Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Require a closer look a possible Google search infection?


  • This topic is locked This topic is locked
24 replies to this topic

#1 VicVegas

VicVegas

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornville, USA
  • Local time:06:09 PM

Posted 21 May 2012 - 12:36 PM

Original thread was here.

I'm here after having attempted to deal with an issue where Google search has been behaving oddly, where for some reason it stops working periodically. I was told to post DDS and GMER logs, however GMER would not allow me to alter certain check boxes, most likely because I'm running Windows 7 in 64 bit, so I'll not be running it.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.1
Run by Owner at 12:07:59 on 2012-05-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6056.4687 [GMT -5:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\SuperAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://samsung.msn.com
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
BHO: MRI_DISABLED - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Samsung PanelMgr] "C:\Windows\Samsung\PanelMgr\SSMMgr.exe" /autorun
mRun: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared files\brs.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
uPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
uPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
uPolicies-explorer: NoFile = 0 (0x0)
uPolicies-explorer: HideClock = 0 (0x0)
uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
uPolicies-explorer: NoDFSTab = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoEncryptOnMove = 0 (0x0)
uPolicies-explorer: NoResolveTrack = 0 (0x0)
uPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
mPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
mPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
mPolicies-explorer: NoFile = 0 (0x0)
mPolicies-explorer: HideClock = 0 (0x0)
mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
mPolicies-explorer: NoDFSTab = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoEncryptOnMove = 0 (0x0)
mPolicies-explorer: NoResolveTrack = 0 (0x0)
mPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
dPolicies-explorer: NoViewOnDrive = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRun = 0 (0x0)
dPolicies-explorer: DisableLocalMachineRunOnce = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRun = 0 (0x0)
dPolicies-explorer: DisableCurrentUserRunOnce = 0 (0x0)
dPolicies-explorer: NoFile = 0 (0x0)
dPolicies-explorer: HideClock = 0 (0x0)
dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)
dPolicies-explorer: NoDFSTab = 0 (0x0)
dPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoEncryptOnMove = 0 (0x0)
dPolicies-explorer: NoResolveTrack = 0 (0x0)
dPolicies-explorer: NoStartMenuSubFolders = 0 (0x0)
dPolicies-system: NoDispAppearancePage = 0 (0x0)
dPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
TCP: DhcpNameServer = 97.64.168.12 97.64.183.165
TCP: Interfaces\{2287089B-49F8-4E14-BB90-FADA8A77A34C} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{5ECF6964-5134-48AE-9AE2-42FB06D7F5A3} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{5ECF6964-5134-48AE-9AE2-42FB06D7F5A3} : DhcpNameServer = 97.64.168.12 97.64.183.165
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
BHO-X64: MRI_DISABLED - No File
BHO-X64: AcroIEHelperStub - No File
BHO-X64: W2PBrowser Browser Helper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Samsung PanelMgr] "C:\Windows\Samsung\PanelMgr\SSMMgr.exe" /autorun
mRun-x64: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared files\brs.exe"
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ue9zhuio.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-8-31 408576]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;\??\C:\Windows\system32\Drivers\SABI.sys --> C:\Windows\system32\Drivers\SABI.sys [?]
R1 SASDIFSV;SASDIFSV;C:\SuperAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\SuperAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\SuperAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-4-9 2348352]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-21 2655768]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-8-31 911872]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-2-2 679672]
R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/02/21 14:29:43;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-8-24 246256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-7 257696]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-19 129976]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-4 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Samsung UPD Service;Samsung UPD Service;"C:\Windows\System32\SUPDSvc.exe" --> C:\Windows\System32\SUPDSvc.exe [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-05-17 21:38:09 -------- d-----w- C:\Users\Owner\AppData\Local\{D7615FA3-6376-49D0-B007-7B831B8CD53A}
2012-05-17 21:37:11 -------- d-----w- C:\Users\Owner\AppData\Local\{551F0EC5-303A-4F0F-BC93-C9FE1237D4DD}
