Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

codec-v help!


  • This topic is locked This topic is locked
33 replies to this topic

#1 quasar775

quasar775

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 06 May 2012 - 11:11 AM

Hello, I seem to have codec-v on my computer, which is causing firefox to blue screen. Unfortunatly my understanding of computers is limited, I've looked through other posts of the same topic but am wary of following the instructions without individual assistance.
Any help you can offer would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:52 PM

Posted 06 May 2012 - 03:42 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 quasar775

quasar775
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 08 May 2012 - 05:18 AM

Hello Gringo, thankyou for your attention. There were no problems running the programs, I am however using a different computer to use the internet. Here is the checkup.txt, followed by the DDS files.

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Free Antivirus
Online Armor 5.5
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java™ 6 Update 31
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Tall Emu Online Armor OAcat.exe
Tall Emu Online Armor oasrv.exe
Tall Emu Online Armor oaui.exe
Tall Emu Online Armor OAhlp.exe
Online Armor OAreg.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by porl at 10:59:13 on 2012-05-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6055.3790 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Online Armor Firewall *Disabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Online Armor\OAcat.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe
C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\ExpressGateUtil\VAWinService.exe
C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\ExpressGateUtil\VAWinAgent.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware2\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WUDFHost.exe
C:\Users\porl\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://asus.msn.com
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: Codecv Class: {2c84b864-4961-40b0-9afc-c7494e07f83f} - C:\ProgramData\Codecv\bhoclass.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SweetPacks Browser Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Mobile Partner] C:\Program Files (x86)\3MobileWiFi\3MobileWiFi
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun: [NokiaMusic FastStart] "C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware2\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{5F8220C3-99F9-47C9-AD27-2BCA19F1C7FD} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{5F8220C3-99F9-47C9-AD27-2BCA19F1C7FD}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{5F8220C3-99F9-47C9-AD27-2BCA19F1C7FD}\2456C6B696E6E283638333E2765756374737 : DhcpNameServer = 192.168.169.1
TCP: Interfaces\{5F8220C3-99F9-47C9-AD27-2BCA19F1C7FD}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9FB83F74-0407-43B0-8A85-550F17380B66} : NameServer = 217.171.135.1 217.171.132.1
TCP: Interfaces\{DC02AA05-D5BA-44B4-8C4C-51F3DA46E21B} : DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO-X64: QFX Software KeyScrambler - No File
BHO-X64: Codecv Class: {2C84B864-4961-40B0-9AFC-C7494E07F83F} - C:\ProgramData\Codecv\bhoclass.dll
BHO-X64: Codecv - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO-X64: SWEETIE - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun-x64: [NokiaMusic FastStart] "C:\Program Files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware2\mbamgui.exe" /starttray
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\porl\AppData\Roaming\Mozilla\Firefox\Profiles\grsu1r7d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://3.home/indexf.asp|http://watchseries.eu/letters/A
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys --> C:\Windows\system32\Drivers\RapportKE64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2012-4-15 59176]
R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2012-4-15 38064]
R1 RapportCerberus_32029;RapportCerberus_32029;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus64_32029.sys [2011-10-19 396816]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-7-7 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-7-7 61712]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2011-10-26 37280]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [2011-4-21 151552]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Atheros\Bluetooth Suite\AdminService.exe [2010-11-26 52896]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-15 44768]
R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-12-26 1740696]
R2 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware2\mbamservice.exe [2012-4-15 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-21 1997416]
R2 OAcat;Online Armor Helper Service;C:\Program Files (x86)\Online Armor\oacat.exe [2012-4-15 208472]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-7-7 919352]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2011-1-17 91464]
R2 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-3-13 24576]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys --> C:\Windows\system32\drivers\keyscrambler.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 OAnet;OnlineArmor Service;C:\Windows\system32\DRIVERS\oanet.sys --> C:\Windows\system32\DRIVERS\oanet.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2012-4-15 59176]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/04/21 09:04:09;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-12 135664]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-21 1153368]
S2 SvcOnlineArmor;Online Armor;C:\Program Files (x86)\Online Armor\oasrv.exe [2012-4-15 4369208]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ew_usbenumfilter;huawei_CompositeFilter;C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys --> C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [?]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\system32\DRIVERS\ewusbwwan.sys --> C:\Windows\system32\DRIVERS\ewusbwwan.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-12 135664]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 NETMD760;Net MD;C:\Windows\system32\Drivers\NETMD760.sys --> C:\Windows\system32\Drivers\NETMD760.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-05-06 20:52:58 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4FB64F70-653F-4B30-882C-ABE71C520C97}\mpengine.dll
2012-04-19 03:09:36 -------- d-----w- C:\_OTL
2012-04-19 02:58:41 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-19 00:42:04 98816 ----a-w- C:\Windows\sed.exe
2012-04-19 00:42:04 518144 ----a-w- C:\Windows\SWREG.exe
2012-04-19 00:42:04 256000 ----a-w- C:\Windows\PEV.exe
2012-04-19 00:42:04 208896 ----a-w- C:\Windows\MBR.exe
2012-04-15 21:37:32 -------- d-----w- C:\Users\porl\AppData\Roaming\OnlineArmor
2012-04-15 21:37:32 -------- d-----w- C:\ProgramData\OnlineArmor
2012-04-15 21:36:01 59176 ----a-w- C:\Windows\SysWow64\drivers\oahlp64.sys
2012-04-15 21:36:01 59176 ----a-w- C:\Windows\SysWow64\drivers\OADriver.sys
2012-04-15 21:36:01 38064 ----a-w- C:\Windows\SysWow64\drivers\OAmon.sys
2012-04-15 21:36:01 32920 ----a-w- C:\Windows\System32\drivers\OAnet.sys
2012-04-15 21:35:58 -------- d-----w- C:\Program Files (x86)\Online Armor
2012-04-15 18:53:50 -------- d-----w- C:\Users\porl\AppData\Roaming\QFX Software
2012-04-15 18:53:50 -------- d-----w- C:\ProgramData\QFX Software
2012-04-15 18:39:16 -------- d-----w- C:\Users\porl\AppData\Roaming\SUPERAntiSpyware.com
2012-04-15 18:38:39 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-04-15 18:38:39 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-04-15 18:37:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2
2012-04-15 18:34:24 -------- d-----w- C:\Users\porl\AppData\Roaming\IObit
2012-04-15 18:34:12 -------- d-----w- C:\Program Files (x86)\IObit
2012-04-15 18:33:07 222904 ----a-w- C:\Windows\System32\drivers\keyscrambler.sys
2012-04-15 18:33:06 -------- d-----w- C:\Program Files (x86)\KeyScrambler
2012-04-15 18:28:44 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-04-15 18:28:39 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-04-15 18:28:38 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-04-15 18:28:15 41184 ----a-w- C:\Windows\avastSS.scr
2012-04-15 18:28:03 -------- d-----w- C:\ProgramData\AVAST Software
2012-04-15 18:28:03 -------- d-----w- C:\Program Files\AVAST Software
2012-04-15 18:26:36 -------- d-----w- C:\Program Files\CCleaner
2012-04-14 18:42:13 -------- d-----w- C:\Users\porl\Tracing
2012-04-14 18:41:33 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2012-04-14 18:41:21 -------- d-----w- C:\ProgramData\SweetIM
2012-04-14 18:41:21 -------- d-----w- C:\Program Files (x86)\SweetIM
2012-04-12 07:19:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 07:19:50 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 07:19:50 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 07:19:49 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 07:19:49 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 07:19:49 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 07:19:49 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-11 19:57:51 -------- d-----w- C:\Users\porl\.VirtualBox
2012-04-11 19:56:06 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-04-11 19:54:10 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-04-11 19:54:08 -------- d-----w- C:\Program Files\Oracle
.
==================== Find3M ====================
.
2012-04-19 03:11:56 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-04-04 14:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-03 13:19:10 166192 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2012-04-03 13:19:10 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-04-03 13:19:08 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2012-04-01 16:15:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-27 20:14:29 19456 ----a-w- C:\Windows\System32\drivers\NETMD760.sys
2012-02-23 09:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-21 18:37:25 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-14 17:55:04 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 17:55:02 5886232 ----a-w- C:\Windows\System32\GfxUI.exe
2012-02-14 17:55:02 511768 ----a-w- C:\Windows\System32\igfxsrvc.exe
2012-02-14 17:55:02 440600 ----a-w- C:\Windows\System32\igfxpers.exe
2012-02-14 17:55:02 398616 ----a-w- C:\Windows\System32\hkcmd.exe
2012-02-14 17:55:02 250136 ----a-w- C:\Windows\System32\igfxext.exe
2012-02-14 17:55:02 184600 ----a-w- C:\Windows\System32\difx64.exe
2012-02-14 17:55:02 170264 ----a-w- C:\Windows\System32\igfxtray.exe
2012-02-14 17:53:26 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2653.dll
2012-02-14 17:47:40 8086528 ----a-w- C:\Windows\System32\igdumd64.dll
2012-02-14 17:47:38 14692224 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys
2012-02-14 17:47:06 963912 ----a-w- C:\Windows\SysWow64\igkrng600.bin
2012-02-14 17:47:06 963912 ----a-w- C:\Windows\System32\igkrng600.bin
2012-02-14 17:47:06 79360 ----a-w- C:\Windows\System32\igdde64.dll
2012-02-14 17:47:06 261208 ----a-w- C:\Windows\SysWow64\igfcg600m.bin
2012-02-14 17:47:06 261208 ----a-w- C:\Windows\System32\igfcg600m.bin
2012-02-14 17:44:54 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll
2012-02-14 17:44:24 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll
2012-02-14 17:42:58 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll
2012-02-14 17:35:26 7794688 ----a-w- C:\Windows\SysWow64\igd10umd32.dll
2012-02-14 17:07:18 18125312 ----a-w- C:\Windows\System32\ig4icd64.dll
2012-02-14 16:59:56 13209600 ----a-w- C:\Windows\SysWow64\ig4icd32.dll
2012-02-14 16:56:42 110592 ----a-w- C:\Windows\System32\hccutils.dll
2012-02-14 16:56:34 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll
2012-02-14 16:56:34 430080 ----a-w- C:\Windows\System32\igfxdev.dll
2012-02-14 16:56:34 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll
2012-02-14 16:56:06 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc
2012-02-14 16:56:04 142336 ----a-w- C:\Windows\System32\igfxdo.dll
2012-02-14 16:56:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll
2012-02-14 16:55:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll
2012-02-14 16:54:36 321024 ----a-w- C:\Windows\SysWow64\igfxdv32.dll
2012-02-14 16:53:08 524800 ----a-w- C:\Windows\System32\iglhsip64.dll
2012-02-14 16:53:08 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll
2012-02-14 16:53:08 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll
2012-02-14 16:53:08 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll
2012-02-14 16:53:08 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll
2012-02-14 16:53:08 213504 ----a-w- C:\Windows\System32\iglhcp64.dll
2012-02-14 16:53:08 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll
2012-02-14 16:53:08 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
============= FINISH: 11:00:12.40 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 22/05/2011 14:41:46
System Uptime: 08/05/2012 10:41:07 (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | N73SV
Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 198 GiB total, 38.794 GiB free.
D: is FIXED (NTFS) - 243 GiB total, 178.96 GiB free.
E: is FIXED (NTFS) - 233 GiB total, 232.783 GiB free.
F: is FIXED (NTFS) - 233 GiB total, 101.069 GiB free.
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: TCP/IP Protocol Driver
Device ID: ROOT\LEGACY_TCPIP\0000
Manufacturer:
Name: TCP/IP Protocol Driver
PNP Device ID: ROOT\LEGACY_TCPIP\0000
Service: Tcpip
.
==== System Restore Points ===================
.
RP122: 19/04/2012 14:23:22 - Removed SweetIM for Messenger 3.6
RP123: 19/04/2012 14:53:18 - Removed SweetIM for Messenger 3.6
RP124: 19/04/2012 15:49:23 - Installed HiJackThis
RP125: 03/05/2012 03:06:56 - Windows Backup
RP126: 06/05/2012 21:52:17 - Windows Update
RP127: 08/05/2012 10:46:50 - Removed HiJackThis
.
==== Installed Programs ======================
.
??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
????? Messenger
?????? ??????? ?? Windows Live
??????? Windows Live Mesh ActiveX ???
3Connect
3MobileWiFi
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Photoshop CS5.1
Alcor Micro USB Card Reader
Anno 1404
ArcSoft MediaConverter 7.5
Art of Murder - FBI Confidential
ASUS AI Recovery
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Video Magic
ASUS Virtual Camera
ASUS WebStorage
ASUS_N3_Series
AsusVibe2.0
Atheros WLAN and Bluetooth Client Installation Program
ATK Package
µTorrent
avast! Free Antivirus
AviSynth 2.5
Bookworm Deluxe
Complemento Messenger
Complément Messenger
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
Cooking Dash
CSI-Hard Evidence
CyberLink LabelPrint
CyberLink MediaEspresso
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 10
D3DX10
DivX Setup
DVDFab 8.1.6.8 (17/03/2012) Qt
ExpressGateCloud
FLV Converter 3.5
Free 3GP Video Converter version 5.0.6.221
Free RAR Extract Frog
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Game Park Console
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker
Hotel Dash Suite Success
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
Huawei modem
IM FLV Thumbnail 1.0.1 Trial
Intel® Control Center
Intel® Processor Graphics
Java Auto Updater
Java™ 6 Update 31
Jewel Quest 3
Junk Mail filter update
KeyScrambler
KORG KP3 Editor
KORG USB-MIDI Driver Tools for Windows XP
Live 6.0.9
Luxor 3
Mahjongg dimensions
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger ????
Messenger Companion
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 11.0 (x86 en-GB)
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB973685)
Native Instruments Traktor DJ Studio 3
Noise Reduction Plug-in 2.0i
Nokia Connectivity Cable Driver
Nokia Ovi Player
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia_Multimedia_Common_Components_2_5
Nuance PDF Reader
Online Armor 5.5
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
PDF Settings CS5
Plants vs Zombies
PowerISO
PS3 Video 9 6
Raccolta foto di Windows Live
Rapport
Realtek High Definition Audio Driver
Reason 5.0
ReCycle v2.1
RollerCoaster Tycoon 3
S?????? f?t???af??? t?? Windows Live
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Sid Meier's Civilization V
SonicMaster
SonicStage 4.3
Sony ACID Pro 6.0
Sony Media Manager 2.2
Sound Forge Pro 10.0
Spotify
Spybot - Search & Destroy
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
Steam
SweetPacks Toolbar for Internet Explorer 4.5
syncables desktop SE
TotalAudioConverter
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Manager for SweetPacks 1.0
VC80CRTRedist - 8.0.50727.6195
Veoh Giraffic Video Accelerator
Veoh Web Player
VLC media player 1.1.11
Vodafone Mobile Connect Lite Huawei
Win7codecs
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
World of Goo
YouTube Downloader App 3.00
.
==== Event Viewer Messages From Past Week ========
.
08/05/2012 10:45:10, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The system cannot find the file specified.
08/05/2012 10:43:03, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
08/05/2012 10:43:03, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
08/05/2012 10:41:41, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x0000000000003bf9, 0x0000000000000002, 0x0000000000000000, 0xfffff800037aadd3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050812-24507-01.
08/05/2012 10:41:34, Error: Service Control Manager [7000] - The Mobile IP Route Manager service failed to start due to the following error: This driver has been blocked from loading
08/05/2012 10:41:34, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\mdvrmng.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
08/05/2012 10:39:04, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x0000000000003bf9, 0x0000000000000002, 0x0000000000000000, 0xfffff8000380edd3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050812-25771-01.
08/05/2012 10:36:32, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x00000000000008f9, 0x0000000000000002, 0x0000000000000000, 0xfffff80003805dd3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050812-30654-01.
08/05/2012 10:33:46, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x00000000000008f9, 0x0000000000000002, 0x0000000000000000, 0xfffff800037c7dd3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050812-24835-01.
08/05/2012 10:31:03, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x00000000000008f9, 0x0000000000000002, 0x0000000000000000, 0xfffff800037ffdd3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050812-24398-01.
08/05/2012 10:28:31, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x0000000000003bf9, 0x0000000000000002, 0x0000000000000000, 0xfffff800037c0dd3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050812-24632-01.
08/05/2012 10:26:09, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x00000000000008f9, 0x0000000000000002, 0x0000000000000000, 0xfffff800037f4dd3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050812-35474-01.
08/05/2012 10:23:24, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x0000000000007453, 0x0000000000000002, 0x0000000000000000, 0xfffff8000380bdd3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050812-24445-01.
08/05/2012 10:18:31, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x00000000000008f9, 0x0000000000000002, 0x0000000000000000, 0xfffff800037b9dd3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050812-24258-01.
08/05/2012 10:16:03, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x00000000000008f9, 0x0000000000000002, 0x0000000000000000, 0xfffff800037b1dd3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050812-32978-01.
08/05/2012 10:13:16, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x00000000000008f9, 0x0000000000000002, 0x0000000000000000, 0xfffff800037c8dd3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050812-22417-01.
06/05/2012 21:46:10, Error: Service Control Manager [7023] - The CyberLink Product - 2011/04/21 09:04:09 service terminated with the following error: The device is not ready.
06/05/2012 21:45:36, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x0000000000003bf9, 0x0000000000000002, 0x0000000000000000, 0xfffff800037fcdd3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050612-63492-01.
06/05/2012 21:42:10, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x0000000000003bf9, 0x0000000000000002, 0x0000000000000000, 0xfffff800037badd3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050612-67361-01.
06/05/2012 21:38:49, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x0000000000003bf9, 0x0000000000000002, 0x0000000000000000, 0xfffff800037c0dd3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050612-67486-01.
06/05/2012 21:35:18, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x0000000000003bf9, 0x0000000000000002, 0x0000000000000000, 0xfffff800037b0dd3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050612-64958-01.
06/05/2012 21:31:55, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x0000000000003bf9, 0x0000000000000002, 0x0000000000000000, 0xfffff800037bcdd3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050612-63726-01.
06/05/2012 21:28:55, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x0000000000003bf9, 0x0000000000000002, 0x0000000000000000, 0xfffff800037c8dd3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050612-63851-01.
06/05/2012 21:21:23, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x0000000000007351, 0x0000000000000002, 0x0000000000000000, 0xfffff80002bc1dd3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050612-68453-01.
06/05/2012 20:48:50, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
06/05/2012 20:48:50, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
06/05/2012 20:43:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
06/05/2012 20:43:12, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
06/05/2012 20:43:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
06/05/2012 20:42:58, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
06/05/2012 20:42:52, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi ATKWMIACPIIO discache OADevice oahlpXX RapportKE64 SASDIFSV SASKUTIL SCDEmu spldr VBoxDrv VBoxUSBMon Wanarpv6
06/05/2012 17:19:26, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000c5 (0x0000000000006359, 0x0000000000000002, 0x0000000000000000, 0xfffff80003812dd3). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050612-23743-01.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:52 PM

Posted 08 May 2012 - 07:16 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 quasar775

quasar775
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 08 May 2012 - 09:00 AM

Internet access still causes a blue screen restart, no other noticable problems.



ComboFix 12-05-08.01 - porl 08/05/2012 14:17:14.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6055.3764 [GMT 1:00]
Running from: c:\users\porl\Desktop\ComboFix\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: Online Armor Firewall *Disabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-08 13:50 . 2012-05-08 13:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-08 13:50 . 2012-05-08 13:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-06 20:52 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FB64F70-653F-4B30-882C-ABE71C520C97}\mpengine.dll
2012-04-19 03:09 . 2012-04-19 03:09 -------- d-----w- C:\_OTL
2012-04-15 21:37 . 2012-04-17 18:36 -------- d-----w- c:\programdata\OnlineArmor
2012-04-15 21:37 . 2012-04-15 21:37 -------- d-----w- c:\users\porl\AppData\Roaming\OnlineArmor
2012-04-15 21:36 . 2012-02-10 13:33 59176 ----a-w- c:\windows\SysWow64\drivers\oahlp64.sys
2012-04-15 21:36 . 2012-02-10 13:33 32920 ----a-w- c:\windows\system32\drivers\OAnet.sys
2012-04-15 21:36 . 2012-02-10 13:33 59176 ----a-w- c:\windows\SysWow64\drivers\OADriver.sys
2012-04-15 21:36 . 2012-02-10 13:33 38064 ----a-w- c:\windows\SysWow64\drivers\OAmon.sys
2012-04-15 21:35 . 2012-05-08 09:57 -------- d-----w- c:\program files (x86)\Online Armor
2012-04-15 18:53 . 2012-04-15 18:53 -------- d-----w- c:\users\porl\AppData\Roaming\QFX Software
2012-04-15 18:53 . 2012-04-15 18:53 -------- d-----w- c:\programdata\QFX Software
2012-04-15 18:39 . 2012-04-15 18:39 -------- d-----w- c:\users\porl\AppData\Roaming\SUPERAntiSpyware.com
2012-04-15 18:38 . 2012-04-17 19:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-15 18:38 . 2012-04-15 18:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-15 18:37 . 2012-04-15 18:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2
2012-04-15 18:34 . 2012-04-15 18:34 -------- d-----w- c:\users\porl\AppData\Roaming\IObit
2012-04-15 18:34 . 2012-04-15 18:34 -------- d-----w- c:\program files (x86)\IObit
2012-04-15 18:33 . 2011-12-15 00:46 222904 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2012-04-15 18:33 . 2012-04-15 18:33 -------- d-----w- c:\program files (x86)\KeyScrambler
2012-04-15 18:28 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-15 18:28 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-15 18:28 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-15 18:28 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-15 18:28 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-15 18:28 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-15 18:28 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-15 18:28 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-15 18:28 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-15 18:28 . 2012-04-15 18:28 -------- d-----w- c:\programdata\AVAST Software
2012-04-15 18:28 . 2012-04-15 18:28 -------- d-----w- c:\program files\AVAST Software
2012-04-15 18:26 . 2012-04-15 18:26 -------- d-----w- c:\program files\CCleaner
2012-04-14 18:42 . 2012-04-14 18:42 -------- d-----w- c:\users\porl\Tracing
2012-04-14 18:41 . 2012-04-19 02:15 -------- d-----w- c:\program files (x86)\Optimizer Pro
2012-04-14 18:41 . 2012-04-19 13:58 -------- d-----w- c:\programdata\SweetIM
2012-04-14 18:41 . 2012-04-19 13:53 -------- d-----w- c:\program files (x86)\SweetIM
2012-04-12 07:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 07:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 07:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 19:57 . 2012-04-11 20:01 -------- d-----w- c:\users\porl\.VirtualBox
2012-04-11 19:56 . 2012-04-03 13:19 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-04-11 19:54 . 2012-04-03 13:19 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-04-11 19:54 . 2012-04-11 19:54 -------- d-----w- c:\program files\Oracle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 20:51 . 2011-06-14 20:36 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-06 20:51 . 2011-06-02 22:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-06 20:50 . 2011-06-14 20:10 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-04-19 03:11 . 2011-05-22 13:42 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-04-15 22:22 . 2011-06-02 22:08 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-15 22:12 . 2011-06-14 20:10 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-04-08 20:38 . 2011-06-01 13:17 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-04 14:56 . 2011-11-21 20:20 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 13:19 . 2012-04-03 13:19 166192 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-04-03 13:19 . 2012-04-03 13:19 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-04-03 13:19 . 2012-04-03 13:19 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-04-01 16:15 . 2012-04-01 16:15 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-03 00:35 . 2012-03-03 00:35 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-27 20:14 . 2010-05-27 12:36 19456 ----a-w- c:\windows\system32\drivers\NETMD760.sys
2012-02-23 09:18 . 2011-05-22 17:07 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 18:37 . 2011-10-01 20:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-17 06:38 . 2012-03-13 20:00 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 20:00 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 20:00 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 20:00 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 17:55 . 2012-02-14 17:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 17:55 . 2012-02-14 17:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe
2012-02-14 17:55 . 2012-02-14 17:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-14 17:55 . 2012-02-14 17:55 440600 ----a-w- c:\windows\system32\igfxpers.exe
2012-02-14 17:55 . 2012-02-14 17:55 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-02-14 17:55 . 2012-02-14 17:55 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-02-14 17:55 . 2012-02-14 17:55 184600 ----a-w- c:\windows\system32\difx64.exe
2012-02-14 17:55 . 2012-02-14 17:55 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-02-14 17:53 . 2012-02-14 17:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll
2012-02-14 17:47 . 2012-02-14 17:47 8086528 ----a-w- c:\windows\system32\igdumd64.dll
2012-02-14 17:47 . 2012-02-14 17:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-02-14 17:47 . 2012-02-14 17:47 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-02-14 17:47 . 2012-02-14 17:47 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-02-14 17:47 . 2012-02-14 17:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-02-14 17:44 . 2011-02-12 02:19 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-02-14 17:44 . 2012-02-14 17:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-02-14 17:42 . 2011-02-12 02:19 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-02-14 17:35 . 2011-03-26 00:02 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-02-14 17:07 . 2012-02-14 17:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll
2012-02-14 16:59 . 2011-08-31 19:26 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-02-14 16:57 . 2012-02-14 16:57 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-02-14 16:57 . 2012-02-14 16:57 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-02-14 16:57 . 2012-02-14 16:57 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-02-14 16:57 . 2012-02-14 16:57 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-02-14 16:57 . 2012-02-14 16:57 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-02-14 16:57 . 2012-02-14 16:57 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-02-14 16:57 . 2012-02-14 16:57 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-02-14 16:57 . 2012-02-14 16:57 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-02-14 16:57 . 2012-02-14 16:57 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-02-14 16:57 . 2012-02-14 16:57 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-02-14 16:57 . 2012-02-14 16:57 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-02-14 16:57 . 2012-02-14 16:57 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-02-14 16:57 . 2012-02-14 16:57 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-02-14 16:57 . 2012-02-14 16:57 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-02-14 16:57 . 2012-02-14 16:57 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-02-14 16:57 . 2011-02-12 02:19 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-14 16:56 . 2011-02-12 02:19 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-02-14 16:56 . 2012-02-14 16:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-02-14 16:56 . 2012-02-14 16:56 430080 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-14 16:56 . 2012-02-14 16:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-02-14 16:56 . 2012-02-14 16:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-14 16:56 . 2012-02-14 16:56 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-02-14 16:56 . 2011-02-12 02:19 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-02-14 16:55 . 2012-02-14 16:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-02-14 16:54 . 2012-02-14 16:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-02-14 16:53 . 2012-02-14 16:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-02-14 16:53 . 2012-02-14 16:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-02-14 16:53 . 2012-02-14 16:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-02-14 16:53 . 2012-02-14 16:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-02-14 16:53 . 2012-02-14 16:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-02-14 16:53 . 2012-02-14 16:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-02-14 16:53 . 2012-02-14 16:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-02-14 16:53 . 2012-02-14 16:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-02-10 06:36 . 2012-03-14 19:15 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 19:15 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-19_00.51.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-19 00:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-08 09:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-19 00:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-08 09:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-21 15:39 . 2012-04-19 15:13 69018 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-08 09:45 44480 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-22 13:43 . 2012-05-08 09:45 19794 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2343688015-1009920738-1680396079-1001_UserData.bin
- 2011-05-23 04:33 . 2012-04-19 00:38 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-23 04:33 . 2012-05-08 09:47 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-23 04:33 . 2012-04-19 00:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-23 04:33 . 2012-05-08 09:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-08 09:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-19 00:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-08 09:10 . 2012-05-08 09:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-19 00:30 . 2012-04-19 00:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-08 09:10 . 2012-05-08 09:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-19 00:30 . 2012-04-19 00:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-21 23:45 . 2012-04-19 00:30 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-11-21 23:45 . 2012-05-08 09:33 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-05-08 09:42 983040 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-19 00:33 983040 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-30 13:08 . 2012-05-08 13:10 388922 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-05-22 16:49 . 2012-04-19 11:13 300034 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-05-08 13:13 666442 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-19 00:38 666442 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-08 13:13 125852 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-19 00:38 125852 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2012-04-14 02:38 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-05-06 21:18 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-05-06 23:27 348500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-17 01:42 348500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-22 17:46 . 2012-04-15 18:49 1262428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2343688015-1009920738-1680396079-1001-12288.dat
+ 2011-05-22 17:46 . 2012-04-19 14:10 1262428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2343688015-1009920738-1680396079-1001-12288.dat
- 2011-05-22 15:07 . 2012-04-17 01:42 33904456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2343688015-1009920738-1680396079-1001-8192.dat
+ 2011-05-22 15:07 . 2012-05-06 19:39 33904456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2343688015-1009920738-1680396079-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2C84B864-4961-40B0-9AFC-C7494E07F83F}]
c:\programdata\Codecv\bhoclass.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-02-19 13:46 1337648 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-02-19 1337648]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="c:\program files (x86)\3MobileWiFi\3MobileWiFi" [X]
"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-05-20 724536]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-21 1242448]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2011-11-28 4692296]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-17 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-01-21 40448]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-01-17 191304]
"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-12 75048]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-24 222504]
"NokiaMusic FastStart"="c:\program files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-01 634880]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware2\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-1-12 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-4-21 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 oahlpXX;Online Armor helper driver;c:\windows\syswow64\drivers\oahlp64.sys [2012-02-10 59176]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/04/21 09:04;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SvcOnlineArmor;Online Armor;c:\program files (x86)\Online Armor\oasrv.exe [2012-02-10 4369208]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 NETMD760;Net MD;c:\windows\system32\Drivers\NETMD760.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 OADevice;OADriver;c:\windows\SysWow64\Drivers\OADriver.sys [2012-02-10 59176]
S1 OAmon;OAmon;c:\windows\SysWOW64\Drivers\OAmon.sys [2012-02-10 38064]
S1 RapportCerberus_32029;RapportCerberus_32029;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus64_32029.sys [2011-10-18 396816]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-07-07 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-07-07 61712]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2011-10-26 37280]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Atheros\Ath_CoexAgent.exe [2010-05-24 151552]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [2010-11-26 52896]
S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-03-23 1740696]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-22 2230416]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware2\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-10 1997416]
S2 OAcat;Online Armor Helper Service;c:\program files (x86)\Online Armor\OAcat.exe [2012-02-10 208472]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-07-07 919352]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-01-17 91464]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-10-13 2168424]
"AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [2010-11-26 613536]
"AthBtTray"="c:\program files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-11-26 379040]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2010-01-21 909824]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]
"@OnlineArmor GUI"="c:\program files (x86)\Online Armor\oaui.exe" [2012-02-10 2645440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{9FB83F74-0407-43B0-8A85-550F17380B66}: NameServer = 217.171.135.1 217.171.132.1
FF - ProfilePath - c:\users\porl\AppData\Roaming\Mozilla\Firefox\Profiles\grsu1r7d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://3.home/indexf.asp|http://watchseries.eu/letters/A
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-08 14:52:36
ComboFix-quarantined-files.txt 2012-05-08 13:52
ComboFix2.txt 2012-04-19 02:54
ComboFix3.txt 2012-04-19 00:54
.
Pre-Run: 41,632,673,792 bytes free
Post-Run: 41,674,706,944 bytes free
.
- - End Of File - - 4E4538B9638709056AFDBF81AE28254D

