Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google captcha


  • This topic is locked This topic is locked
23 replies to this topic

#1 imackin

imackin

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 02 April 2012 - 02:21 AM

Like I, said I keep getting Google captcha saying my pc is sending and receiving too much info and I have to prove I'm not a "bot". Any help would be awesome! :thumbsup:

Here is my Hijack this log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:00:13 AM, on 4/2/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\DOWNLOADS\utorrent.exe
C:\Program Files\Remote Mouse\RemoteMouse.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Remote Mouse\server\server.exe
C:\Windows\system32\conhost.exe
C:\Users\Mac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mac\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\HMA! Pro VPN\bin\HMA! Pro VPN.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {460F3F10-4D16-6698-652A-462F27F93D41} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKCU\..\Run: [Remote Mouse] C:\Program Files\Remote Mouse\RemoteMouse.exe
O4 - HKCU\..\Run: [16AC0BE06752D674A114863D1465FB06256C8EB0._service_run] "C:\Users\Mac\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mac\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: HMA Pro VPN 2.0.lnk = C:\Program Files\HMA! Pro VPN\bin\HMA! Pro VPN.exe
O10 - Unknown file in Winsock LSP: c:\program files\hma! pro vpn\bin\forceinterfacelsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\hma! pro vpn\bin\forceinterfacelsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\hma! pro vpn\bin\forceinterfacelsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\hma! pro vpn\bin\forceinterfacelsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\hma! pro vpn\bin\forceinterfacelsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\hma! pro vpn\bin\forceinterfacelsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1312380061050
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DokanMounter - Unknown owner - C:\Program Files\Dokan\DokanLibrary\mounter.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - Emulex - (no file)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - Emulex - (no file)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ad-Aware (SBAMSvc) - Sunbelt Software - C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
O23 - Service: SRS HDAudio Lab Service (SRSHDAudioService) - SRS Labs, Inc. - C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
O23 - Service: WinArchiver Service - Unknown owner - C:\Program Files\WinArchiver Virtual Drive\WAService.exe

--
End of file - 7180 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:51 PM

Posted 04 April 2012 - 05:23 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:51 PM

Posted 07 April 2012 - 02:52 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 imackin

imackin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 08 April 2012 - 07:13 PM

Thanks for your help,

DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Mac at 19:03:57 on 2012-04-08
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2047.1037 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\WinArchiver Virtual Drive\WAService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dokan\DokanLibrary\mounter.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Users\Mac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Mac\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Mac\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRA~1\Uniblue\SPEEDU~1\sump.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\HMA! Pro VPN\bin\HMA! Pro VPN.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe
C:\Program Files\HMA! Pro VPN\bin\openvpn.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://startsear.ch/?aff=1&cf=f26928c3-13c9-11e1-8906-00158315a310
uLocal Page =
uDefault_Page_URL = hxxp://search.tuxendo.com/Search.aspx?cg=7a049a25556a46179faac14944639451&aff=189
uDefault_Search_URL = hxxp://search.tuxendo.com/Search.aspx?cg=7a049a25556a46179faac14944639451&aff=189
mStart Page = hxxp://startsear.ch/?aff=1&cf=f26928c3-13c9-11e1-8906-00158315a310
mLocal Page =
uInternet Settings,ProxyOverride = local;*.local
uURLSearchHooks: H - No File
BHO: AcroIEHelperShimObj Class: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SearchBar.InitToolbarBHO: {1d970ed5-3eda-438d-bffd-715931e2775b} - mscoree.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {460f3f10-4d16-6698-652a-462f27f93d41}: Java™ Plug-In 2 SSV Helper
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: URLRedirectionBHO: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: SearchBar: {c9a6357b-25cc-4bcf-96c1-78736985d412} - mscoree.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [16AC0BE06752D674A114863D1465FB06256C8EB0._service_run] "c:\users\mac\appdata\local\google\chrome\application\chrome.exe" --type=service
uRun: [PowerSuite] "c:\progra~1\uniblue\powers~1\launcher.exe" delay 20000 -m
uRun: [SRSHDAudioLab] "c:\program files\srs labs\srs hd audio lab\HDAL.exe" auto
uRun: [Google Update] "c:\users\mac\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Remote Mouse] c:\program files\remote mouse\RemoteMouse.exe
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
StartupFolder: c:\users\mac\appdata\roaming\micros~1\windows\startm~1\programs\startup\hmapro~1.lnk - c:\program files\hma! pro vpn\bin\HMA! Pro VPN.exe
uPolicies-explorer: HideSCABattery = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableStartupSound = 1 (0x1)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel
LSP: c:\program files\hma! pro vpn\bin\ForceInterfaceLSP.dll
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{6576C752-2985-46C3-BA78-0289F885228A} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B6201A6C-33C3-4A36-94AC-91E2D168EED2} : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{E9A281BD-ABE4-4ACB-BD46-526640FB0EFD} : DhcpNameServer = 172.16.206.215 172.16.206.215
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
Hosts: 74.208.10.249 gs.apple.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mac\appdata\roaming\mozilla\firefox\profiles\6flu3n37.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/search?q=
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\mac\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
============= SERVICES / DRIVERS ===============
.
R0 WAEMU;WAEMU;c:\windows\system32\drivers\waemu.sys [2010-11-10 91490]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-3-30 221784]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-3-30 78936]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2012-2-14 87968]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-4 176128]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-2-28 12672]
R2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2010-7-5 84992]
R2 DokanMounter;DokanMounter;c:\program files\dokan\dokanlibrary\mounter.exe [2010-7-5 11776]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2012-2-5 821592]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-3-1 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-4-1 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-2 652360]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-5-11 74968]
R2 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files\common files\srs labs\srs hd audio lab service\SRSAudioLabService.exe [2010-9-13 12592]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-9-8 237056]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-9-8 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-9-8 484352]
R2 WinArchiver Service;WinArchiver Service;c:\program files\winarchiver virtual drive\WAService.exe [2010-11-10 192512]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-2 20464]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2012-2-5 30600]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-3-30 69208]
R3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [2011-9-23 384752]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\engine\SBAMSvc.exe [2011-5-17 2804280]
S3 applebmt;Apple Wireless Mouse;c:\windows\system32\drivers\applebmt.sys [2010-8-28 34304]
S3 applewtp;Apple Wireless Trackpad;c:\windows\system32\drivers\applewtp.sys [2011-3-11 38400]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2011-1-23 53376]
S3 btmhsf;btmhsf;c:\windows\system32\drivers\btmhsf.sys [2011-7-19 225280]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\drivers\iBtFltCoex.sys [2011-7-20 47104]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-8-28 17408]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-4-2 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-4-2 11104]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-3-30 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-3-30 94040]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2012-2-5 19792]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-11 1343400]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2012-2-5 20336]
.
=============== Created Last 30 ================
.
2012-04-05 14:28:14 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2012-04-05 14:28:14 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2012-04-05 14:28:13 94480 ----a-w- c:\windows\system32\msjro.dll
2012-04-05 14:28:13 438976 ----a-w- c:\windows\system32\MSHFLXGD.OCX
2012-04-05 14:28:13 434176 ----a-w- c:\windows\system32\METALIB.DLL
2012-04-05 14:28:13 1234704 ----a-w- c:\windows\system32\MSJT4JLT.DLL
2012-04-05 14:28:13 115920 ----a-w- c:\windows\system32\MSINET.OCX
2012-04-05 14:28:11 -------- d-----w- c:\program files\databull
2012-04-05 13:54:01 90112 ----a-w- c:\windows\unvise32.exe
2012-04-05 13:53:52 -------- d-----w- c:\program files\HSQuote V1
2012-04-05 13:44:02 87671 ----a-w- c:\windows\Yahoo & Google Historical Quotes Downloader Uninstaller.exe
2012-04-05 13:43:58 -------- d-----w- c:\program files\Yahoo & Google Historical Quotes Downloader
2012-04-05 13:43:58 -------- d-----w- c:\program files\common files\Thraex Software
2012-04-05 11:01:15 -------- d-----w- c:\program files\Quote Downloader
2012-04-05 04:47:01 -------- d-----w- c:\users\mac\VirtualBox VMs
2012-04-05 04:41:38 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-04-05 04:41:36 -------- d-----w- c:\program files\Oracle
2012-04-05 04:18:38 -------- d-----w- c:\users\mac\.VirtualBox
2012-04-05 04:01:23 94073136 ----a-w- c:\program files\VirtualBox-4.1.12-77245-Win.exe
2012-04-05 00:09:12 -------- d-----w- c:\users\mac\.stockspy
2012-04-05 00:09:01 -------- d-----w- c:\program files\Stock Spy Demo
2012-04-02 07:41:42 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 07:37:50 -------- d-----w- c:\program files\SpywareBlaster
2012-04-02 07:36:19 -------- d-----w- c:\users\mac\appdata\roaming\WinPatrol
2012-04-02 07:36:05 -------- d-----w- c:\program files\BillP Studios
2012-04-02 07:36:04 -------- d-----w- c:\programdata\InstallMate
2012-03-30 07:29:02 -------- d-----w- c:\users\mac\appdata\local\adaware
2012-03-30 07:28:52 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-03-30 07:27:36 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-03-30 07:27:35 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-03-30 07:27:24 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-03-30 07:27:23 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-03-30 07:27:22 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-03-30 07:26:26 -------- d-----w- c:\users\mac\appdata\roaming\Ad-Aware Antivirus
2012-03-30 06:04:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-30 06:04:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-30 05:44:46 388096 ----a-r- c:\users\mac\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-30 05:44:46 -------- d-----w- c:\program files\Trend Micro
2012-03-14 08:00:48 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 08:00:47 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 03:30:06 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 03:30:05 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 03:30:04 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 03:30:04 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 03:30:04 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 03:30:04 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 03:27:57 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 03:27:57 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 03:27:57 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 03:27:57 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 03:27:54 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 03:27:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
.
==================== Find3M ====================
.
2012-02-22 00:40:11 599854 ----a-w- c:\windows\system32\PGPlspRollback.reg
2012-02-19 02:08:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 11:03:48 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-12 11:03:48 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-16 21:29:09 2048 --sha-w- c:\windows\actofvl\clip.exe
2010-09-16 21:29:09 127232 --sha-w- c:\windows\actofvl\osppc.dll
2010-09-16 21:29:09 14176 --sha-w- c:\windows\actofvl\ospprearm.exe
2010-09-16 21:29:58 72738 --sha-w- c:\windows\actofvl\Uninstall.exe
.
============= FINISH: 19:04:30.87 ===============


DDS Attach:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/14/2010 9:13:32 AM
System Uptime: 4/8/2012 6:57:44 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0JJW8N
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 2928/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 47.945 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is CDROM ()
I: is FIXED (NTFS) - 1863 GiB total, 669.772 GiB free.
J: is FIXED (NTFS) - 203 GiB total, 36.916 GiB free.
M: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0007
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #8
PNP Device ID: ROOT\*6TO4MP\0007
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: archlp
Device ID: ROOT\LEGACY_ARCSEC\0000
Manufacturer:
Name: archlp
PNP Device ID: ROOT\LEGACY_ARCSEC\0000
Service: ArcSec
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer:
Name: SASDIFSV
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service: SASDIFSV
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASKUTIL
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name: SASKUTIL
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service: SASKUTIL
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0002
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #3
PNP Device ID: ROOT\*6TO4MP\0002
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0003
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #4
PNP Device ID: ROOT\*6TO4MP\0003
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0004
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #5
PNP Device ID: ROOT\*6TO4MP\0004
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0005
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #6
PNP Device ID: ROOT\*6TO4MP\0005
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0006
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #7
PNP Device ID: ROOT\*6TO4MP\0006
Service: tunnel
.
==== System Restore Points ===================
.
RP729: 4/4/2012 11:17:22 PM - Installed Oracle VM VirtualBox 4.1.12
RP730: 4/4/2012 11:35:12 PM - Installed Oracle VM VirtualBox 4.1.12
RP731: 4/4/2012 11:38:27 PM - Removed Oracle VM VirtualBox 4.1.12
RP732: 4/4/2012 11:41:09 PM - Installed Oracle VM VirtualBox 4.1.12
RP733: 4/5/2012 6:00:33 AM - Installed Quote Downloader
RP734: 4/5/2012 8:40:09 AM - Removed Quote Downloader
RP735: 4/5/2012 8:42:27 AM - Installed Quote Downloader
.
==== Installed Programs ======================
.
.
123 JavaScript Slideshow v1.1.0.1024
32 Bit HP CIO Components Installer
7-Zip 4.65
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Amazon Kindle
Audacity 1.3.11 (Unicode)
BadCopy Pro
Bonjour
Comical 0.8
CPUID CPU-Z 1.53.1
DataBull 6.2.9
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
Dokan Library 0.5.3
Dropbox
EasyRecovery Professional
EVEREST Ultimate Edition v5.50
Everything 1.2.1.371
Exact Audio Copy 0.99pb5
FlvRecorder
foobar2000 v1.1.5
Google Chrome
Google Gmail Notifier
GoToMeeting 5.0.0.799
HiJackThis
HMA! Pro VPN 2.6.9
HP Update
HSQuote V1
ImgBurn
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
IObit Malware Fighter
Java Auto Updater
Java DB 10.5.3.0
Java™ 6 Update 2
Java™ 6 Update 20
Java™ 6 Update 31
Java™ 6 Update 7
Java™ SE Development Kit 6 Update 20
Java™ SE Development Kit 6 Update 21
JPG to PDF Converter 1.0
LogMeIn
M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1
Machete Lite 3.7
MAGIX Audio Cleaning Lab 17 deluxe
MAGIX Speed 2 (MSI)
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Easy Assist v2
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mini-KMS Auto Activation Tool 1.13
Mozilla Firefox (3.6.28)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCH Toolbox
Octoshape add-in for Adobe Flash Player
Office Tab
OGA Notifier 2.0.0048.0
OpenAL
OpenOffice.org 3.3
Oracle VM VirtualBox 4.1.12
PFPortChecker 1.0.39
Polkast
QuickTime
Quote Downloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Remote Mouse version 1.09
Replay Media Catcher 4
Replay Music
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2553374) 32-Bit Edition
SES Driver
Sony Preset Manager 2.0e
Sony Sound Forge Audio Studio 9.0
Spybot - Search & Destroy
SpywareBlaster 4.6
SRS HD Audio Lab
Stock Spy Demo 1.86
SumatraPDF
Uniblue DriverScanner
Uniblue PowerSuite
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
VBA (2627.01)
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.1
WD SmartWare
WebEx Support Manager for Internet Explorer
WinArchiver
WinArchiver Virtual Drive
Windows Media Player Firefox Plugin
WinPatrol
WinPcap 4.1.2
WinRAR archiver
WinSCP 4.2.8
WM Recorder
WMPTagSupportExtender
Yahoo & Google Historical Quotes Downloader
Your Uninstaller! 7
.
==== Event Viewer Messages From Past Week ========
.
4/8/2012 6:58:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ArcSec SASDIFSV SASKUTIL
4/8/2012 6:58:20 PM, Error: Service Control Manager [7000] - The EPSON V5 Service4(01) service failed to start due to the following error: The system cannot find the path specified.
4/8/2012 6:58:20 PM, Error: Service Control Manager [7000] - The EPSON V3 Service4(01) service failed to start due to the following error: The system cannot find the path specified.
4/8/2012 6:34:36 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
4/8/2012 6:34:32 PM, Error: Service Control Manager [7034] - The IMF Service service terminated unexpectedly. It has done this 1 time(s).
4/8/2012 6:34:15 PM, Error: Service Control Manager [7034] - The Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
4/5/2012 12:39:46 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer VMXP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B6201A6C-33C3-4A36-94AC-91E2D168EED2}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:51 PM

Posted 08 April 2012 - 08:11 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 imackin

imackin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 08 April 2012 - 10:12 PM

I had no problems.

