:12:26.0657 2828 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:12:26.0687 2828 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:12:26.0697 2828 \Device\Harddisk0\DR0\TDLFS\socks.dll - copied to quarantine
22:12:26.0747 2828 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
22:12:26.0907 2828 \Device\Harddisk0\DR0 - ok
22:12:26.0907 2828 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
22:12:36.0486 2096 Deinitialize success

22:14:57.0530 3096 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:14:57.0576 3096 ============================================================
22:14:57.0576 3096 Current date / time: 2013/03/06 22:14:57.0576
22:14:57.0576 3096 SystemInfo:
22:14:57.0576 3096
22:14:57.0576 3096 OS Version: 6.1.7600 ServicePack: 0.0
22:14:57.0576 3096 Product type: Workstation
22:14:57.0576 3096 ComputerName: OWNER-PC
22:14:57.0576 3096 UserName: Owner
22:14:57.0576 3096 Windows directory: C:\Windows
22:14:57.0576 3096 System windows directory: C:\Windows
22:14:57.0576 3096 Processor architecture: Intel x86
22:14:57.0576 3096 Number of processors: 2
22:14:57.0576 3096 Page size: 0x1000
22:14:57.0576 3096 Boot type: Normal boot
22:14:57.0576 3096 ============================================================
22:15:00.0556 3096 BG loaded
22:15:01.0866 3096 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:15:01.0882 3096 ============================================================
22:15:01.0882 3096 \Device\Harddisk0\DR0:
22:15:01.0882 3096 MBR partitions:
22:15:01.0882 3096 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:15:01.0882 3096 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
22:15:01.0882 3096 ============================================================
22:15:02.0241 3096 C: <-> \Device\Harddisk0\DR0\Partition2
22:15:02.0241 3096 ============================================================
22:15:02.0241 3096 Initialize success
22:15:02.0241 3096 ============================================================
22:15:15.0450 3020 Deinitialize success
wv2sc
Regular Member
 
Posts: 22
Joined: March 4th, 2013, 7:50 pm

Re: virus/malware removal

Unread postby deltalima » March 7th, 2013, 5:00 am

Hi wv2sc,

Please run a new scan with DDS and post only the DDS.txt log file.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: virus/malware removal