2012-05-17 20:54:25 -------- d-----w- C:\Program Files (x86)\Oracle
2012-05-17 20:53:47 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-05-16 21:30:06 -------- d-----w- C:\Users\Owner\AppData\Local\{3585C979-9A36-4F55-9B16-647214BF8453}
2012-05-16 21:29:04 -------- d-----w- C:\Users\Owner\AppData\Local\{4EBB59DC-648A-4EBF-92AE-D1C79D35D763}
2012-05-16 15:46:06 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
2012-05-16 15:45:57 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-16 15:45:56 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-16 15:45:56 -------- d-----w- C:\Malwarebytes' Anti-Malware
2012-05-16 15:03:45 -------- d-----w- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2012-05-16 14:42:49 -------- d-----w- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-05-16 14:42:34 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-16 14:42:13 -------- d-----w- C:\SuperAntiSpyware
2012-05-14 05:59:17 -------- d-----w- C:\Users\Owner\AppData\Local\{A6940F68-4233-41EA-A422-7833084ACD1B}
2012-05-14 05:58:55 -------- d-----w- C:\Users\Owner\AppData\Local\{E2E65327-8E8C-4F63-A094-2968C3ACA945}
2012-05-13 17:00:28 -------- d-----w- C:\Users\Owner\AppData\Roaming\NVIDIA
2012-05-13 15:22:17 -------- d-----w- C:\Users\Owner\AppData\Local\DOSBox
2012-05-13 15:19:28 -------- d-----w- C:\OLDGAMES
2012-05-13 15:18:28 -------- d-----w- C:\DOSBox-0.74
2012-05-10 20:16:14 -------- d-----w- C:\BOSS
2012-05-10 19:39:23 -------- d-----w- C:\Oblivion Mods
2012-05-10 15:27:07 -------- d-----w- C:\Users\Owner\AppData\Local\{AA06305B-D121-4F13-B9F3-1F480B95EE88}
2012-05-10 15:26:38 -------- d-----w- C:\Users\Owner\AppData\Local\{FA2A4769-40DD-40DA-8DA7-5F471DF6D4CA}
2012-05-10 14:38:48 -------- d-----w- C:\Program Files (x86)\Common Files\Wrye Bash
2012-05-10 14:38:46 -------- d-----w- C:\Nerhim
2012-05-10 02:39:36 -------- d-----w- C:\Users\Owner\AppData\Local\Black_Tree_Gaming
2012-05-09 15:52:10 -------- d-----w- C:\Oblivion
2012-05-03 00:42:48 -------- d-----w- C:\Users\Owner\.thumbnails
2012-05-03 00:38:57 -------- d-----w- C:\Users\Owner\.gimp-2.6
2012-05-03 00:38:07 -------- d-----w- C:\Program Files (x86)\GIMP-2.0
2012-05-01 14:46:03 -------- d-----w- C:\nifskope-1.1.0-rc6
2012-04-30 23:52:18 -------- d-----w- C:\Program Files (x86)\Telltale Games
2012-04-26 02:32:54 -------- d-----w- C:\Users\Owner\AppData\Local\{35EBD378-FEF2-481D-9850-460ABEBF2867}
2012-04-26 02:32:42 -------- d-----w- C:\Users\Owner\AppData\Local\{14B936AA-886B-4921-86DA-0CF88DAE54CE}
2012-04-25 02:34:36 -------- d-----w- C:\Users\Owner\AppData\Local\{385DB14F-493F-4296-BD7A-17D3339E84A4}
2012-04-25 02:34:24 -------- d-----w- C:\Users\Owner\AppData\Local\{D77EDA34-17F0-4EFC-B8F1-7C5827132834}
2012-04-24 13:36:06 -------- d-----w- C:\Program Files (x86)\ESET
2012-04-24 13:35:39 -------- d-----w- C:\Users\Owner\AppData\Local\{3C8160AE-77DC-49ED-BD3C-98DD5C6EA8FB}
2012-04-24 01:47:26 -------- d-----w- C:\Users\Owner\AppData\Local\{7A817E5D-6011-4728-BEEC-9579FF0CC5A8}
2012-04-24 01:47:05 -------- d-----w- C:\Users\Owner\AppData\Local\{E030F4A4-0A85-40E6-AE4D-6297E2A1D347}
2012-04-23 01:50:35 -------- d-----w- C:\Users\Owner\AppData\Local\{E8E7F895-BA58-4A22-96D2-6DC7303C1817}
2012-04-23 01:50:12 -------- d-----w- C:\Users\Owner\AppData\Local\{16D03E37-0802-43D6-84A5-5016AC9B12D0}
2012-04-21 22:22:53 -------- d-----w- C:\Users\Owner\AppData\Local\{2A3FC4B5-D6A4-4DB7-BFA2-766AB67E59B5}
2012-04-21 22:22:41 -------- d-----w- C:\Users\Owner\AppData\Local\{607A23D4-EE7F-438C-B3E1-38B9C0CEBCCC}
.
==================== Find3M ====================
.
2012-05-18 07:09:53 148216 ----a-w- C:\Windows\SysWow64\WRusr.dll
2012-05-18 07:09:53 112720 ----a-w- C:\Windows\System32\drivers\WRkrn.sys
2012-05-18 07:09:53 100824 ----a-w- C:\Windows\System32\WRusr.dll
2012-05-10 16:04:40 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-10 16:04:40 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 18:45:05 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-09 21:40:48 345600 ----a-w- C:\Windows\SetLCDStretchMode.exe
2012-04-09 21:40:24 407040 ----a-w- C:\Windows\HotfixChecker.exe
2012-04-04 23:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-11 21:13:41 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2012-03-11 21:13:40 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2012-03-11 21:13:38 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2012-03-11 21:13:20 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
2012-03-11 21:13:18 301224 ----a-w- C:\Windows\SysWow64\guard32.dll
2012-03-11 21:13:17 389840 ----a-w- C:\Windows\System32\guard64.dll
2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-29 20:59:47 55616 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2012-02-29 20:59:47 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-29 20:59:46 849728 ----a-w- C:\Windows\System32\nv3dappshext.dll
2012-02-29 20:59:29 2515790 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 12:08:41.79 ===============

I hope I did that right.