I did a Google search and did not encounter any "captcha"

Results from ComboFix:

ComboFix 12-04-08.01 - Mac 04/08/2012 21:26:36.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2047.1099 [GMT -5:00]
Running from: c:\users\Mac\Desktop\Fix me\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Lavasoft Ad-Aware *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: Lavasoft Ad-Aware *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\VirtualBox-4.1.12-77245-Win.exe
c:\users\Mac\AppData\Local\assembly\tmp
c:\users\Mac\g2mdlhlpx.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\system
.
.
((((((((((((((((((((((((( Files Created from 2012-03-09 to 2012-04-09 )))))))))))))))))))))))))))))))
.
.
2012-04-09 02:31 . 2012-04-09 02:31 -------- d-----w- c:\users\Mac\AppData\Local\temp
2012-04-09 02:31 . 2012-04-09 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-05 14:28 . 2000-07-15 06:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2012-04-05 14:28 . 1998-08-10 23:56 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2012-04-05 14:28 . 2004-04-19 23:13 434176 ----a-w- c:\windows\system32\METALIB.DLL
2012-04-05 14:28 . 2001-04-14 10:32 94480 ----a-w- c:\windows\system32\msjro.dll
2012-04-05 14:28 . 2000-06-13 06:00 1234704 ----a-w- c:\windows\system32\MSJT4JLT.DLL
2012-04-05 14:28 . 2000-05-22 06:00 438976 ----a-w- c:\windows\system32\MSHFLXGD.OCX
2012-04-05 14:28 . 2000-05-22 06:00 115920 ----a-w- c:\windows\system32\MSINET.OCX
2012-04-05 14:28 . 2012-04-05 15:30 -------- d-----w- c:\program files\databull
2012-04-05 13:54 . 2008-01-30 22:36 90112 ----a-w- c:\windows\unvise32.exe
2012-04-05 13:53 . 2012-04-05 13:55 -------- d-----w- c:\program files\HSQuote V1
2012-04-05 13:44 . 2012-04-05 13:44 87671 ----a-w- c:\windows\Yahoo & Google Historical Quotes Downloader Uninstaller.exe
2012-04-05 13:43 . 2012-04-05 13:44 -------- d-----w- c:\program files\Yahoo & Google Historical Quotes Downloader
2012-04-05 13:43 . 2012-04-05 13:43 -------- d-----w- c:\program files\Common Files\Thraex Software
2012-04-05 11:01 . 2012-04-05 11:01 -------- d-----w- c:\program files\Quote Downloader
2012-04-05 04:47 . 2012-04-05 04:47 -------- d-----w- c:\users\Mac\VirtualBox VMs
2012-04-05 04:41 . 2012-04-03 19:47 158512 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-04-05 04:41 . 2012-04-05 04:41 -------- d-----w- c:\program files\Oracle
2012-04-05 04:18 . 2012-04-09 00:23 -------- d-----w- c:\users\Mac\.VirtualBox
2012-04-05 00:09 . 2012-04-05 00:09 -------- d-----w- c:\users\Mac\.stockspy
2012-04-05 00:09 . 2012-04-05 00:09 -------- d-----w- c:\program files\Stock Spy Demo
2012-04-02 07:37 . 2012-04-02 07:37 -------- d-----w- c:\program files\SpywareBlaster
2012-04-02 07:36 . 2012-04-02 07:36 -------- d-----w- c:\users\Mac\AppData\Roaming\WinPatrol
2012-04-02 07:36 . 2012-04-02 07:36 -------- d-----w- c:\program files\BillP Studios
2012-04-02 07:36 . 2012-04-02 07:36 -------- d-----w- c:\programdata\InstallMate
2012-03-30 07:29 . 2012-03-30 07:29 -------- d-----w- c:\users\Mac\AppData\Local\adaware
2012-03-30 07:28 . 2012-03-30 07:29 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-03-30 07:27 . 2011-04-05 22:35 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-03-30 07:27 . 2011-04-05 22:35 78936 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-03-30 07:27 . 2011-02-08 14:14 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-03-30 07:27 . 2011-04-05 22:35 221784 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-03-30 07:27 . 2012-03-30 07:27 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-03-30 07:27 . 2012-03-30 07:27 -------- d-----w- c:\programdata\Lavasoft
2012-03-30 07:26 . 2012-04-08 23:33 -------- d-----w- c:\users\Mac\AppData\Roaming\Ad-Aware Antivirus
2012-03-30 06:04 . 2012-03-30 06:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-30 06:04 . 2012-03-30 06:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-30 05:44 . 2012-03-30 05:44 388096 ----a-r- c:\users\Mac\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-30 05:44 . 2012-03-30 05:44 -------- d-----w- c:\program files\Trend Micro
2012-03-14 08:00 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 08:00 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 03:30 . 2012-02-03 04:01 2341376 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 03:30 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 03:30 . 2012-02-10 05:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 03:30 . 2012-02-10 05:41 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 03:30 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 03:30 . 2012-02-10 05:41 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 03:27 . 2012-02-15 05:44 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 03:27 . 2012-02-15 04:22 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 03:27 . 2012-02-15 04:22 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 03:27 . 2012-01-25 05:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 03:27 . 2012-01-25 05:44 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 03:27 . 2012-01-25 05:44 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 00:40 . 2012-02-22 00:40 599854 ----a-w- c:\windows\system32\PGPlspRollback.reg
2012-02-19 02:08 . 2010-05-02 08:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-14 19:59 . 2012-02-14 19:59 140528 ----a-w- c:\windows\system32\SRSWOW.dll
2012-02-14 19:59 . 2012-02-14 19:59 345328 ----a-w- c:\windows\system32\SRSTSXT.dll
2012-02-14 19:59 . 2012-02-14 19:59 1775136 ----a-w- c:\windows\system32\RtkPgExt.dll
2012-02-14 19:59 . 2012-02-14 19:59 58400 ----a-w- c:\windows\system32\RtkCoInst.dll
2012-02-14 19:59 . 2012-02-14 19:59 367136 ----a-w- c:\windows\system32\RtkApoApi.dll
2012-02-14 19:59 . 2012-02-14 19:59 3583008 ----a-w- c:\windows\system32\RtkAPO.dll
2012-02-14 19:59 . 2012-02-14 19:59 76488 ----a-w- c:\windows\system32\RTEEL32A.dll
2012-02-14 19:59 . 2012-02-14 19:59 62664 ----a-w- c:\windows\system32\RTEEG32A.dll
2012-02-14 19:59 . 2012-02-14 19:59 357576 ----a-w- c:\windows\system32\RTEEP32A.dll
2012-02-14 19:59 . 2012-02-14 19:59 3086752 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2012-02-14 19:59 . 2012-02-14 19:59 168648 ----a-w- c:\windows\system32\RTEED32A.dll
2012-02-14 19:59 . 2012-02-14 19:59 1083936 ----a-w- c:\windows\system32\RTSndMgr.cpl
2012-02-14 19:59 . 2012-02-14 19:59 68696 ----a-w- c:\windows\system32\MBWrp32.dll
2012-02-14 19:59 . 2012-02-14 19:59 53848 ----a-w- c:\windows\system32\MBppld32.dll
2012-02-14 19:59 . 2012-02-14 19:59 50776 ----a-w- c:\windows\system32\MBPPCn32.dll
2012-02-14 19:59 . 2012-02-14 19:59 293584 ----a-w- c:\windows\system32\RP3DHT32.dll
2012-02-14 19:59 . 2012-02-14 19:59 293584 ----a-w- c:\windows\system32\RP3DAA32.dll
2012-02-14 19:59 . 2012-02-14 19:59 531032 ----a-w- c:\windows\system32\MBAPO32.dll
2012-02-14 19:59 . 2012-02-14 19:59 299424 ----a-w- c:\windows\system32\FMAPO.dll
2012-02-14 19:59 . 2012-02-14 19:59 96160 ----a-w- c:\windows\system32\AERTARen.dll
2012-02-14 19:59 . 2012-02-14 19:59 145760 ----a-w- c:\windows\system32\AERTACap.dll
2012-01-12 11:03 . 2006-11-17 15:46 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-12 11:03 . 2006-11-17 15:46 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-16 21:29 2048 --sha-w- c:\windows\actofvl\clip.exe
2010-09-16 21:29 127232 --sha-w- c:\windows\actofvl\osppc.dll
2010-09-16 21:29 14176 --sha-w- c:\windows\actofvl\ospprearm.exe
2010-09-16 21:29 72738 --sha-w- c:\windows\actofvl\Uninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Mac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"16AC0BE06752D674A114863D1465FB06256C8EB0._service_run"="c:\users\Mac\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-04-04 1224176]
"PowerSuite"="c:\progra~1\Uniblue\POWERS~1\launcher.exe" [2011-09-12 67448]
"SRSHDAudioLab"="c:\program files\SRS Labs\SRS HD Audio Lab\HDAL.exe" [2011-09-23 546816]
"Remote Mouse"="c:\program files\Remote Mouse\RemoteMouse.exe" [2011-03-31 874496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-03-25 329312]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-02-14 9210400]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-01-13 4453208]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
.
c:\users\Mac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HMA Pro VPN 2.0.lnk - c:\program files\HMA! Pro VPN\bin\HMA! Pro VPN.exe [2011-8-3 1694720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCABattery"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0ROBoot \??\c:\windows\system32\ASOROSet.bin
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
R1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [x]
R1 SASDIFSV;SASDIFSV; [x]
R1 SASKUTIL;SASKUTIL; [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 101720]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DokanMounter;DokanMounter;c:\program files\Dokan\DokanLibrary\mounter.exe [2010-07-05 11776]
R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-17 2804280]
R2 WinArchiver Service;WinArchiver Service;c:\program files\WinArchiver Virtual Drive\WAService.exe [2010-11-11 192512]
R3 applebmt;Apple Wireless Mouse;c:\windows\system32\DRIVERS\applebmt.sys [2009-10-16 34304]
R3 applewtp;Apple Wireless Trackpad;c:\windows\system32\DRIVERS\applewtp.sys [2010-07-21 38400]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
R3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [2011-01-24 53376]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-20 225280]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-20 47104]
R3 JakNDisMP;JakNDisMP;c:\windows\system32\DRIVERS\JakNDis.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-08-29 17408]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-08-16 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-08-16 11104]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-02-08 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-04-05 94040]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [2011-09-20 19792]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-11 1343400]
R4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2012-01-06 20336]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-25 691696]
S0 WAEMU;WAEMU;c:\windows\system32\Drivers\waemu.sys [2010-11-11 91490]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-04-05 221784]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-04-05 78936]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-04-03 158512]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2012-02-14 87968]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 176128]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2010-07-05 84992]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-03-01 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-05-11 74968]
S2 SRSHDAudioService;SRS HDAudio Lab Service;c:\program files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe [2010-09-13 12592]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 237056]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-09-08 484352]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 7772160]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 243712]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2011-09-20 30600]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-02-08 69208]
S3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_i386.sys [2010-07-02 384752]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-08 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 17:44]
.
2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-824401905-3867496203-3588383978-1000Core.job
- c:\users\Mac\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-14 20:35]
.
2012-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-824401905-3867496203-3588383978-1000UA.job
- c:\users\Mac\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-14 20:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://startsear.ch/?aff=1&cf=f26928c3-13c9-11e1-8906-00158315a310
uLocal Page =
uDefault_Search_URL = hxxp://search.tuxendo.com/Search.aspx?cg=7a049a25556a46179faac14944639451&aff=189
mStart Page = hxxp://startsear.ch/?aff=1&cf=f26928c3-13c9-11e1-8906-00158315a310
mLocal Page =
uInternet Settings,ProxyOverride = local;*.local
IE: E&xport to Microsoft Excel
LSP: c:\program files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Mac\AppData\Roaming\Mozilla\Firefox\Profiles\6flu3n37.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1269415&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/search?q=
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ad708c09-d51b-45b3-9d28-4eba2681febf} - (no file)
BHO-{460F3F10-4D16-6698-652A-462F27F93D41} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-08 21:33:20
ComboFix-quarantined-files.txt 2012-04-09 02:33
.
Pre-Run: 51,350,224,896 bytes free
Post-Run: 55,812,972,544 bytes free
.
- - End Of File - - 259CC4A3CBAE39AA8246CF8CA89E778F

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:51 PM

Posted 08 April 2012 - 10:28 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 imackin

imackin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 09 April 2012 - 12:21 AM

No Threats Found

TDSSKiller log:

00:17:01.0982 3184 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
00:17:02.0418 3184 ============================================================
00:17:02.0418 3184 Current date / time: 2012/04/09 00:17:02.0418
00:17:02.0418 3184 SystemInfo:
00:17:02.0418 3184
00:17:02.0418 3184 OS Version: 6.1.7600 ServicePack: 0.0
00:17:02.0418 3184 Product type: Workstation
00:17:02.0418 3184 ComputerName: SEVEN
00:17:02.0418 3184 UserName: Mac
00:17:02.0418 3184 Windows directory: C:\Windows
00:17:02.0418 3184 System windows directory: C:\Windows
00:17:02.0418 3184 Processor architecture: Intel x86
00:17:02.0418 3184 Number of processors: 2
00:17:02.0418 3184 Page size: 0x1000
00:17:02.0418 3184 Boot type: Normal boot
00:17:02.0418 3184 ============================================================
00:17:03.0401 3184 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:17:03.0401 3184 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:17:10.0047 3184 Drive \Device\Harddisk2\DR2 - Size: 0x1D1BF100000 (1862.99 Gb), SectorSize: 0x200, Cylinders: 0x3B5FD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:17:10.0062 3184 \Device\Harddisk0\DR0:
00:17:10.0062 3184 MBR used
00:17:10.0062 3184 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:17:10.0062 3184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D176000
00:17:10.0062 3184 \Device\Harddisk1\DR1:
00:17:10.0062 3184 MBR used
00:17:10.0062 3184 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x20DC319E, BlocksNum 0x195C2E92
00:17:10.0062 3184 \Device\Harddisk2\DR2:
00:17:10.0062 3184 MBR used
00:17:10.0062 3184 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8DF8000
00:17:10.0140 3184 Initialize success
00:17:10.0140 3184 ============================================================
00:17:27.0987 5320 ============================================================
00:17:27.0987 5320 Scan started
00:17:27.0987 5320 Mode: Manual;
00:17:27.0987 5320 ============================================================
00:17:28.0814 5320 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
00:17:28.0814 5320 1394ohci - ok
00:17:28.0829 5320 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
00:17:28.0829 5320 ACPI - ok
00:17:28.0845 5320 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
00:17:28.0845 5320 AcpiPmi - ok
00:17:28.0938 5320 Ad-Aware Service (fb182ad520910442abf146bb325de79b) C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
00:17:28.0954 5320 Ad-Aware Service - ok
00:17:29.0032 5320 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:17:29.0032 5320 AdobeARMservice - ok
00:17:29.0110 5320 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
00:17:29.0110 5320 adp94xx - ok
00:17:29.0141 5320 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
00:17:29.0141 5320 adpahci - ok
00:17:29.0157 5320 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
00:17:29.0157 5320 adpu320 - ok
00:17:29.0188 5320 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
00:17:29.0188 5320 AeLookupSvc - ok
00:17:29.0235 5320 AERTFilters (a6ce73469591554279da63be715dbc93) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
00:17:29.0235 5320 AERTFilters - ok
00:17:29.0328 5320 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
00:17:29.0328 5320 AFD - ok
00:17:29.0360 5320 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
00:17:29.0360 5320 agp440 - ok
00:17:29.0406 5320 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
00:17:29.0406 5320 aic78xx - ok
00:17:29.0438 5320 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
00:17:29.0453 5320 ALG - ok
00:17:29.0484 5320 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
00:17:29.0484 5320 aliide - ok
00:17:29.0531 5320 AMD External Events Utility (ebccbcbf1df132e4775e5d6e6dea3ed0) C:\Windows\system32\atiesrxx.exe
00:17:29.0531 5320 AMD External Events Utility - ok
00:17:29.0547 5320 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
00:17:29.0547 5320 amdagp - ok
00:17:29.0562 5320 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
00:17:29.0562 5320 amdide - ok
00:17:29.0578 5320 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
00:17:29.0578 5320 AmdK8 - ok
00:17:29.0734 5320 amdkmdag (f89643a2ca001b1162061e306f8bf267) C:\Windows\system32\DRIVERS\atikmdag.sys
00:17:29.0828 5320 amdkmdag - ok
00:17:29.0906 5320 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) C:\Windows\system32\DRIVERS\atikmpag.sys
00:17:29.0906 5320 amdkmdap - ok
00:17:29.0952 5320 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
00:17:29.0952 5320 AmdPPM - ok
00:17:29.0984 5320 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
00:17:29.0984 5320 amdsata - ok
00:17:30.0015 5320 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
00:17:30.0015 5320 amdsbs - ok
00:17:30.0030 5320 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
00:17:30.0030 5320 amdxata - ok
00:17:30.0093 5320 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
00:17:30.0093 5320 AppID - ok
00:17:30.0124 5320 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
00:17:30.0124 5320 AppIDSvc - ok
00:17:30.0140 5320 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
00:17:30.0140 5320 Appinfo - ok
00:17:30.0186 5320 applebmt (bbc83f74c27067929dc3f6d4e1a10299) C:\Windows\system32\DRIVERS\applebmt.sys
00:17:30.0186 5320 applebmt - ok
00:17:30.0218 5320 applewtp (1f92505c6161d8488b65e645accde985) C:\Windows\system32\DRIVERS\applewtp.sys
00:17:30.0218 5320 applewtp - ok
00:17:30.0264 5320 appliand (05eda44c080ebaf758f8a318488ffd75) C:\Windows\system32\DRIVERS\appliand.sys
00:17:30.0264 5320 appliand - ok
00:17:30.0280 5320 appliandMP (05eda44c080ebaf758f8a318488ffd75) C:\Windows\system32\DRIVERS\appliand.sys
00:17:30.0280 5320 appliandMP - ok
00:17:30.0296 5320 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
00:17:30.0311 5320 AppMgmt - ok
00:17:30.0342 5320 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
00:17:30.0342 5320 arc - ok
00:17:30.0389 5320 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
00:17:30.0389 5320 arcsas - ok
00:17:30.0405 5320 ArcSec - ok
00:17:30.0498 5320 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:17:30.0498 5320 aspnet_state - ok
00:17:30.0592 5320 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
00:17:30.0592 5320 AsyncMac - ok
00:17:30.0639 5320 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
00:17:30.0639 5320 atapi - ok
00:17:30.0670 5320 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
00:17:30.0686 5320 AudioEndpointBuilder - ok
00:17:30.0701 5320 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
00:17:30.0701 5320 Audiosrv - ok
00:17:30.0779 5320 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
00:17:30.0779 5320 AxInstSV - ok
00:17:30.0826 5320 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
00:17:30.0826 5320 b06bdrv - ok
00:17:30.0842 5320 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
00:17:30.0842 5320 b57nd60x - ok
00:17:30.0920 5320 BackupReader (7373692c6c2c69e110ec44a7692b4735) C:\Windows\system32\DRIVERS\BackupReader.sys
00:17:30.0920 5320 BackupReader - ok
00:17:30.0951 5320 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
00:17:30.0951 5320 BDESVC - ok
00:17:30.0982 5320 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
00:17:30.0982 5320 Beep - ok
00:17:31.0013 5320 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
00:17:31.0013 5320 BFE - ok
00:17:31.0044 5320 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
00:17:31.0076 5320 BITS - ok
00:17:31.0138 5320 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
00:17:31.0138 5320 blbdrive - ok
00:17:31.0200 5320 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
00:17:31.0216 5320 Bonjour Service - ok
00:17:31.0278 5320 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
00:17:31.0278 5320 bowser - ok
00:17:31.0310 5320 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:17:31.0310 5320 BrFiltLo - ok
00:17:31.0325 5320 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:17:31.0325 5320 BrFiltUp - ok
00:17:31.0434 5320 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
00:17:31.0434 5320 BridgeMP - ok
00:17:31.0450 5320 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
00:17:31.0466 5320 Browser - ok
00:17:31.0497 5320 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
00:17:31.0497 5320 Brserid - ok
00:17:31.0528 5320 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
00:17:31.0528 5320 BrSerWdm - ok
00:17:31.0544 5320 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:17:31.0544 5320 BrUsbMdm - ok
00:17:31.0544 5320 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
00:17:31.0544 5320 BrUsbSer - ok
00:17:31.0590 5320 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
00:17:31.0590 5320 BthEnum - ok
00:17:31.0606 5320 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
00:17:31.0606 5320 BTHMODEM - ok
00:17:31.0653 5320 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
00:17:31.0653 5320 BthPan - ok
00:17:31.0700 5320 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\system32\Drivers\BTHport.sys
00:17:31.0700 5320 BTHPORT - ok
00:17:31.0731 5320 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
00:17:31.0731 5320 bthserv - ok
00:17:31.0762 5320 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\system32\Drivers\BTHUSB.sys
00:17:31.0762 5320 BTHUSB - ok
00:17:31.0809 5320 btmhsf (d517ba16793d76210c963dab2a88b74f) C:\Windows\system32\DRIVERS\btmhsf.sys
00:17:31.0809 5320 btmhsf - ok
00:17:31.0856 5320 catchme - ok
00:17:31.0934 5320 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
00:17:31.0934 5320 cdfs - ok
00:17:31.0949 5320 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
00:17:31.0949 5320 cdrom - ok
00:17:31.0980 5320 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
00:17:31.0980 5320 CertPropSvc - ok
00:17:32.0012 5320 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
00:17:32.0012 5320 circlass - ok
00:17:32.0074 5320 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
00:17:32.0090 5320 CLFS - ok
00:17:32.0136 5320 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:17:32.0136 5320 clr_optimization_v2.0.50727_32 - ok
00:17:32.0214 5320 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:17:32.0214 5320 clr_optimization_v4.0.30319_32 - ok
00:17:32.0277 5320 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
00:17:32.0277 5320 CmBatt - ok
00:17:32.0308 5320 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
00:17:32.0308 5320 cmdide - ok
00:17:32.0355 5320 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
00:17:32.0370 5320 CNG - ok
00:17:32.0402 5320 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
00:17:32.0402 5320 Compbatt - ok
00:17:32.0464 5320 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:17:32.0464 5320 CompositeBus - ok
00:17:32.0464 5320 COMSysApp - ok
00:17:32.0526 5320 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\Windows\system32\drivers\cpuz132_x32.sys
00:17:32.0526 5320 cpuz132 - ok
00:17:32.0558 5320 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
00:17:32.0558 5320 crcdisk - ok
00:17:32.0604 5320 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
00:17:32.0620 5320 CryptSvc - ok
00:17:32.0667 5320 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
00:17:32.0667 5320 CSC - ok
00:17:32.0714 5320 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
00:17:32.0714 5320 CscService - ok
00:17:32.0745 5320 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
00:17:32.0760 5320 DcomLaunch - ok
00:17:32.0807 5320 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
00:17:32.0807 5320 defragsvc - ok
00:17:32.0885 5320 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
00:17:32.0885 5320 DfsC - ok
00:17:32.0948 5320 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
00:17:32.0948 5320 Dhcp - ok
00:17:32.0979 5320 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
00:17:32.0979 5320 discache - ok
00:17:33.0026 5320 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
00:17:33.0026 5320 Disk - ok
00:17:33.0088 5320 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
00:17:33.0088 5320 Dnscache - ok
00:17:33.0135 5320 Dokan (37a1bd782537407a18d4ca028db7e6d6) C:\Windows\system32\drivers\dokan.sys
00:17:33.0135 5320 Dokan - ok
00:17:33.0213 5320 DokanMounter (ca41dfffb8ba956ffe9729d0b3853a58) C:\Program Files\Dokan\DokanLibrary\mounter.exe
00:17:33.0213 5320 DokanMounter - ok
00:17:33.0275 5320 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
00:17:33.0275 5320 dot3svc - ok
00:17:33.0353 5320 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
00:17:33.0353 5320 Dot4 - ok
00:17:33.0384 5320 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:17:33.0384 5320 Dot4Print - ok
00:17:33.0400 5320 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
00:17:33.0400 5320 dot4usb - ok
00:17:33.0431 5320 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
00:17:33.0431 5320 DPS - ok
00:17:33.0494 5320 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
00:17:33.0494 5320 drmkaud - ok
00:17:33.0572 5320 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
00:17:33.0587 5320 DXGKrnl - ok
00:17:33.0618 5320 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
00:17:33.0618 5320 EapHost - ok
00:17:33.0696 5320 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
00:17:33.0728 5320 ebdrv - ok
00:17:33.0806 5320 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
00:17:33.0806 5320 EFS - ok
00:17:33.0868 5320 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
00:17:33.0868 5320 ehRecvr - ok
00:17:33.0899 5320 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
00:17:33.0899 5320 ehSched - ok
00:17:33.0977 5320 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
00:17:33.0993 5320 elxstor - ok
00:17:34.0008 5320 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
00:17:34.0008 5320 ErrDev - ok
00:17:34.0071 5320 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
00:17:34.0071 5320 EventSystem - ok
00:17:34.0102 5320 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
00:17:34.0102 5320 exfat - ok
00:17:34.0149 5320 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
00:17:34.0149 5320 fastfat - ok
00:17:34.0211 5320 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
00:17:34.0227 5320 Fax - ok
00:17:34.0274 5320 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
00:17:34.0289 5320 fdc - ok
00:17:34.0305 5320 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
00:17:34.0305 5320 fdPHost - ok
00:17:34.0320 5320 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
00:17:34.0320 5320 FDResPub - ok
00:17:34.0352 5320 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
00:17:34.0352 5320 FileInfo - ok
00:17:34.0476 5320 FileMonitor (142a7ae58bd1ed496dc063196db1527e) C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys
00:17:34.0476 5320 FileMonitor - ok
00:17:34.0539 5320 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
00:17:34.0539 5320 Filetrace - ok
00:17:34.0601 5320 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:17:34.0617 5320 FLEXnet Licensing Service - ok
00:17:34.0679 5320 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
00:17:34.0679 5320 flpydisk - ok
00:17:34.0695 5320 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
00:17:34.0695 5320 FltMgr - ok
00:17:34.0742 5320 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
00:17:34.0757 5320 FontCache - ok
00:17:34.0835 5320 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:17:34.0835 5320 FontCache3.0.0.0 - ok
00:17:34.0898 5320 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
00:17:34.0898 5320 FsDepends - ok
00:17:34.0929 5320 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
00:17:34.0929 5320 Fs_Rec - ok
00:17:34.0976 5320 FTDIBUS (a36e8beedb3aaca09bf55a1d17904bc8) C:\Windows\system32\drivers\ftdibus.sys
00:17:34.0976 5320 FTDIBUS - ok
00:17:35.0038 5320 FTSER2K (a14a1f4bb391df9c233cb5dbd05feb70) C:\Windows\system32\drivers\ftser2k.sys
00:17:35.0038 5320 FTSER2K - ok
00:17:35.0085 5320 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
00:17:35.0085 5320 fvevol - ok
00:17:35.0100 5320 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:17:35.0100 5320 gagp30kx - ok
00:17:35.0178 5320 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:17:35.0178 5320 GEARAspiWDM - ok
00:17:35.0210 5320 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
00:17:35.0241 5320 gpsvc - ok
00:17:35.0288 5320 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
00:17:35.0288 5320 hcw85cir - ok
00:17:35.0303 5320 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
00:17:35.0303 5320 HdAudAddService - ok
00:17:35.0334 5320 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:17:35.0334 5320 HDAudBus - ok
00:17:35.0366 5320 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
00:17:35.0366 5320 HidBatt - ok
00:17:35.0397 5320 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
00:17:35.0397 5320 HidBth - ok
00:17:35.0397 5320 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
00:17:35.0397 5320 HidIr - ok
00:17:35.0428 5320 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
00:17:35.0428 5320 hidserv - ok
00:17:35.0459 5320 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
00:17:35.0459 5320 HidUsb - ok
00:17:35.0490 5320 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
00:17:35.0490 5320 hkmsvc - ok
00:17:35.0506 5320 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
00:17:35.0506 5320 HomeGroupListener - ok
00:17:35.0537 5320 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
00:17:35.0537 5320 HomeGroupProvider - ok
00:17:35.0568 5320 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
00:17:35.0568 5320 HpSAMD - ok
00:17:35.0615 5320 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
00:17:35.0615 5320 HTTP - ok
00:17:35.0631 5320 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
00:17:35.0631 5320 hwpolicy - ok
00:17:35.0709 5320 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
00:17:35.0724 5320 i8042prt - ok
00:17:35.0740 5320 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\drivers\iaStorV.sys
00:17:35.0740 5320 iaStorV - ok
00:17:35.0787 5320 iBtFltCoex (61401ba4183bc171ba114fce4981bb33) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
00:17:35.0787 5320 iBtFltCoex - ok
00:17:35.0896 5320 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
00:17:35.0896 5320 IDriverT - ok
00:17:36.0130 5320 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:17:36.0146 5320 idsvc - ok
00:17:36.0333 5320 igfx (59fa038451070172e47d0cd347f32bc4) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:17:36.0458 5320 igfx - ok
00:17:36.0520 5320 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
00:17:36.0520 5320 iirsp - ok
00:17:36.0567 5320 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
00:17:36.0582 5320 IKEEXT - ok
00:17:36.0676 5320 IMFservice (8ae99ebe30e8338907361018d9030835) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
00:17:36.0707 5320 IMFservice - ok
00:17:36.0832 5320 IntcAzAudAddService (f42f2f88017a2e2b6f783acef6c2c149) C:\Windows\system32\drivers\RTKVHDA.sys
00:17:36.0879 5320 IntcAzAudAddService - ok
00:17:36.0910 5320 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
00:17:36.0910 5320 intelide - ok
00:17:36.0926 5320 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
00:17:36.0926 5320 intelppm - ok
00:17:36.0957 5320 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
00:17:36.0957 5320 IPBusEnum - ok
00:17:36.0988 5320 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:17:36.0988 5320 IpFilterDriver - ok
00:17:37.0035 5320 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
00:17:37.0035 5320 iphlpsvc - ok
00:17:37.0082 5320 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:17:37.0082 5320 IPMIDRV - ok
00:17:37.0113 5320 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
00:17:37.0113 5320 IPNAT - ok
00:17:37.0128 5320 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
00:17:37.0128 5320 IRENUM - ok
00:17:37.0144 5320 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
00:17:37.0144 5320 isapnp - ok
00:17:37.0175 5320 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
00:17:37.0175 5320 iScsiPrt - ok
00:17:37.0191 5320 JakNDisMP - ok
00:17:37.0222 5320 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:17:37.0222 5320 kbdclass - ok
00:17:37.0238 5320 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
00:17:37.0238 5320 kbdhid - ok
00:17:37.0284 5320 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
00:17:37.0284 5320 KeyIso - ok
00:17:37.0331 5320 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
00:17:37.0331 5320 KSecDD - ok
00:17:37.0378 5320 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
00:17:37.0378 5320 KSecPkg - ok
00:17:37.0409 5320 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
00:17:37.0425 5320 KtmRm - ok
00:17:37.0518 5320 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
00:17:37.0518 5320 LanmanServer - ok
00:17:37.0612 5320 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
00:17:37.0612 5320 LanmanWorkstation - ok
00:17:37.0659 5320 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
00:17:37.0659 5320 lltdio - ok
00:17:37.0690 5320 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
00:17:37.0690 5320 lltdsvc - ok
00:17:37.0721 5320 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
00:17:37.0737 5320 lmhosts - ok
00:17:37.0815 5320 LMIGuardianSvc (16b08bb43aed8b39d41d6796a607544f) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
00:17:37.0830 5320 LMIGuardianSvc - ok
00:17:37.0862 5320 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
00:17:37.0862 5320 LMIInfo - ok
00:17:37.0862 5320 LMIMaint (039b9e1c04061be5455a00481ee2b3fb) C:\Program Files\LogMeIn\x86\RaMaint.exe
00:17:37.0877 5320 LMIMaint - ok
00:17:37.0955 5320 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
00:17:37.0971 5320 lmimirr - ok
00:17:37.0971 5320 LMIRfsClientNP - ok
00:17:37.0986 5320 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
00:17:37.0986 5320 LMIRfsDriver - ok
00:17:38.0111 5320 LogMeIn (432618fa75b61059d2c57d6a7e55147a) C:\Program Files\LogMeIn\x86\LogMeIn.exe
00:17:38.0111 5320 LogMeIn - ok
00:17:38.0205 5320 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:17:38.0205 5320 LSI_FC - ok
00:17:38.0220 5320 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:17:38.0220 5320 LSI_SAS - ok
00:17:38.0236 5320 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:17:38.0236 5320 LSI_SAS2 - ok
00:17:38.0252 5320 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:17:38.0252 5320 LSI_SCSI - ok
00:17:38.0267 5320 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
00:17:38.0267 5320 luafv - ok
00:17:38.0298 5320 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
00:17:38.0298 5320 Mcx2Svc - ok
00:17:38.0330 5320 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
00:17:38.0330 5320 megasas - ok
00:17:38.0345 5320 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
00:17:38.0345 5320 MegaSR - ok
00:17:38.0376 5320 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
00:17:38.0376 5320 MMCSS - ok
00:17:38.0408 5320 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
00:17:38.0423 5320 Modem - ok
00:17:38.0454 5320 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
00:17:38.0454 5320 monitor - ok
00:17:38.0486 5320 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
00:17:38.0486 5320 mouclass - ok
00:17:38.0517 5320 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
00:17:38.0517 5320 mouhid - ok
00:17:38.0517 5320 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
00:17:38.0517 5320 mountmgr - ok
00:17:38.0548 5320 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
00:17:38.0548 5320 mpio - ok
00:17:38.0595 5320 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
00:17:38.0595 5320 mpsdrv - ok
00:17:38.0626 5320 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
00:17:38.0642 5320 MpsSvc - ok
00:17:38.0688 5320 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
00:17:38.0688 5320 MRxDAV - ok
00:17:38.0720 5320 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:17:38.0720 5320 mrxsmb - ok
00:17:38.0766 5320 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:17:38.0782 5320 mrxsmb10 - ok
00:17:38.0782 5320 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:17:38.0798 5320 mrxsmb20 - ok
00:17:38.0829 5320 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
00:17:38.0829 5320 msahci - ok
00:17:38.0844 5320 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
00:17:38.0844 5320 msdsm - ok
00:17:38.0876 5320 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
00:17:38.0876 5320 MSDTC - ok
00:17:38.0891 5320 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
00:17:38.0891 5320 Msfs - ok
00:17:38.0907 5320 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
00:17:38.0907 5320 mshidkmdf - ok
00:17:38.0922 5320 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
00:17:38.0922 5320 msisadrv - ok
00:17:38.0954 5320 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
00:17:38.0954 5320 MSiSCSI - ok
00:17:38.0954 5320 msiserver - ok
00:17:38.0985 5320 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
00:17:38.0985 5320 MSKSSRV - ok
00:17:39.0000 5320 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
00:17:39.0000 5320 MSPCLOCK - ok
00:17:39.0016 5320 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
00:17:39.0016 5320 MSPQM - ok
00:17:39.0047 5320 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
00:17:39.0047 5320 MsRPC - ok
00:17:39.0063 5320 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
00:17:39.0063 5320 mssmbios - ok
00:17:39.0078 5320 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
00:17:39.0078 5320 MSTEE - ok
00:17:39.0094 5320 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
00:17:39.0094 5320 MTConfig - ok
00:17:39.0125 5320 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
00:17:39.0125 5320 Mup - ok
00:17:39.0156 5320 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
00:17:39.0156 5320 napagent - ok
00:17:39.0188 5320 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
00:17:39.0188 5320 NativeWifiP - ok
00:17:39.0219 5320 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
00:17:39.0234 5320 NDIS - ok
00:17:39.0312 5320 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
00:17:39.0312 5320 NdisCap - ok
00:17:39.0328 5320 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
00:17:39.0328 5320 NdisTapi - ok
00:17:39.0344 5320 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
00:17:39.0344 5320 Ndisuio - ok
00:17:39.0359 5320 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
00:17:39.0359 5320 NdisWan - ok
00:17:39.0375 5320 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
00:17:39.0375 5320 NDProxy - ok
00:17:39.0406 5320 Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\Windows\system32\HPZinw12.dll
00:17:39.0406 5320 Net Driver HPZ12 - ok
00:17:39.0453 5320 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\Windows\system32\DRIVERS\netaapl.sys
00:17:39.0453 5320 Netaapl - ok
00:17:39.0484 5320 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
00:17:39.0484 5320 NetBIOS - ok
00:17:39.0500 5320 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
00:17:39.0500 5320 NetBT - ok
00:17:39.0546 5320 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
00:17:39.0562 5320 Netlogon - ok
00:17:39.0578 5320 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
00:17:39.0593 5320 Netman - ok
00:17:39.0671 5320 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:17:39.0687 5320 NetMsmqActivator - ok
00:17:39.0687 5320 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:17:39.0687 5320 NetPipeActivator - ok
00:17:39.0749 5320 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
00:17:39.0749 5320 netprofm - ok
00:17:39.0843 5320 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:17:39.0843 5320 NetTcpActivator - ok
00:17:39.0843 5320 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:17:39.0843 5320 NetTcpPortSharing - ok
00:17:39.0921 5320 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
00:17:39.0921 5320 nfrd960 - ok
00:17:39.0968 5320 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
00:17:39.0983 5320 NlaSvc - ok
00:17:40.0030 5320 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
00:17:40.0030 5320 NPF - ok
00:17:40.0092 5320 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
00:17:40.0092 5320 Npfs - ok
00:17:40.0124 5320 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
00:17:40.0124 5320 nsi - ok
00:17:40.0170 5320 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
00:17:40.0170 5320 nsiproxy - ok
00:17:40.0280 5320 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
00:17:40.0295 5320 Ntfs - ok
00:17:40.0326 5320 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
00:17:40.0326 5320 Null - ok
00:17:40.0373 5320 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
00:17:40.0373 5320 nvraid - ok
00:17:40.0389 5320 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
00:17:40.0389 5320 nvstor - ok
00:17:40.0420 5320 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
00:17:40.0420 5320 nv_agp - ok
00:17:40.0467 5320 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
00:17:40.0467 5320 ohci1394 - ok
00:17:40.0545 5320 OpenVPNService (d8a0164a79d4bfd6083945c5431e41e7) C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe
00:17:40.0545 5320 OpenVPNService - ok
00:17:40.0607 5320 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:17:40.0607 5320 ose - ok
00:17:40.0732 5320 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:17:40.0810 5320 osppsvc - ok
00:17:40.0888 5320 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
00:17:40.0904 5320 p2pimsvc - ok
00:17:40.0935 5320 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
00:17:40.0935 5320 p2psvc - ok
00:17:40.0982 5320 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
00:17:40.0982 5320 Parport - ok
00:17:41.0028 5320 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
00:17:41.0028 5320 partmgr - ok
00:17:41.0044 5320 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
00:17:41.0044 5320 Parvdm - ok
00:17:41.0075 5320 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
00:17:41.0091 5320 PcaSvc - ok
00:17:41.0122 5320 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
00:17:41.0122 5320 pci - ok
00:17:41.0184 5320 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
00:17:41.0184 5320 pciide - ok
00:17:41.0216 5320 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
00:17:41.0231 5320 pcmcia - ok
00:17:41.0247 5320 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
00:17:41.0247 5320 pcw - ok
00:17:41.0278 5320 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
00:17:41.0294 5320 PEAUTH - ok
00:17:41.0356 5320 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
00:17:41.0372 5320 PeerDistSvc - ok
00:17:41.0418 5320 pgfilter - ok
00:17:41.0481 5320 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
00:17:41.0496 5320 pla - ok
00:17:41.0590 5320 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
00:17:41.0590 5320 PlugPlay - ok
00:17:41.0637 5320 Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\Windows\system32\HPZipm12.dll
00:17:41.0637 5320 Pml Driver HPZ12 - ok
00:17:41.0684 5320 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
00:17:41.0684 5320 PNRPAutoReg - ok
00:17:41.0715 5320 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
00:17:41.0715 5320 PNRPsvc - ok
00:17:41.0746 5320 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
00:17:41.0762 5320 PolicyAgent - ok
00:17:41.0793 5320 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
00:17:41.0793 5320 Power - ok
00:17:41.0824 5320 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
00:17:41.0824 5320 PptpMiniport - ok
00:17:41.0855 5320 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
00:17:41.0855 5320 Processor - ok
00:17:41.0886 5320 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
00:17:41.0886 5320 ProfSvc - ok
00:17:41.0933 5320 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
00:17:41.0933 5320 ProtectedStorage - ok
00:17:41.0964 5320 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
00:17:41.0964 5320 Psched - ok
00:17:42.0011 5320 pwdrvio (c50de6d0c04b230f185a13fde0f047fa) C:\Windows\system32\pwdrvio.sys
00:17:42.0027 5320 pwdrvio - ok
00:17:42.0058 5320 pwdspio (cdc5704308222400ad606bcf87b006a5) C:\Windows\system32\pwdspio.sys
00:17:42.0058 5320 pwdspio - ok
00:17:42.0105 5320 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
00:17:42.0136 5320 ql2300 - ok
00:17:42.0152 5320 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
00:17:42.0167 5320 ql40xx - ok
00:17:42.0183 5320 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
00:17:42.0198 5320 QWAVE - ok
00:17:42.0230 5320 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
00:17:42.0230 5320 QWAVEdrv - ok
00:17:42.0245 5320 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
00:17:42.0245 5320 RasAcd - ok
00:17:42.0276 5320 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:17:42.0276 5320 RasAgileVpn - ok
00:17:42.0308 5320 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
00:17:42.0308 5320 RasAuto - ok
00:17:42.0354 5320 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:17:42.0354 5320 Rasl2tp - ok
00:17:42.0370 5320 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
00:17:42.0386 5320 RasMan - ok
00:17:42.0401 5320 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
00:17:42.0401 5320 RasPppoe - ok
00:17:42.0417 5320 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
00:17:42.0417 5320 RasSstp - ok
00:17:42.0432 5320 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
00:17:42.0432 5320 rdbss - ok
00:17:42.0448 5320 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
00:17:42.0448 5320 rdpbus - ok
00:17:42.0479 5320 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:17:42.0479 5320 RDPCDD - ok
00:17:42.0526 5320 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
00:17:42.0526 5320 RDPDR - ok
00:17:42.0557 5320 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
00:17:42.0557 5320 RDPENCDD - ok
00:17:42.0573 5320 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
00:17:42.0573 5320 RDPREFMP - ok
00:17:42.0620 5320 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
00:17:42.0620 5320 RDPWD - ok
00:17:42.0651 5320 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
00:17:42.0651 5320 rdyboost - ok
00:17:42.0776 5320 RegFilter (a668248c75d7866613d6db4f373ebece) C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys
00:17:42.0776 5320 RegFilter - ok
00:17:42.0854 5320 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
00:17:42.0854 5320 RemoteAccess - ok
00:17:42.0885 5320 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
00:17:42.0885 5320 RemoteRegistry - ok
00:17:42.0932 5320 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
00:17:42.0932 5320 RFCOMM - ok
00:17:42.0994 5320 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files\WinPcap\rpcapd.exe
00:17:42.0994 5320 rpcapd - ok
00:17:43.0056 5320 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
00:17:43.0056 5320 RpcEptMapper - ok
00:17:43.0088 5320 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
00:17:43.0088 5320 RpcLocator - ok
00:17:43.0103 5320 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
00:17:43.0103 5320 RpcSs - ok
00:17:43.0150 5320 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
00:17:43.0150 5320 rspndr - ok
00:17:43.0212 5320 RTL8167 (5283b9a27ff230f2ff70d92451ff409a) C:\Windows\system32\DRIVERS\Rt86win7.sys
00:17:43.0228 5320 RTL8167 - ok
00:17:43.0259 5320 RTL8187 (325590e7e9587459643ba24d2cf73bf2) C:\Windows\system32\DRIVERS\rtl8187.sys
00:17:43.0259 5320 RTL8187 - ok
00:17:43.0353 5320 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
00:17:43.0353 5320 s3cap - ok
00:17:43.0384 5320 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
00:17:43.0400 5320 SamSs - ok
00:17:43.0400 5320 SASDIFSV - ok
00:17:43.0415 5320 SASKUTIL - ok
00:17:43.0556 5320 SBAMSvc (c7d53053541a448febb1373abbaf79ef) C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
00:17:43.0602 5320 SBAMSvc - ok
00:17:43.0712 5320 sbapifs (3d6ba67c758735918e323d4d6f64449a) C:\Windows\system32\DRIVERS\sbapifs.sys
00:17:43.0712 5320 sbapifs - ok
00:17:43.0774 5320 SbFw (9c9bcc79aef0aa97f16766c498002d36) C:\Windows\system32\drivers\SbFw.sys
00:17:43.0774 5320 SbFw - ok
00:17:43.0790 5320 SBFWIMCL (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\sbfwim.sys
00:17:43.0790 5320 SBFWIMCL - ok
00:17:43.0836 5320 SBFWIMCLMP (f27b38d70b7621378161d6f48be04d2c) C:\Windows\system32\DRIVERS\SBFWIM.sys
00:17:43.0836 5320 SBFWIMCLMP - ok
00:17:43.0914 5320 sbhips (53e5e7dc26bb920b97f258bbd52abfdc) C:\Windows\system32\drivers\sbhips.sys
00:17:43.0914 5320 sbhips - ok
00:17:43.0961 5320 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
00:17:43.0961 5320 sbp2port - ok
00:17:44.0039 5320 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\Windows\system32\drivers\SBREdrv.sys
00:17:44.0039 5320 SBRE - ok
00:17:44.0117 5320 SbTis (6468e2973e04525decc105947ddd0d34) C:\Windows\system32\drivers\sbtis.sys
00:17:44.0117 5320 SbTis - ok
00:17:44.0164 5320 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
00:17:44.0164 5320 SCardSvr - ok
00:17:44.0195 5320 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
00:17:44.0195 5320 scfilter - ok
00:17:44.0289 5320 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
00:17:44.0304 5320 Schedule - ok
00:17:44.0336 5320 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
00:17:44.0336 5320 SCPolicySvc - ok
00:17:44.0367 5320 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
00:17:44.0382 5320 SDRSVC - ok
00:17:44.0414 5320 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:17:44.0414 5320 secdrv - ok
00:17:44.0445 5320 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
00:17:44.0445 5320 seclogon - ok
00:17:44.0460 5320 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
00:17:44.0460 5320 SENS - ok
00:17:44.0492 5320 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
00:17:44.0492 5320 SensrSvc - ok
00:17:44.0538 5320 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
00:17:44.0538 5320 Serenum - ok
00:17:44.0554 5320 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
00:17:44.0554 5320 Serial - ok
00:17:44.0570 5320 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
00:17:44.0570 5320 sermouse - ok
00:17:44.0616 5320 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
00:17:44.0632 5320 SessionEnv - ok
00:17:44.0663 5320 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
00:17:44.0663 5320 sffdisk - ok
00:17:44.0710 5320 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:17:44.0710 5320 sffp_mmc - ok
00:17:44.0726 5320 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:17:44.0726 5320 sffp_sd - ok
00:17:44.0757 5320 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
00:17:44.0757 5320 sfloppy - ok
00:17:44.0850 5320 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
00:17:44.0850 5320 SharedAccess - ok
00:17:44.0882 5320 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
00:17:44.0897 5320 ShellHWDetection - ok
00:17:44.0928 5320 simptcp (f5aaa8cdda25b6387af590d676d25bad) C:\Windows\System32\tcpsvcs.exe
00:17:44.0928 5320 simptcp - ok
00:17:44.0960 5320 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
00:17:44.0960 5320 sisagp - ok
00:17:44.0975 5320 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:17:44.0975 5320 SiSRaid2 - ok
00:17:45.0006 5320 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
00:17:45.0006 5320 SiSRaid4 - ok
00:17:45.0022 5320 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
00:17:45.0022 5320 Smb - ok
00:17:45.0053 5320 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
00:17:45.0069 5320 SNMPTRAP - ok
00:17:45.0116 5320 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
00:17:45.0116 5320 spldr - ok
00:17:45.0147 5320 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
00:17:45.0162 5320 Spooler - ok
00:17:45.0240 5320 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
00:17:45.0287 5320 sppsvc - ok
00:17:45.0365 5320 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
00:17:45.0365 5320 sppuinotify - ok
00:17:45.0412 5320 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
00:17:45.0428 5320 sptd - ok
00:17:45.0552 5320 SRSHDAudioService (ca132993b51a0f7f635b3740065acda8) C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe
00:17:45.0552 5320 SRSHDAudioService - ok
00:17:45.0630 5320 SRS_HDAL_Service (55426fed504356125080d1085024564c) C:\Windows\system32\drivers\SRS_HDAL_i386.sys
00:17:45.0646 5320 SRS_HDAL_Service - ok
00:17:45.0677 5320 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
00:17:45.0693 5320 srv - ok
00:17:45.0755 5320 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
00:17:45.0771 5320 srv2 - ok
00:17:45.0786 5320 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
00:17:45.0786 5320 srvnet - ok
00:17:45.0849 5320 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
00:17:45.0864 5320 SSDPSRV - ok
00:17:45.0880 5320 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
00:17:45.0880 5320 SstpSvc - ok
00:17:45.0927 5320 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
00:17:45.0927 5320 stexstor - ok
00:17:46.0005 5320 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
00:17:46.0005 5320 StiSvc - ok
00:17:46.0052 5320 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
00:17:46.0052 5320 storflt - ok
00:17:46.0114 5320 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
00:17:46.0130 5320 StorSvc - ok
00:17:46.0161 5320 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
00:17:46.0161 5320 storvsc - ok
00:17:46.0192 5320 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
00:17:46.0192 5320 swenum - ok
00:17:46.0223 5320 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
00:17:46.0223 5320 swprv - ok
00:17:46.0286 5320 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
00:17:46.0317 5320 SysMain - ok
00:17:46.0379 5320 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
00:17:46.0379 5320 TabletInputService - ok
00:17:46.0426 5320 tap0901 (11d34fc869f5bda29949fe3858380894) C:\Windows\system32\DRIVERS\tap0901.sys
00:17:46.0426 5320 tap0901 - ok
00:17:46.0457 5320 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
00:17:46.0457 5320 TapiSrv - ok
00:17:46.0504 5320 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
00:17:46.0504 5320 TBS - ok
00:17:46.0566 5320 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
00:17:46.0582 5320 Tcpip - ok
00:17:46.0676 5320 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
00:17:46.0676 5320 TCPIP6 - ok
00:17:46.0722 5320 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
00:17:46.0738 5320 tcpipreg - ok
00:17:46.0769 5320 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
00:17:46.0769 5320 TDPIPE - ok
00:17:46.0816 5320 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
00:17:46.0816 5320 TDTCP - ok
00:17:46.0878 5320 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
00:17:46.0878 5320 tdx - ok
00:17:46.0910 5320 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
00:17:46.0910 5320 TermDD - ok
00:17:46.0941 5320 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
00:17:46.0972 5320 TermService - ok
00:17:47.0003 5320 Themes (59cfda4eacb3788f8b17f87b49b0ac0e) C:\Windows\system32\themeservice.dll
00:17:47.0003 5320 Themes - ok
00:17:47.0034 5320 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
00:17:47.0034 5320 THREADORDER - ok
00:17:47.0081 5320 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\Windows\system32\drivers\tiehdusb.sys
00:17:47.0081 5320 TIEHDUSB - ok
00:17:47.0112 5320 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
00:17:47.0112 5320 TrkWks - ok
00:17:47.0144 5320 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
00:17:47.0159 5320 TrustedInstaller - ok
00:17:47.0206 5320 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:17:47.0206 5320 tssecsrv - ok
00:17:47.0237 5320 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
00:17:47.0253 5320 tunnel - ok
00:17:47.0268 5320 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
00:17:47.0268 5320 uagp35 - ok
00:17:47.0284 5320 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
00:17:47.0284 5320 udfs - ok
00:17:47.0315 5320 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
00:17:47.0331 5320 UI0Detect - ok
00:17:47.0362 5320 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
00:17:47.0362 5320 uliagpkx - ok
00:17:47.0378 5320 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
00:17:47.0378 5320 umbus - ok
00:17:47.0409 5320 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
00:17:47.0409 5320 UmPass - ok
00:17:47.0424 5320 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
00:17:47.0440 5320 UmRdpService - ok
00:17:47.0471 5320 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
00:17:47.0471 5320 upnphost - ok
00:17:47.0596 5320 UrlFilter (b848f444340ab5eb8d8773b0ff4e0547) C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys
00:17:47.0596 5320 UrlFilter - ok
00:17:47.0690 5320 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
00:17:47.0690 5320 USBAAPL - ok
00:17:47.0752 5320 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
00:17:47.0768 5320 usbaudio - ok
00:17:47.0799 5320 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\drivers\usbccgp.sys
00:17:47.0799 5320 usbccgp - ok
00:17:47.0846 5320 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
00:17:47.0846 5320 usbcir - ok
00:17:47.0877 5320 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
00:17:47.0877 5320 usbehci - ok
00:17:47.0924 5320 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
00:17:47.0924 5320 usbhub - ok
00:17:47.0970 5320 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
00:17:47.0970 5320 usbohci - ok
00:17:48.0033 5320 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
00:17:48.0033 5320 usbprint - ok
00:17:48.0080 5320 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
00:17:48.0095 5320 usbscan - ok
00:17:48.0126 5320 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:17:48.0126 5320 USBSTOR - ok
00:17:48.0173 5320 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
00:17:48.0189 5320 usbuhci - ok
00:17:48.0220 5320 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
00:17:48.0220 5320 UxSms - ok
00:17:48.0267 5320 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
00:17:48.0267 5320 VaultSvc - ok
00:17:48.0345 5320 VBoxDrv (5e9d1e2a08cf6c681cd92ec40105f17a) C:\Windows\system32\DRIVERS\VBoxDrv.sys
00:17:48.0345 5320 VBoxDrv - ok
00:17:48.0376 5320 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
00:17:48.0392 5320 vdrvroot - ok
00:17:48.0423 5320 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
00:17:48.0423 5320 vds - ok
00:17:48.0470 5320 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
00:17:48.0470 5320 vga - ok
00:17:48.0532 5320 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
00:17:48.0532 5320 VgaSave - ok
00:17:48.0579 5320 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
00:17:48.0579 5320 vhdmp - ok
00:17:48.0594 5320 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
00:17:48.0594 5320 viaagp - ok
00:17:48.0626 5320 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
00:17:48.0626 5320 ViaC7 - ok
00:17:48.0657 5320 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
00:17:48.0657 5320 viaide - ok
00:17:48.0704 5320 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
00:17:48.0719 5320 vmbus - ok
00:17:48.0735 5320 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
00:17:48.0735 5320 VMBusHID - ok
00:17:48.0766 5320 VMnetAdapter - ok
00:17:48.0813 5320 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
00:17:48.0813 5320 volmgr - ok
00:17:48.0844 5320 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
00:17:48.0844 5320 volmgrx - ok
00:17:48.0875 5320 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
00:17:48.0875 5320 volsnap - ok
00:17:48.0922 5320 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
00:17:48.0922 5320 vsmraid - ok
00:17:48.0969 5320 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
00:17:49.0000 5320 VSS - ok
00:17:49.0062 5320 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
00:17:49.0062 5320 vwifibus - ok
00:17:49.0078 5320 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
00:17:49.0078 5320 vwififlt - ok
00:17:49.0125 5320 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
00:17:49.0125 5320 W32Time - ok
00:17:49.0156 5320 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
00:17:49.0156 5320 WacomPen - ok
00:17:49.0234 5320 WAEMU (9024c9255f102fcd828b7796cb211f3a) C:\Windows\system32\Drivers\waemu.sys
00:17:49.0234 5320 WAEMU - ok
00:17:49.0281 5320 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
00:17:49.0281 5320 WANARP - ok
00:17:49.0296 5320 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
00:17:49.0296 5320 Wanarpv6 - ok
00:17:49.0343 5320 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
00:17:49.0374 5320 WatAdminSvc - ok
00:17:49.0421 5320 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
00:17:49.0452 5320 wbengine - ok
00:17:49.0562 5320 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
00:17:49.0562 5320 WbioSrvc - ok
00:17:49.0608 5320 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
00:17:49.0608 5320 wcncsvc - ok
00:17:49.0655 5320 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
00:17:49.0655 5320 WcsPlugInService - ok
00:17:49.0702 5320 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
00:17:49.0702 5320 Wd - ok
00:17:49.0749 5320 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
00:17:49.0749 5320 WDC_SAM - ok
00:17:49.0842 5320 WDDMService (dbbab783009fbdf69b222641bb7831ae) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
00:17:49.0842 5320 WDDMService - ok
00:17:49.0936 5320 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:17:49.0936 5320 Wdf01000 - ok
00:17:50.0045 5320 WDFME (a787a567b3470c91c487ece90cf7509c) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
00:17:50.0076 5320 WDFME - ok
00:17:50.0139 5320 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
00:17:50.0139 5320 WdiServiceHost - ok
00:17:50.0139 5320 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
00:17:50.0154 5320 WdiSystemHost - ok
00:17:50.0264 5320 WDSC (b30940e39d5b3218958dbd2ea3d13bcb) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
00:17:50.0264 5320 WDSC - ok
00:17:50.0342 5320 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
00:17:50.0357 5320 WebClient - ok
00:17:50.0388 5320 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
00:17:50.0388 5320 Wecsvc - ok
00:17:50.0404 5320 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
00:17:50.0420 5320 wercplsupport - ok
00:17:50.0451 5320 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
00:17:50.0451 5320 WerSvc - ok
00:17:50.0482 5320 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
00:17:50.0482 5320 WfpLwf - ok
00:17:50.0529 5320 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
00:17:50.0529 5320 WIMMount - ok
00:17:50.0607 5320 WinArchiver Service (126cafb59f3aab529ab4f474a20e0f51) C:\Program Files\WinArchiver Virtual Drive\WAService.exe
00:17:50.0607 5320 WinArchiver Service - ok
00:17:50.0638 5320 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
00:17:50.0654 5320 WinDefend - ok
00:17:50.0669 5320 WinHttpAutoProxySvc - ok
00:17:50.0763 5320 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
00:17:50.0763 5320 Winmgmt - ok
00:17:50.0825 5320 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
00:17:50.0841 5320 WinRM - ok
00:17:50.0950 5320 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
00:17:50.0950 5320 WinUsb - ok
00:17:50.0997 5320 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
00:17:51.0012 5320 Wlansvc - ok
00:17:51.0059 5320 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:17:51.0059 5320 WmiAcpi - ok
00:17:51.0106 5320 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
00:17:51.0106 5320 wmiApSrv - ok
00:17:51.0168 5320 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:17:51.0184 5320 WMPNetworkSvc - ok
00:17:51.0262 5320 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
00:17:51.0262 5320 WPCSvc - ok
00:17:51.0293 5320 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
00:17:51.0293 5320 WPDBusEnum - ok
00:17:51.0340 5320 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
00:17:51.0340 5320 ws2ifsl - ok
00:17:51.0402 5320 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
00:17:51.0402 5320 wscsvc - ok
00:17:51.0418 5320 WSearch - ok
00:17:51.0480 5320 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
00:17:51.0512 5320 wuauserv - ok
00:17:51.0574 5320 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
00:17:51.0574 5320 WudfPf - ok
00:17:51.0590 5320 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:17:51.0605 5320 WUDFRd - ok
00:17:51.0621 5320 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
00:17:51.0636 5320 wudfsvc - ok
00:17:51.0668 5320 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
00:17:51.0668 5320 WwanSvc - ok
00:17:51.0777 5320 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:17:51.0824 5320 \Device\Harddisk0\DR0 - ok
00:17:51.0855 5320 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
00:17:51.0855 5320 \Device\Harddisk1\DR1 - ok
00:17:51.0870 5320 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
00:17:51.0870 5320 \Device\Harddisk2\DR2 - ok
00:17:51.0870 5320 Boot (0x1200) (3deb9bd761872433ad2ead8bf220e4f1) \Device\Harddisk0\DR0\Partition0
00:17:51.0886 5320 \Device\Harddisk0\DR0\Partition0 - ok
00:17:51.0886 5320 Boot (0x1200) (b24dbb766060d388ac94a2c8f6ee58fc) \Device\Harddisk0\DR0\Partition1
00:17:51.0886 5320 \Device\Harddisk0\DR0\Partition1 - ok
00:17:51.0886 5320 Boot (0x1200) (c5f7d6bb23a88da5eb91402c610c9530) \Device\Harddisk1\DR1\Partition0
00:17:51.0886 5320 \Device\Harddisk1\DR1\Partition0 - ok
00:17:51.0902 5320 Boot (0x1200) (046a5f89b9a5f6b9260f98e8243f6186) \Device\Harddisk2\DR2\Partition0
00:17:51.0902 5320 \Device\Harddisk2\DR2\Partition0 - ok
00:17:51.0902 5320 ============================================================
00:17:51.0902 5320 Scan finished
00:17:51.0902 5320 ============================================================
00:17:51.0902 2576 Detected object count: 0
00:17:51.0902 2576 Actual detected object count: 0

#9 imackin

imackin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 09 April 2012 - 12:43 AM

I got a message that "a problem caused avast anti-virus to stop..." then it said Windows would tell tell me why, but the window just stayed on my screen till I closed it. Running again...

#10 imackin

imackin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 09 April 2012 - 12:59 AM

aswMBR stopped again, same spot "C:\Users\Mac\Desktop\SupportConsole.exe" text in yellow.

#11 imackin

imackin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 09 April 2012 - 01:00 AM

Bedtime, back in 6-8 hrs.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:51 PM

Posted 09 April 2012 - 01:28 AM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 imackin

imackin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 09 April 2012 - 03:54 AM

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 14-03-2012
Ran by SYSTEM at 09-04-2012 01:55:07
Running from J:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [198032 2011-10-21] (Lavasoft)
HKLM\...\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot [329312 2012-03-25] (BillP Studios)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9210400 2012-02-14] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [171032 2010-04-21] (Intel Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [136216 2010-04-21] (Intel Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [169496 2010-04-21] (Intel Corporation)
HKLM\...\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart [4453208 2012-01-12] (IObit)
HKLM\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.)
HKU\Mac\...\Run: [16AC0BE06752D674A114863D1465FB06256C8EB0._service_run] "C:\Users\Mac\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service [1224176 2012-04-03] (Google Inc.)
HKU\Mac\...\Run: [PowerSuite] "C:\PROGRA~1\Uniblue\POWERS~1\launcher.exe" delay 20000 -m [67448 2011-09-12] (Uniblue Systems Limited)
HKU\Mac\...\Run: [SRSHDAudioLab] "C:\Program Files\SRS Labs\SRS HD Audio Lab\HDAL.exe" auto [546816 2011-09-23] (SRS Labs, Inc.)
HKU\Mac\...\Run: [Remote Mouse] C:\Program Files\Remote Mouse\RemoteMouse.exe [874496 2011-03-31] ()
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

================================ Services (Whitelisted) ==================

2 Ad-Aware Service; "C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe" [1161072 2012-03-29] (Lavasoft Limited)
2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe [87968 2012-02-14] (Andrea Electronics Corporation)
2 AMD External Events Utility; C:\Windows\System32\atiesrxx.exe [176128 2011-04-19] (AMD)
2 DokanMounter; C:\Program Files\Dokan\DokanLibrary\mounter.exe [11776 2010-07-05] ()
2 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [1045256 2011-09-23] (Acresso Software Inc.)
2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)
2 LMIGuardianSvc; "C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe" [374152 2011-03-01] (LogMeIn, Inc.)
4 LMIMaint; "C:\Program Files\LogMeIn\x86\RaMaint.exe" [136584 2011-03-01] (LogMeIn, Inc.)
4 LogMeIn; "C:\Program Files\LogMeIn\x86\LogMeIn.exe" [390528 2010-11-08] (LogMeIn, Inc.)
4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [124240 2010-03-18] (Microsoft Corporation)
4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
2 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [124240 2010-03-18] (Microsoft Corporation)
3 OpenVPNService; "C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe" [36352 2011-07-13] ()
2 SBAMSvc; "C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe" [2804280 2011-05-17] (Sunbelt Software)
3 simptcp; C:\Windows\System32\tcpsvcs.exe [9216 2009-07-13] (Microsoft Corporation)
2 SRSHDAudioService; "C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe" [12592 2010-09-13] (SRS Labs, Inc.)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-13] (Microsoft Corporation)
2 WDDMService; "C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe" [237056 2010-09-08] (WDC)
2 WDFME; "C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe" [1034752 2010-09-08] ()
2 WDSC; "C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe" [484352 2010-09-08] ()
2 WinArchiver Service; C:\Program Files\WinArchiver Virtual Drive\WAService.exe [192512 2010-11-10] ()
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]

========================== Drivers (Whitelisted) =============

3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [7772160 2011-04-19] (ATI Technologies Inc.)
3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [243712 2011-04-19] (Advanced Micro Devices, Inc.)
3 applebmt; C:\Windows\System32\DRIVERS\applebmt.sys [34304 2009-10-15] (Apple Inc.)
3 applewtp; C:\Windows\System32\DRIVERS\applewtp.sys [38400 2010-07-21] (Apple Inc.)
3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [28256 2010-06-24] (Applian Technologies Inc.)
3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [28256 2010-06-24] (Applian Technologies Inc.)
3 BackupReader; C:\Windows\System32\DRIVERS\BackupReader.sys [53376 2011-01-23] (Microsoft Corporation)
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-13] (Microsoft Corporation)
3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [225280 2011-07-19] (Intel Corporation)
2 cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x32.sys [12672 2009-03-26] (Windows ® Codename Longhorn DDK provider)
2 Dokan; \??\C:\Windows\system32\drivers\dokan.sys [84992 2010-07-05] (Windows ® Win 7 DDK provider)
4 FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [20336 2012-01-05] (IObit)
3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [53184 2009-07-15] (FTDI Ltd.)
3 FTSER2K; C:\Windows\System32\drivers\ftser2k.sys [71488 2009-07-15] (FTDI Ltd.)
3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [47104 2011-07-19] (Intel Corporation)
2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2010-09-17] (LogMeIn, Inc.)
3 lmimirr; C:\Windows\System32\DRIVERS\lmimirr.sys [10144 2010-09-17] (LogMeIn, Inc.)
2 LMIRfsDriver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [47640 2010-09-17] (LogMeIn, Inc.)
3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [17408 2009-08-28] (Apple Inc.)
2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [16472 2010-08-16] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [11104 2010-08-16] ()
3 RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [30600 2011-09-20] (IObit.com)
3 RTL8187; C:\Windows\System32\DRIVERS\rtl8187.sys [375808 2010-01-07] (Realtek Semiconductor Corporation )
2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [74968 2011-05-11] (Sunbelt Software)
1 SbFw; C:\Windows\System32\drivers\SbFw.sys [221784 2011-04-05] (Sunbelt Software, Inc.)
3 SBFWIMCL; C:\Windows\System32\DRIVERS\sbfwim.sys [69208 2011-02-08] (Sunbelt Software, Inc.)
3 SBFWIMCLMP; C:\Windows\System32\DRIVERS\SBFWIM.sys [69208 2011-02-08] (Sunbelt Software, Inc.)
3 sbhips; C:\Windows\System32\drivers\sbhips.sys [94040 2011-04-05] (Sunbelt Software, Inc.)
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [101720 2011-04-29] (Sunbelt Software)
1 SbTis; C:\Windows\System32\drivers\sbtis.sys [78936 2011-04-05] (Sunbelt Software, Inc.)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-04-25] (Duplex Secure Ltd.)
3 SRS_HDAL_Service; C:\Windows\System32\drivers\SRS_HDAL_i386.sys [384752 2010-07-02] ()
3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26112 2010-08-20] (The OpenVPN Project)
3 TIEHDUSB; C:\Windows\System32\drivers\tiehdusb.sys [49536 2004-02-04] (Texas Instruments Incorporated)
3 UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [19792 2011-09-20] (IObit.com)
1 VBoxDrv; C:\Windows\System32\DRIVERS\VBoxDrv.sys [158512 2012-04-03] (Oracle Corporation)
0 WAEMU; C:\Windows\System32\Drivers\waemu.sys [91490 2010-11-10] (WinArchiver Computing, Inc.)
3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam.sys [11520 2009-02-13] (Western Digital Technologies)
1 ArcSec; C:\Windows\System32\drivers\ArcSec.sys [x]
3 catchme; \??\C:\Users\Mac\AppData\Local\Temp\catchme.sys [x]
2 EPSON_EB_RPCV4_01; [x]
2 EPSON_PM_RPCV4_01; [x]
3 JakNDisMP; C:\Windows\System32\DRIVERS\JakNDis.sys [x]
4 LMIRfsClientNP; [x]
3 pgfilter; [x]
1 SASDIFSV; [x]
1 SASKUTIL; [x]
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-04-09 01:55 - 2012-04-09 01:55 - 0000000 ____D C:\FRST
2012-04-08 21:17 - 2012-04-08 21:24 - 0141488 ____A C:\TDSSKiller.2.7.26.0_09.04.2012_00.17.01_log.txt
2012-04-08 18:33 - 2012-04-08 18:33 - 0021518 ____A C:\ComboFix.txt
2012-04-08 18:33 - 2012-04-08 18:33 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-08 18:24 - 2012-04-08 18:32 - 0000000 ____D C:\Windows\ERDNT
2012-04-08 18:24 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-04-08 18:24 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-04-08 18:24 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-04-08 18:24 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-04-08 18:24 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-04-08 18:24 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-04-08 18:24 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-04-08 15:25 - 2012-04-08 21:23 - 0000000 ____D C:\Users\Mac\Desktop\Fix me
2012-04-08 15:03 - 2012-04-08 15:04 - 0000020 ____A C:\Users\Mac\defogger_reenable
2012-04-05 06:28 - 2012-04-05 07:30 - 0000000 ____D C:\Program Files\databull
2012-04-05 06:28 - 2012-04-05 06:28 - 0000906 ____A C:\Users\Mac\Desktop\DataBull.lnk
2012-04-05 06:28 - 2004-04-19 15:13 - 0434176 ____A () C:\Windows\System32\METALIB.DLL
2012-04-05 06:28 - 2001-04-14 02:32 - 0094480 ____A (Microsoft Corporation) C:\Windows\System32\msjro.dll
2012-04-05 06:28 - 2000-07-14 22:00 - 0101888 ____A (Microsoft Corporation) C:\Windows\System32\VB6STKIT.DLL
2012-04-05 06:28 - 2000-06-12 22:00 - 1234704 ____A (Microsoft Corporation) C:\Windows\System32\MSJT4JLT.DLL
2012-04-05 06:28 - 2000-05-21 22:00 - 0438976 ____A (Microsoft Corporation) C:\Windows\System32\MSHFLXGD.OCX
2012-04-05 06:28 - 2000-05-21 22:00 - 0115920 ____A (Microsoft Corporation) C:\Windows\System32\MSINET.OCX
2012-04-05 06:28 - 1998-08-10 15:56 - 0089360 ____A (Microsoft Corporation) C:\Windows\System32\VB5DB.DLL
2012-04-05 05:54 - 2008-01-30 14:36 - 0090112 ____A (MindVision Software) C:\Windows\unvise32.exe
2012-04-05 05:53 - 2012-04-05 05:55 - 0000000 ____D C:\Program Files\HSQuote V1
2012-04-05 05:53 - 2012-04-05 05:53 - 0000748 ____A C:\Users\Mac\Desktop\HSQuote V1.lnk
2012-04-05 05:44 - 2012-04-05 19:46 - 0001448 ____A C:\Windows\ydownloaderlibpr.ini
2012-04-05 05:44 - 2012-04-05 05:44 - 0087671 ____A C:\Windows\Yahoo & Google Historical Quotes Downloader Uninstaller.exe
2012-04-05 05:43 - 2012-04-05 05:44 - 0000000 ____D C:\Program Files\Yahoo & Google Historical Quotes Downloader
2012-04-05 05:43 - 2012-04-05 05:43 - 0000000 ____D C:\Program Files\Common Files\Thraex Software
2012-04-05 03:01 - 2012-04-05 03:01 - 0000000 ____D C:\Program Files\Quote Downloader
2012-04-05 01:36 - 2012-04-05 02:10 - 7099490 ____A C:\Users\Mac\Downloads\setup.exe
2012-04-04 20:47 - 2012-04-04 20:47 - 0000000 ____D C:\Users\Mac\VirtualBox VMs
2012-04-04 20:41 - 2012-04-04 20:41 - 0001069 ____A C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2012-04-04 20:41 - 2012-04-04 20:41 - 0000000 ____D C:\Program Files\Oracle
2012-04-04 20:41 - 2012-04-03 11:47 - 0158512 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2012-04-04 20:18 - 2012-04-08 22:00 - 0000000 ____D C:\Users\Mac\.VirtualBox
2012-04-04 16:33 - 2012-04-04 16:33 - 0001017 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-04-04 16:09 - 2012-04-04 16:09 - 0001000 ____A C:\Users\Mac\Desktop\Stock Spy Demo.lnk
2012-04-04 16:09 - 2012-04-04 16:09 - 0000000 ____D C:\Users\Mac\.stockspy
2012-04-04 16:09 - 2012-04-04 16:09 - 0000000 ____D C:\Program Files\Stock Spy Demo
2012-04-01 23:37 - 2012-04-01 23:37 - 0001030 ____A C:\Users\Mac\Desktop\SpywareBlaster.lnk
2012-04-01 23:37 - 2012-04-01 23:37 - 0000000 ____D C:\Program Files\SpywareBlaster
2012-04-01 23:36 - 2012-04-01 23:36 - 0000000 ____D C:\Users\Mac\AppData\Roaming\WinPatrol
2012-04-01 23:36 - 2012-04-01 23:36 - 0000000 ____D C:\Users\All Users\InstallMate
2012-04-01 23:36 - 2012-04-01 23:36 - 0000000 ____D C:\ProgramData\InstallMate
2012-04-01 23:36 - 2012-04-01 23:36 - 0000000 ____D C:\Program Files\BillP Studios
2012-03-31 21:39 - 2012-03-31 21:39 - 0001190 ____A C:\Windows\System32\ServiceConfig.xml
2012-03-29 23:31 - 2012-04-08 09:00 - 0000940 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2012-03-29 23:29 - 2012-03-29 23:29 - 0000000 ____D C:\Users\Mac\AppData\Local\adaware
2012-03-29 23:28 - 2012-04-08 18:20 - 0001819 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2012-03-29 23:28 - 2012-03-29 23:29 - 0000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-03-29 23:28 - 2012-03-29 23:29 - 0000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2012-03-29 23:27 - 2012-03-29 23:27 - 0000000 ____D C:\Users\All Users\Lavasoft
2012-03-29 23:27 - 2012-03-29 23:27 - 0000000 ____D C:\ProgramData\Lavasoft
2012-03-29 23:27 - 2012-03-29 23:27 - 0000000 ____D C:\Program Files\Ad-Aware Antivirus
2012-03-29 23:27 - 2011-04-05 14:35 - 0221784 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\SbFw.sys
2012-03-29 23:27 - 2011-04-05 14:35 - 0094040 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\sbhips.sys
2012-03-29 23:27 - 2011-04-05 14:35 - 0078936 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\sbtis.sys
2012-03-29 23:27 - 2011-02-08 06:14 - 0069208 ____A (Sunbelt Software, Inc.) C:\Windows\System32\Drivers\SbFwIm.sys
2012-03-29 23:26 - 2012-04-08 15:33 - 0000000 ____D C:\Users\Mac\AppData\Roaming\Ad-Aware Antivirus
2012-03-29 22:04 - 2012-03-29 22:56 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-29 22:04 - 2012-03-29 22:56 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-03-29 22:04 - 2012-03-29 22:30 - 0000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-03-29 22:04 - 2012-03-29 22:04 - 0001209 ____A C:\Users\Mac\Desktop\Spybot - Search & Destroy.lnk
2012-03-29 21:44 - 2012-03-29 21:44 - 0002953 ____A C:\Users\Mac\Desktop\HiJackThis.lnk
2012-03-29 21:44 - 2012-03-29 21:44 - 0000000 ____D C:\Program Files\Trend Micro
2012-03-18 15:28 - 2012-03-18 15:28 - 0086686 ____A C:\Users\Mac\Documents\Raspberry Order Information _ Newark.pdf
2012-03-14 00:00 - 2011-11-19 06:25 - 3957616 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-14 00:00 - 2011-11-19 06:25 - 3902320 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-13 19:30 - 2012-02-09 21:41 - 1170944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-03-13 19:30 - 2012-02-09 21:41 - 1074176 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-13 19:30 - 2012-02-09 21:41 - 0739840 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-03-13 19:30 - 2012-02-09 21:41 - 0218624 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-03-13 19:30 - 2012-02-09 21:41 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-03-13 19:30 - 2012-02-02 20:01 - 2341376 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-13 19:27 - 2012-02-14 21:44 - 0826368 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-03-13 19:27 - 2012-02-14 20:22 - 0177152 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-03-13 19:27 - 2012-02-14 20:22 - 0024064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-03-13 19:27 - 2012-01-24 21:44 - 0129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-03-13 19:27 - 2012-01-24 21:44 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-03-13 19:27 - 2012-01-24 21:40 - 0008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

============ 3 Months Modified Files and Folders ===============

2012-04-09 01:55 - 2012-04-09 01:55 - 0000000 ____D C:\FRST
2012-04-08 22:44 - 2011-02-21 16:46 - 0196608 ____A C:\Windows\System32\Ikeext.etl
2012-04-08 22:44 - 2010-01-14 12:51 - 0000000 ____D C:\Users\Mac\AppData\Roaming\uTorrent
2012-04-08 22:44 - 2010-01-14 07:13 - 1588356 ____A C:\Windows\WindowsUpdate.log
2012-04-08 22:37 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\NDF
2012-04-08 22:31 - 2010-01-14 12:35 - 0000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-824401905-3867496203-3588383978-1000UA.job
2012-04-08 22:00 - 2012-04-04 20:18 - 0000000 ____D C:\Users\Mac\.VirtualBox
2012-04-08 21:24 - 2012-04-08 21:17 - 0141488 ____A C:\TDSSKiller.2.7.26.0_09.04.2012_00.17.01_log.txt
2012-04-08 21:23 - 2012-04-08 15:25 - 0000000 ____D C:\Users\Mac\Desktop\Fix me
2012-04-08 18:33 - 2012-04-08 18:33 - 0021518 ____A C:\ComboFix.txt
2012-04-08 18:33 - 2012-04-08 18:33 - 0000000 __SHD C:\$RECYCLE.BIN
2012-04-08 18:33 - 2010-01-29 16:22 - 0000000 ____D C:\Qoobox
2012-04-08 18:33 - 2009-07-13 18:37 - 0000000 __RHD C:\users\Default
2012-04-08 18:33 - 2009-07-13 18:37 - 0000000 ___RD C:\users\Public
2012-04-08 18:32 - 2012-04-08 18:24 - 0000000 ____D C:\Windows\ERDNT
2012-04-08 18:31 - 2010-01-14 07:13 - 0000000 ____D C:\users\Mac
2012-04-08 18:31 - 2009-07-13 18:04 - 0000215 ____A C:\Windows\system.ini
2012-04-08 18:31 - 2009-07-13 18:04 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-04-08 18:20 - 2012-03-29 23:28 - 0001819 ____A C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2012-04-08 18:20 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-04-08 18:10 - 2009-07-13 20:34 - 0014448 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-08 18:10 - 2009-07-13 20:34 - 0014448 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-08 18:07 - 2010-01-14 21:58 - 0784738 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-08 18:03 - 2010-01-30 10:30 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-04-08 18:03 - 2010-01-14 21:50 - 1609814016 __ASH C:\hiberfil.sys
2012-04-08 18:03 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-08 18:03 - 2009-07-13 20:39 - 0082680 ____A C:\Windows\setupact.log
2012-04-08 15:33 - 2012-03-29 23:26 - 0000000 ____D C:\Users\Mac\AppData\Roaming\Ad-Aware Antivirus
2012-04-08 15:04 - 2012-04-08 15:03 - 0000020 ____A C:\Users\Mac\defogger_reenable
2012-04-08 09:56 - 2011-03-11 19:21 - 0000000 ___RD C:\Users\Mac\Dropbox
2012-04-08 09:56 - 2011-03-11 19:11 - 0000000 ____D C:\Users\Mac\AppData\Roaming\Dropbox
2012-04-08 09:55 - 2011-03-11 19:21 - 0001006 ____A C:\Users\Mac\Desktop\Dropbox.lnk
2012-04-08 09:55 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\tracing
2012-04-08 09:31 - 2010-01-14 12:35 - 0000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-824401905-3867496203-3588383978-1000Core.job
2012-04-08 09:00 - 2012-03-29 23:31 - 0000940 ____A C:\Windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
2012-04-07 19:54 - 2011-07-23 19:25 - 0000000 ____D C:\Users\All Users\FLEXnet
2012-04-07 19:54 - 2011-07-23 19:25 - 0000000 ____D C:\ProgramData\FLEXnet
2012-04-07 19:53 - 2010-07-18 15:27 - 0000000 ____D C:\Config.Msi
2012-04-05 19:46 - 2012-04-05 05:44 - 0001448 ____A C:\Windows\ydownloaderlibpr.ini
2012-04-05 19:41 - 2011-07-06 20:26 - 0000000 ____D C:\Program Files\VMware
2012-04-05 18:32 - 2010-02-03 18:10 - 0002551 ____A C:\Users\Mac\Desktop\Google Chrome.lnk
2012-04-05 07:30 - 2012-04-05 06:28 - 0000000 ____D C:\Program Files\databull
2012-04-05 07:20 - 2010-04-25 12:41 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-05 07:20 - 2010-04-25 12:41 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-05 06:48 - 2011-02-19 19:22 - 0000000 ____D C:\Program Files\Everything
2012-04-05 06:28 - 2012-04-05 06:28 - 0000906 ____A C:\Users\Mac\Desktop\DataBull.lnk
2012-04-05 05:55 - 2012-04-05 05:53 - 0000000 ____D C:\Program Files\HSQuote V1
2012-04-05 05:53 - 2012-04-05 05:53 - 0000748 ____A C:\Users\Mac\Desktop\HSQuote V1.lnk
2012-04-05 05:44 - 2012-04-05 05:44 - 0087671 ____A C:\Windows\Yahoo & Google Historical Quotes Downloader Uninstaller.exe
2012-04-05 05:44 - 2012-04-05 05:43 - 0000000 ____D C:\Program Files\Yahoo & Google Historical Quotes Downloader
2012-04-05 05:43 - 2012-04-05 05:43 - 0000000 ____D C:\Program Files\Common Files\Thraex Software
2012-04-05 03:01 - 2012-04-05 03:01 - 0000000 ____D C:\Program Files\Quote Downloader
2012-04-05 02:39 - 2010-01-30 09:51 - 0156680 ____A C:\Windows\PFRO.log
2012-04-05 02:36 - 2010-09-01 19:42 - 0000000 ____D C:\Users\All Users\webex
2012-04-05 02:36 - 2010-09-01 19:42 - 0000000 ____D C:\ProgramData\webex
2012-04-05 02:36 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-05 02:18 - 2010-07-24 13:22 - 0000000 ____D C:\Program Files\Mozilla Firefox
2012-04-05 02:10 - 2012-04-05 01:36 - 7099490 ____A C:\Users\Mac\Downloads\setup.exe
2012-04-04 20:47 - 2012-04-04 20:47 - 0000000 ____D C:\Users\Mac\VirtualBox VMs
2012-04-04 20:41 - 2012-04-04 20:41 - 0001069 ____A C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2012-04-04 20:41 - 2012-04-04 20:41 - 0000000 ____D C:\Program Files\Oracle
2012-04-04 19:49 - 2010-02-03 06:42 - 0000000 ____D C:\Users\Mac\AppData\Local\ElevatedDiagnostics
2012-04-04 16:33 - 2012-04-04 16:33 - 0001017 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-04-04 16:09 - 2012-04-04 16:09 - 0001000 ____A C:\Users\Mac\Desktop\Stock Spy Demo.lnk
2012-04-04 16:09 - 2012-04-04 16:09 - 0000000 ____D C:\Users\Mac\.stockspy
2012-04-04 16:09 - 2012-04-04 16:09 - 0000000 ____D C:\Program Files\Stock Spy Demo
2012-04-03 11:47 - 2012-04-04 20:41 - 0158512 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2012-04-01 23:37 - 2012-04-01 23:37 - 0001030 ____A C:\Users\Mac\Desktop\SpywareBlaster.lnk
2012-04-01 23:37 - 2012-04-01 23:37 - 0000000 ____D C:\Program Files\SpywareBlaster
2012-04-01 23:36 - 2012-04-01 23:36 - 0000000 ____D C:\Users\Mac\AppData\Roaming\WinPatrol
2012-04-01 23:36 - 2012-04-01 23:36 - 0000000 ____D C:\Users\All Users\InstallMate
2012-04-01 23:36 - 2012-04-01 23:36 - 0000000 ____D C:\ProgramData\InstallMate
2012-04-01 23:36 - 2012-04-01 23:36 - 0000000 ____D C:\Program Files\BillP Studios
2012-03-31 21:39 - 2012-03-31 21:39 - 0001190 ____A C:\Windows\System32\ServiceConfig.xml
2012-03-29 23:29 - 2012-03-29 23:29 - 0000000 ____D C:\Users\Mac\AppData\Local\adaware
2012-03-29 23:29 - 2012-03-29 23:28 - 0000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-03-29 23:29 - 2012-03-29 23:28 - 0000000 ____D C:\ProgramData\Ad-Aware Browsing Protection
2012-03-29 23:27 - 2012-03-29 23:27 - 0000000 ____D C:\Users\All Users\Lavasoft
2012-03-29 23:27 - 2012-03-29 23:27 - 0000000 ____D C:\ProgramData\Lavasoft
2012-03-29 23:27 - 2012-03-29 23:27 - 0000000 ____D C:\Program Files\Ad-Aware Antivirus
2012-03-29 23:27 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\DriverStore
2012-03-29 23:27 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2012-03-29 23:24 - 2011-03-27 20:20 - 0000000 ____D C:\Users\Mac\Desktop\TEXT DOCS
2012-03-29 23:21 - 2011-09-24 06:36 - 0000000 ____D C:\Users\All Users\AVG2012
2012-03-29 23:21 - 2011-09-24 06:36 - 0000000 ____D C:\ProgramData\AVG2012
2012-03-29 23:13 - 2012-02-21 16:17 - 0000000 ____D C:\Users\Mac\AppData\Roaming\gnupg
2012-03-29 23:07 - 2012-02-21 16:39 - 0000000 ____D C:\Program Files\Common Files\PGP Corporation
2012-03-29 23:05 - 2010-01-16 04:34 - 0000000 ____D C:\Program Files\AVG
2012-03-29 23:04 - 2011-02-19 18:07 - 0000000 ____D C:\Users\All Users\MFAData
2012-03-29 23:04 - 2011-02-19 18:07 - 0000000 ____D C:\ProgramData\MFAData
2012-03-29 23:01 - 2011-03-04 11:11 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-03-29 22:56 - 2012-03-29 22:04 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-03-29 22:56 - 2012-03-29 22:04 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-03-29 22:30 - 2012-03-29 22:04 - 0000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-03-29 22:04 - 2012-03-29 22:04 - 0001209 ____A C:\Users\Mac\Desktop\Spybot - Search & Destroy.lnk
2012-03-29 21:44 - 2012-03-29 21:44 - 0002953 ____A C:\Users\Mac\Desktop\HiJackThis.lnk
2012-03-29 21:44 - 2012-03-29 21:44 - 0000000 ____D C:\Program Files\Trend Micro
2012-03-28 21:56 - 2012-03-05 14:27 - 0000000 ____D C:\Users\Mac\Desktop\TAX Files
2012-03-18 15:28 - 2012-03-18 15:28 - 0086686 ____A C:\Users\Mac\Documents\Raspberry Order Information _ Newark.pdf
2012-03-14 00:21 - 2009-07-13 20:33 - 0429928 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-14 00:02 - 2010-01-17 15:07 - 54215544 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-09 09:14 - 2011-08-09 17:45 - 0006635 ____A C:\Users\Mac\Desktop\Al's favorite quotes.txt
2012-03-03 16:47 - 2012-03-03 16:47 - 0000000 ____D C:\COMPLETE
2012-03-03 02:13 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\config\TxR
2012-03-03 00:25 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\System32\LogFiles
2012-02-29 19:46 - 2012-02-29 19:46 - 0000001 ____A C:\Users\Mac\Documents\Blank
2012-02-29 19:38 - 2012-02-29 19:38 - 0000000 ____D C:\Users\Mac\AppData\Roaming\PPGP
2012-02-29 18:21 - 2011-02-21 13:52 - 0000497 ____A C:\Users\Mac\Desktop\New Text Document.txt
2012-02-29 17:26 - 2012-02-21 16:44 - 0000000 ____D C:\Users\Mac\Documents\PGP
2012-02-29 17:24 - 2011-10-26 20:54 - 0000000 ____D C:\Users\Mac\Desktop\TIX
2012-02-29 17:22 - 2012-02-21 16:44 - 0000000 ____D C:\Users\Mac\AppData\Roaming\PGP Corporation
2012-02-27 04:25 - 2012-02-27 04:24 - 0000000 ____D C:\Users\Mac\Documents\Bitinstant
2012-02-26 22:38 - 2012-02-26 22:38 - 0000000 ____D C:\Users\Mac\Documents\New folder
2012-02-21 20:30 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-02-21 16:44 - 2012-02-21 16:44 - 0000000 ____D C:\Users\Mac\AppData\Local\PGP Corporation
2012-02-21 16:43 - 2012-02-21 16:43 - 0000000 ____D C:\Users\All Users\PGP Corporation
2012-02-21 16:43 - 2012-02-21 16:43 - 0000000 ____D C:\ProgramData\PGP Corporation
2012-02-21 16:40 - 2012-02-21 16:40 - 0599854 ____A C:\Windows\System32\PGPlspRollback.reg
2012-02-21 16:39 - 2012-02-21 16:39 - 0000000 ____D C:\Program Files\PGP Corporation
2012-02-21 16:20 - 2012-02-21 16:20 - 0000000 ____D C:\Users\Mac\AppData\Local\GNU
2012-02-21 16:20 - 2012-02-21 16:20 - 0000000 ____D C:\Users\Mac\.kde
2012-02-21 16:17 - 2012-02-21 16:17 - 0000000 ____D C:\Users\All Users\GNU
2012-02-21 16:17 - 2012-02-21 16:17 - 0000000 ____D C:\ProgramData\GNU
2012-02-18 18:08 - 2012-02-18 18:08 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-02-18 18:08 - 2012-02-18 18:08 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-02-18 18:08 - 2011-10-22 20:31 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-02-18 18:08 - 2010-05-02 00:43 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-02-16 17:52 - 2010-01-14 07:13 - 0000174 ___SH C:\Users\Mac\Start Menu\Programs\Startup\desktop.ini
2012-02-16 17:52 - 2010-01-14 07:13 - 0000174 ___SH C:\Users\Mac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 17:45 - 2010-01-14 12:55 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-02-16 12:44 - 2012-02-16 11:03 - 0000000 ____D C:\Users\Mac\Desktop\TT screen shots
2012-02-16 11:14 - 2012-02-14 13:45 - 0028160 __ASH C:\Users\Mac\AppData\Roaming\Thumbs.db
2012-02-14 23:31 - 2011-06-24 21:13 - 0000000 ____D C:\Windows\rescache
2012-02-14 21:44 - 2012-03-13 19:27 - 0826368 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 20:22 - 2012-03-13 19:27 - 0177152 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:22 - 2012-03-13 19:27 - 0024064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-14 17:30 - 2012-02-13 14:54 - 0000000 ____D C:\Program Files\Your Uninstaller! 7
2012-02-14 12:00 - 2012-02-14 11:59 - 0000000 ____D C:\Windows\System32\RTCOM
2012-02-14 11:59 - 2012-02-14 11:59 - 3583008 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO.dll
2012-02-14 11:59 - 2012-02-14 11:59 - 3086752 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHDA.sys
2012-02-14 11:59 - 2012-02-14 11:59 - 1775136 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkPgExt.dll
2012-02-14 11:59 - 2012-02-14 11:59 - 1083936 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSndMgr.cpl
2012-02-14 11:59 - 2012-02-14 11:59 - 0531032 ____A (Creative Technology Ltd.) C:\Windows\System32\MBAPO32.dll
2012-02-14 11:59 - 2012-02-14 11:59 - 0367136 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApoApi.dll
2012-02-14 11:59 - 2012-02-14 11:59 - 0357576 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP32A.dll
2012-02-14 11:59 - 2012-02-14 11:59 - 0345328 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSXT.dll
2012-02-14 11:59 - 2012-02-14 11:59 - 0299424 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO.dll
2012-02-14 11:59 - 2012-02-14 11:59 - 0293584 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT32.dll
2012-02-14 11:59 - 2012-02-14 11:59 - 0293584 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA32.dll
2012-02-14 11:59 - 2012-02-14 11:59 - 0168648 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED32A.dll
2012-02-14 11:59 - 2012-02-14 11:59 - 0145760 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTACap.dll
2012-02-14 11:59 - 2012-02-14 11:59 - 0140528 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW.dll
2012-02-14 11:59 - 2012-02-14 11:59 - 0096160 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTARen.dll
2012-02-14 11:59 - 2012-02-14 11:59 - 0076488 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL32A.dll
2012-02-14 11:59 - 2012-02-14 11:59 - 0068696 ____A (Creative Technology Ltd.) C:\Windows\System32\MBWrp32.dll
2012-02-14 11:59 - 2012-02-14 11:59 - 0062664 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG32A.dll
2012-02-14 11:59 - 2012-02-14 11:59 - 0058400 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoInst.dll
2012-02-14 11:59 - 2012-02-14 11:59 - 0053848 ____A (Creative Technology Ltd.) C:\Windows\System32\MBppld32.dll
2012-02-14 11:59 - 2012-02-14 11:59 - 0050776 ____A (Creative Technology Ltd.) C:\Windows\System32\MBPPCn32.dll
2012-02-14 11:59 - 2012-02-14 11:59 - 0000000 ____D C:\Program Files\Realtek
2012-02-14 11:44 - 2012-02-14 11:44 - 0000000 ____D C:\Users\All Users\Uniblue
2012-02-14 11:44 - 2012-02-14 11:44 - 0000000 ____D C:\ProgramData\Uniblue
2012-02-14 11:43 - 2012-02-14 11:32 - 0000000 ____D C:\Users\Mac\AppData\Roaming\Uniblue
2012-02-14 11:32 - 2012-02-14 11:32 - 0001022 ____A C:\Users\Public\Desktop\PowerSuite.lnk
2012-02-14 11:32 - 2012-02-14 11:32 - 0000000 ____D C:\Program Files\Uniblue
2012-02-13 14:56 - 2011-02-27 19:58 - 0000000 ____D C:\Users\Mac\Desktop\AUDIO
2012-02-13 14:54 - 2012-02-13 14:54 - 0001023 ____A C:\Users\Mac\Desktop\Your Unin-staller!.lnk
2012-02-13 14:17 - 2012-02-13 14:17 - 0000000 ____D C:\Users\Mac\AppData\Roaming\Tific
2012-02-13 14:17 - 2012-02-13 14:17 - 0000000 ____D C:\Users\Mac\AppData\Local\tific
2012-02-13 12:55 - 2012-02-13 12:55 - 0505053 ____A C:\Users\Mac\Documents\Thank You for your Order - 1-800-FLOWERS.pdf
2012-02-13 12:15 - 2010-12-25 12:53 - 0000000 ____D C:\Program Files\Common Files\AVSMedia
2012-02-13 12:15 - 2010-12-25 12:53 - 0000000 ____D C:\Program Files\AVS4YOU
2012-02-13 12:13 - 2012-02-13 12:13 - 0000052 ___RA C:\Windows\amunres.lsl
2012-02-13 12:13 - 2011-03-11 19:05 - 0000000 ____D C:\Program Files\DVDVideoSoft
2012-02-13 12:13 - 2010-04-24 00:39 - 0000000 ____D C:\Program Files\Hot Corners 2
2012-02-13 12:07 - 2011-08-27 14:26 - 0000000 ____D C:\Users\Mac\AppData\Roaming\ArcSoft
2012-02-13 11:45 - 2010-07-18 15:24 - 0005244 ____A C:\Users\All Users\hpzinstall.log
2012-02-13 11:45 - 2010-07-18 15:24 - 0005244 ____A C:\ProgramData\hpzinstall.log
2012-02-13 11:37 - 2010-01-14 07:13 - 0000000 ____D C:\Users\Mac\AppData\LocalLow
2012-02-13 11:35 - 2009-07-13 20:52 - 0000000 ____D C:\Windows\twain_32
2012-02-13 11:33 - 2010-07-18 15:27 - 0000000 ____D C:\Program Files\HP
2012-02-13 11:29 - 2011-06-14 12:20 - 0000000 ____D C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2012-02-13 11:25 - 2011-07-06 20:26 - 0000000 ____D C:\Users\All Users\VMware
2012-02-13 11:25 - 2011-07-06 20:26 - 0000000 ____D C:\ProgramData\VMware
2012-02-13 11:22 - 2011-07-06 20:49 - 0000000 ____D C:\Users\Mac\AppData\Roaming\VMware
2012-02-13 11:17 - 2010-01-14 12:40 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-02-13 11:11 - 2011-03-12 04:13 - 0000000 ____D C:\Users\Mac\AppData\Roaming\DVDVideoSoft
2012-02-13 10:58 - 2012-02-13 10:58 - 0001578 ____A C:\Users\Mac\Desktop\DivX Movies.lnk
2012-02-13 10:58 - 2012-02-13 10:58 - 0001075 ____A C:\Users\Public\Desktop\DivX Plus Player.lnk
2012-02-13 10:58 - 2011-03-14 07:54 - 0000000 ____D C:\Users\All Users\DivX
2012-02-13 10:58 - 2011-03-14 07:54 - 0000000 ____D C:\ProgramData\DivX
2012-02-13 10:58 - 2011-03-14 07:54 - 0000000 ____D C:\Program Files\DivX
2012-02-09 21:41 - 2012-03-13 19:30 - 1170944 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-02-09 21:41 - 2012-03-13 19:30 - 1074176 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-09 21:41 - 2012-03-13 19:30 - 0739840 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-02-09 21:41 - 2012-03-13 19:30 - 0218624 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-02-09 21:41 - 2012-03-13 19:30 - 0161792 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-02-09 13:56 - 2011-06-24 17:56 - 0000000 ____D C:\Users\Mac\Desktop\New folder2
2012-02-08 22:27 - 2012-01-20 22:59 - 0000000 ____D C:\Users\Mac\AppData\Roaming\Polkast
2012-02-08 16:14 - 2012-02-08 16:14 - 0564907 ____A C:\Users\Mac\Documents\Smart Nutrition Shop_ Invoice 02.08.2012.pdf
2012-02-06 21:54 - 2012-02-05 12:11 - 0000000 ____D C:\Users\Mac\AppData\Roaming\IObit
2012-02-05 20:16 - 2010-01-16 03:01 - 0000000 ____D C:\Users\Mac\AppData\Roaming\vlc
2012-02-05 16:41 - 2012-02-05 16:39 - 0000000 ____D C:\Users\All Users\iRinger
2012-02-05 16:41 - 2012-02-05 16:39 - 0000000 ____D C:\ProgramData\iRinger
2012-02-05 16:39 - 2012-02-05 16:39 - 4815840 ____A (Make The Cut, LLC.) C:\Users\Mac\Desktop\iRinger.exe
2012-02-05 13:05 - 2012-01-12 06:18 - 0000000 ____D C:\Program Files\WMR14
2012-02-05 13:05 - 2010-06-27 11:26 - 0000000 ____D C:\Users\Mac\AppData\Local\mdnslib
2012-02-05 12:11 - 2012-02-05 12:11 - 0001124 ____A C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2012-02-05 12:11 - 2012-02-05 12:11 - 0000000 ____D C:\Program Files\IObit
2012-02-02 20:01 - 2012-03-13 19:30 - 2341376 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-29 19:10 - 2012-01-29 19:10 - 0000000 ____D C:\Program Files\Polkast
2012-01-29 19:10 - 2012-01-21 11:45 - 0001594 ____A C:\Users\Public\Desktop\Polkast.lnk
2012-01-24 21:44 - 2012-03-13 19:27 - 0129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-24 21:44 - 2012-03-13 19:27 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-24 21:40 - 2012-03-13 19:27 - 0008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-01-21 14:06 - 2012-01-21 14:06 - 0000000 ____D C:\Program Files\Microsoft Synchronization Services
2012-01-21 14:06 - 2012-01-21 14:06 - 0000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2012-01-21 13:59 - 2012-01-21 13:58 - 0000000 ____D C:\Program Files\SQL Server
2012-01-21 00:14 - 2012-01-21 00:14 - 0000000 ____D C:\Users\Mac\AppData\Local\APN
2012-01-21 00:12 - 2012-01-21 00:12 - 0001018 ____A C:\Users\Mac\Desktop\PFPortChecker.lnk
2012-01-21 00:12 - 2012-01-21 00:12 - 0000000 ____D C:\Program Files\PFPortChecker
2012-01-20 23:07 - 2012-01-20 23:07 - 0000000 ____D C:\Users\Mac\AppData\Local\IsolatedStorage
2012-01-20 23:02 - 2012-01-20 23:02 - 0000000 ___SD C:\Users\Mac\Downloads\Polkast Downloads
2012-01-20 23:01 - 2012-01-20 23:00 - 0000200 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.351.32.bc
2012-01-20 23:01 - 2012-01-20 23:00 - 0000200 ____A C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2012-01-20 15:52 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\LiveKernelReports
2012-01-12 06:34 - 2010-07-04 08:47 - 0000000 ____D C:\Program Files\WinPcap
2012-01-12 06:18 - 2012-01-12 06:18 - 0001112 ____A C:\Users\Public\Desktop\WM Converter.lnk
2012-01-12 06:18 - 2012-01-12 06:18 - 0001052 ____A C:\Users\Public\Desktop\LOOPBACK.lnk
2012-01-12 03:04 - 2012-01-12 03:04 - 0198832 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2012-01-12 03:04 - 2012-01-12 03:04 - 0001012 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-01-12 03:04 - 2012-01-12 03:04 - 0000000 ____D C:\Program Files\Common Files\xing shared
2012-01-12 03:04 - 2011-03-05 12:26 - 0000000 ____D C:\Users\Mac\AppData\Roaming\Real
2012-01-12 03:03 - 2012-01-12 03:03 - 0006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2012-01-12 03:03 - 2012-01-12 03:03 - 0005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2012-01-12 03:03 - 2010-05-15 02:18 - 0272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2012-01-12 03:03 - 2006-11-17 07:46 - 0499712 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2012-01-12 03:03 - 2006-11-17 07:46 - 0348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll
[2009-07-13 15:24] - [2009-07-13 17:16] - 0811520 ____A (Microsoft Corporation) 34B7E222E81FAFA885F0C5F2CFA56861