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:52 PM

Posted 08 May 2012 - 09:44 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 quasar775

quasar775
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 08 May 2012 - 10:22 AM

Both programs ran smoothly, however aswMBR did not ask to update definitions




16:00:49.0602 6308 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
16:00:49.0632 6308 ============================================================
16:00:49.0632 6308 Current date / time: 2012/05/08 16:00:49.0632
16:00:49.0632 6308 SystemInfo:
16:00:49.0632 6308
16:00:49.0632 6308 OS Version: 6.1.7601 ServicePack: 1.0
16:00:49.0632 6308 Product type: Workstation
16:00:49.0632 6308 ComputerName: RAZORLINE
16:00:49.0632 6308 UserName: porl
16:00:49.0632 6308 Windows directory: C:\Windows
16:00:49.0632 6308 System windows directory: C:\Windows
16:00:49.0632 6308 Running under WOW64
16:00:49.0632 6308 Processor architecture: Intel x64
16:00:49.0632 6308 Number of processors: 8
16:00:49.0632 6308 Page size: 0x1000
16:00:49.0632 6308 Boot type: Normal boot
16:00:49.0632 6308 ============================================================
16:00:50.0385 6308 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:00:50.0386 6308 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:00:50.0395 6308 Drive \Device\Harddisk2\DR2 - Size: 0xEF300000 (3.74 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:00:50.0397 6308 ============================================================
16:00:50.0397 6308 \Device\Harddisk0\DR0:
16:00:50.0398 6308 MBR partitions:
16:00:50.0398 6308 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x18B19800
16:00:50.0422 6308 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BD1A800, BlocksNum 0x1E66B800
16:00:50.0422 6308 \Device\Harddisk1\DR1:
16:00:50.0423 6308 MBR partitions:
16:00:50.0424 6308 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x1D1C4542
16:00:50.0424 6308 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1D1C8481, BlocksNum 0x1D1BC7C0
16:00:50.0424 6308 \Device\Harddisk2\DR2:
16:00:50.0425 6308 MBR partitions:
16:00:50.0425 6308 ============================================================
16:00:50.0457 6308 C: <-> \Device\Harddisk0\DR0\Partition0
16:00:50.0504 6308 D: <-> \Device\Harddisk0\DR0\Partition1
16:00:50.0830 6308 E: <-> \Device\Harddisk1\DR1\Partition0
16:00:50.0855 6308 F: <-> \Device\Harddisk1\DR1\Partition1
16:00:50.0855 6308 ============================================================
16:00:50.0855 6308 Initialize success
16:00:50.0855 6308 ============================================================
16:00:53.0655 4760 ============================================================
16:00:53.0655 4760 Scan started
16:00:53.0655 4760 Mode: Manual;
16:00:53.0655 4760 ============================================================
16:00:54.0066 4760 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
16:00:54.0068 4760 !SASCORE - ok
16:00:54.0208 4760 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:00:54.0211 4760 1394ohci - ok
16:00:54.0244 4760 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:00:54.0247 4760 ACPI - ok
16:00:54.0277 4760 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:00:54.0278 4760 AcpiPmi - ok
16:00:54.0378 4760 ADExchange (99721e1dac2c89e8202f70b773fb14f4) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
16:00:54.0379 4760 ADExchange - ok
16:00:54.0435 4760 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:00:54.0438 4760 adp94xx - ok
16:00:54.0499 4760 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:00:54.0502 4760 adpahci - ok
16:00:54.0524 4760 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:00:54.0526 4760 adpu320 - ok
16:00:54.0586 4760 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:00:54.0587 4760 AeLookupSvc - ok
16:00:54.0649 4760 AFBAgent (6e79a119b0ce418fe44e0c824bf3f039) C:\Windows\system32\FBAgent.exe
16:00:54.0654 4760 AFBAgent - ok
16:00:54.0714 4760 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:00:54.0717 4760 AFD - ok
16:00:54.0765 4760 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:00:54.0766 4760 agp440 - ok
16:00:54.0788 4760 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:00:54.0789 4760 ALG - ok
16:00:54.0815 4760 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:00:54.0816 4760 aliide - ok
16:00:54.0825 4760 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:00:54.0826 4760 amdide - ok
16:00:54.0852 4760 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:00:54.0853 4760 AmdK8 - ok
16:00:54.0859 4760 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:00:54.0861 4760 AmdPPM - ok
16:00:54.0897 4760 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:00:54.0899 4760 amdsata - ok
16:00:54.0934 4760 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:00:54.0936 4760 amdsbs - ok
16:00:54.0960 4760 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:00:54.0961 4760 amdxata - ok
16:00:54.0996 4760 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
16:00:54.0997 4760 AmUStor - ok
16:00:55.0053 4760 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:00:55.0054 4760 AppID - ok
16:00:55.0076 4760 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:00:55.0077 4760 AppIDSvc - ok
16:00:55.0103 4760 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:00:55.0104 4760 Appinfo - ok
16:00:55.0175 4760 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:00:55.0177 4760 arc - ok
16:00:55.0187 4760 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:00:55.0188 4760 arcsas - ok
16:00:55.0258 4760 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
16:00:55.0260 4760 ASLDRService - ok
16:00:55.0320 4760 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
16:00:55.0321 4760 ASMMAP64 - ok
16:00:55.0372 4760 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
16:00:55.0373 4760 aswFsBlk - ok
16:00:55.0417 4760 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
16:00:55.0418 4760 aswMonFlt - ok
16:00:55.0462 4760 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
16:00:55.0463 4760 aswRdr - ok
16:00:55.0537 4760 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
16:00:55.0543 4760 aswSnx - ok
16:00:55.0610 4760 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
16:00:55.0612 4760 aswSP - ok
16:00:55.0645 4760 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
16:00:55.0646 4760 aswTdi - ok
16:00:55.0667 4760 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:00:55.0668 4760 AsyncMac - ok
16:00:55.0701 4760 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:00:55.0702 4760 atapi - ok
16:00:55.0734 4760 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
16:00:55.0735 4760 AthBTPort - ok
16:00:55.0815 4760 Atheros Bt&Wlan Coex Agent (a6307f356d778e18a76e7783ef98c6aa) C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe
16:00:55.0817 4760 Atheros Bt&Wlan Coex Agent - ok
16:00:55.0882 4760 AtherosSvc (749ff240dedafaff94288e0307104df3) C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe
16:00:55.0883 4760 AtherosSvc - ok
16:00:56.0128 4760 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
16:00:56.0142 4760 athr - ok
16:00:56.0269 4760 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
16:00:56.0271 4760 ATKGFNEXSrv - ok
16:00:56.0415 4760 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
16:00:56.0417 4760 atksgt - ok
16:00:56.0440 4760 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
16:00:56.0441 4760 ATKWMIACPIIO - ok
16:00:56.0506 4760 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:00:56.0510 4760 AudioEndpointBuilder - ok
16:00:56.0515 4760 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:00:56.0519 4760 AudioSrv - ok
16:00:56.0635 4760 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:00:56.0636 4760 avast! Antivirus - ok
16:00:56.0697 4760 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:00:56.0698 4760 AxInstSV - ok
16:00:56.0754 4760 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:00:56.0758 4760 b06bdrv - ok
16:00:56.0799 4760 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:00:56.0801 4760 b57nd60a - ok
16:00:56.0836 4760 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:00:56.0838 4760 BDESVC - ok
16:00:57.0017 4760 BecHelperService (68bf3520fe759c91fd9182f36e585374) C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
16:00:57.0026 4760 BecHelperService - ok
16:00:57.0132 4760 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:00:57.0133 4760 Beep - ok
16:00:57.0207 4760 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:00:57.0212 4760 BFE - ok
16:00:57.0257 4760 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
16:00:57.0264 4760 BITS - ok
16:00:57.0349 4760 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:00:57.0351 4760 blbdrive - ok
16:00:57.0391 4760 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:00:57.0392 4760 bowser - ok
16:00:57.0417 4760 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:00:57.0418 4760 BrFiltLo - ok
16:00:57.0422 4760 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:00:57.0423 4760 BrFiltUp - ok
16:00:57.0443 4760 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
16:00:57.0444 4760 BridgeMP - ok
16:00:57.0481 4760 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:00:57.0483 4760 Browser - ok
16:00:57.0533 4760 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:00:57.0535 4760 Brserid - ok
16:00:57.0561 4760 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:00:57.0562 4760 BrSerWdm - ok
16:00:57.0567 4760 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:00:57.0568 4760 BrUsbMdm - ok
16:00:57.0572 4760 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:00:57.0573 4760 BrUsbSer - ok
16:00:57.0630 4760 BTATH_A2DP (227c8f308de4af4808e587465ceab838) C:\Windows\system32\drivers\btath_a2dp.sys
16:00:57.0633 4760 BTATH_A2DP - ok
16:00:57.0688 4760 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
16:00:57.0689 4760 BTATH_BUS - ok
16:00:57.0714 4760 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
16:00:57.0715 4760 BTATH_HCRP - ok
16:00:57.0757 4760 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
16:00:57.0758 4760 BTATH_LWFLT - ok
16:00:57.0779 4760 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
16:00:57.0781 4760 BTATH_RCP - ok
16:00:57.0828 4760 BtFilter (0f4c980b9612abdb25bcabf0c660c058) C:\Windows\system32\DRIVERS\btfilter.sys
16:00:57.0831 4760 BtFilter - ok
16:00:57.0876 4760 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:00:57.0877 4760 BthEnum - ok
16:00:57.0904 4760 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:00:57.0906 4760 BTHMODEM - ok
16:00:57.0930 4760 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:00:57.0932 4760 BthPan - ok
16:00:57.0972 4760 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
16:00:57.0975 4760 BTHPORT - ok
16:00:58.0019 4760 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:00:58.0021 4760 bthserv - ok
16:00:58.0036 4760 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
16:00:58.0037 4760 BTHUSB - ok
16:00:58.0053 4760 catchme - ok
16:00:58.0083 4760 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:00:58.0084 4760 cdfs - ok
16:00:58.0122 4760 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:00:58.0124 4760 cdrom - ok
16:00:58.0176 4760 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:00:58.0177 4760 CertPropSvc - ok
16:00:58.0211 4760 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:00:58.0212 4760 circlass - ok
16:00:58.0262 4760 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:00:58.0266 4760 CLFS - ok
16:00:58.0403 4760 CLKMSVC10_38F51D56 (524dc3807cb1746225f9d26add19c319) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
16:00:58.0405 4760 CLKMSVC10_38F51D56 - ok
16:00:58.0479 4760 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:00:58.0480 4760 clr_optimization_v2.0.50727_32 - ok
16:00:58.0546 4760 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:00:58.0548 4760 clr_optimization_v2.0.50727_64 - ok
16:00:58.0640 4760 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:00:58.0643 4760 clr_optimization_v4.0.30319_32 - ok
16:00:58.0706 4760 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:00:58.0708 4760 clr_optimization_v4.0.30319_64 - ok
16:00:58.0830 4760 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:00:58.0831 4760 CmBatt - ok
16:00:58.0863 4760 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:00:58.0864 4760 cmdide - ok
16:00:58.0920 4760 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:00:58.0924 4760 CNG - ok
16:00:58.0975 4760 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:00:58.0976 4760 Compbatt - ok
16:00:59.0005 4760 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:00:59.0006 4760 CompositeBus - ok
16:00:59.0019 4760 COMSysApp - ok
16:00:59.0123 4760 cphs (df3e8c2c443d3618260dff5705ce2df5) C:\Windows\SysWow64\IntelCpHeciSvc.exe
16:00:59.0127 4760 cphs - ok
16:00:59.0152 4760 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:00:59.0153 4760 crcdisk - ok
16:00:59.0196 4760 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:00:59.0197 4760 CryptSvc - ok
16:00:59.0253 4760 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:00:59.0258 4760 DcomLaunch - ok
16:00:59.0324 4760 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:00:59.0327 4760 defragsvc - ok
16:00:59.0353 4760 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:00:59.0354 4760 DfsC - ok
16:00:59.0404 4760 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:00:59.0407 4760 Dhcp - ok
16:00:59.0433 4760 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:00:59.0434 4760 discache - ok
16:00:59.0459 4760 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:00:59.0460 4760 Disk - ok
16:00:59.0509 4760 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:00:59.0512 4760 Dnscache - ok
16:00:59.0556 4760 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:00:59.0560 4760 dot3svc - ok
16:00:59.0593 4760 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:00:59.0596 4760 DPS - ok
16:00:59.0624 4760 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:00:59.0625 4760 drmkaud - ok
16:00:59.0724 4760 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:00:59.0730 4760 DXGKrnl - ok
16:00:59.0766 4760 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:00:59.0768 4760 EapHost - ok
16:00:59.0913 4760 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:00:59.0930 4760 ebdrv - ok
16:01:00.0030 4760 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:01:00.0034 4760 EFS - ok
16:01:00.0096 4760 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:01:00.0102 4760 ehRecvr - ok
16:01:00.0144 4760 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:01:00.0146 4760 ehSched - ok
16:01:00.0229 4760 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:01:00.0233 4760 elxstor - ok
16:01:00.0256 4760 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:01:00.0257 4760 ErrDev - ok
16:01:00.0316 4760 ETD (05b0dcda418e297a1b4cd8d7b8ade403) C:\Windows\system32\DRIVERS\ETD.sys
16:01:00.0318 4760 ETD - ok
16:01:00.0361 4760 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:01:00.0365 4760 EventSystem - ok
16:01:00.0417 4760 ewusbmbb (334c907536e815e56cd13108a6d5fb9d) C:\Windows\system32\DRIVERS\ewusbwwan.sys
16:01:00.0419 4760 ewusbmbb - ok
16:01:00.0438 4760 ewusbnet - ok
16:01:00.0502 4760 ew_hwusbdev (86f7951bbcee4a86e79a97306bd14318) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:01:00.0504 4760 ew_hwusbdev - ok
16:01:00.0542 4760 ew_usbenumfilter (55e0eda185869f7ea67ea97fd0655b39) C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
16:01:00.0543 4760 ew_usbenumfilter - ok
16:01:00.0593 4760 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:01:00.0595 4760 exfat - ok
16:01:00.0618 4760 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:01:00.0620 4760 fastfat - ok
16:01:00.0683 4760 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:01:00.0689 4760 Fax - ok
16:01:00.0697 4760 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:01:00.0698 4760 fdc - ok
16:01:00.0743 4760 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:01:00.0745 4760 fdPHost - ok
16:01:00.0763 4760 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:01:00.0765 4760 FDResPub - ok
16:01:00.0781 4760 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:01:00.0782 4760 FileInfo - ok
16:01:00.0800 4760 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:01:00.0801 4760 Filetrace - ok
16:01:00.0829 4760 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:01:00.0829 4760 flpydisk - ok
16:01:00.0872 4760 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:01:00.0874 4760 FltMgr - ok
16:01:00.0921 4760 FLxHCIc (72893dc6f72eabaef5aa1013fd189050) C:\Windows\system32\DRIVERS\FLxHCIc.sys
16:01:00.0923 4760 FLxHCIc - ok
16:01:00.0933 4760 FLxHCIh (a2156628a86450d490a387b9b06fb17d) C:\Windows\system32\DRIVERS\FLxHCIh.sys
16:01:00.0934 4760 FLxHCIh - ok
16:01:00.0997 4760 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:01:01.0004 4760 FontCache - ok
16:01:01.0060 4760 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:01:01.0061 4760 FontCache3.0.0.0 - ok
16:01:01.0092 4760 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:01:01.0093 4760 FsDepends - ok
16:01:01.0136 4760 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
16:01:01.0138 4760 fssfltr - ok
16:01:01.0274 4760 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:01:01.0282 4760 fsssvc - ok
16:01:01.0399 4760 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:01:01.0400 4760 Fs_Rec - ok
16:01:01.0449 4760 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:01:01.0450 4760 fvevol - ok
16:01:01.0475 4760 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:01:01.0476 4760 gagp30kx - ok
16:01:01.0573 4760 Giraffic - ok
16:01:01.0642 4760 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:01:01.0648 4760 gpsvc - ok
16:01:01.0714 4760 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:01:01.0716 4760 gupdate - ok
16:01:01.0746 4760 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:01:01.0748 4760 gupdatem - ok
16:01:01.0773 4760 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:01:01.0775 4760 gusvc - ok
16:01:01.0821 4760 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:01:01.0822 4760 hcw85cir - ok
16:01:01.0885 4760 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:01:01.0887 4760 HdAudAddService - ok
16:01:01.0933 4760 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:01:01.0935 4760 HDAudBus - ok
16:01:01.0955 4760 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:01:01.0956 4760 HidBatt - ok
16:01:01.0966 4760 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:01:01.0967 4760 HidBth - ok
16:01:01.0973 4760 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:01:01.0974 4760 HidIr - ok
16:01:01.0996 4760 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
16:01:01.0998 4760 hidserv - ok
16:01:02.0025 4760 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:01:02.0026 4760 HidUsb - ok
16:01:02.0079 4760 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:01:02.0082 4760 hkmsvc - ok
16:01:02.0124 4760 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:01:02.0127 4760 HomeGroupListener - ok
16:01:02.0150 4760 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:01:02.0153 4760 HomeGroupProvider - ok
16:01:02.0185 4760 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:01:02.0186 4760 HpSAMD - ok
16:01:02.0229 4760 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
16:01:02.0230 4760 HTCAND64 - ok
16:01:02.0266 4760 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
16:01:02.0268 4760 htcnprot - ok
16:01:02.0320 4760 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:01:02.0325 4760 HTTP - ok
16:01:02.0374 4760 huawei_enumerator (1642c62f1fd5e1ff44608283994a7bb8) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:01:02.0376 4760 huawei_enumerator - ok
16:01:02.0447 4760 hwdatacard (04d1de1e8ace40ca396502c90524e945) C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:01:02.0449 4760 hwdatacard - ok
16:01:02.0474 4760 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:01:02.0475 4760 hwpolicy - ok
16:01:02.0494 4760 hwusbdev - ok
16:01:02.0549 4760 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:01:02.0551 4760 i8042prt - ok
16:01:02.0618 4760 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
16:01:02.0620 4760 iaStor - ok
16:01:02.0665 4760 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:01:02.0668 4760 iaStorV - ok
16:01:02.0784 4760 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
16:01:02.0786 4760 IDriverT - ok
16:01:02.0886 4760 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:01:02.0892 4760 idsvc - ok
16:01:03.0534 4760 igfx (276ee9cdab16c50e1df0e4cefa882f5f) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:01:03.0606 4760 igfx - ok
16:01:03.0708 4760 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:01:03.0709 4760 iirsp - ok
16:01:03.0767 4760 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:01:03.0775 4760 IKEEXT - ok
16:01:03.0933 4760 IntcAzAudAddService (e22397fb13975ff21be8e6897d7dc584) C:\Windows\system32\drivers\RTKVHD64.sys
16:01:03.0946 4760 IntcAzAudAddService - ok
16:01:04.0091 4760 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
16:01:04.0093 4760 IntcDAud - ok
16:01:04.0122 4760 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:01:04.0123 4760 intelide - ok
16:01:04.0162 4760 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:01:04.0163 4760 intelppm - ok
16:01:04.0207 4760 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:01:04.0210 4760 IPBusEnum - ok
16:01:04.0240 4760 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:01:04.0241 4760 IpFilterDriver - ok
16:01:04.0292 4760 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:01:04.0298 4760 iphlpsvc - ok
16:01:04.0331 4760 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:01:04.0333 4760 IPMIDRV - ok
16:01:04.0365 4760 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:01:04.0366 4760 IPNAT - ok
16:01:04.0395 4760 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:01:04.0396 4760 IRENUM - ok
16:01:04.0412 4760 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:01:04.0413 4760 isapnp - ok
16:01:04.0443 4760 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:01:04.0445 4760 iScsiPrt - ok
16:01:04.0480 4760 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:01:04.0481 4760 kbdclass - ok
16:01:04.0506 4760 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:01:04.0508 4760 kbdhid - ok
16:01:04.0539 4760 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
16:01:04.0541 4760 kbfiltr - ok
16:01:04.0575 4760 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:01:04.0578 4760 KeyIso - ok
16:01:04.0642 4760 KeyScrambler (e3cf421210ebddacb4590ae67a0226dc) C:\Windows\system32\drivers\keyscrambler.sys
16:01:04.0645 4760 KeyScrambler - ok
16:01:04.0666 4760 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:01:04.0667 4760 KSecDD - ok
16:01:04.0687 4760 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:01:04.0688 4760 KSecPkg - ok
16:01:04.0736 4760 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:01:04.0737 4760 ksthunk - ok
16:01:04.0785 4760 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:01:04.0790 4760 KtmRm - ok
16:01:04.0856 4760 L1C (a4a9ca24e54e81c6c3e469eaeb4b3f42) C:\Windows\system32\DRIVERS\L1C62x64.sys
16:01:04.0858 4760 L1C - ok
16:01:04.0910 4760 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
16:01:04.0916 4760 LanmanServer - ok
16:01:04.0947 4760 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:01:04.0952 4760 LanmanWorkstation - ok
16:01:04.0997 4760 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
16:01:04.0998 4760 lirsgt - ok
16:01:05.0025 4760 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:01:05.0026 4760 lltdio - ok
16:01:05.0058 4760 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:01:05.0061 4760 lltdsvc - ok
16:01:05.0075 4760 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:01:05.0077 4760 lmhosts - ok
16:01:05.0123 4760 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:01:05.0125 4760 LSI_FC - ok
16:01:05.0133 4760 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:01:05.0135 4760 LSI_SAS - ok
16:01:05.0142 4760 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:01:05.0143 4760 LSI_SAS2 - ok
16:01:05.0154 4760 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:01:05.0155 4760 LSI_SCSI - ok
16:01:05.0179 4760 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:01:05.0180 4760 luafv - ok
16:01:05.0234 4760 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
16:01:05.0234 4760 MBAMProtector - ok
16:01:05.0357 4760 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware2\mbamservice.exe
16:01:05.0362 4760 MBAMService - ok
16:01:05.0392 4760 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:01:05.0395 4760 Mcx2Svc - ok
16:01:05.0419 4760 mdvrmng - ok
16:01:05.0443 4760 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:01:05.0444 4760 megasas - ok
16:01:05.0477 4760 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:01:05.0479 4760 MegaSR - ok
16:01:05.0507 4760 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
16:01:05.0509 4760 MEIx64 - ok
16:01:05.0541 4760 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:01:05.0544 4760 MMCSS - ok
16:01:05.0559 4760 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:01:05.0560 4760 Modem - ok
16:01:05.0587 4760 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:01:05.0589 4760 monitor - ok
16:01:05.0629 4760 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:01:05.0631 4760 mouclass - ok
16:01:05.0670 4760 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:01:05.0671 4760 mouhid - ok
16:01:05.0711 4760 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:01:05.0712 4760 mountmgr - ok
16:01:05.0746 4760 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:01:05.0748 4760 mpio - ok
16:01:05.0765 4760 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:01:05.0766 4760 mpsdrv - ok
16:01:05.0823 4760 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:01:05.0831 4760 MpsSvc - ok
16:01:05.0867 4760 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:01:05.0869 4760 MRxDAV - ok
16:01:05.0908 4760 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:01:05.0909 4760 mrxsmb - ok
16:01:05.0938 4760 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:01:05.0940 4760 mrxsmb10 - ok
16:01:05.0965 4760 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:01:05.0966 4760 mrxsmb20 - ok
16:01:05.0995 4760 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:01:05.0996 4760 msahci - ok
16:01:06.0089 4760 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
16:01:06.0091 4760 MSCSPTISRV - ok
16:01:06.0127 4760 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:01:06.0128 4760 msdsm - ok
16:01:06.0159 4760 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:01:06.0162 4760 MSDTC - ok
16:01:06.0201 4760 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:01:06.0202 4760 Msfs - ok
16:01:06.0210 4760 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:01:06.0212 4760 mshidkmdf - ok
16:01:06.0237 4760 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:01:06.0238 4760 msisadrv - ok
16:01:06.0281 4760 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:01:06.0284 4760 MSiSCSI - ok
16:01:06.0287 4760 msiserver - ok
16:01:06.0308 4760 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:01:06.0309 4760 MSKSSRV - ok
16:01:06.0322 4760 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:01:06.0323 4760 MSPCLOCK - ok
16:01:06.0342 4760 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:01:06.0343 4760 MSPQM - ok
16:01:06.0376 4760 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:01:06.0379 4760 MsRPC - ok
16:01:06.0404 4760 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:01:06.0405 4760 mssmbios - ok
16:01:06.0513 4760 MSSQL$SONY_MEDIAMGR - ok
16:01:06.0533 4760 MSSQLServerADHelper (cb7524c21727404bd3140dca32deb7de) C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
16:01:06.0535 4760 MSSQLServerADHelper - ok
16:01:06.0563 4760 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:01:06.0564 4760 MSTEE - ok
16:01:06.0576 4760 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:01:06.0577 4760 MTConfig - ok
16:01:06.0600 4760 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:01:06.0601 4760 Mup - ok
16:01:06.0642 4760 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:01:06.0649 4760 napagent - ok
16:01:06.0686 4760 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:01:06.0689 4760 NativeWifiP - ok
16:01:06.0776 4760 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
16:01:06.0781 4760 NDIS - ok
16:01:06.0799 4760 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:01:06.0800 4760 NdisCap - ok
16:01:06.0824 4760 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:01:06.0825 4760 NdisTapi - ok
16:01:06.0847 4760 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:01:06.0848 4760 Ndisuio - ok
16:01:06.0879 4760 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:01:06.0880 4760 NdisWan - ok
16:01:06.0906 4760 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:01:06.0907 4760 NDProxy - ok
16:01:06.0947 4760 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:01:06.0948 4760 NetBIOS - ok
16:01:06.0986 4760 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:01:06.0988 4760 NetBT - ok
16:01:07.0018 4760 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:01:07.0021 4760 Netlogon - ok
16:01:07.0070 4760 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:01:07.0076 4760 Netman - ok
16:01:07.0104 4760 NETMD760 (073ca66ace97cf980bdf2ed7ca40eee8) C:\Windows\system32\Drivers\NETMD760.sys
16:01:07.0105 4760 NETMD760 - ok
16:01:07.0171 4760 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:01:07.0177 4760 netprofm - ok
16:01:07.0260 4760 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:01:07.0262 4760 NetTcpPortSharing - ok
16:01:07.0292 4760 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:01:07.0293 4760 nfrd960 - ok
16:01:07.0354 4760 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:01:07.0359 4760 NlaSvc - ok
16:01:07.0395 4760 nmwcd (903681bab213d5f84717c0fc42afb28a) C:\Windows\system32\drivers\ccdcmbx64.sys
16:01:07.0395 4760 nmwcd - ok
16:01:07.0442 4760 nmwcdc (ec4c5ebd003e0395bf4ea5a2efd13ce6) C:\Windows\system32\drivers\ccdcmbox64.sys
16:01:07.0443 4760 nmwcdc - ok
16:01:07.0467 4760 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:01:07.0468 4760 Npfs - ok
16:01:07.0483 4760 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:01:07.0486 4760 nsi - ok
16:01:07.0499 4760 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:01:07.0500 4760 nsiproxy - ok
16:01:07.0575 4760 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:01:07.0584 4760 Ntfs - ok
16:01:07.0681 4760 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:01:07.0682 4760 Null - ok
16:01:08.0426 4760 nvlddmkm (db4f01aba1ff1379e64e997d9fc5c08b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:01:08.0494 4760 nvlddmkm - ok
16:01:08.0632 4760 nvpciflt (6fcf6d9b3c149c7cee6fef8b622765c5) C:\Windows\system32\DRIVERS\nvpciflt.sys
16:01:08.0633 4760 nvpciflt - ok
16:01:08.0680 4760 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:01:08.0682 4760 nvraid - ok
16:01:08.0706 4760 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:01:08.0708 4760 nvstor - ok
16:01:08.0771 4760 NVSvc (529153d4c83e6631b303ae183a34fbdb) C:\Windows\system32\nvvsvc.exe
16:01:08.0779 4760 NVSvc - ok
16:01:08.0909 4760 nvUpdatusService (e06dbb528ebb66c10bdda799af2cab37) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
16:01:08.0920 4760 nvUpdatusService - ok
16:01:09.0051 4760 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:01:09.0054 4760 nv_agp - ok
16:01:09.0160 4760 OAcat (de329a35128702a89231212e80719c19) C:\Program Files (x86)\Online Armor\OAcat.exe
16:01:09.0163 4760 OAcat - ok
16:01:09.0245 4760 OADevice (dc2ba715946d15824f95902e1079060e) C:\Windows\SysWow64\Drivers\OADriver.sys
16:01:09.0246 4760 OADevice - ok
16:01:09.0285 4760 oahlpXX (d3d6f8e53e464436da65482753a156ea) C:\Windows\syswow64\drivers\oahlp64.sys
16:01:09.0286 4760 oahlpXX - ok
16:01:09.0293 4760 OAmon (001f8621b05bb484418556502041970e) C:\Windows\SysWOW64\Drivers\OAmon.sys
16:01:09.0294 4760 OAmon - ok
16:01:09.0318 4760 OAnet (7d7076fd045a8e95fc2764d04be28326) C:\Windows\system32\DRIVERS\oanet.sys
16:01:09.0320 4760 OAnet - ok
16:01:09.0356 4760 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:01:09.0357 4760 ohci1394 - ok
16:01:09.0454 4760 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:01:09.0456 4760 ose64 - ok
16:01:09.0754 4760 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:01:09.0779 4760 osppsvc - ok
16:01:09.0875 4760 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:01:09.0881 4760 p2pimsvc - ok
16:01:09.0926 4760 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:01:09.0931 4760 p2psvc - ok
16:01:10.0054 4760 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
16:01:10.0056 4760 PACSPTISVR - ok
16:01:10.0110 4760 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:01:10.0112 4760 Parport - ok
16:01:10.0136 4760 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:01:10.0138 4760 partmgr - ok
16:01:10.0203 4760 PassThru Service (39b9dcd7040654c2e57d7396736c718e) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
16:01:10.0205 4760 PassThru Service - ok
16:01:10.0238 4760 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:01:10.0241 4760 PcaSvc - ok
16:01:10.0280 4760 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
16:01:10.0281 4760 pccsmcfd - ok
16:01:10.0314 4760 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:01:10.0316 4760 pci - ok
16:01:10.0329 4760 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:01:10.0330 4760 pciide - ok
16:01:10.0368 4760 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:01:10.0371 4760 pcmcia - ok
16:01:10.0396 4760 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:01:10.0398 4760 pcw - ok
16:01:10.0436 4760 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:01:10.0440 4760 PEAUTH - ok
16:01:10.0507 4760 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:01:10.0509 4760 PerfHost - ok
16:01:10.0648 4760 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:01:10.0658 4760 pla - ok
16:01:10.0714 4760 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:01:10.0721 4760 PlugPlay - ok
16:01:10.0753 4760 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:01:10.0757 4760 PNRPAutoReg - ok
16:01:10.0796 4760 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:01:10.0801 4760 PNRPsvc - ok
16:01:10.0839 4760 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:01:10.0843 4760 PolicyAgent - ok
16:01:10.0871 4760 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:01:10.0875 4760 Power - ok
16:01:10.0922 4760 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:01:10.0924 4760 PptpMiniport - ok
16:01:10.0953 4760 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:01:10.0954 4760 Processor - ok
16:01:10.0993 4760 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:01:10.0997 4760 ProfSvc - ok
16:01:11.0025 4760 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:01:11.0027 4760 ProtectedStorage - ok
16:01:11.0069 4760 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:01:11.0070 4760 Psched - ok
16:01:11.0096 4760 PxHlpa64 (5d6c8e778f0218fcd2cca0efbc9766ca) C:\Windows\system32\Drivers\PxHlpa64.sys
16:01:11.0097 4760 PxHlpa64 - ok
16:01:11.0188 4760 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:01:11.0196 4760 ql2300 - ok
16:01:11.0314 4760 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:01:11.0316 4760 ql40xx - ok
16:01:11.0349 4760 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:01:11.0353 4760 QWAVE - ok
16:01:11.0368 4760 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:01:11.0369 4760 QWAVEdrv - ok
16:01:11.0501 4760 RapportCerberus_32029 (68b15a9a2a35d7afa3bda1fb9edb84d0) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus64_32029.sys
16:01:11.0504 4760 RapportCerberus_32029 - ok
16:01:11.0544 4760 RapportEI64 (aac1408b2ce3ff3758193232eb40b4be) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
16:01:11.0545 4760 RapportEI64 - ok
16:01:11.0570 4760 RapportKE64 (66219968cf9793d808b70f284873f1f6) C:\Windows\system32\Drivers\RapportKE64.sys
16:01:11.0571 4760 RapportKE64 - ok
16:01:11.0611 4760 RapportMgmtService (12e51e0d2b3cd19f658db55d3a716f1b) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
16:01:11.0616 4760 RapportMgmtService - ok
16:01:11.0649 4760 RapportPG64 (9b54110518dae2097bc9c5e75e4dd7c0) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
16:01:11.0650 4760 RapportPG64 - ok
16:01:11.0678 4760 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:01:11.0679 4760 RasAcd - ok
16:01:11.0710 4760 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:01:11.0711 4760 RasAgileVpn - ok
16:01:11.0748 4760 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:01:11.0751 4760 RasAuto - ok
16:01:11.0788 4760 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:01:11.0790 4760 Rasl2tp - ok
16:01:11.0841 4760 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:01:11.0846 4760 RasMan - ok
16:01:11.0876 4760 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:01:11.0878 4760 RasPppoe - ok
16:01:11.0897 4760 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:01:11.0898 4760 RasSstp - ok
16:01:11.0937 4760 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:01:11.0939 4760 rdbss - ok
16:01:11.0959 4760 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:01:11.0960 4760 rdpbus - ok
16:01:11.0980 4760 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:01:11.0981 4760 RDPCDD - ok