Unread postby wv2sc » March 7th, 2013, 8:19 pm

Hi deltalima,

Once again, I appreciate your assistance. Here's the dds.txt log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by Owner at 19:13:57 on 2013-03-07
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2038.1188 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Free Ride Games\GPlayer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG2013\avgmfapx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: {07D90D00-A1D0-40FA-819C-7B82B03F4542} - <orphaned>
BHO: {0FB21A00-A1D0-40FA-819C-7B82B03F4542} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
dRun: [Exetender] "c:\program files\free ride games\GPlayer.exe" /runonstartup
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\owner\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{19D01C64-F168-4847-88E3-FE6167DFF604} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{AE7F6407-DC22-4FFE-AFF5-6CFC12193B02} : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{AE7F6407-DC22-4FFE-AFF5-6CFC12193B02}\053425850234F6D6075747562737 : DHCPNameServer = 192.168.1.5
TCP: Interfaces\{AE7F6407-DC22-4FFE-AFF5-6CFC12193B02}\1447966716534376 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{AE7F6407-DC22-4FFE-AFF5-6CFC12193B02}\33467616D696E67696E636 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AE7F6407-DC22-4FFE-AFF5-6CFC12193B02}\7796C6C696E6768616D6 : DHCPNameServer = 192.168.100.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
Hosts: 87.229.126.44 www.google.com
Hosts: 87.229.126.45 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\80t0krd4.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\free ride games\npExentCtl.dll
FF - plugin: c:\program files\free ride games\npGameTreatWidget.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - ExtSQL: !HIDDEN! 2012-03-20 20:30; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R2 X6XSEx_Pr143;X6XSEx_Pr143;c:\program files\free ride games\X6XSEx_Pr143.sys [2013-2-27 47432]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 124180]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-7 1343400]
.
=============== Created Last 30 ================
.
2013-03-07 03:12:25 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-05 23:49:23 -------- d-----w- C:\MGADiagToolOutput
2013-03-04 01:34:27 -------- d-----w- c:\users\owner\appdata\roaming\QuickScan
2013-03-03 20:42:13 -------- d-----w- c:\program files\BurnAware Free
2013-03-03 20:13:42 388096 ----a-r- c:\users\owner\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-03-03 20:13:42 -------- d-----w- c:\program files\Trend Micro
2013-03-03 20:04:00 -------- d-----w- c:\users\owner\appdata\roaming\AVG2013
2013-03-03 20:02:05 -------- d--h--w- C:\$AVG
2013-03-03 20:02:05 -------- d-----w- c:\programdata\AVG2013
2013-03-03 20:00:34 -------- d-----w- c:\program files\AVG
2013-03-03 19:23:05 -------- d-----w- c:\users\owner\appdata\local\Avg2013
2013-03-03 18:41:54 -------- d-----w- c:\users\owner\appdata\local\Programs
2013-03-03 18:16:36 -------- d-----w- C:\components
2013-03-03 16:15:29 3048563 ----a-w- C:\lx12core2641td.bin
2013-03-03 16:14:54 6851309 ----a-w- C:\u12iavi5645u5380lo.bin
2013-02-28 01:27:46 -------- d-----w- C:\Remote Programs
2013-02-28 01:27:18 1132448 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-02-28 01:27:18 -------- d-----w- c:\programdata\Free Ride Games
2013-02-28 01:27:14 58264 ------w- c:\windows\ExentInfo.exe
2013-02-28 01:27:14 -------- d-----w- c:\program files\Free Ride Games
2013-02-28 01:27:12 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2013-02-28 01:27:11 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2013-02-28 01:27:11 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2013-02-28 01:27:11 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2013-02-28 01:27:09 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2013-02-28 01:24:12 -------- d-----w- c:\users\owner\appdata\local\SwvUpdater
2013-02-28 01:23:35 -------- d-----w- c:\users\owner\appdata\local\Discount Buddy
2013-02-28 01:23:12 33958 ----a-w- c:\programdata\uninstaller.exe
2013-02-19 23:29:48 -------- d-----w- c:\programdata\Big Fish Games
2013-02-19 23:29:44 -------- d-----w- c:\program files\bfgclient
2013-02-19 23:19:35 -------- d-----w- c:\program files\Conduit
.
==================== Find3M ====================
.
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 17:27:56 4132864 ----a-w- c:\programdata\ReadOnlyInstaller.msi
.
============= FINISH: 19:15:43.47 ===============
wv2sc
Regular Member
 
Posts: 22
Joined: March 4th, 2013, 7:50 pm

Re: virus/malware removal

Unread postby deltalima » March 8th, 2013, 3:53 am

Hi wv2sc,

Run OTL Script

  • Double-click OTL.exe (Right click and choose "Run as administrator" in Vista/Win7).
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :processes
    killallprocesses
    :otl
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.startsearcher.com 
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [RESETHOSTS]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please download Farbar Service Scanner and save it to your Desktop.
  • Double click FSS.exe to run it.
  • Ensure Internet Services, Security Center/ Action Center and Windows Update are checked.
  • Press the "Scan" button.
  • When finished, a text file named FSS.txt will be created on your desktop. (Same folder the tool is run).
  • Please copy and paste the contents of the FSS.txt log to your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: virus/malware removal

Unread postby wv2sc » March 8th, 2013, 3:49 pm

Hi deltalima,

Following are the logs you requested:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 52711695 bytes
->Temporary Internet Files folder emptied: 65061084 bytes
->Java cache emptied: 230863 bytes
->FireFox cache emptied: 21100008 bytes
->Flash cache emptied: 2312 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21806 bytes
RecycleBin emptied: 820 bytes

Total Files Cleaned = 133.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Owner
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Owner
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 03082013_143629

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Farbar Service Scanner Version: 03-03-2013
Ran by Owner (administrator) on 08-03-2013 at 14:43:51
Running from "C:\Users\Owner\Desktop"
Windows 7 Professional (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-10-20 09:43] - [2011-06-21 00:39] - 1286016 ____A (Microsoft Corporation) C2DAAEB48F3A47C410B041A0D2382EE1

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\wscsvc.dll
[2011-02-09 17:04] - [2010-12-21 00:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
wv2sc
Regular Member
 
Posts: 22
Joined: March 4th, 2013, 7:50 pm

Re: virus/malware removal

Unread postby deltalima » March 8th, 2013, 4:23 pm

Hi wv2sc,

Run OTL Script

  • Double-click OTL.exe (Right click and choose "Run as administrator" in Vista/Win7).
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    
    :files
    sc query /c
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 281 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware