Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

false security malware


  • This topic is locked This topic is locked
23 replies to this topic

#1 lilomer67

lilomer67

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 22 March 2012 - 03:50 PM

Hello,

First time posting and I am not very knowledgable with computers so please bear with me.

My security program for my laptop expired last year early December and I found what I thought was a good program from VIDEOCONVERTERSPLUS.COM 12/11VIDEOCONV. I paid and installed the program and within a week my computer was getting hit with all sorts of bad viruses and slowing down. I have a tech friend who removed the program for me and then installed Microsoft security essentials which I am using now and works fine. However little programs have still been popping up. the latest being the Family Keylogger program which my friend manage to delete but said that I have malware on my system and would be better served by using this website to dispose of it. My friend also recommended running the combofix program. Any help you can give would be greatly appreciated. Thanks!!

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:04 AM

Posted 22 March 2012 - 04:47 PM

Greetings lilomer67 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you!

Don't worry about not being an expert with computers. We will be working on this together and you can always ask questions. I will be very clear in my instructions. These first steps seem like a lot but work through it slowly and you will be just fine. :thumbup2:


===================================================


Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps are a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.

===================================================


Additional Information

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
    • Explain as best you can what happens with your computer, i.e. it beeps three times, the the black screen starts then goes blank, etc
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.

===================================================


Create DDS.txt and Attach.txt

I need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    DDS.scr
    DDS.pif

  • Double click on the Posted Image icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Please copy and paste the contents of both results in your post.
  • Close the program window, and delete the program from your desktop.
You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


===================================================


Create GMER log

I also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • DDS.txt
  • Attach.txt
  • GMER log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 lilomer67

lilomer67
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 22 March 2012 - 05:03 PM

ComboFix 12-03-18.04 - Owner 03/20/2012 19:26:30.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.1973 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-02-21 to 2012-03-21 )))))))))))))))))))))))))))))))
.
.
2012-03-21 02:35 . 2012-03-21 02:35 -------- d-----w- c:\users\Melissa\AppData\Local\temp
2012-03-21 02:35 . 2012-03-21 02:35 -------- d-----w- c:\users\Hunter\AppData\Local\temp
2012-03-21 02:35 . 2012-03-21 02:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-20 07:59 . 2012-03-20 07:59 -------- d-----w- c:\users\Owner\AppData\Local\PC_Drivers_Headquarters
2012-03-20 05:52 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C64C6485-07D0-4723-B83B-FA41F75434FC}\mpengine.dll
2012-03-19 02:44 . 2012-03-19 02:52 -------- d-----w- c:\users\Melissa\AppData\Roaming\DVDVideoSoft
2012-03-19 02:35 . 2012-03-19 02:35 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 02:35 . 2012-03-19 02:35 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-19 02:17 . 2012-03-19 02:17 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckupx64
2012-03-19 02:17 . 2012-03-19 02:17 -------- d-----w- c:\program files (x86)\Norton PC Checkup
2012-03-19 02:17 . 2012-03-19 02:17 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-03-19 02:14 . 2012-03-19 02:14 -------- d-----w- c:\program files (x86)\Conduit
2012-03-19 02:14 . 2012-03-19 02:14 -------- d-----w- c:\users\Owner\AppData\Local\Conduit
2012-03-19 02:14 . 2012-03-19 02:14 -------- d-----w- c:\program files (x86)\DVDVideoSoftTB
2012-03-19 02:12 . 2012-03-19 02:14 -------- d-----w- c:\users\Owner\AppData\Roaming\DVDVideoSoft
2012-03-19 02:00 . 2012-03-19 02:00 -------- d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240C1.TMP
2012-03-19 00:33 . 2012-03-19 00:48 -------- d-----w- c:\users\Owner\Incomplete
2012-03-19 00:32 . 2012-03-19 00:58 -------- d-----w- c:\users\Owner\AppData\Roaming\MP3Rocket
2012-03-05 12:03 . 2012-03-05 12:03 -------- d-----w- c:\programdata\UAB
2012-03-05 12:03 . 2012-03-05 12:03 -------- d-----w- c:\users\Hunter\AppData\Local\PC_Drivers_Headquarters
2012-03-05 12:02 . 2012-03-05 12:02 -------- d-----w- c:\program files (x86)\PC Drivers HeadQuarters
2012-03-04 19:45 . 2012-03-20 22:48 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-03-04 19:45 . 2012-03-04 19:45 -------- d-----w- c:\windows\SysWow64\BestPractices
2012-03-04 19:45 . 2012-03-04 19:45 -------- d-----w- c:\windows\system32\msmq
2012-03-04 19:45 . 2012-03-04 19:45 -------- d-----w- c:\windows\system32\BestPractices
2012-03-04 19:45 . 2012-03-04 19:45 -------- d-----w- C:\inetpub
2012-03-04 18:18 . 2012-03-04 18:18 -------- d-----w- c:\users\Owner\AppData\Local\WMTools Downloaded Files
2012-03-04 16:37 . 2012-03-04 19:39 -------- d-----w- c:\programdata\blekko toolbars
2012-03-04 16:37 . 2012-03-04 16:37 -------- d-----w- c:\users\Owner\AppData\Local\blekkotb_014
2012-03-04 16:37 . 2012-03-04 18:08 -------- d-----w- c:\program files (x86)\SecurityXploded
2012-03-04 16:33 . 2012-03-13 22:32 -------- d-----w- c:\program files (x86)\Tango
2012-03-04 16:32 . 2012-03-04 16:32 237 ----a-w- C:\user.js
2012-03-04 16:32 . 2012-03-04 16:32 -------- d-----w- c:\users\Owner\AppData\Roaming\Babylon
2012-03-04 16:32 . 2012-03-04 16:32 -------- d-----w- c:\users\Owner\AppData\Local\Babylon
2012-03-04 16:32 . 2012-03-04 16:32 -------- d-----w- c:\programdata\Babylon
2012-03-04 16:18 . 2012-03-04 16:19 -------- d-----w- c:\program files (x86)\HiddenFinder
2012-03-04 16:15 . 2012-03-04 16:27 -------- d-----w- c:\program files (x86)\FK_Monitor
2012-03-04 15:55 . 2012-03-04 15:55 -------- d-----w- c:\program files (x86)\Passcovery
2012-03-04 15:24 . 2012-03-04 15:24 249856 ------w- c:\windows\Setup1.exe
2012-03-04 15:24 . 2012-03-04 15:24 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-02-29 19:08 . 2012-03-19 02:35 19384 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2012-02-29 19:08 . 2012-03-19 02:35 97208 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-02-29 19:08 . 2012-03-19 02:35 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-02-29 19:08 . 2012-03-19 02:35 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-02-29 19:08 . 2012-03-19 02:35 125880 ----a-w- c:\program files (x86)\Mozilla Firefox\crashreporter.exe
2012-02-29 19:08 . 2012-03-19 02:35 924600 ----a-w- c:\program files (x86)\Mozilla Firefox\firefox.exe
2012-02-29 19:08 . 2012-03-19 02:35 269240 ----a-w- c:\program files (x86)\Mozilla Firefox\freebl3.dll
2012-02-29 19:08 . 2012-03-19 02:35 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-29 19:08 . 2012-03-19 02:35 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-29 19:08 . 2012-03-19 02:35 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-11 19:45 . 2012-02-11 19:46 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CA7621D-8FE2-4AF3-BF86-CEEF2FBCF43C}\gapaengine.dll
2012-02-08 07:13 . 2011-12-20 02:12 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-04 12:59 . 2011-06-14 04:08 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2010-11-09 16:29 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-10 04:43 . 2010-12-13 17:09 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-01-10 04:42 . 2010-12-13 17:08 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-10 04:42 . 2010-11-30 23:09 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-01-06 23:21 . 2010-12-27 01:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-01-06 23:20 . 2010-12-27 17:53 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-01-06 23:20 . 2010-11-30 21:59 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-20_09.04.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-19 13:30 . 2012-03-20 22:50 80252 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-20 22:50 34668 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-09 16:12 . 2012-03-20 22:50 17594 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2250812746-3454335684-3075286065-1000_UserData.bin
- 2010-08-24 08:30 . 2012-03-20 05:03 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-24 08:30 . 2012-03-20 22:48 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-24 08:30 . 2012-03-20 22:48 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-24 08:30 . 2012-03-20 05:03 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-20 22:48 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-20 05:03 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-19 13:30 . 2012-03-20 22:50 80252 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-20 22:50 34668 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-09 16:12 . 2012-03-20 22:50 17594 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2250812746-3454335684-3075286065-1000_UserData.bin
- 2010-08-24 08:30 . 2012-03-20 05:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-24 08:30 . 2012-03-20 22:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-24 08:30 . 2012-03-20 05:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-24 08:30 . 2012-03-20 22:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-20 05:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-20 22:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-20 22:51 79112 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-03-20 05:03 . 2012-03-20 05:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-20 22:48 . 2012-03-20 22:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-20 22:48 . 2012-03-20 22:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-20 05:03 . 2012-03-20 05:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-03-20 04:23 422772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-20 21:59 422772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2012-03-04 19:45 3809263 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-03-20 22:51 3809263 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 02:34 . 2012-03-20 08:10 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-20 23:02 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-03-20 08:10 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-20 23:02 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-07-26 03:28 . 2012-03-20 22:00 25688876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2250812746-3454335684-3075286065-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-03-26 600688]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-11-09 352976]
"Lexmark X84-X85 Button Monitor"="c:\progra~2\LEXMAR~1\ACMonitor_X84-X85.exe" [2003-01-08 40960]
"Lexmark X84-X85 Button Manager"="c:\progra~2\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 53248]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-10-27 221184]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
c:\users\Hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 06:51 37296 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
R2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-06-11 868896]
R2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 136176]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\SymcPCCULaunchSvc.exe [2011-11-07 135608]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-06-28 255744]
R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys [x]
R3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\DRIVERS\PTUMWCDF.sys [x]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys [x]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys [x]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys [x]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\DRIVERS\sustucam.sys [x]
R3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\DRIVERS\sustucap.sys [x]
R3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\DRIVERS\sustucau.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/08/24 01:36];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2010-04-29 02:51 146928]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [2011-11-07 126392]
S2 supersafer64;supersafer64;c:\windows\SysWOW64\drivers\supersafer64.sys [2010-11-11 238072]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 05:07]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 05:07]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250812746-3454335684-3075286065-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 19:55]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250812746-3454335684-3075286065-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 19:55]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250812746-3454335684-3075286065-1001Core.job
- c:\users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 03:15]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250812746-3454335684-3075286065-1001UA.job
- c:\users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 03:15]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250812746-3454335684-3075286065-1004Core.job
- c:\users\Hunter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 18:13]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250812746-3454335684-3075286065-1004UA.job
- c:\users\Hunter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 18:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-02-26 206208]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-06-11 861216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"SpotmauSecretary"="h:\powersuite golden edition\Desktop_Secretary.exe" [BU]
"MSServices"="h:\windows password finder\Reminder\MSServices.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv59c&r=27361110k105l04h4z115a4782i267
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vk49j937.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2250812746-3454335684-3075286065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2250812746-3454335684-3075286065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-20 19:52:13
ComboFix-quarantined-files.txt 2012-03-21 02:52
ComboFix2.txt 2012-03-20 09:22
.
Pre-Run: 394,963,812,352 bytes free
Post-Run: 394,906,443,776 bytes free
.
- - End Of File - - D218AEE601CA58D033A9F1F5417A6171

#4 lilomer67

lilomer67
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 22 March 2012 - 05:06 PM

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Owner at 15:04:44 on 2012-03-22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.1995 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\mqsvc.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\snmp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Windows\System32\alg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\LexmarkX84-X85\ACMonitor_X84-X85.exe
C:\Program Files (x86)\LexmarkX84-X85\AcBtnMgr_X84-X85.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files (x86)\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv59c&r=27361110k105l04h4z115a4782i267
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO: Roohit Plg: {5dc83f10-8335-403d-8aa8-66e266a82471} - C:\Windows\Downloaded Program Files\RoohitP.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun: [Lexmark X84-X85 Button Monitor] C:\PROGRA~2\LEXMAR~1\ACMonitor_X84-X85.exe
mRun: [Lexmark X84-X85 Button Manager] C:\PROGRA~2\LEXMAR~1\AcBtnMgr_X84-X85.exe
mRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZOOSKM~1.LNK - C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {5DC83F10-8335-403d-8AA8-66E266A82471} - http://roohit.com/site/hilightit.php
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
DPF: {5DC83F10-8335-403D-8AA8-66E266A82471} - hxxp://roohit.com/site/RoohitP.CAB
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://www.worldwinner.com/games/v57/cubis/cubis.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3B10C138-93D9-487C-AAF8-EF829590F448} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3B10C138-93D9-487C-AAF8-EF829590F448}\2427F6E6A756F416B6 : DhcpNameServer = 192.168.1.1 8.8.8.8 199.249.18.1
TCP: Interfaces\{3B10C138-93D9-487C-AAF8-EF829590F448}\2427F6E6A756F416B6D27657563747 : DhcpNameServer = 192.168.33.1 8.8.8.8 199.249.18.1
TCP: Interfaces\{3B10C138-93D9-487C-AAF8-EF829590F448}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3B10C138-93D9-487C-AAF8-EF829590F448}\4616973796E6E6F51323 : DhcpNameServer = 205.171.2.65 205.171.3.65
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Roohit Plg: {5DC83F10-8335-403d-8AA8-66E266A82471} - C:\Windows\Downloaded Program Files\RoohitP.dll
BHO-X64: Roohit Plg - No File
BHO-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
BHO-X64: DVDVideoSoftTB - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
mRun-x64: [Lexmark X84-X85 Button Monitor] C:\PROGRA~2\LEXMAR~1\ACMonitor_X84-X85.exe
mRun-x64: [Lexmark X84-X85 Button Manager] C:\PROGRA~2\LEXMAR~1\AcBtnMgr_X84-X85.exe
mRun-x64: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
IE-X64: {5DC83F10-8335-403d-8AA8-66E266A82471} - http://roohit.com/site/hilightit.php
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vk49j937.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vk49j937.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/08/24 01:36:10];C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [2010-4-28 146928]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-19 312400]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-8-24 868896]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-19 13336]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 20992]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 supersafer64;supersafer64;C:\Windows\SysWOW64\drivers\supersafer64.sys [2011-10-20 238072]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-7 2337144]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-19 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-7-19 243232]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
S2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe [2010-7-1 352976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-4 136176]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-4 136176]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;C:\Windows\system32\DRIVERS\sustucam.sys --> C:\Windows\system32\DRIVERS\sustucam.sys [?]
S3 SUSTUCAP;Susteen USB Cable Port Driver;C:\Windows\system32\DRIVERS\sustucap.sys --> C:\Windows\system32\DRIVERS\sustucap.sys [?]
S3 SUSTUCAU;Susteen USB Cable USB Driver;C:\Windows\system32\DRIVERS\sustucau.sys --> C:\Windows\system32\DRIVERS\sustucau.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WMSVC;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-22 20:05:16 -------- d-s---w- C:\ComboFix
2012-03-22 20:04:00 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-21 21:24:52 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2820DDAD-011F-4B7F-8077-5501BAC3A7B3}\mpengine.dll
2012-03-20 08:15:06 98816 ----a-w- C:\Windows\sed.exe
2012-03-20 08:15:06 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-20 08:15:06 256000 ----a-w- C:\Windows\PEV.exe
2012-03-20 08:15:06 208896 ----a-w- C:\Windows\MBR.exe
2012-03-20 07:59:12 -------- d-----w- C:\Users\Owner\AppData\Local\PC_Drivers_Headquarters
2012-03-20 06:38:15 -------- d-----w- C:\Users\Owner\AppData\Local\{8AC1BFDB-5268-4677-8267-99DA5BD9A862}
2012-03-20 06:38:04 -------- d-----w- C:\Users\Owner\AppData\Local\{9580DE12-AC4E-4626-8B6A-59604FC59880}
2012-03-19 02:35:53 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 02:35:53 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-19 02:14:46 -------- d-----w- C:\Program Files (x86)\Conduit
2012-03-19 02:14:43 -------- d-----w- C:\Users\Owner\AppData\Local\Conduit
2012-03-19 02:14:42 -------- d-----w- C:\Program Files (x86)\DVDVideoSoftTB
2012-03-19 02:14:24 -------- d-----w- C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers
2012-03-19 02:12:12 -------- d-----w- C:\Users\Owner\AppData\Roaming\DVDVideoSoft
2012-03-19 02:00:35 -------- d-----w- C:\Windows\CD95F661A5C444F5A6AAECDD91C240C1.TMP
2012-03-19 00:33:08 -------- d-----w- C:\Users\Owner\Incomplete
2012-03-19 00:32:34 -------- d-----w- C:\Users\Owner\AppData\Roaming\MP3Rocket
2012-03-05 12:03:10 -------- d-----w- C:\ProgramData\UAB
2012-03-05 12:02:24 -------- d-----w- C:\Program Files (x86)\PC Drivers HeadQuarters
2012-03-04 19:45:12 -------- d-----w- C:\Windows\SysWow64\BestPractices
2012-03-04 19:45:12 -------- d-----w- C:\Windows\System32\msmq
2012-03-04 19:45:12 -------- d-----w- C:\Windows\System32\BestPractices
2012-03-04 19:45:10 -------- d-----w- C:\inetpub
2012-03-04 18:18:39 -------- d-----w- C:\Users\Owner\AppData\Local\WMTools Downloaded Files
2012-03-04 16:37:46 -------- d-----w- C:\ProgramData\blekko toolbars
2012-03-04 16:37:27 -------- d-----w- C:\Users\Owner\AppData\Local\blekkotb_014
2012-03-04 16:37:13 -------- d-----w- C:\Program Files (x86)\SecurityXploded
2012-03-04 16:33:21 -------- d-----w- C:\Program Files (x86)\Tango
2012-03-04 16:32:44 -------- d-----w- C:\Users\Owner\AppData\Roaming\Babylon
2012-03-04 16:32:44 -------- d-----w- C:\Users\Owner\AppData\Local\Babylon
2012-03-04 16:32:44 -------- d-----w- C:\ProgramData\Babylon
2012-03-04 16:18:59 -------- d-----w- C:\Program Files (x86)\HiddenFinder
2012-03-04 16:15:49 -------- d-----w- C:\Program Files (x86)\FK_Monitor
2012-03-04 15:55:54 -------- d-----w- C:\Program Files (x86)\Passcovery
2012-03-04 15:24:56 249856 ------w- C:\Windows\Setup1.exe
2012-03-04 15:24:54 73216 ----a-w- C:\Windows\ST6UNST.EXE
2012-02-29 19:08:53 19384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2012-02-29 19:08:52 97208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-02-29 19:08:52 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-02-29 19:08:52 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-02-29 19:08:52 125880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2012-02-29 19:08:51 924600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2012-02-29 19:08:51 269240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2012-02-29 19:08:47 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-29 19:08:47 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-29 19:08:46 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
.
==================== Find3M ====================
.
2012-02-04 12:59:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 15:05:12.39 ===============

#5 lilomer67

lilomer67
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 22 March 2012 - 05:08 PM

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/9/2010 9:10:24 AM
System Uptime: 3/22/2012 1:03:23 PM (2 hours ago)
.
Motherboard: Gateway | | NV59C
Processor: Intel® Core™ i3 CPU M 370 @ 2.40GHz | CPU | 2399/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 368.359 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Kaspersky Anti-Virus NDIS 6 Filter
Device ID: ROOT\LEGACY_KLIM6\0000
Manufacturer:
Name: Kaspersky Anti-Virus NDIS 6 Filter
PNP Device ID: ROOT\LEGACY_KLIM6\0000
Service: KLIM6
.
==== System Restore Points ===================
.
RP225: 3/19/2012 3:50:49 PM - Windows Update
RP226: 3/19/2012 10:51:32 PM - Windows Update
RP227: 3/20/2012 12:39:22 AM - Windows Modules Installer
RP228: 3/21/2012 2:24:01 PM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0 MUI
Advertising Center
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Software Update
Atomic Mailbox Password Recovery 2.90
AutoUpdate
Backup Manager Basic
Best Buy pc app
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
Business Plan Pro 11.0
CyberLink PowerDVD 9
D3DX10
DataPilot 7
Definition update for Microsoft Office 2010 (KB982726)
Dell Driver Download Manager
DivX
Driver Detective
DVDVideoSoftTB Toolbar
Free Studio version 5.3.5
Free YouTube to MP3 Converter version 3.10.11.923
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Social Networks
Gateway Updater
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Identity Card
ImagXpress
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Internet TV for Windows Media Center
Java Auto Updater
Java™ 6 Update 26
Java™ 6 Update 7
Junk Mail filter update
Kaspersky Anti-Virus 2011
Launch Manager
Mesh Runtime
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
PL-2303 USB-to-Serial
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Roxio Easy Media Creator 9 Suite
Seagate Manager Installer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Skype Click to Call
Skype™ 5.5
Sonic Activation Module
Spotmau PowerSuite Golden Edition 6.0.0.0907
TeamViewer 6
Uninstall 1.0.0.1
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Video Web Camera
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Silverlight
WinRAR 4.01 (32-bit)
WinZip 15.0
.
==== Event Viewer Messages From Past Week ========
.
3/22/2012 1:03:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: KLIM6 RxFilter
3/22/2012 1:03:53 PM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
3/22/2012 1:03:46 PM, Error: Service Control Manager [7002] - The MLPTDR_C service depends on the Parallel arbitrator group and no member of this group started.
3/21/2012 2:13:42 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
3/20/2012 7:35:41 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/20/2012 7:32:07 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
3/20/2012 3:48:49 PM, Error: Service Control Manager [7000] - The Updater Service service failed to start due to the following error: Updater Service is not a valid Win32 application.
3/20/2012 3:48:49 PM, Error: Service Control Manager [7000] - The TeamViewer 6 service failed to start due to the following error: TeamViewer 6 is not a valid Win32 application.
3/20/2012 3:48:47 PM, Error: Service Control Manager [7000] - The NTI IScheduleSvc service failed to start due to the following error: NTI IScheduleSvc is not a valid Win32 application.
3/20/2012 3:48:47 PM, Error: Service Control Manager [7000] - The Norton PC Checkup Application Launcher service failed to start due to the following error: Norton PC Checkup Application Launcher is not a valid Win32 application.
3/20/2012 3:48:46 PM, Error: Service Control Manager [7000] - The Intel® Management and Security Application Local Management Service service failed to start due to the following error: Intel® Management and Security Application Local Management Service is not a valid Win32 application.
3/20/2012 3:48:46 PM, Error: Service Control Manager [7000] - The GREGService service failed to start due to the following error: GREGService is not a valid Win32 application.
3/20/2012 3:48:46 PM, Error: Service Control Manager [7000] - The Dritek WMI Service service failed to start due to the following error: Dritek WMI Service is not a valid Win32 application.
3/20/2012 3:48:46 PM, Error: Service Control Manager [7000] - The Acer ePower Service service failed to start due to the following error: Acer ePower Service is not a valid Win32 application.
3/19/2012 9:13:23 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
3/19/2012 9:08:37 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
3/19/2012 9:07:55 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
3/19/2012 3:40:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/19/2012 10:04:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/18/2012 9:27:49 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.
3/18/2012 9:27:00 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.
3/18/2012 9:24:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR7.
3/18/2012 9:24:14 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6.
3/18/2012 9:23:43 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR5.
3/18/2012 4:57:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/18/2012 3:42:13 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/18/2012 11:50:45 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/17/2012 9:19:39 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/17/2012 9:04:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/17/2012 6:19:03 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/17/2012 12:25:42 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/16/2012 3:23:48 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/16/2012 11:01:46 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/15/2012 2:19:09 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================