16:01:12.0001 4760 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:01:12.0002 4760 RDPENCDD - ok
16:01:12.0018 4760 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:01:12.0020 4760 RDPREFMP - ok
16:01:12.0057 4760 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:01:12.0059 4760 RDPWD - ok
16:01:12.0097 4760 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:01:12.0098 4760 rdyboost - ok
16:01:12.0118 4760 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:01:12.0120 4760 RemoteAccess - ok
16:01:12.0151 4760 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:01:12.0155 4760 RemoteRegistry - ok
16:01:12.0185 4760 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:01:12.0186 4760 RFCOMM - ok
16:01:12.0291 4760 RichVideo (616f6e52cae254727a886ba8eda1beea) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
16:01:12.0294 4760 RichVideo - ok
16:01:12.0322 4760 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:01:12.0326 4760 RpcEptMapper - ok
16:01:12.0344 4760 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:01:12.0347 4760 RpcLocator - ok
16:01:12.0387 4760 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
16:01:12.0392 4760 RpcSs - ok
16:01:12.0426 4760 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:01:12.0428 4760 rspndr - ok
16:01:12.0456 4760 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:01:12.0458 4760 SamSs - ok
16:01:12.0511 4760 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
16:01:12.0512 4760 SASDIFSV - ok
16:01:12.0518 4760 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
16:01:12.0519 4760 SASKUTIL - ok
16:01:12.0540 4760 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:01:12.0542 4760 sbp2port - ok
16:01:12.0636 4760 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:01:12.0644 4760 SBSDWSCService - ok
16:01:12.0678 4760 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:01:12.0681 4760 SCardSvr - ok
16:01:12.0752 4760 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys
16:01:12.0753 4760 SCDEmu - ok
16:01:12.0777 4760 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:01:12.0778 4760 scfilter - ok
16:01:12.0846 4760 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:01:12.0856 4760 Schedule - ok
16:01:12.0901 4760 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:01:12.0903 4760 SCPolicySvc - ok
16:01:12.0933 4760 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:01:12.0937 4760 SDRSVC - ok
16:01:12.0998 4760 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:01:12.0999 4760 secdrv - ok
16:01:13.0025 4760 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:01:13.0028 4760 seclogon - ok
16:01:13.0063 4760 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
16:01:13.0066 4760 SENS - ok
16:01:13.0079 4760 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:01:13.0082 4760 SensrSvc - ok
16:01:13.0107 4760 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:01:13.0108 4760 Serenum - ok
16:01:13.0128 4760 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:01:13.0130 4760 Serial - ok
16:01:13.0168 4760 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:01:13.0169 4760 sermouse - ok
16:01:13.0280 4760 ServiceLayer (12b41d84a4d058adc60853c365dbfcca) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
16:01:13.0285 4760 ServiceLayer - ok
16:01:13.0332 4760 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:01:13.0336 4760 SessionEnv - ok
16:01:13.0361 4760 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:01:13.0362 4760 sffdisk - ok
16:01:13.0369 4760 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:01:13.0370 4760 sffp_mmc - ok
16:01:13.0375 4760 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:01:13.0376 4760 sffp_sd - ok
16:01:13.0409 4760 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:01:13.0410 4760 sfloppy - ok
16:01:13.0454 4760 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:01:13.0459 4760 SharedAccess - ok
16:01:13.0501 4760 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:01:13.0505 4760 ShellHWDetection - ok
16:01:13.0529 4760 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
16:01:13.0530 4760 SiSGbeLH - ok
16:01:13.0537 4760 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:01:13.0538 4760 SiSRaid2 - ok
16:01:13.0550 4760 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:01:13.0551 4760 SiSRaid4 - ok
16:01:13.0597 4760 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:01:13.0598 4760 Smb - ok
16:01:13.0654 4760 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:01:13.0657 4760 SNMPTRAP - ok
16:01:13.0771 4760 SNP2UVC (c98375d19f9e9966f6201bae65fb3728) C:\Windows\system32\DRIVERS\snp2uvc.sys
16:01:13.0780 4760 SNP2UVC - ok
16:01:13.0873 4760 SonicStage Back-End Service (977aaa4398d7d6fa65d973f5b3f54e40) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe
16:01:13.0875 4760 SonicStage Back-End Service - ok
16:01:13.0989 4760 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:01:13.0991 4760 spldr - ok
16:01:14.0039 4760 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:01:14.0047 4760 Spooler - ok
16:01:14.0223 4760 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:01:14.0243 4760 sppsvc - ok
16:01:14.0355 4760 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:01:14.0358 4760 sppuinotify - ok
16:01:14.0453 4760 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
16:01:14.0455 4760 SPTISRV - ok
16:01:14.0569 4760 SQLAgent$SONY_MEDIAMGR - ok
16:01:14.0635 4760 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:01:14.0638 4760 srv - ok
16:01:14.0690 4760 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:01:14.0692 4760 srv2 - ok
16:01:14.0714 4760 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:01:14.0715 4760 srvnet - ok
16:01:14.0754 4760 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:01:14.0758 4760 SSDPSRV - ok
16:01:14.0860 4760 SSScsiSV (756e371b3b86a3d3039926d32eac0e8d) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe
16:01:14.0862 4760 SSScsiSV - ok
16:01:14.0895 4760 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:01:14.0900 4760 SstpSvc - ok
16:01:14.0923 4760 Steam Client Service - ok
16:01:14.0949 4760 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:01:14.0950 4760 stexstor - ok
16:01:15.0005 4760 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:01:15.0012 4760 stisvc - ok
16:01:15.0237 4760 SvcOnlineArmor (1b3084951215439105deeb6fc2dd9f8b) C:\Program Files (x86)\Online Armor\oasrv.exe
16:01:15.0258 4760 SvcOnlineArmor - ok
16:01:15.0385 4760 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:01:15.0387 4760 swenum - ok
16:01:15.0569 4760 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:01:15.0572 4760 SwitchBoard - ok
16:01:15.0612 4760 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:01:15.0617 4760 swprv - ok
16:01:15.0734 4760 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:01:15.0745 4760 SysMain - ok
16:01:15.0857 4760 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:01:15.0862 4760 TabletInputService - ok
16:01:15.0890 4760 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:01:15.0894 4760 TapiSrv - ok
16:01:15.0922 4760 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:01:15.0925 4760 TBS - ok
16:01:16.0076 4760 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:01:16.0086 4760 Tcpip - ok
16:01:16.0331 4760 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:01:16.0341 4760 TCPIP6 - ok
16:01:16.0424 4760 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:01:16.0426 4760 tcpipreg - ok
16:01:16.0466 4760 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:01:16.0468 4760 TDPIPE - ok
16:01:16.0485 4760 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:01:16.0487 4760 TDTCP - ok
16:01:16.0519 4760 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:01:16.0520 4760 tdx - ok
16:01:16.0549 4760 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:01:16.0550 4760 TermDD - ok
16:01:16.0594 4760 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:01:16.0600 4760 TermService - ok
16:01:16.0621 4760 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:01:16.0625 4760 Themes - ok
16:01:16.0656 4760 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:01:16.0659 4760 THREADORDER - ok
16:01:16.0676 4760 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:01:16.0680 4760 TrkWks - ok
16:01:16.0727 4760 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:01:16.0729 4760 TrustedInstaller - ok
16:01:16.0761 4760 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:01:16.0762 4760 tssecsrv - ok
16:01:16.0799 4760 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:01:16.0800 4760 TsUsbFlt - ok
16:01:16.0843 4760 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:01:16.0845 4760 tunnel - ok
16:01:16.0901 4760 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
16:01:16.0903 4760 TurboB - ok
16:01:16.0972 4760 TurboBoost (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
16:01:16.0974 4760 TurboBoost - ok
16:01:17.0005 4760 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:01:17.0007 4760 uagp35 - ok
16:01:17.0049 4760 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:01:17.0053 4760 udfs - ok
16:01:17.0088 4760 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:01:17.0093 4760 UI0Detect - ok
16:01:17.0125 4760 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:01:17.0126 4760 uliagpkx - ok
16:01:17.0150 4760 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:01:17.0152 4760 umbus - ok
16:01:17.0190 4760 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:01:17.0192 4760 UmPass - ok
16:01:17.0235 4760 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:01:17.0240 4760 upnphost - ok
16:01:17.0273 4760 upperdev (7168819f30fe9622284ea19bde7f8ab4) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
16:01:17.0274 4760 upperdev - ok
16:01:17.0303 4760 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:01:17.0305 4760 usbaudio - ok
16:01:17.0335 4760 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:01:17.0337 4760 usbccgp - ok
16:01:17.0365 4760 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:01:17.0366 4760 usbcir - ok
16:01:17.0383 4760 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:01:17.0384 4760 usbehci - ok
16:01:17.0424 4760 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:01:17.0426 4760 usbhub - ok
16:01:17.0440 4760 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:01:17.0441 4760 usbohci - ok
16:01:17.0470 4760 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:01:17.0471 4760 usbprint - ok
16:01:17.0506 4760 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
16:01:17.0507 4760 usbser - ok
16:01:17.0549 4760 UsbserFilt (66c25cb20b2974e0c0cfdab49fb72a02) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
16:01:17.0550 4760 UsbserFilt - ok
16:01:17.0571 4760 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:01:17.0573 4760 USBSTOR - ok
16:01:17.0587 4760 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:01:17.0588 4760 usbuhci - ok
16:01:17.0632 4760 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:01:17.0634 4760 usbvideo - ok
16:01:17.0654 4760 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:01:17.0658 4760 UxSms - ok
16:01:17.0682 4760 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:01:17.0684 4760 VaultSvc - ok
16:01:17.0730 4760 VBoxDrv (03837b80ad5d8a00996148ad57c09791) C:\Windows\system32\DRIVERS\VBoxDrv.sys
16:01:17.0732 4760 VBoxDrv - ok
16:01:17.0780 4760 VBoxNetAdp (51cee8e2b356fdc351db20c87f25f5a8) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
16:01:17.0782 4760 VBoxNetAdp - ok
16:01:17.0803 4760 VBoxNetFlt (ce7e80c7367b2adaa023d9004c9f4691) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
16:01:17.0806 4760 VBoxNetFlt - ok
16:01:17.0868 4760 VBoxUSBMon (27c9a9f2fa94140ddcf7b9131e13e1b4) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
16:01:17.0871 4760 VBoxUSBMon - ok
16:01:17.0912 4760 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:01:17.0914 4760 vdrvroot - ok
16:01:17.0971 4760 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:01:17.0979 4760 vds - ok
16:01:18.0021 4760 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:01:18.0022 4760 vga - ok
16:01:18.0044 4760 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:01:18.0046 4760 VgaSave - ok
16:01:18.0085 4760 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:01:18.0087 4760 vhdmp - ok
16:01:18.0107 4760 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:01:18.0109 4760 viaide - ok
16:01:18.0151 4760 VideAceWindowsService (c37ce43fb54066ffb540729c6e6e194e) C:\ExpressGateUtil\VAWinService.exe
16:01:18.0153 4760 VideAceWindowsService - ok
16:01:18.0237 4760 VMCService (b3bfbb9c45bdaf3ecb4d1456f9017f95) C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
16:01:18.0238 4760 VMCService - ok
16:01:18.0261 4760 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:01:18.0263 4760 volmgr - ok
16:01:18.0307 4760 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:01:18.0310 4760 volmgrx - ok
16:01:18.0344 4760 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:01:18.0347 4760 volsnap - ok
16:01:18.0379 4760 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:01:18.0381 4760 vsmraid - ok
16:01:18.0503 4760 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:01:18.0513 4760 VSS - ok
16:01:18.0640 4760 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:01:18.0641 4760 vwifibus - ok
16:01:18.0653 4760 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:01:18.0654 4760 vwififlt - ok
16:01:18.0682 4760 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:01:18.0683 4760 vwifimp - ok
16:01:18.0743 4760 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:01:18.0748 4760 W32Time - ok
16:01:18.0770 4760 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:01:18.0771 4760 WacomPen - ok
16:01:18.0827 4760 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:01:18.0829 4760 WANARP - ok
16:01:18.0833 4760 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:01:18.0835 4760 Wanarpv6 - ok
16:01:18.0941 4760 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:01:18.0948 4760 WatAdminSvc - ok
16:01:19.0035 4760 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:01:19.0045 4760 wbengine - ok
16:01:19.0146 4760 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:01:19.0152 4760 WbioSrvc - ok
16:01:19.0196 4760 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:01:19.0202 4760 wcncsvc - ok
16:01:19.0224 4760 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:01:19.0228 4760 WcsPlugInService - ok
16:01:19.0279 4760 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:01:19.0281 4760 Wd - ok
16:01:19.0329 4760 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:01:19.0334 4760 Wdf01000 - ok
16:01:19.0373 4760 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:01:19.0377 4760 WdiServiceHost - ok
16:01:19.0379 4760 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:01:19.0383 4760 WdiSystemHost - ok
16:01:19.0426 4760 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:01:19.0432 4760 WebClient - ok
16:01:19.0462 4760 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:01:19.0466 4760 Wecsvc - ok
16:01:19.0488 4760 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:01:19.0492 4760 wercplsupport - ok
16:01:19.0520 4760 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:01:19.0523 4760 WerSvc - ok
16:01:19.0593 4760 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:01:19.0594 4760 WfpLwf - ok
16:01:19.0635 4760 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
16:01:19.0636 4760 WimFltr - ok
16:01:19.0651 4760 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:01:19.0652 4760 WIMMount - ok
16:01:19.0695 4760 WinDefend - ok
16:01:19.0700 4760 WinHttpAutoProxySvc - ok
16:01:19.0762 4760 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:01:19.0765 4760 Winmgmt - ok
16:01:19.0872 4760 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:01:19.0885 4760 WinRM - ok
16:01:20.0017 4760 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:01:20.0019 4760 WinUsb - ok
16:01:20.0083 4760 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:01:20.0091 4760 Wlansvc - ok
16:01:20.0177 4760 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:01:20.0178 4760 wlcrasvc - ok
16:01:20.0322 4760 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:01:20.0333 4760 wlidsvc - ok
16:01:20.0426 4760 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:01:20.0427 4760 WmiAcpi - ok
16:01:20.0481 4760 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:01:20.0483 4760 wmiApSrv - ok
16:01:20.0530 4760 WMPNetworkSvc - ok
16:01:20.0569 4760 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:01:20.0574 4760 WPCSvc - ok
16:01:20.0625 4760 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:01:20.0628 4760 WPDBusEnum - ok
16:01:20.0644 4760 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:01:20.0645 4760 ws2ifsl - ok
16:01:20.0659 4760 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
16:01:20.0663 4760 wscsvc - ok
16:01:20.0666 4760 WSearch - ok
16:01:20.0783 4760 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:01:20.0800 4760 wuauserv - ok
16:01:20.0902 4760 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:01:20.0905 4760 WudfPf - ok
16:01:20.0944 4760 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:01:20.0946 4760 WUDFRd - ok
16:01:20.0975 4760 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:01:20.0978 4760 wudfsvc - ok
16:01:21.0019 4760 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:01:21.0025 4760 WwanSvc - ok
16:01:21.0123 4760 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:01:21.0212 4760 \Device\Harddisk0\DR0 - ok
16:01:21.0215 4760 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
16:01:21.0218 4760 \Device\Harddisk1\DR1 - ok
16:01:21.0223 4760 MBR (0x1B8) (95942cee6b38d1b2bcb8f614759da03f) \Device\Harddisk2\DR2
16:01:31.0010 4760 \Device\Harddisk2\DR2 - ok
16:01:31.0076 4760 Boot (0x1200) (5695c82d7e0431652ea16f8eb48b01da) \Device\Harddisk0\DR0\Partition0
16:01:31.0079 4760 \Device\Harddisk0\DR0\Partition0 - ok
16:01:31.0106 4760 Boot (0x1200) (95d652eb7997ac6494c4e7ef7c26e849) \Device\Harddisk0\DR0\Partition1
16:01:31.0108 4760 \Device\Harddisk0\DR0\Partition1 - ok
16:01:31.0444 4760 Boot (0x1200) (da959f4b9bf7a3a6803248ac4539164a) \Device\Harddisk1\DR1\Partition0
16:01:31.0524 4760 \Device\Harddisk1\DR1\Partition0 - ok
16:01:31.0529 4760 Boot (0x1200) (9503eecb8045e8fdd2465ff5476044fa) \Device\Harddisk1\DR1\Partition1
16:01:31.0532 4760 \Device\Harddisk1\DR1\Partition1 - ok
16:01:31.0533 4760 ============================================================
16:01:31.0533 4760 Scan finished
16:01:31.0533 4760 ============================================================
16:01:31.0547 7312 Detected object count: 0
16:01:31.0547 7312 Actual detected object count: 0










aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-08 16:03:29
-----------------------------
16:03:29.628 OS Version: Windows x64 6.1.7601 Service Pack 1
16:03:29.628 Number of processors: 8 586 0x2A07
16:03:29.628 ComputerName: RAZORLINE UserName: porl
16:03:30.233 Initialize success
16:03:30.772 AVAST engine defs: 12050601
16:03:59.711 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:03:59.713 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
16:03:59.716 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
16:03:59.717 Disk 1 Vendor: ST950032 0003 Size: 476940MB BusType: 3
16:03:59.733 Disk 0 MBR read successfully
16:03:59.736 Disk 0 MBR scan
16:03:59.738 Disk 0 Windows 7 default MBR code
16:03:59.746 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
16:03:59.766 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 202291 MB offset 52430848
16:03:59.783 Disk 0 Partition - 00 0F Extended LBA 249048 MB offset 466722816
16:03:59.806 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 249047 MB offset 466724864
16:03:59.839 Disk 0 scanning C:\Windows\system32\drivers
16:04:13.414 Service scanning
16:04:37.651 Modules scanning
16:04:37.867 Disk 0 trace - called modules:
16:04:37.933 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys
16:04:37.939 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006939790]
16:04:37.945 3 CLASSPNP.SYS[fffff88001bb443f] -> nt!IofCallDriver -> [0xfffffa80062d9680]
16:04:37.950 5 ACPI.sys[fffff88000ebe7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800666e050]
16:04:38.410 AVAST engine scan C:\Windows
16:04:41.580 AVAST engine scan C:\Windows\system32
16:07:15.516 AVAST engine scan C:\Windows\system32\drivers
16:07:28.305 AVAST engine scan C:\Users\porl
16:14:49.082 AVAST engine scan C:\ProgramData
16:17:20.089 Scan finished successfully
16:18:59.066 Disk 0 MBR has been saved successfully to "C:\Users\porl\Desktop\MBR.dat"
16:18:59.071 The log file has been saved successfully to "C:\Users\porl\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:52 PM