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 32%
Total physical RAM: 2046.99 MB
Available physical RAM: 1389.93 MB
Total Pagefile: 2046.99 MB
Available Pagefile: 1396.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.31 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:232.73 GB) (Free:51.74 GB) NTFS
4 Drive g: (WIN) (Fixed) (Total:202.88 GB) (Free:36.92 GB) NTFS
5 Drive h: (2TB) (Fixed) (Total:1862.98 GB) (Free:722.32 GB) NTFS
6 Drive i: (FLASHLIGHT) (Removable) (Total:1.86 GB) (Free:0.01 GB) FAT32
7 Drive j: (USB20FD) (Removable) (Total:7.53 GB) (Free:7.27 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 465 GB 0 B
Disk 2 Online 1862 GB 0 B
Disk 3 Online 1911 MB 0 B
Disk 4 Online 7728 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 232 GB 101 MB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y System Rese NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 232 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 29 GB 31 KB
Partition 2 Primary 232 GB 29 GB
Partition 3 Primary 202 GB 262 GB

======================================================================================================

Disk: 1
Partition 1
Type : AF
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 1
Partition 2
Type : AF
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 1
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G WIN NTFS Partition 202 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1862 GB 1024 KB

======================================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H 2TB NTFS Partition 1862 GB Healthy

======================================================================================================

Partitions of Disk 3:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1911 MB 31 KB

======================================================================================================

Disk: 3
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FLASHLIGHT FAT32 Removable 1911 MB Healthy

======================================================================================================

Partitions of Disk 4:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7727 MB 31 KB

======================================================================================================

Disk: 4
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J USB20FD FAT32 Removable 7727 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-04-01 02:43

======================= End Of Log ==========================

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:51 PM

Posted 09 April 2012 - 07:31 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java DB 10.5.3.0
Java™ 6 Update 2
Java™ 6 Update 20
Java™ 6 Update 7
Java™ SE Development Kit 6 Update 20
Java™ SE Development Kit 6 Update 21
Uniblue DriverScanner
Uniblue PowerSuite
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 imackin

imackin
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 09 April 2012 - 10:43 PM

Computer running normal as far as I can tell..... :clapping:

MBAM found 2 things an I deleted them, but i found no log. I ran it again and saved a log here it is:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.10.01

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Mac :: SEVEN [administrator]

Protection: Disabled

4/9/2012 9:24:39 PM
mbam-log-2012-04-09 (21-24-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214834
Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:44:23 PM, on 4/9/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Remote Mouse\RemoteMouse.exe
C:\Program Files\HMA! Pro VPN\bin\HMA! Pro VPN.exe
C:\Program Files\Remote Mouse\server\server.exe
C:\Windows\system32\conhost.exe
C:\Users\Mac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\DOWNLOADS\utorrent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.tuxendo.com/Search.aspx?cg=7a049a25556a46179faac14944639451&aff=189
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SearchBar.InitToolbarBHO - {1d970ed5-3eda-438d-bffd-715931e2775b} - mscoree.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [16AC0BE06752D674A114863D1465FB06256C8EB0._service_run] "C:\Users\Mac\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [Remote Mouse] C:\Program Files\Remote Mouse\RemoteMouse.exe
O4 - Startup: HMA Pro VPN 2.0.lnk = C:\Program Files\HMA! Pro VPN\bin\HMA! Pro VPN.exe
O10 - Unknown file in Winsock LSP: c:\program files\hma! pro vpn\bin\forceinterfacelsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\hma! pro vpn\bin\forceinterfacelsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\hma! pro vpn\bin\forceinterfacelsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\hma! pro vpn\bin\forceinterfacelsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\hma! pro vpn\bin\forceinterfacelsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\hma! pro vpn\bin\forceinterfacelsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DokanMounter - Unknown owner - C:\Program Files\Dokan\DokanLibrary\mounter.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - Emulex - (no file)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - Emulex - (no file)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Ad-Aware (SBAMSvc) - Sunbelt Software - C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
O23 - Service: SRS HDAudio Lab Service (SRSHDAudioService) - SRS Labs, Inc. - C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
O23 - Service: WinArchiver Service - Unknown owner - C:\Program Files\WinArchiver Virtual Drive\WAService.exe

--
End of file - 7896 bytes

Edited by imackin, 09 April 2012 - 10:48 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users