#6 lilomer67

lilomer67
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 22 March 2012 - 06:39 PM

the GMER file was giving me fits with the emoticons and then the length of the file was too much for the reply window. Please let me know if you still need it and I will send it in two parts.

Thanks

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:04 AM

Posted 23 March 2012 - 05:40 PM

Greetings lilomer67,


Thank you for allowing me the time to review the information your provided. The Free Keylogger program has compromised your computer so I must advise you of the following.


===================================================


KEYLOGGER WARNING

--------------------

Free Keylogger is an information stealing malware.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Here is some information for your review:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?


===================================================


Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Microsoft Security Essentials or Kaspersky Anti-Virus 2011.


===================================================


Run TDSSKiller by Kaspersky on Vista/7

--------------------

  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • If you desire you may print out and follow the instructions for performing a scan.
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.


    Posted Image

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found, will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.


    Posted Image

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!


    Posted Image

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. Please submit these results with your next reply


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Did you uninstall one of the Antivirus programs?
  • TDSSKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 lilomer67

lilomer67
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 23 March 2012 - 06:08 PM

I uninstalled Kapersky and the one you had me use came back with no viruses.



16:02:44.0910 4984 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
16:02:45.0354 4984 ============================================================
16:02:45.0354 4984 Current date / time: 2012/03/23 16:02:45.0354
16:02:45.0354 4984 SystemInfo:
16:02:45.0354 4984
16:02:45.0354 4984 OS Version: 6.1.7600 ServicePack: 0.0
16:02:45.0354 4984 Product type: Workstation
16:02:45.0354 4984 ComputerName: OWNER-PC
16:02:45.0354 4984 UserName: Owner
16:02:45.0354 4984 Windows directory: C:\Windows
16:02:45.0354 4984 System windows directory: C:\Windows
16:02:45.0354 4984 Running under WOW64
16:02:45.0354 4984 Processor architecture: Intel x64
16:02:45.0354 4984 Number of processors: 4
16:02:45.0354 4984 Page size: 0x1000
16:02:45.0354 4984 Boot type: Normal boot
16:02:45.0355 4984 ============================================================
16:02:45.0937 4984 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:02:45.0949 4984 \Device\Harddisk0\DR0:
16:02:45.0949 4984 MBR used
16:02:45.0949 4984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
16:02:45.0949 4984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x38953000
16:02:45.0979 4984 Initialize success
16:02:45.0979 4984 ============================================================
16:02:55.0780 0876 ============================================================
16:02:55.0780 0876 Scan started
16:02:55.0780 0876 Mode: Manual;
16:02:55.0780 0876 ============================================================
16:02:56.0978 0876 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
16:02:56.0982 0876 1394ohci - ok
16:02:57.0103 0876 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
16:02:57.0109 0876 ACPI - ok
16:02:57.0210 0876 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
16:02:57.0211 0876 AcpiPmi - ok
16:02:57.0346 0876 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:02:57.0355 0876 adp94xx - ok
16:02:57.0494 0876 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:02:57.0501 0876 adpahci - ok
16:02:57.0598 0876 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:02:57.0601 0876 adpu320 - ok
16:02:57.0687 0876 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:02:57.0689 0876 AeLookupSvc - ok
16:02:57.0809 0876 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
16:02:57.0818 0876 AFD - ok
16:02:57.0914 0876 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
16:02:57.0916 0876 agp440 - ok
16:02:57.0994 0876 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:02:57.0995 0876 ALG - ok
16:02:58.0082 0876 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
16:02:58.0084 0876 aliide - ok
16:02:58.0182 0876 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
16:02:58.0183 0876 amdide - ok
16:02:58.0287 0876 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:02:58.0290 0876 AmdK8 - ok
16:02:58.0391 0876 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:02:58.0393 0876 AmdPPM - ok
16:02:58.0490 0876 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
16:02:58.0493 0876 amdsata - ok
16:02:58.0611 0876 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:02:58.0615 0876 amdsbs - ok
16:02:58.0723 0876 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
16:02:58.0724 0876 amdxata - ok
16:02:58.0866 0876 AppHostSvc (03fbb7c5ea4ef153f10282614b9771cb) C:\Windows\system32\inetsrv\apphostsvc.dll
16:02:58.0899 0876 AppHostSvc - ok
16:02:59.0010 0876 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
16:02:59.0012 0876 AppID - ok
16:02:59.0106 0876 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:02:59.0107 0876 AppIDSvc - ok
16:02:59.0219 0876 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
16:02:59.0221 0876 Appinfo - ok
16:02:59.0351 0876 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:02:59.0354 0876 Apple Mobile Device - ok
16:02:59.0461 0876 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:02:59.0463 0876 arc - ok
16:02:59.0560 0876 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:02:59.0562 0876 arcsas - ok
16:02:59.0699 0876 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:02:59.0700 0876 AsyncMac - ok
16:02:59.0796 0876 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
16:02:59.0796 0876 atapi - ok
16:02:59.0896 0876 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
16:02:59.0908 0876 AudioEndpointBuilder - ok
16:02:59.0921 0876 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
16:02:59.0926 0876 AudioSrv - ok
16:03:00.0015 0876 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
16:03:00.0019 0876 AxInstSV - ok
16:03:00.0127 0876 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:03:00.0137 0876 b06bdrv - ok
16:03:00.0251 0876 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:03:00.0256 0876 b57nd60a - ok
16:03:00.0346 0876 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:03:00.0349 0876 BDESVC - ok
16:03:00.0441 0876 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:03:00.0442 0876 Beep - ok
16:03:00.0550 0876 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
16:03:00.0557 0876 BFE - ok
16:03:00.0688 0876 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
16:03:00.0701 0876 BITS - ok
16:03:00.0790 0876 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:03:00.0791 0876 blbdrive - ok
16:03:00.0903 0876 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:03:00.0908 0876 Bonjour Service - ok
16:03:01.0012 0876 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
16:03:01.0015 0876 bowser - ok
16:03:01.0114 0876 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\Windows\system32\DRIVERS\bpenum.sys
16:03:01.0116 0876 bpenum - ok
16:03:01.0199 0876 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\Windows\system32\DRIVERS\bpmp.sys
16:03:01.0203 0876 bpmp - ok
16:03:01.0315 0876 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\Windows\system32\Drivers\bpusb.sys
16:03:01.0317 0876 bpusb - ok
16:03:01.0407 0876 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:03:01.0408 0876 BrFiltLo - ok
16:03:01.0491 0876 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:03:01.0493 0876 BrFiltUp - ok
16:03:01.0607 0876 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:03:01.0610 0876 BridgeMP - ok
16:03:01.0696 0876 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
16:03:01.0700 0876 Browser - ok
16:03:01.0802 0876 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:03:01.0808 0876 Brserid - ok
16:03:01.0919 0876 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:03:01.0921 0876 BrSerWdm - ok
16:03:02.0011 0876 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:03:02.0012 0876 BrUsbMdm - ok
16:03:02.0102 0876 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:03:02.0103 0876 BrUsbSer - ok
16:03:02.0205 0876 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:03:02.0207 0876 BTHMODEM - ok
16:03:02.0300 0876 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:03:02.0302 0876 bthserv - ok
16:03:02.0400 0876 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
16:03:02.0402 0876 BVRPMPR5a64 - ok
16:03:02.0483 0876 catchme - ok
16:03:02.0590 0876 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:03:02.0593 0876 cdfs - ok
16:03:02.0703 0876 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
16:03:02.0706 0876 cdrom - ok
16:03:02.0863 0876 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
16:03:02.0866 0876 CertPropSvc - ok
16:03:02.0951 0876 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:03:02.0953 0876 circlass - ok
16:03:03.0040 0876 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:03:03.0045 0876 CLFS - ok
16:03:03.0130 0876 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:03:03.0133 0876 clr_optimization_v2.0.50727_32 - ok
16:03:03.0191 0876 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:03:03.0195 0876 clr_optimization_v2.0.50727_64 - ok
16:03:03.0287 0876 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:03:03.0291 0876 clr_optimization_v4.0.30319_32 - ok
16:03:03.0373 0876 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:03:03.0377 0876 clr_optimization_v4.0.30319_64 - ok
16:03:03.0475 0876 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:03:03.0476 0876 CmBatt - ok
16:03:03.0561 0876 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
16:03:03.0562 0876 cmdide - ok
16:03:03.0657 0876 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
16:03:03.0665 0876 CNG - ok
16:03:03.0771 0876 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:03:03.0772 0876 Compbatt - ok
16:03:03.0875 0876 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:03:03.0877 0876 CompositeBus - ok
16:03:03.0929 0876 COMSysApp - ok
16:03:03.0980 0876 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:03:03.0981 0876 crcdisk - ok
16:03:04.0068 0876 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
16:03:04.0072 0876 CryptSvc - ok
16:03:04.0181 0876 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
16:03:04.0183 0876 dc3d - ok
16:03:04.0317 0876 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
16:03:04.0326 0876 DcomLaunch - ok
16:03:04.0425 0876 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:03:04.0431 0876 defragsvc - ok
16:03:04.0546 0876 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
16:03:04.0548 0876 DfsC - ok
16:03:04.0649 0876 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
16:03:04.0656 0876 Dhcp - ok
16:03:04.0752 0876 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:03:04.0754 0876 discache - ok
16:03:04.0858 0876 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:03:04.0860 0876 Disk - ok
16:03:04.0937 0876 DMAgent (61458c120cddfe7514e2db125568ca59) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
16:03:04.0971 0876 DMAgent - ok
16:03:05.0093 0876 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
16:03:05.0098 0876 Dnscache - ok
16:03:05.0177 0876 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
16:03:05.0182 0876 dot3svc - ok
16:03:05.0277 0876 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:03:05.0281 0876 Dot4 - ok
16:03:05.0386 0876 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:03:05.0387 0876 Dot4Print - ok
16:03:05.0479 0876 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:03:05.0481 0876 dot4usb - ok
16:03:05.0565 0876 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
16:03:05.0569 0876 DPS - ok
16:03:05.0666 0876 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:03:05.0667 0876 drmkaud - ok
16:03:05.0776 0876 DsiWMIService (e2b2853a0210d6edab2261870bd80c1a) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
16:03:05.0860 0876 DsiWMIService - ok
16:03:05.0973 0876 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
16:03:05.0985 0876 DXGKrnl - ok
16:03:06.0093 0876 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:03:06.0096 0876 EapHost - ok
16:03:06.0263 0876 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:03:06.0369 0876 ebdrv - ok
16:03:06.0453 0876 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
16:03:06.0456 0876 EFS - ok
16:03:06.0546 0876 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
16:03:06.0557 0876 ehRecvr - ok