Posted 08 May 2012 - 12:05 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Veoh Networks\

Firefox::
FF - ProfilePath - c:\users\porl\AppData\Roaming\Mozilla\Firefox\Profiles\grsu1r7d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://3.home/indexf.asp|http://watchseries.eu/letters/A

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 quasar775

quasar775
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 08 May 2012 - 01:01 PM

Also seem to have SweetIM on the drive, is this considered a threat?
Internet connection is still causing the blue screen reboot.



ComboFix 12-05-08.01 - porl 08/05/2012 18:37:58.5.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6055.3364 [GMT 1:00]
Running from: c:\users\porl\Desktop\ComboFix\ComboFix.exe
Command switches used :: c:\users\porl\Desktop\ComboFix\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: Online Armor Firewall *Disabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Veoh Networks
c:\program files (x86)\Veoh Networks\VeohWebPlayer\ConduitInstaller_veoh.exe
c:\program files (x86)\Veoh Networks\VeohWebPlayer\fullscreen_client.swf
c:\program files (x86)\Veoh Networks\VeohWebPlayer\Giraffic_Log_2012-02-22_(22-34-53-39534).log
c:\program files (x86)\Veoh Networks\VeohWebPlayer\GoogleAnalizerConnector.exe
c:\program files (x86)\Veoh Networks\VeohWebPlayer\imageformats\Microsoft.VC90.CRT.manifest
c:\program files (x86)\Veoh Networks\VeohWebPlayer\imageformats\msvcr90.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\IPCClient.exe
c:\program files (x86)\Veoh Networks\VeohWebPlayer\libeay32.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\linker.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\Microsoft.VC90.CRT.manifest
c:\program files (x86)\Veoh Networks\VeohWebPlayer\modern_smalldesc.exe
c:\program files (x86)\Veoh Networks\VeohWebPlayer\msvcm90.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\msvcp90.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\msvcr90.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\OCSetupHlp.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\phonon4.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\qlipso_GirafficInstall0.86.126.230.exe
c:\program files (x86)\Veoh Networks\VeohWebPlayer\qlps-qlipso-sntb.exe
c:\program files (x86)\Veoh Networks\VeohWebPlayer\QtCore4.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\QtGui4.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\QtNetwork4.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\QtScript4.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\qtveohtvplugin_jpn.qm
c:\program files (x86)\Veoh Networks\VeohWebPlayer\QtWebKit4.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\QtXmlPatterns4.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\close2.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_bar_center.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_bar_left.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_bar_right.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_border_horiz.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_border_vert_left.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_border_vert_right.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button_edit.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button_email.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button_large.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button_large_white.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button_small.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_button_white.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_corner_bottom_left.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_corner_bottom_right.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\dialog\dialog_TabButton.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\AddVideosButton.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\close.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\downloadsbutton.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\LeftBottomFrame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\LeftTopFrame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\librarybutton.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\logobutton.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\maximize.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\menubutton.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\MiddleBottomFrame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\MiddleLeftFrame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\MiddleRightFrame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\MiddleTopFrame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\minimize.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\RightBottomFrame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\RightTopFrame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\SpacerBottomFrame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\forms\uploadsbutton.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\add_content_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\added_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\border_bottom.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\border_left.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\border_right.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\border_top.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\clear_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\corner_bottom_left.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\corner_bottom_right.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\corner_top_right.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\defaultvideo.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\dialog_button_download.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\dialog_button_edit.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\dialog_button_email.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Action_Delete.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Action_Delete_Selected.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Action_Play.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Action_Play_Selected.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\download_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Status_Completed.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Status_Downloading.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Download_Status_Paused.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\length_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\library_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\list_view_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\loadingscreen.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\logo.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\NavSub_Search.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\pause_all_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\playlist_drag.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\publish_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\resume_all_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\thumb_view_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\title_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\toaster_close.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\trayicon.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\try_again_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Video_Action_edit.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Video_Action_find.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Video_Action_Lock.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Video_Action_Play.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Video_Action_Rate.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\Video_Action_Unlock.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\videothumb.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\VideoThumb_New.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\images\visit_veoh_bu.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\download_frame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\LibraryMsg_frame.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_Add.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_ClearCompleted.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_PauseAll.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_Playlist.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_PlaylistHide.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_PlaylistShow.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_ResumeAll.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_Search.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_ToggleLists.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_ToggleLists2.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_ToggleThumbs.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_ToggleThumbs2.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\NavSub_View.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\playlist_button_bar.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\Playlist_Clear.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\Playlist_PlayAll.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\PublishPleaseWait.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\SortArrow.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\TopicBar_New.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\TopicBar_Options.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\TrashIcon.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\UpDown.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\Video_Hightlight_Default.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\Video_Hightlight_List.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\video_saved.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\VideoThumb_New.png
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\library\VideoThumb_Shadow.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\Exit.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\FS_Bottom_Bg.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\FS_Bottom_Exit.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\FS_Top_Bg.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\FS_Top_Exit.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\FullScreen.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\mute.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\next.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\pause.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_Bg.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_ControlsStop.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_VolumeFilled.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_VolumeMute.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_VolumeNotFilled.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_VolumeRight.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_VolumeScrub.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Bottom_VolumeUnmute.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Duration_Background.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Timeline_AdMarker.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Timeline_Downloaded.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Timeline_Filled.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Timeline_NotFilled.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Timeline_Scrub.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\PB_Top_Bg.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\play.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\previous.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\qlipso_GirafficInstall0.86.126.230.exe
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\Stop.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\VolumeDown.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\VolumeText.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\Playback\VolumeUp.jpg
c:\program files (x86)\Veoh Networks\VeohWebPlayer\skins\black\skin.xml
c:\program files (x86)\Veoh Networks\VeohWebPlayer\ssleay32.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\uninst.exe
c:\program files (x86)\Veoh Networks\VeohWebPlayer\vcredist_x86.exe
c:\program files (x86)\Veoh Networks\VeohWebPlayer\VeohCompassInstall.dll
c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
c:\program files (x86)\Veoh Networks\VeohWebPlayer\Win32ImageGrabber.exe
c:\program files (x86)\Veoh Networks\VeohWebPlayer\Zugo.bmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-08 17:45 . 2012-05-08 17:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-08 17:45 . 2012-05-08 17:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-06 20:52 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4FB64F70-653F-4B30-882C-ABE71C520C97}\mpengine.dll
2012-04-19 03:09 . 2012-04-19 03:09 -------- d-----w- C:\_OTL
2012-04-15 21:37 . 2012-04-17 18:36 -------- d-----w- c:\programdata\OnlineArmor
2012-04-15 21:37 . 2012-04-15 21:37 -------- d-----w- c:\users\porl\AppData\Roaming\OnlineArmor
2012-04-15 21:36 . 2012-02-10 13:33 59176 ----a-w- c:\windows\SysWow64\drivers\oahlp64.sys
2012-04-15 21:36 . 2012-02-10 13:33 32920 ----a-w- c:\windows\system32\drivers\OAnet.sys
2012-04-15 21:36 . 2012-02-10 13:33 59176 ----a-w- c:\windows\SysWow64\drivers\OADriver.sys
2012-04-15 21:36 . 2012-02-10 13:33 38064 ----a-w- c:\windows\SysWow64\drivers\OAmon.sys
2012-04-15 21:35 . 2012-05-08 15:00 -------- d-----w- c:\program files (x86)\Online Armor
2012-04-15 18:53 . 2012-04-15 18:53 -------- d-----w- c:\users\porl\AppData\Roaming\QFX Software
2012-04-15 18:53 . 2012-04-15 18:53 -------- d-----w- c:\programdata\QFX Software
2012-04-15 18:39 . 2012-04-15 18:39 -------- d-----w- c:\users\porl\AppData\Roaming\SUPERAntiSpyware.com
2012-04-15 18:38 . 2012-04-17 19:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-15 18:38 . 2012-04-15 18:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-15 18:37 . 2012-04-15 18:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2
2012-04-15 18:34 . 2012-04-15 18:34 -------- d-----w- c:\users\porl\AppData\Roaming\IObit
2012-04-15 18:34 . 2012-04-15 18:34 -------- d-----w- c:\program files (x86)\IObit
2012-04-15 18:33 . 2011-12-15 00:46 222904 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2012-04-15 18:33 . 2012-04-15 18:33 -------- d-----w- c:\program files (x86)\KeyScrambler
2012-04-15 18:28 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-15 18:28 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-15 18:28 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-15 18:28 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-15 18:28 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-15 18:28 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-15 18:28 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-15 18:28 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-15 18:28 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-15 18:28 . 2012-04-15 18:28 -------- d-----w- c:\programdata\AVAST Software
2012-04-15 18:28 . 2012-04-15 18:28 -------- d-----w- c:\program files\AVAST Software
2012-04-15 18:26 . 2012-04-15 18:26 -------- d-----w- c:\program files\CCleaner
2012-04-14 18:42 . 2012-04-14 18:42 -------- d-----w- c:\users\porl\Tracing
2012-04-14 18:41 . 2012-04-19 02:15 -------- d-----w- c:\program files (x86)\Optimizer Pro
2012-04-14 18:41 . 2012-04-19 13:58 -------- d-----w- c:\programdata\SweetIM
2012-04-14 18:41 . 2012-04-19 13:53 -------- d-----w- c:\program files (x86)\SweetIM
2012-04-12 07:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 07:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 07:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 19:57 . 2012-04-11 20:01 -------- d-----w- c:\users\porl\.VirtualBox
2012-04-11 19:56 . 2012-04-03 13:19 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-04-11 19:54 . 2012-04-03 13:19 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-04-11 19:54 . 2012-04-11 19:54 -------- d-----w- c:\program files\Oracle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 20:51 . 2011-06-14 20:36 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-06 20:51 . 2011-06-02 22:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-06 20:50 . 2011-06-14 20:10 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-04-19 03:11 . 2011-05-22 13:42 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-04-15 22:22 . 2011-06-02 22:08 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-15 22:12 . 2011-06-14 20:10 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-04-08 20:38 . 2011-06-01 13:17 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-04 14:56 . 2011-11-21 20:20 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 13:19 . 2012-04-03 13:19 166192 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-04-03 13:19 . 2012-04-03 13:19 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-04-03 13:19 . 2012-04-03 13:19 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-04-01 16:15 . 2012-04-01 16:15 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-03 00:35 . 2012-03-03 00:35 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-27 20:14 . 2010-05-27 12:36 19456 ----a-w- c:\windows\system32\drivers\NETMD760.sys
2012-02-23 09:18 . 2011-05-22 17:07 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-21 18:37 . 2011-10-01 20:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-17 06:38 . 2012-03-13 20:00 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 20:00 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 20:00 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 20:00 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 17:55 . 2012-02-14 17:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 17:55 . 2012-02-14 17:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe
2012-02-14 17:55 . 2012-02-14 17:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-14 17:55 . 2012-02-14 17:55 440600 ----a-w- c:\windows\system32\igfxpers.exe
2012-02-14 17:55 . 2012-02-14 17:55 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-02-14 17:55 . 2012-02-14 17:55 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-02-14 17:55 . 2012-02-14 17:55 184600 ----a-w- c:\windows\system32\difx64.exe
2012-02-14 17:55 . 2012-02-14 17:55 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-02-14 17:53 . 2012-02-14 17:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll
2012-02-14 17:47 . 2012-02-14 17:47 8086528 ----a-w- c:\windows\system32\igdumd64.dll
2012-02-14 17:47 . 2012-02-14 17:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-02-14 17:47 . 2012-02-14 17:47 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-02-14 17:47 . 2012-02-14 17:47 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-02-14 17:47 . 2012-02-14 17:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-02-14 17:44 . 2011-02-12 02:19 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-02-14 17:44 . 2012-02-14 17:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-02-14 17:42 . 2011-02-12 02:19 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-02-14 17:35 . 2011-03-26 00:02 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-02-14 17:07 . 2012-02-14 17:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll
2012-02-14 16:59 . 2011-08-31 19:26 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-02-14 16:57 . 2012-02-14 16:57 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-02-14 16:57 . 2012-02-14 16:57 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-02-14 16:57 . 2012-02-14 16:57 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-02-14 16:57 . 2012-02-14 16:57 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-02-14 16:57 . 2012-02-14 16:57 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-02-14 16:57 . 2012-02-14 16:57 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-02-14 16:57 . 2012-02-14 16:57 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-02-14 16:57 . 2012-02-14 16:57 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-02-14 16:57 . 2012-02-14 16:57 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-02-14 16:57 . 2012-02-14 16:57 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-02-14 16:57 . 2012-02-14 16:57 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-02-14 16:57 . 2012-02-14 16:57 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-02-14 16:57 . 2012-02-14 16:57 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-02-14 16:57 . 2012-02-14 16:57 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-02-14 16:57 . 2012-02-14 16:57 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-02-14 16:57 . 2012-02-14 16:57 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-02-14 16:57 . 2012-02-14 16:57 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-02-14 16:57 . 2011-02-12 02:19 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-14 16:56 . 2011-02-12 02:19 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-02-14 16:56 . 2012-02-14 16:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-02-14 16:56 . 2012-02-14 16:56 430080 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-14 16:56 . 2012-02-14 16:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-02-14 16:56 . 2012-02-14 16:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-14 16:56 . 2012-02-14 16:56 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-02-14 16:56 . 2011-02-12 02:19 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-02-14 16:55 . 2012-02-14 16:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-02-14 16:54 . 2012-02-14 16:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-02-14 16:53 . 2012-02-14 16:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-02-14 16:53 . 2012-02-14 16:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-02-14 16:53 . 2012-02-14 16:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-02-14 16:53 . 2012-02-14 16:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-02-14 16:53 . 2012-02-14 16:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-02-14 16:53 . 2012-02-14 16:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-02-14 16:53 . 2012-02-14 16:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-02-14 16:53 . 2012-02-14 16:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-02-10 06:36 . 2012-03-14 19:15 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 19:15 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-19_00.51.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-19 00:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-08 14:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-19 00:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-08 14:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-21 15:39 . 2012-04-19 15:13 69018 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-08 14:03 44480 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-22 13:43 . 2012-05-08 14:03 19794 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2343688015-1009920738-1680396079-1001_UserData.bin
- 2011-05-23 04:33 . 2012-04-19 00:38 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-23 04:33 . 2012-05-08 14:07 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-23 04:33 . 2012-04-19 00:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-23 04:33 . 2012-05-08 14:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-08 14:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-19 00:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-08 09:10 . 2012-05-08 14:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-19 00:30 . 2012-04-19 00:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-08 09:10 . 2012-05-08 14:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-19 00:30 . 2012-04-19 00:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-21 23:45 . 2012-04-19 00:30 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-11-21 23:45 . 2012-05-08 09:33 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-05-08 14:01 983040 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-19 00:33 983040 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-30 13:08 . 2012-05-08 13:10 388922 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-05-22 16:49 . 2012-04-19 11:13 300034 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-05-08 14:51 666442 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-19 00:38 666442 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-08 14:51 125852 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-19 00:38 125852 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2012-04-14 02:38 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-05-06 21:18 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-05-06 23:27 348500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-17 01:42 348500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-22 17:46 . 2012-04-15 18:49 1262428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2343688015-1009920738-1680396079-1001-12288.dat
+ 2011-05-22 17:46 . 2012-04-19 14:10 1262428 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2343688015-1009920738-1680396079-1001-12288.dat
- 2011-05-22 15:07 . 2012-04-17 01:42 33904456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2343688015-1009920738-1680396079-1001-8192.dat
+ 2011-05-22 15:07 . 2012-05-06 19:39 33904456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2343688015-1009920738-1680396079-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2C84B864-4961-40B0-9AFC-C7494E07F83F}]
c:\programdata\Codecv\bhoclass.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-02-19 13:46 1337648 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-02-19 1337648]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="c:\program files (x86)\3MobileWiFi\3MobileWiFi" [X]
"NokiaOviSuite2"="c:\program files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-05-20 724536]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-21 1242448]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-17 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-01-21 40448]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-01-17 191304]
"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-12 75048]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-24 222504]
"NokiaMusic FastStart"="c:\program files (x86)\Nokia\Ovi Player\NokiaOviPlayer.exe" [2009-11-06 2090272]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-03-13 2060288]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-01 634880]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware2\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-1-12 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-4-21 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 oahlpXX;Online Armor helper driver;c:\windows\syswow64\drivers\oahlp64.sys [2012-02-10 59176]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/04/21 09:04;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R2 SvcOnlineArmor;Online Armor;c:\program files (x86)\Online Armor\oasrv.exe [2012-02-10 4369208]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 NETMD760;Net MD;c:\windows\system32\Drivers\NETMD760.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 OADevice;OADriver;c:\windows\SysWow64\Drivers\OADriver.sys [2012-02-10 59176]
S1 OAmon;OAmon;c:\windows\SysWOW64\Drivers\OAmon.sys [2012-02-10 38064]
S1 RapportCerberus_32029;RapportCerberus_32029;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus64_32029.sys [2011-10-18 396816]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-07-07 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-07-07 61712]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [2011-10-26 37280]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Atheros\Ath_CoexAgent.exe [2010-05-24 151552]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [2010-11-26 52896]
S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-03-23 1740696]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-01-22 2230416]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware2\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-10 1997416]
S2 OAcat;Online Armor Helper Service;c:\program files (x86)\Online Armor\OAcat.exe [2012-02-10 208472]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-07-07 919352]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-01-17 91464]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-03-13 24576]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 06197249
*NewlyCreated* - 31153607
*Deregistered* - 06197249
*Deregistered* - 31153607
*Deregistered* - aswMBR
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 15:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-10-13 2168424]
"AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [2010-11-26 613536]
"AthBtTray"="c:\program files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-11-26 379040]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2010-01-21 909824]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]
"@OnlineArmor GUI"="c:\program files (x86)\Online Armor\oaui.exe" [2012-02-10 2645440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{9FB83F74-0407-43B0-8A85-550F17380B66}: NameServer = 217.171.135.1 217.171.132.1
FF - ProfilePath - c:\users\porl\AppData\Roaming\Mozilla\Firefox\Profiles\grsu1r7d.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-VeohPlugin - c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
AddRemove-Veoh Web Player Beta - c:\program files (x86)\Veoh Networks\VeohWebPlayer\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-08 18:48:11
ComboFix-quarantined-files.txt 2012-05-08 17:48
ComboFix2.txt 2012-05-08 13:52
ComboFix3.txt 2012-04-19 02:54
ComboFix4.txt 2012-04-19 00:54
.
Pre-Run: 41,087,664,128 bytes free
Post-Run: 41,081,802,752 bytes free
.
- - End Of File - - 7AB577714815DB21264B52281C3F0ACA