16:03:06.0639 0876 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:03:06.0642 0876 ehSched - ok
16:03:06.0733 0876 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:03:06.0743 0876 elxstor - ok
16:03:06.0836 0876 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
16:03:06.0849 0876 ePowerSvc - ok
16:03:06.0943 0876 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
16:03:06.0944 0876 ErrDev - ok
16:03:07.0034 0876 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:03:07.0041 0876 EventSystem - ok
16:03:07.0139 0876 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:03:07.0143 0876 exfat - ok
16:03:07.0237 0876 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:03:07.0242 0876 fastfat - ok
16:03:07.0347 0876 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
16:03:07.0358 0876 Fax - ok
16:03:07.0453 0876 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:03:07.0454 0876 fdc - ok
16:03:07.0540 0876 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:03:07.0541 0876 fdPHost - ok
16:03:07.0612 0876 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:03:07.0614 0876 FDResPub - ok
16:03:07.0667 0876 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:03:07.0669 0876 FileInfo - ok
16:03:07.0747 0876 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:03:07.0749 0876 Filetrace - ok
16:03:07.0862 0876 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:03:07.0863 0876 flpydisk - ok
16:03:08.0050 0876 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
16:03:08.0055 0876 FltMgr - ok
16:03:08.0265 0876 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
16:03:08.0285 0876 FontCache - ok
16:03:08.0430 0876 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:03:08.0432 0876 FontCache3.0.0.0 - ok
16:03:08.0676 0876 FreeAgentGoNext Service (81b4a2c6c9bd17ffb6031a0a61c09764) C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
16:03:08.0678 0876 FreeAgentGoNext Service - ok
16:03:08.0809 0876 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:03:08.0811 0876 FsDepends - ok
16:03:08.0944 0876 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:03:08.0945 0876 Fs_Rec - ok
16:03:09.0077 0876 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:03:09.0081 0876 fvevol - ok
16:03:09.0223 0876 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:03:09.0225 0876 gagp30kx - ok
16:03:09.0417 0876 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:03:09.0418 0876 GEARAspiWDM - ok
16:03:09.0594 0876 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
16:03:09.0603 0876 gpsvc - ok
16:03:09.0739 0876 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
16:03:09.0740 0876 GREGService - ok
16:03:09.0855 0876 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:03:09.0858 0876 gupdate - ok
16:03:09.0933 0876 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:03:09.0934 0876 gupdatem - ok
16:03:10.0034 0876 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:03:10.0036 0876 hcw85cir - ok
16:03:10.0174 0876 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
16:03:10.0180 0876 HdAudAddService - ok
16:03:10.0286 0876 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:03:10.0289 0876 HDAudBus - ok
16:03:10.0397 0876 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
16:03:10.0398 0876 HECIx64 - ok
16:03:10.0505 0876 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:03:10.0506 0876 HidBatt - ok
16:03:10.0597 0876 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:03:10.0600 0876 HidBth - ok
16:03:10.0684 0876 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:03:10.0686 0876 HidIr - ok
16:03:10.0767 0876 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:03:10.0769 0876 hidserv - ok
16:03:10.0876 0876 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
16:03:10.0886 0876 HidUsb - ok
16:03:10.0965 0876 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
16:03:10.0969 0876 hkmsvc - ok
16:03:11.0056 0876 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
16:03:11.0061 0876 HomeGroupListener - ok
16:03:11.0154 0876 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
16:03:11.0159 0876 HomeGroupProvider - ok
16:03:11.0262 0876 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
16:03:11.0265 0876 HpSAMD - ok
16:03:11.0382 0876 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
16:03:11.0395 0876 HTTP - ok
16:03:11.0488 0876 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
16:03:11.0489 0876 hwpolicy - ok
16:03:11.0583 0876 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:03:11.0585 0876 i8042prt - ok
16:03:11.0705 0876 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
16:03:11.0711 0876 iaStor - ok
16:03:11.0808 0876 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
16:03:11.0810 0876 IAStorDataMgrSvc - ok
16:03:11.0911 0876 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
16:03:11.0918 0876 iaStorV - ok
16:03:12.0029 0876 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:03:12.0031 0876 IDriverT - ok
16:03:12.0144 0876 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:03:12.0158 0876 idsvc - ok
16:03:12.0506 0876 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:03:12.0752 0876 igfx - ok
16:03:12.0849 0876 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:03:12.0851 0876 iirsp - ok
16:03:12.0949 0876 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
16:03:12.0962 0876 IKEEXT - ok
16:03:13.0072 0876 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
16:03:13.0075 0876 Impcd - ok
16:03:13.0235 0876 IntcAzAudAddService (51c98815721b44bf70e8aeb3ff3f57d6) C:\Windows\system32\drivers\RTKVHD64.sys
16:03:13.0250 0876 IntcAzAudAddService - ok
16:03:13.0361 0876 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
16:03:13.0366 0876 IntcDAud - ok
16:03:13.0446 0876 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
16:03:13.0447 0876 intelide - ok
16:03:13.0533 0876 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:03:13.0534 0876 intelppm - ok
16:03:13.0619 0876 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:03:13.0622 0876 IPBusEnum - ok
16:03:13.0717 0876 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:03:13.0719 0876 IpFilterDriver - ok
16:03:13.0818 0876 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
16:03:13.0829 0876 iphlpsvc - ok
16:03:13.0921 0876 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
16:03:13.0923 0876 IPMIDRV - ok
16:03:14.0003 0876 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:03:14.0006 0876 IPNAT - ok
16:03:14.0102 0876 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
16:03:14.0115 0876 iPod Service - ok
16:03:14.0252 0876 iprip (11fe7637a49b67d9b1f895b2ad4d982f) C:\Windows\System32\iprip.dll
16:03:14.0288 0876 iprip - ok
16:03:14.0376 0876 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:03:14.0377 0876 IRENUM - ok
16:03:14.0467 0876 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
16:03:14.0469 0876 isapnp - ok
16:03:14.0501 0876 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
16:03:14.0505 0876 iScsiPrt - ok
16:03:14.0646 0876 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
16:03:14.0648 0876 ivusb - ok
16:03:14.0746 0876 k57nd60a (c9b4ecc187581e5bf3f76648884b7829) C:\Windows\system32\DRIVERS\k57nd60a.sys
16:03:14.0750 0876 k57nd60a - ok
16:03:14.0843 0876 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:03:14.0845 0876 kbdclass - ok
16:03:14.0949 0876 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
16:03:14.0967 0876 kbdhid - ok
16:03:15.0044 0876 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:03:15.0045 0876 KeyIso - ok
16:03:15.0151 0876 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
16:03:15.0152 0876 KLIM6 - ok
16:03:15.0236 0876 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
16:03:15.0238 0876 KSecDD - ok
16:03:15.0317 0876 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
16:03:15.0320 0876 KSecPkg - ok
16:03:15.0411 0876 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:03:15.0412 0876 ksthunk - ok
16:03:15.0491 0876 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:03:15.0497 0876 KtmRm - ok
16:03:15.0590 0876 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
16:03:15.0597 0876 LanmanServer - ok
16:03:15.0689 0876 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
16:03:15.0695 0876 LanmanWorkstation - ok
16:03:15.0802 0876 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:03:15.0803 0876 lltdio - ok
16:03:15.0888 0876 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:03:15.0892 0876 lltdsvc - ok
16:03:15.0965 0876 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:03:15.0968 0876 lmhosts - ok
16:03:16.0058 0876 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:03:16.0063 0876 LMS - ok
16:03:16.0155 0876 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:03:16.0158 0876 LSI_FC - ok
16:03:16.0245 0876 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:03:16.0249 0876 LSI_SAS - ok
16:03:16.0337 0876 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:03:16.0339 0876 LSI_SAS2 - ok
16:03:16.0426 0876 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:03:16.0430 0876 LSI_SCSI - ok
16:03:16.0523 0876 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:03:16.0526 0876 luafv - ok
16:03:16.0612 0876 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
16:03:16.0616 0876 Mcx2Svc - ok
16:03:16.0687 0876 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:03:16.0689 0876 megasas - ok
16:03:16.0785 0876 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:03:16.0791 0876 MegaSR - ok
16:03:16.0875 0876 MLPTDR_C - ok
16:03:16.0920 0876 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:03:16.0924 0876 MMCSS - ok
16:03:17.0012 0876 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:03:17.0014 0876 Modem - ok
16:03:17.0115 0876 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:03:17.0116 0876 monitor - ok
16:03:17.0240 0876 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:03:17.0241 0876 mouclass - ok
16:03:17.0342 0876 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:03:17.0362 0876 mouhid - ok
16:03:17.0448 0876 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
16:03:17.0450 0876 mountmgr - ok
16:03:17.0541 0876 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
16:03:17.0544 0876 MpFilter - ok
16:03:17.0623 0876 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
16:03:17.0627 0876 mpio - ok
16:03:17.0711 0876 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:03:17.0713 0876 MpNWMon - ok
16:03:17.0792 0876 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:03:17.0794 0876 mpsdrv - ok
16:03:17.0883 0876 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
16:03:17.0898 0876 MpsSvc - ok
16:03:18.0011 0876 MQAC (cd22d2563039dda6793f7624719363a7) C:\Windows\system32\drivers\mqac.sys
16:03:18.0035 0876 MQAC - ok
16:03:18.0131 0876 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
16:03:18.0134 0876 MRxDAV - ok
16:03:18.0226 0876 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:03:18.0229 0876 mrxsmb - ok
16:03:18.0323 0876 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:03:18.0329 0876 mrxsmb10 - ok
16:03:18.0429 0876 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:03:18.0433 0876 mrxsmb20 - ok
16:03:18.0519 0876 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
16:03:18.0521 0876 msahci - ok
16:03:18.0612 0876 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
16:03:18.0616 0876 msdsm - ok
16:03:18.0712 0876 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:03:18.0715 0876 MSDTC - ok
16:03:18.0808 0876 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:03:18.0809 0876 Msfs - ok
16:03:18.0912 0876 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:03:18.0913 0876 mshidkmdf - ok
16:03:18.0991 0876 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
16:03:18.0992 0876 msisadrv - ok
16:03:19.0079 0876 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:03:19.0084 0876 MSiSCSI - ok
16:03:19.0142 0876 msiserver - ok
16:03:19.0185 0876 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:03:19.0187 0876 MSKSSRV - ok
16:03:19.0270 0876 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
16:03:19.0271 0876 MsMpSvc - ok
16:03:19.0346 0876 MSMQ (faaeaef99e53561beee58f946ca56f0d) C:\Windows\system32\mqsvc.exe
16:03:19.0376 0876 MSMQ - ok
16:03:19.0466 0876 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:03:19.0467 0876 MSPCLOCK - ok
16:03:19.0566 0876 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:03:19.0567 0876 MSPQM - ok
16:03:19.0665 0876 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
16:03:19.0670 0876 MsRPC - ok
16:03:19.0753 0876 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:03:19.0754 0876 mssmbios - ok
16:03:19.0847 0876 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:03:19.0848 0876 MSTEE - ok
16:03:19.0927 0876 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:03:19.0929 0876 MTConfig - ok
16:03:20.0019 0876 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:03:20.0021 0876 Mup - ok
16:03:20.0114 0876 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
16:03:20.0124 0876 napagent - ok
16:03:20.0236 0876 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:03:20.0243 0876 NativeWifiP - ok