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:52 PM

Posted 09 May 2012 - 12:39 AM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 quasar775

quasar775
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 09 May 2012 - 04:16 AM

Windows IP Configuration

Host Name . . . . . . . . . . . . : razorline
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 82-B9-A5-68-35-33
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : F4-6D-04-BA-45-95
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9002WB-1NG Wireless Network Adapter
Physical Address. . . . . . . . . : E0-B9-A5-68-35-33
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2
Physical Address. . . . . . . . . : E0-B9-A5-68-9F-7F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter VirtualBox Host-Only Network:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-2C-60
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::49d8:2dd4:77a3:98b2%36(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 805830695
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-42-09-BB-E0-B9-A5-68-35-33
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{428E43A6-B33C-49E5-9266-5A9C9004C83A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{47344262-6B31-4C2C-8DD9-50CEA5ADB266}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{CC63B3E2-7736-45AE-9699-A263CE737F5E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5F8220C3-99F9-47C9-AD27-2BCA19F1C7FD}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{60C69351-90F3-40C0-A95A-83D8241703DE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.
Ping request could not find host yahoo.com. Please check the name and try again.
===========================================================================
Interface List
18...82 b9 a5 68 35 33 ......Microsoft Virtual WiFi Miniport Adapter
15...f4 6d 04 ba 45 95 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
14...e0 b9 a5 68 35 33 ......Atheros AR9002WB-1NG Wireless Network Adapter
12...e0 b9 a5 68 9f 7f ......Bluetooth Device (Personal Area Network) #2
36...08 00 27 00 2c 60 ......VirtualBox Host-Only Ethernet Adapter
1...........................Software Loopback Interface 1
25...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
31...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
36 276 fe80::/64 On-link
36 276 fe80::49d8:2dd4:77a3:98b2/128
On-link
1 306 ff00::/8 On-link
36 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:52 PM

Posted 09 May 2012 - 07:39 AM

After you have run these steps - you need to let me know how the computer is doing

Resetting Router


  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 quasar775

quasar775
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 09 May 2012 - 08:34 AM

No change, still getting the blue screen.



Windows IP Configuration

Host Name . . . . . . . . . . . . : razorline
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 82-B9-A5-68-35-33
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : F4-6D-04-BA-45-95
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9002WB-1NG Wireless Network Adapter
Physical Address. . . . . . . . . : E0-B9-A5-68-35-33
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #2
Physical Address. . . . . . . . . : E0-B9-A5-68-9F-7F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter VirtualBox Host-Only Network:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-2C-60
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::49d8:2dd4:77a3:98b2%36(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 805830695
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-42-09-BB-E0-B9-A5-68-35-33
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{428E43A6-B33C-49E5-9266-5A9C9004C83A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{47344262-6B31-4C2C-8DD9-50CEA5ADB266}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{CC63B3E2-7736-45AE-9699-A263CE737F5E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5F8220C3-99F9-47C9-AD27-2BCA19F1C7FD}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{60C69351-90F3-40C0-A95A-83D8241703DE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #7
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.
Ping request could not find host yahoo.com. Please check the name and try again.
===========================================================================
Interface List
18...82 b9 a5 68 35 33 ......Microsoft Virtual WiFi Miniport Adapter
15...f4 6d 04 ba 45 95 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
14...e0 b9 a5 68 35 33 ......Atheros AR9002WB-1NG Wireless Network Adapter
12...e0 b9 a5 68 9f 7f ......Bluetooth Device (Personal Area Network) #2
36...08 00 27 00 2c 60 ......VirtualBox Host-Only Ethernet Adapter
1...........................Software Loopback Interface 1
25...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
30...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
31...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #7
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
36 276 fe80::/64 On-link
36 276 fe80::49d8:2dd4:77a3:98b2/128
On-link
1 306 ff00::/8 On-link
36 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#14 quasar775

quasar775
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 11 May 2012 - 09:19 AM

Hello Gringo, I ran the batch file in safemode with an active internet connection and got some different results, don't know if they will help.


Windows IP Configuration

Host Name . . . . . . . . . . . . : razorline
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 82-B9-A5-68-35-33
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : F4-6D-04-BA-45-95
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9002WB-1NG Wireless Network Adapter
Physical Address. . . . . . . . . : E0-B9-A5-68-35-33
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::959c:8ec4:e8fa:b4b0%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 11 May 2012 15:11:35
Lease Expires . . . . . . . . . . : 12 May 2012 15:11:35
Default Gateway . . . . . . . . . : fe80::28d3:fa2f:d368:fb2%14
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 333494693
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-42-09-BB-E0-B9-A5-68-35-33
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VirtualBox Host-Only Network:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-2C-60
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::49d8:2dd4:77a3:98b2%36(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 805830695
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-42-09-BB-E0-B9-A5-68-35-33
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{47344262-6B31-4C2C-8DD9-50CEA5ADB266}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.41.69
173.194.41.70
173.194.41.71
173.194.41.72
173.194.41.73
173.194.41.78
173.194.41.64
173.194.41.65
173.194.41.66
173.194.41.67
173.194.41.68

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140


Pinging google.com [173.194.41.68] with 32 bytes of data:
Reply from 173.194.41.68: bytes=32 time=214ms TTL=58
Reply from 173.194.41.68: bytes=32 time=189ms TTL=58

Ping statistics for 173.194.41.68:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 189ms, Maximum = 214ms, Average = 201ms

Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=326ms TTL=48
Reply from 72.30.38.140: bytes=32 time=537ms TTL=48

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 326ms, Maximum = 537ms, Average = 431ms
===========================================================================
Interface List
18...82 b9 a5 68 35 33 ......Microsoft Virtual WiFi Miniport Adapter
15...f4 6d 04 ba 45 95 ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
14...e0 b9 a5 68 35 33 ......Atheros AR9002WB-1NG Wireless Network Adapter
36...08 00 27 00 2c 60 ......VirtualBox Host-Only Ethernet Adapter
1...........................Software Loopback Interface 1
25...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
29...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.102 281
192.168.1.102 255.255.255.255 On-link 192.168.1.102 281
192.168.1.255 255.255.255.255 On-link 192.168.1.102 281
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 192.168.1.102 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 192.168.1.102 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 281 ::/0 fe80::28d3:fa2f:d368:fb2
1 306 ::1/128 On-link
36 276 fe80::/64 On-link
14 281 fe80::/64 On-link
36 276 fe80::49d8:2dd4:77a3:98b2/128
On-link
14 281 fe80::959c:8ec4:e8fa:b4b0/128
On-link
1 306 ff00::/8 On-link
36 276 ff00::/8 On-link
14 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#15 quasar775

quasar775
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 21 May 2012 - 01:11 PM

Hello Gringo, haven't heard from you in a while...was wondering if you are still able to help me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users