16:03:20.0340 0876 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
16:03:20.0354 0876 NDIS - ok
16:03:20.0438 0876 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:03:20.0440 0876 NdisCap - ok
16:03:20.0534 0876 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:03:20.0536 0876 NdisTapi - ok
16:03:20.0635 0876 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
16:03:20.0637 0876 Ndisuio - ok
16:03:20.0715 0876 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:03:20.0719 0876 NdisWan - ok
16:03:20.0750 0876 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
16:03:20.0751 0876 NDProxy - ok
16:03:20.0836 0876 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
16:03:20.0875 0876 Nero BackItUp Scheduler 4.0 - ok
16:03:20.0954 0876 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:03:20.0956 0876 NetBIOS - ok
16:03:21.0040 0876 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
16:03:21.0045 0876 NetBT - ok
16:03:21.0122 0876 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:03:21.0124 0876 Netlogon - ok
16:03:21.0209 0876 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:03:21.0217 0876 Netman - ok
16:03:21.0302 0876 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:03:21.0311 0876 netprofm - ok
16:03:21.0406 0876 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:03:21.0409 0876 NetTcpPortSharing - ok
16:03:21.0655 0876 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
16:03:21.0818 0876 NETw5s64 - ok
16:03:21.0901 0876 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:03:21.0903 0876 nfrd960 - ok
16:03:22.0006 0876 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:03:22.0008 0876 NisDrv - ok
16:03:22.0084 0876 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
16:03:22.0089 0876 NisSrv - ok
16:03:22.0196 0876 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
16:03:22.0204 0876 NlaSvc - ok
16:03:22.0290 0876 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:03:22.0291 0876 Npfs - ok
16:03:22.0376 0876 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:03:22.0378 0876 nsi - ok
16:03:22.0456 0876 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:03:22.0457 0876 nsiproxy - ok
16:03:22.0588 0876 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
16:03:22.0605 0876 Ntfs - ok
16:03:22.0663 0876 NTI IScheduleSvc (9a308fcdcca98a15b6f62d36a272160e) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
16:03:22.0666 0876 NTI IScheduleSvc - ok
16:03:22.0744 0876 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
16:03:22.0745 0876 NTIDrvr - ok
16:03:22.0838 0876 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
16:03:22.0839 0876 NuidFltr - ok
16:03:22.0924 0876 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:03:22.0925 0876 Null - ok
16:03:23.0015 0876 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
16:03:23.0019 0876 nvraid - ok
16:03:23.0107 0876 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
16:03:23.0111 0876 nvstor - ok
16:03:23.0194 0876 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
16:03:23.0198 0876 nv_agp - ok
16:03:23.0279 0876 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
16:03:23.0281 0876 ohci1394 - ok
16:03:23.0384 0876 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:03:23.0387 0876 ose - ok
16:03:23.0614 0876 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:03:23.0770 0876 osppsvc - ok
16:03:23.0866 0876 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:03:23.0872 0876 p2pimsvc - ok
16:03:23.0949 0876 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:03:23.0958 0876 p2psvc - ok
16:03:24.0041 0876 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:03:24.0044 0876 Parport - ok
16:03:24.0124 0876 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
16:03:24.0126 0876 partmgr - ok
16:03:24.0209 0876 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:03:24.0215 0876 PcaSvc - ok
16:03:24.0299 0876 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
16:03:24.0302 0876 pci - ok
16:03:24.0393 0876 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
16:03:24.0394 0876 pciide - ok
16:03:24.0473 0876 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:03:24.0477 0876 pcmcia - ok
16:03:24.0569 0876 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:03:24.0570 0876 pcw - ok
16:03:24.0667 0876 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:03:24.0677 0876 PEAUTH - ok
16:03:24.0799 0876 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:03:24.0801 0876 PerfHost - ok
16:03:24.0920 0876 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
16:03:24.0940 0876 pla - ok
16:03:25.0038 0876 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
16:03:25.0047 0876 PlugPlay - ok
16:03:25.0122 0876 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:03:25.0125 0876 PNRPAutoReg - ok
16:03:25.0211 0876 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:03:25.0215 0876 PNRPsvc - ok
16:03:25.0309 0876 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
16:03:25.0311 0876 Point64 - ok
16:03:25.0399 0876 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
16:03:25.0407 0876 PolicyAgent - ok
16:03:25.0487 0876 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:03:25.0493 0876 Power - ok
16:03:25.0584 0876 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
16:03:25.0587 0876 PptpMiniport - ok
16:03:25.0671 0876 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:03:25.0673 0876 Processor - ok
16:03:25.0774 0876 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
16:03:25.0777 0876 ProfSvc - ok
16:03:25.0844 0876 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:03:25.0846 0876 ProtectedStorage - ok
16:03:25.0935 0876 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
16:03:25.0936 0876 Psched - ok
16:03:25.0994 0876 PTUMWBus - ok
16:03:26.0020 0876 PTUMWCDF - ok
16:03:26.0083 0876 PTUMWFLT - ok
16:03:26.0160 0876 PTUMWMdm - ok
16:03:26.0227 0876 PTUMWNET - ok
16:03:26.0304 0876 PTUMWVsp - ok
16:03:26.0406 0876 PxHlpa64 (24dd667d22dbd29618947c804e23aa03) C:\Windows\system32\Drivers\PxHlpa64.sys
16:03:26.0407 0876 PxHlpa64 - ok
16:03:26.0561 0876 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:03:26.0581 0876 ql2300 - ok
16:03:26.0679 0876 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:03:26.0682 0876 ql40xx - ok
16:03:26.0769 0876 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:03:26.0776 0876 QWAVE - ok
16:03:26.0872 0876 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:03:26.0874 0876 QWAVEdrv - ok
16:03:26.0969 0876 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:03:26.0971 0876 RasAcd - ok
16:03:27.0069 0876 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:03:27.0071 0876 RasAgileVpn - ok
16:03:27.0144 0876 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:03:27.0148 0876 RasAuto - ok
16:03:27.0235 0876 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:03:27.0238 0876 Rasl2tp - ok
16:03:27.0318 0876 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
16:03:27.0326 0876 RasMan - ok
16:03:27.0411 0876 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:03:27.0414 0876 RasPppoe - ok
16:03:27.0500 0876 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:03:27.0502 0876 RasSstp - ok
16:03:27.0524 0876 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
16:03:27.0529 0876 rdbss - ok
16:03:27.0620 0876 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:03:27.0621 0876 rdpbus - ok
16:03:27.0699 0876 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:03:27.0700 0876 RDPCDD - ok
16:03:27.0784 0876 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:03:27.0785 0876 RDPENCDD - ok
16:03:27.0866 0876 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:03:27.0867 0876 RDPREFMP - ok
16:03:27.0961 0876 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
16:03:27.0964 0876 RDPWD - ok
16:03:28.0075 0876 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
16:03:28.0079 0876 rdyboost - ok
16:03:28.0162 0876 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:03:28.0165 0876 RemoteAccess - ok
16:03:28.0257 0876 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:03:28.0261 0876 RemoteRegistry - ok
16:03:28.0339 0876 RimUsb - ok
16:03:28.0442 0876 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
16:03:28.0459 0876 RimVSerPort - ok
16:03:28.0557 0876 RMCAST (77b3b747eb2413072b8e4306018d0c9b) C:\Windows\system32\DRIVERS\RMCAST.sys
16:03:28.0560 0876 RMCAST - ok
16:03:28.0665 0876 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
16:03:28.0666 0876 ROOTMODEM - ok
16:03:28.0797 0876 Roxio UPnP Renderer 9 (52b79926d0fe190545c16a0e7e1dcab4) C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
16:03:28.0839 0876 Roxio UPnP Renderer 9 - ok
16:03:28.0978 0876 Roxio Upnp Server 9 (903dc5cc548e7a61a1af7669402f833a) C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
16:03:29.0048 0876 Roxio Upnp Server 9 - ok
16:03:29.0204 0876 RoxLiveShare9 (ad3beb2aca78acfc96fe6c4666406272) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
16:03:29.0267 0876 RoxLiveShare9 - ok
16:03:29.0413 0876 RoxMediaDB9 (315532475b1316fdeaddb17f77257071) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
16:03:29.0513 0876 RoxMediaDB9 - ok
16:03:29.0650 0876 RoxWatch9 (75176aea967f6ed822f5a3cb92d07e74) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
16:03:29.0707 0876 RoxWatch9 - ok
16:03:29.0790 0876 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:03:29.0794 0876 RpcEptMapper - ok
16:03:29.0887 0876 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:03:29.0889 0876 RpcLocator - ok
16:03:30.0011 0876 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
16:03:30.0019 0876 RpcSs - ok
16:03:30.0111 0876 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:03:30.0113 0876 rspndr - ok
16:03:30.0225 0876 RSUSBSTOR (ce2ef8030932b98832eb2f9580c5b1dd) C:\Windows\system32\Drivers\RtsUStor.sys
16:03:30.0230 0876 RSUSBSTOR - ok
16:03:30.0346 0876 RxFilter (6bc3fe66bfaa363468d95c56d6403ab2) C:\Windows\system32\DRIVERS\RxFilter.sys
16:03:30.0368 0876 RxFilter - ok
16:03:30.0446 0876 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:03:30.0448 0876 SamSs - ok
16:03:30.0556 0876 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
16:03:30.0559 0876 sbp2port - ok
16:03:30.0652 0876 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:03:30.0658 0876 SCardSvr - ok
16:03:30.0748 0876 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
16:03:30.0749 0876 scfilter - ok
16:03:30.0870 0876 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
16:03:30.0882 0876 Schedule - ok
16:03:30.0978 0876 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
16:03:30.0980 0876 SCPolicySvc - ok
16:03:31.0059 0876 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
16:03:31.0065 0876 SDRSVC - ok
16:03:31.0156 0876 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:03:31.0157 0876 secdrv - ok
16:03:31.0235 0876 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
16:03:31.0238 0876 seclogon - ok
16:03:31.0302 0876 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:03:31.0306 0876 SENS - ok
16:03:31.0320 0876 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:03:31.0324 0876 SensrSvc - ok
16:03:31.0418 0876 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:03:31.0420 0876 Serenum - ok
16:03:31.0510 0876 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:03:31.0513 0876 Serial - ok
16:03:31.0598 0876 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:03:31.0600 0876 sermouse - ok
16:03:31.0686 0876 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
16:03:31.0690 0876 SessionEnv - ok
16:03:31.0775 0876 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
16:03:31.0776 0876 sffdisk - ok
16:03:31.0874 0876 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
16:03:31.0876 0876 sffp_mmc - ok
16:03:31.0974 0876 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:03:31.0976 0876 sffp_sd - ok
16:03:32.0066 0876 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:03:32.0067 0876 sfloppy - ok
16:03:32.0172 0876 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:03:32.0179 0876 SharedAccess - ok
16:03:32.0268 0876 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
16:03:32.0276 0876 ShellHWDetection - ok
16:03:32.0376 0876 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:03:32.0379 0876 SiSRaid2 - ok
16:03:32.0463 0876 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:03:32.0465 0876 SiSRaid4 - ok
16:03:32.0565 0876 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:03:32.0568 0876 Smb - ok
16:03:32.0690 0876 SNMP (9228728c94b74f2e1ec78af56795f940) C:\Windows\System32\snmp.exe
16:03:32.0692 0876 SNMP - ok
16:03:32.0779 0876 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:03:32.0781 0876 SNMPTRAP - ok
16:03:32.0872 0876 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:03:32.0873 0876 spldr - ok
16:03:32.0973 0876 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
16:03:32.0984 0876 Spooler - ok
16:03:33.0147 0876 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
16:03:33.0244 0876 sppsvc - ok
16:03:33.0315 0876 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:03:33.0319 0876 sppuinotify - ok
16:03:33.0380 0876 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
16:03:33.0387 0876 srv - ok
16:03:33.0491 0876 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
16:03:33.0497 0876 srv2 - ok
16:03:33.0615 0876 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
16:03:33.0618 0876 srvnet - ok
16:03:33.0704 0876 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:03:33.0710 0876 SSDPSRV - ok
16:03:33.0785 0876 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:03:33.0788 0876 SstpSvc - ok
16:03:33.0826 0876 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:03:33.0828 0876 stexstor - ok
16:03:33.0923 0876 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
16:03:33.0936 0876 stisvc - ok
16:03:33.0996 0876 stllssvr - ok
16:03:34.0113 0876 supersafer64 (1c377dcd8efbbcd8ec5cdaf2c3e9df86) C:\Windows\SysWOW64\drivers\supersafer64.sys
16:03:34.0132 0876 supersafer64 - ok
16:03:34.0251 0876 SUSTUCAM (745e8bdd1ad92bce97dbcf1ba60d4045) C:\Windows\system32\DRIVERS\sustucam.sys
16:03:34.0253 0876 SUSTUCAM - ok
16:03:34.0352 0876 SUSTUCAP (c7c1c5ca51447b273a6c8bc972397ba5) C:\Windows\system32\DRIVERS\sustucap.sys
16:03:34.0354 0876 SUSTUCAP - ok
16:03:34.0485 0876 SUSTUCAU (a69a9a9fe119907e85bb30cdfbfb2a38) C:\Windows\system32\DRIVERS\sustucau.sys
16:03:34.0487 0876 SUSTUCAU - ok
16:03:34.0581 0876 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:03:34.0582 0876 swenum - ok
16:03:34.0712 0876 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:03:34.0723 0876 swprv - ok
16:03:34.0839 0876 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
16:03:34.0843 0876 SynTP - ok
16:03:34.0972 0876 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
16:03:34.0996 0876 SysMain - ok
16:03:35.0079 0876 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
16:03:35.0084 0876 TabletInputService - ok
16:03:35.0167 0876 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
16:03:35.0175 0876 TapiSrv - ok
16:03:35.0267 0876 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:03:35.0270 0876 TBS - ok
16:03:35.0405 0876 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys
16:03:35.0433 0876 Tcpip - ok
16:03:35.0593 0876 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys
16:03:35.0611 0876 TCPIP6 - ok
16:03:35.0708 0876 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
16:03:35.0709 0876 tcpipreg - ok
16:03:35.0798 0876 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:03:35.0799 0876 TDPIPE - ok
16:03:35.0881 0876 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:03:35.0882 0876 TDTCP - ok
16:03:35.0969 0876 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
16:03:35.0972 0876 tdx - ok
16:03:36.0102 0876 TeamViewer6 (8a9828975a857e477efef5a61ba45ac0) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
16:03:36.0130 0876 TeamViewer6 - ok
16:03:36.0212 0876 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
16:03:36.0214 0876 TermDD - ok
16:03:36.0299 0876 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
16:03:36.0312 0876 TermService - ok
16:03:36.0403 0876 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:03:36.0406 0876 Themes - ok
16:03:36.0489 0876 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:03:36.0492 0876 THREADORDER - ok
16:03:36.0526 0876 TlntSvr (519cb7d7f697f4ba47de05845c20f158) C:\Windows\System32\tlntsvr.exe
16:03:36.0529 0876 TlntSvr - ok
16:03:36.0603 0876 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:03:36.0608 0876 TrkWks - ok
16:03:36.0680 0876 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
16:03:36.0684 0876 TrustedInstaller - ok
16:03:36.0778 0876 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:03:36.0780 0876 tssecsrv - ok
16:03:36.0885 0876 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
16:03:36.0888 0876 tunnel - ok
16:03:36.0968 0876 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:03:36.0970 0876 uagp35 - ok
16:03:37.0071 0876 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
16:03:37.0072 0876 UBHelper - ok
16:03:37.0161 0876 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
16:03:37.0168 0876 udfs - ok
16:03:37.0275 0876 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:03:37.0278 0876 UI0Detect - ok
16:03:37.0370 0876 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
16:03:37.0372 0876 uliagpkx - ok
16:03:37.0476 0876 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
16:03:37.0478 0876 umbus - ok
16:03:37.0568 0876 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:03:37.0569 0876 UmPass - ok
16:03:37.0709 0876 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:03:37.0734 0876 UNS - ok
16:03:37.0784 0876 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
16:03:37.0790 0876 Updater Service - ok
16:03:37.0883 0876 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:03:37.0891 0876 upnphost - ok
16:03:38.0032 0876 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:03:38.0053 0876 USBAAPL64 - ok
16:03:38.0163 0876 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
16:03:38.0166 0876 usbaudio - ok
16:03:38.0275 0876 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
16:03:38.0292 0876 usbccgp - ok
16:03:38.0387 0876 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
16:03:38.0390 0876 usbcir - ok
16:03:38.0487 0876 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
16:03:38.0489 0876 usbehci - ok
16:03:38.0615 0876 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
16:03:38.0621 0876 usbhub - ok
16:03:38.0722 0876 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
16:03:38.0724 0876 usbohci - ok
16:03:38.0816 0876 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:03:38.0830 0876 usbprint - ok
16:03:38.0942 0876 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:03:38.0944 0876 usbscan - ok
16:03:39.0031 0876 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:03:39.0047 0876 USBSTOR - ok
16:03:39.0133 0876 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
16:03:39.0135 0876 usbuhci - ok
16:03:39.0230 0876 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
16:03:39.0234 0876 usbvideo - ok
16:03:39.0318 0876 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:03:39.0321 0876 UxSms - ok
16:03:39.0413 0876 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:03:39.0415 0876 VaultSvc - ok
16:03:39.0520 0876 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
16:03:39.0521 0876 vdrvroot - ok
16:03:39.0617 0876 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
16:03:39.0629 0876 vds - ok
16:03:39.0732 0876 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:03:39.0733 0876 vga - ok
16:03:39.0819 0876 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:03:39.0821 0876 VgaSave - ok
16:03:39.0910 0876 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
16:03:39.0914 0876 vhdmp - ok
16:03:40.0008 0876 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
16:03:40.0009 0876 viaide - ok
16:03:40.0114 0876 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
16:03:40.0116 0876 volmgr - ok
16:03:40.0209 0876 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
16:03:40.0216 0876 volmgrx - ok
16:03:40.0314 0876 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
16:03:40.0320 0876 volsnap - ok
16:03:40.0431 0876 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:03:40.0435 0876 vsmraid - ok
16:03:40.0558 0876 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
16:03:40.0581 0876 VSS - ok
16:03:40.0676 0876 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:03:40.0678 0876 vwifibus - ok
16:03:40.0764 0876 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:03:40.0765 0876 vwififlt - ok
16:03:40.0869 0876 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:03:40.0870 0876 vwifimp - ok
16:03:40.0950 0876 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:03:40.0955 0876 W32Time - ok
16:03:41.0078 0876 W3SVC (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll
16:03:41.0121 0876 W3SVC - ok
16:03:41.0208 0876 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:03:41.0209 0876 WacomPen - ok
16:03:41.0309 0876 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:03:41.0311 0876 WANARP - ok
16:03:41.0326 0876 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:03:41.0327 0876 Wanarpv6 - ok
16:03:41.0477 0876 WAS (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll
16:03:41.0483 0876 WAS - ok
16:03:41.0597 0876 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:03:41.0617 0876 WatAdminSvc - ok
16:03:41.0728 0876 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
16:03:41.0755 0876 wbengine - ok
16:03:41.0836 0876 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:03:41.0842 0876 WbioSrvc - ok
16:03:41.0954 0876 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
16:03:41.0963 0876 wcncsvc - ok
16:03:42.0061 0876 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:03:42.0065 0876 WcsPlugInService - ok
16:03:42.0160 0876 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:03:42.0162 0876 Wd - ok
16:03:42.0286 0876 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
16:03:42.0288 0876 WDC_SAM - ok
16:03:42.0390 0876 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:03:42.0399 0876 Wdf01000 - ok
16:03:42.0495 0876 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:03:42.0500 0876 WdiServiceHost - ok
16:03:42.0506 0876 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:03:42.0510 0876 WdiSystemHost - ok
16:03:42.0617 0876 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
16:03:42.0623 0876 WebClient - ok
16:03:42.0716 0876 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:03:42.0723 0876 Wecsvc - ok
16:03:42.0800 0876 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:03:42.0804 0876 wercplsupport - ok
16:03:42.0893 0876 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:03:42.0897 0876 WerSvc - ok
16:03:42.0999 0876 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:03:43.0001 0876 WfpLwf - ok
16:03:43.0090 0876 WiMAXAppSrv (8686e96e13f41ac9806a79ca8004feee) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
16:03:43.0191 0876 WiMAXAppSrv - ok
16:03:43.0298 0876 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:03:43.0300 0876 WIMMount - ok
16:03:43.0333 0876 WinDefend - ok
16:03:43.0341 0876 WinHttpAutoProxySvc - ok
16:03:43.0445 0876 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:03:43.0450 0876 Winmgmt - ok
16:03:43.0571 0876 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
16:03:43.0598 0876 WinRM - ok
16:03:43.0730 0876 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
16:03:43.0732 0876 WinUsb - ok
16:03:43.0849 0876 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:03:43.0865 0876 Wlansvc - ok
16:03:43.0987 0876 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:03:43.0989 0876 wlcrasvc - ok
16:03:44.0110 0876 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:03:44.0138 0876 wlidsvc - ok
16:03:44.0224 0876 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:03:44.0225 0876 WmiAcpi - ok
16:03:44.0321 0876 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:03:44.0325 0876 wmiApSrv - ok
16:03:44.0384 0876 WMPNetworkSvc - ok
16:03:44.0483 0876 WMSVC (b5bd872122a2ce82d196abf2d5d8d80a) C:\Windows\system32\inetsrv\wmsvc.exe
16:03:44.0526 0876 WMSVC - ok
16:03:44.0556 0876 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:03:44.0559 0876 WPCSvc - ok
16:03:44.0636 0876 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
16:03:44.0640 0876 WPDBusEnum - ok
16:03:44.0740 0876 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:03:44.0742 0876 ws2ifsl - ok
16:03:44.0848 0876 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
16:03:44.0853 0876 wscsvc - ok
16:03:44.0864 0876 WSearch - ok
16:03:44.0949 0876 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
16:03:44.0980 0876 wuauserv - ok
16:03:45.0059 0876 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
16:03:45.0062 0876 WudfPf - ok
16:03:45.0162 0876 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:03:45.0166 0876 WUDFRd - ok
16:03:45.0265 0876 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
16:03:45.0269 0876 wudfsvc - ok
16:03:45.0382 0876 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:03:45.0388 0876 WwanSvc - ok
16:03:45.0471 0876 {B154377D-700F-42cc-9474-23858FBDF4BD} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
16:03:45.0474 0876 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
16:03:45.0500 0876 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:03:45.0577 0876 \Device\Harddisk0\DR0 - ok
16:03:45.0582 0876 Boot (0x1200) (afae75aed323ea4c06f8651658af8d8c) \Device\Harddisk0\DR0\Partition0
16:03:45.0583 0876 \Device\Harddisk0\DR0\Partition0 - ok
16:03:45.0596 0876 Boot (0x1200) (90875b0579017be4caa65e67c5d05f94) \Device\Harddisk0\DR0\Partition1
16:03:45.0597 0876 \Device\Harddisk0\DR0\Partition1 - ok
16:03:45.0600 0876 ============================================================
16:03:45.0600 0876 Scan finished
16:03:45.0600 0876 ============================================================
16:03:45.0611 4568 Detected object count: 0
16:03:45.0611 4568 Actual detected object count: 0
16:03:56.0816 3784 Deinitialize success

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:04 AM

Posted 23 March 2012 - 06:42 PM

Greetings lilomer67,


That is good news. Please tell me how your computer is running now and what symptoms you are experiencing. Be as descriptive as possible, if you would.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 lilomer67

lilomer67
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 23 March 2012 - 08:09 PM

Hi,

The computer is actually running well right now with little or no slowing. There has been nothing new that has popped up program wise and I am NOT downloading anything new until I run it past my tech friend. I am able to have multiple windows open with little slowing and no pop ups what so ever. Running well over all!! :)

Larry

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:04 AM

Posted 23 March 2012 - 09:04 PM

Greetings lilomer67,


I am happy to hear that. We do have some follow up issues to address. There are some things that need to be removed from your computer and some critical updates to apply. Those updates should help to protect you from malicious software. I will have those instructions ready for you tomorrow morning.

Thank you for both you patience and your diligence in completing the steps.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:04 AM

Posted 24 March 2012 - 07:32 AM

Greetings lilomer67,


You have numerous toolbars that appear to have been downloaded in addition to programs you installed. Often times this is done without your express knowledge or permission. By default they are downloaded unless you opt out and most times it is not an obvious choice. I would recommend deletion of the ones listed below. If you desire, you can reinstall any of them once your computer is considered clean.

Please perform the following for me.


===================================================


Uninstalling a Program using Add/Remove Program

--------------------

  • Press windows key Posted Image + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of programs installed will be displayed
  • Uninstall the following (if they exist) by clicking on the program(s) below and selecting Remove or Uninstall

Conduit
DVDVideoSoftTB
blekko toolbars
Tango
Babylon


===================================================


Running Combofix Script

-------------------

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text below into the Notepad document

    folder::
    c:\program files (x86)\Conduit
    c:\users\Owner\AppData\Local\Conduit
    c:\program files (x86)\DVDVideoSoftTB
    c:\programdata\blekko toolbars
    c:\users\Owner\AppData\Local\blekkotb_014
    c:\program files (x86)\Tango
    c:\users\Owner\AppData\Roaming\Babylon
    c:\users\Owner\AppData\Local\Babylon
    c:\programdata\Babylon
    c:\program files (x86)\FK_Monitor
    file::
    c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
    DirLook::
    c:\users\monica\{bce9cb0f-9369-481a-a5f4-5d56028bd0d1}
    C:\Users\Owner\AppData\Local\{8AC1BFDB-5268-4677-8267-99DA5BD9A862}
    

  • Save this on your desktop as CFScript.txt.


    Posted Image

  • Refering to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • ComboFix.txt
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 lilomer67

lilomer67
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 24 March 2012 - 11:26 AM

good morning and thank you again for your continued assistance!! My computer is running fine this morning and astually a little quicker then it has been. I went to delete those files you mentioned and found that none of them were on my computer thankfully. I ran the combo fix file like you requested and below is the pasted copy of the log.



ComboFix 12-03-18.04 - Owner 03/24/2012 9:17.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3767.2241 [GMT -7:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
FILE ::
"c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\Community Alerts\Alert.dll
c:\program files (x86)\DVDVideoSoftTB
c:\program files (x86)\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe
c:\program files (x86)\DVDVideoSoftTB\GottenAppsContextMenu.xml
c:\program files (x86)\DVDVideoSoftTB\ldrtbDVDV.dll
c:\program files (x86)\DVDVideoSoftTB\OtherAppsContextMenu.xml
c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
c:\program files (x86)\DVDVideoSoftTB\SharedAppsContextMenu.xml
c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll
c:\program files (x86)\DVDVideoSoftTB\toolbar.cfg
c:\program files (x86)\DVDVideoSoftTB\ToolbarContextMenu.xml
c:\program files (x86)\DVDVideoSoftTB\uninstall.exe
c:\program files (x86)\FK_Monitor
c:\program files (x86)\FK_Monitor\how_works.htm
c:\program files (x86)\FK_Monitor\tray.png
c:\program files (x86)\Tango
c:\programdata\Babylon
c:\programdata\blekko toolbars
c:\users\Owner\AppData\Local\Babylon
c:\users\Owner\AppData\Local\Babylon\Setup\bab033.tbinst.dat
c:\users\Owner\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
c:\users\Owner\AppData\Local\Babylon\Setup\Babylon.dat
c:\users\Owner\AppData\Local\Babylon\Setup\BExternal.dll
c:\users\Owner\AppData\Local\Babylon\Setup\HtmlScreens\cmbx.png
c:\users\Owner\AppData\Local\Babylon\Setup\HtmlScreens\common.js
c:\users\Owner\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
c:\users\Owner\AppData\Local\Babylon\Setup\HtmlScreens\lngs.png
c:\users\Owner\AppData\Local\Babylon\Setup\HtmlScreens\page1.css
c:\users\Owner\AppData\Local\Babylon\Setup\HtmlScreens\page1.html
c:\users\Owner\AppData\Local\Babylon\Setup\HtmlScreens\page1.js
c:\users\Owner\AppData\Local\Babylon\Setup\HtmlScreens\page1Lrg.css
c:\users\Owner\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
c:\users\Owner\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
c:\users\Owner\AppData\Local\Babylon\Setup\HtmlScreens\page2.js
c:\users\Owner\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\users\Owner\AppData\Local\Babylon\Setup\HtmlScreens\page9.html
c:\users\Owner\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
c:\users\Owner\AppData\Local\Babylon\Setup\HtmlScreens\title1.png
c:\users\Owner\AppData\Local\Babylon\Setup\HtmlScreens\title2.png
c:\users\Owner\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\users\Owner\AppData\Local\Babylon\Setup\HtmlScreens\vIcn.png
c:\users\Owner\AppData\Local\Babylon\Setup\IECookieLow.dll
c:\users\Owner\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.35.zpb
c:\users\Owner\AppData\Local\Babylon\Setup\Setup.exe
c:\users\Owner\AppData\Local\Babylon\Setup\SetupStrings.dat
c:\users\Owner\AppData\Local\Babylon\Setup\sqlite3.dll
c:\users\Owner\AppData\Local\blekkotb_014
c:\users\Owner\AppData\Local\blekkotb_014\catalog.list
c:\users\Owner\AppData\Local\blekkotb_014\data\120304162121-f.list
c:\users\Owner\AppData\Local\blekkotb_014\data\120304170222-l.list
c:\users\Owner\AppData\Local\blekkotb_014\data\120304170222-m.list
c:\users\Owner\AppData\Local\blekkotb_014\data\120304175408-l.list
c:\users\Owner\AppData\Local\blekkotb_014\data\120304175408-m.list
c:\users\Owner\AppData\Local\blekkotb_014\data\120304180317-l.list
c:\users\Owner\AppData\Local\blekkotb_014\data\120304180317-m.list
c:\users\Owner\AppData\Local\blekkotb_014\data\120304190610-l.list
c:\users\Owner\AppData\Local\blekkotb_014\data\120304190610-m.list
c:\users\Owner\AppData\Local\blekkotb_014\data\temp.zip
c:\users\Owner\AppData\Local\Conduit
c:\users\Owner\AppData\Local\Conduit\CT2269050\DVDVideoSoftTBAutoUpdateHelper.exe
c:\users\Owner\AppData\Roaming\Babylon
c:\users\Owner\AppData\Roaming\Babylon\log_file.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
.
.
2012-03-24 16:18 . 2012-03-24 16:18 -------- d-----w- c:\users\Melissa\AppData\Local\temp
2012-03-24 16:18 . 2012-03-24 16:18 -------- d-----w- c:\users\Hunter\AppData\Local\temp
2012-03-24 16:18 . 2012-03-24 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-24 05:02 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3351B426-B3E5-40E3-A0C3-11AA03FA8428}\mpengine.dll
2012-03-20 07:59 . 2012-03-20 07:59 -------- d-----w- c:\users\Owner\AppData\Local\PC_Drivers_Headquarters
2012-03-19 02:44 . 2012-03-19 02:52 -------- d-----w- c:\users\Melissa\AppData\Roaming\DVDVideoSoft
2012-03-19 02:35 . 2012-03-19 02:35 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-19 02:35 . 2012-03-19 02:35 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-19 02:12 . 2012-03-19 02:14 -------- d-----w- c:\users\Owner\AppData\Roaming\DVDVideoSoft
2012-03-19 02:00 . 2012-03-19 02:00 -------- d-----w- c:\windows\CD95F661A5C444F5A6AAECDD91C240C1.TMP
2012-03-19 00:33 . 2012-03-19 00:48 -------- d-----w- c:\users\Owner\Incomplete
2012-03-19 00:32 . 2012-03-19 00:58 -------- d-----w- c:\users\Owner\AppData\Roaming\MP3Rocket
2012-03-05 12:03 . 2012-03-05 12:03 -------- d-----w- c:\programdata\UAB
2012-03-05 12:03 . 2012-03-05 12:03 -------- d-----w- c:\users\Hunter\AppData\Local\PC_Drivers_Headquarters
2012-03-05 12:02 . 2012-03-05 12:02 -------- d-----w- c:\program files (x86)\PC Drivers HeadQuarters
2012-03-04 19:45 . 2012-03-24 15:58 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-03-04 19:45 . 2012-03-04 19:45 -------- d-----w- c:\windows\SysWow64\BestPractices
2012-03-04 19:45 . 2012-03-04 19:45 -------- d-----w- c:\windows\system32\msmq
2012-03-04 19:45 . 2012-03-04 19:45 -------- d-----w- c:\windows\system32\BestPractices
2012-03-04 19:45 . 2012-03-04 19:45 -------- d-----w- C:\inetpub
2012-03-04 18:18 . 2012-03-04 18:18 -------- d-----w- c:\users\Owner\AppData\Local\WMTools Downloaded Files
2012-03-04 16:37 . 2012-03-04 18:08 -------- d-----w- c:\program files (x86)\SecurityXploded
2012-03-04 16:32 . 2012-03-04 16:32 237 ----a-w- C:\user.js
2012-03-04 16:18 . 2012-03-04 16:19 -------- d-----w- c:\program files (x86)\HiddenFinder
2012-03-04 15:55 . 2012-03-04 15:55 -------- d-----w- c:\program files (x86)\Passcovery
2012-03-04 15:24 . 2012-03-04 15:24 249856 ------w- c:\windows\Setup1.exe
2012-03-04 15:24 . 2012-03-04 15:24 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-02-29 19:08 . 2012-03-19 02:35 19384 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2012-02-29 19:08 . 2012-03-19 02:35 97208 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-02-29 19:08 . 2012-03-19 02:35 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-02-29 19:08 . 2012-03-19 02:35 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-02-29 19:08 . 2012-03-19 02:35 125880 ----a-w- c:\program files (x86)\Mozilla Firefox\crashreporter.exe
2012-02-29 19:08 . 2012-03-19 02:35 924600 ----a-w- c:\program files (x86)\Mozilla Firefox\firefox.exe
2012-02-29 19:08 . 2012-03-19 02:35 269240 ----a-w- c:\program files (x86)\Mozilla Firefox\freebl3.dll
2012-02-29 19:08 . 2012-03-19 02:35 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-29 19:08 . 2012-03-19 02:35 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-29 19:08 . 2012-03-19 02:35 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 03:27 . 2011-12-20 02:12 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-11 19:45 . 2012-02-11 19:46 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CA7621D-8FE2-4AF3-BF86-CEEF2FBCF43C}\gapaengine.dll
2012-02-04 12:59 . 2011-06-14 04:08 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2010-11-09 16:29 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-10 04:43 . 2010-12-13 17:09 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-01-10 04:42 . 2010-12-13 17:08 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-01-10 04:42 . 2010-11-30 23:09 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-01-06 23:21 . 2010-12-27 01:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-01-06 23:20 . 2010-12-27 17:53 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-01-06 23:20 . 2010-11-30 21:59 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\monica\{bce9cb0f-9369-481a-a5f4-5d56028bd0d1} ----
.
.
---- Directory of c:\users\Owner\AppData\Local\{8AC1BFDB-5268-4677-8267-99DA5BD9A862} ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-20_09.04.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-19 13:30 . 2012-03-24 16:03 80674 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-24 16:03 34772 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-11-27 20:24 . 2012-03-08 23:17 12706 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2250812746-3454335684-3075286065-1001_UserData.bin
+ 2010-11-27 20:24 . 2012-03-23 22:41 12706 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2250812746-3454335684-3075286065-1001_UserData.bin
+ 2010-11-09 16:12 . 2012-03-24 16:03 17754 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2250812746-3454335684-3075286065-1000_UserData.bin
- 2010-08-24 08:30 . 2012-03-20 05:03 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-24 08:30 . 2012-03-24 15:58 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-24 08:30 . 2012-03-24 15:58 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-24 08:30 . 2012-03-20 05:03 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-20 05:03 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-24 15:58 32768 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-19 13:30 . 2012-03-24 16:03 80674 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-24 16:03 34772 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-11-27 20:24 . 2012-03-08 23:17 12706 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2250812746-3454335684-3075286065-1001_UserData.bin
+ 2010-11-27 20:24 . 2012-03-23 22:41 12706 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2250812746-3454335684-3075286065-1001_UserData.bin
+ 2010-11-09 16:12 . 2012-03-24 16:03 17754 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2250812746-3454335684-3075286065-1000_UserData.bin
+ 2010-08-24 08:30 . 2012-03-24 15:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-24 08:30 . 2012-03-20 05:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-24 08:30 . 2012-03-20 05:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-24 08:30 . 2012-03-24 15:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-24 15:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-20 05:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-03-21 21:23 80952 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-03-24 05:50 . 2012-03-24 05:50 25600 c:\windows\Installer\706d9.msi
- 2011-10-28 20:32 . 2011-10-28 20:32 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-10-28 20:32 . 2012-03-23 23:13 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2012-03-20 05:03 . 2012-03-20 05:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-24 15:58 . 2012-03-24 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-20 05:03 . 2012-03-20 05:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-24 15:58 . 2012-03-24 15:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-11-27 18:32 . 2012-03-21 21:12 271626 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-11-27 18:32 . 2012-03-21 21:12 271626 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 05:01 . 2012-03-20 04:23 422772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-24 13:50 422772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2012-03-04 19:45 3809263 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-03-20 22:51 3809263 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2011-03-27 06:29 . 2012-03-20 04:14 7285512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2250812746-3454335684-3075286065-1001-8192.dat
+ 2011-03-27 06:29 . 2012-03-23 22:56 7285512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2250812746-3454335684-3075286065-1001-8192.dat
+ 2012-03-19 18:28 . 2012-03-19 18:28 8004096 c:\windows\Installer\d56cb.msi
+ 2009-07-14 02:34 . 2012-03-24 16:12 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-03-20 08:10 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-03-20 08:10 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-03-24 16:12 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-07-26 03:28 . 2012-03-24 13:50 27812572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2250812746-3454335684-3075286065-1000-12288.dat
+ 2012-03-23 23:13 . 2012-03-23 23:13 20333056 c:\windows\Installer\ec386.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-03-26 600688]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
"Lexmark X84-X85 Button Monitor"="c:\progra~2\LEXMAR~1\ACMonitor_X84-X85.exe" [2003-01-08 40960]
"Lexmark X84-X85 Button Manager"="c:\progra~2\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 53248]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-10-27 221184]
"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
c:\users\Hunter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe [N/A]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 06:51 37296 ----a-w- c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 136176]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;c:\windows\system32\DRIVERS\PTUMWBus.sys [x]
R3 PTUMWCDF;PANTECH USB Modem V2 Installation CD;c:\windows\system32\DRIVERS\PTUMWCDF.sys [x]
R3 PTUMWFLT;PTUMWNET Filter Driver;c:\windows\system32\DRIVERS\PTUMWFLT.sys [x]
R3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;c:\windows\system32\DRIVERS\PTUMWMdm.sys [x]
R3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;c:\windows\system32\DRIVERS\PTUMWNET.sys [x]
R3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;c:\windows\system32\DRIVERS\PTUMWVsp.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\DRIVERS\sustucam.sys [x]
R3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\DRIVERS\sustucap.sys [x]
R3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\DRIVERS\sustucau.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/08/24 01:36];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2010-04-29 02:51 146928]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 supersafer64;supersafer64;c:\windows\SysWOW64\drivers\supersafer64.sys [2010-11-11 238072]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 05:07]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-05 05:07]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250812746-3454335684-3075286065-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 19:55]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250812746-3454335684-3075286065-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-25 19:55]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250812746-3454335684-3075286065-1001Core.job
- c:\users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 03:15]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250812746-3454335684-3075286065-1001UA.job
- c:\users\Melissa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 03:15]
.
2012-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250812746-3454335684-3075286065-1004Core.job
- c:\users\Hunter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 18:13]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2250812746-3454335684-3075286065-1004UA.job
- c:\users\Hunter\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-26 18:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-02-26 206208]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-06-11 861216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"SpotmauSecretary"="h:\powersuite golden edition\Desktop_Secretary.exe" [BU]
"MSServices"="h:\windows password finder\Reminder\MSServices.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv59c&r=27361110k105l04h4z115a4782i267
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vk49j937.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
BHO-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
Toolbar-Locked - (no file)
Toolbar-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-DVDVideoSoftTB Toolbar - c:\program files (x86)\DVDVideoSoftTB\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2250812746-3454335684-3075286065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2250812746-3454335684-3075286065-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-24 09:20:56
ComboFix-quarantined-files.txt 2012-03-24 16:20
ComboFix2.txt 2012-03-21 02:52
ComboFix3.txt 2012-03-20 09:22
.
Pre-Run: 394,698,031,104 bytes free
Post-Run: 394,305,658,880 bytes free
.
- - End Of File - - 8BF8DB91CA6E8BDD0786282411959791

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,996 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:04 AM

Posted 26 March 2012 - 03:05 PM

ooops, double post.

Edited by Oh My, 26 March 2012 - 06:06 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 lilomer67

lilomer67
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 26 March 2012 - 06:02 PM

Hello,



You actually sent the same Email again. Please let me know if you need me to re paste the combo fix log or anything else.



Thank you!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users