Edited by VicVegas, 21 May 2012 - 04:14 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 21 May 2012 - 12:52 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 VicVegas

VicVegas
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornville, USA
  • Local time:06:09 PM

Posted 21 May 2012 - 05:17 PM

Edit: Oh b*****ks I missed that last bit! Restarting... <_<

Edited by VicVegas, 21 May 2012 - 06:08 PM.


#4 VicVegas

VicVegas
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornville, USA
  • Local time:06:09 PM

Posted 21 May 2012 - 05:42 PM

Telling Webroot to turn off actually reactivates two of it's shields and it continues to run in the background. I'm getting rid of this freaking thing. So yeah, it was running at the same time as Combofix unfortunately.

Checkup:
Results of screen317's Security Check version 0.99.33
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

JavaFX 2.1.0
Java™ 7 Update 4
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````

Combofix:
ComboFix 12-05-21.05 - Owner 05/21/2012 16:28:44.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6056.4697 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\TEMP\WRusr.dll-34444786-1.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))))
.
.
2012-05-21 21:34 . 2012-05-21 21:34 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-21 21:34 . 2012-05-21 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-17 21:02 . 2012-05-17 21:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-05-17 20:54 . 2012-05-17 20:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-17 20:54 . 2012-05-17 20:54 -------- d-----w- c:\program files (x86)\Oracle
2012-05-17 20:53 . 2012-04-04 23:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-16 15:46 . 2012-05-16 15:46 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-05-16 15:45 . 2012-05-16 15:45 -------- d-----w- c:\programdata\Malwarebytes
2012-05-16 15:45 . 2012-05-16 15:46 -------- d-----w- C:\Malwarebytes' Anti-Malware
2012-05-16 15:45 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-16 15:03 . 2012-05-16 15:03 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
2012-05-16 14:42 . 2012-05-16 14:42 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-05-16 14:42 . 2012-05-16 14:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-16 14:42 . 2012-05-16 14:42 -------- d-----w- C:\SuperAntiSpyware
2012-05-13 17:00 . 2012-05-13 17:00 -------- d-----w- c:\users\Owner\AppData\Roaming\NVIDIA
2012-05-13 15:22 . 2012-05-13 15:22 -------- d-----w- c:\users\Owner\AppData\Local\DOSBox
2012-05-13 15:19 . 2012-05-13 18:50 -------- d-----w- C:\OLDGAMES
2012-05-13 15:18 . 2012-05-17 08:07 -------- d-----w- C:\DOSBox-0.74
2012-05-10 20:16 . 2012-05-13 15:19 -------- d-----w- C:\BOSS
2012-05-10 19:39 . 2012-05-10 19:39 -------- d-----w- C:\Oblivion Mods
2012-05-10 14:38 . 2012-05-10 14:38 -------- d-----w- c:\program files (x86)\Common Files\Wrye Bash
2012-05-10 14:38 . 2012-05-10 14:38 -------- d-----w- C:\Nerhim
2012-05-10 02:39 . 2012-05-10 04:22 -------- d-----w- c:\users\Owner\AppData\Local\Black_Tree_Gaming
2012-05-09 15:52 . 2012-05-13 08:12 -------- d-----w- C:\Oblivion
2012-05-03 00:49 . 2012-05-14 04:08 -------- d-----w- c:\users\Owner\AppData\Roaming\gtk-2.0
2012-05-03 00:42 . 2012-05-03 00:42 -------- d-----w- c:\users\Owner\.thumbnails
2012-05-03 00:38 . 2012-05-14 21:53 -------- d-----w- c:\users\Owner\.gimp-2.6
2012-05-03 00:38 . 2012-05-03 00:38 -------- d-----w- c:\program files (x86)\GIMP-2.0
2012-05-01 14:46 . 2012-02-20 15:34 -------- d-----w- C:\nifskope-1.1.0-rc6
2012-04-30 23:53 . 2012-04-30 23:53 -------- d--h--r- c:\users\Owner\AppData\Roaming\SecuROM
2012-04-30 23:52 . 2012-05-03 00:40 -------- d-----w- c:\program files (x86)\Telltale Games
2012-04-24 13:36 . 2012-04-24 13:36 -------- d-----w- c:\program files (x86)\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-21 21:24 . 2012-02-02 21:01 100824 ----a-w- c:\windows\system32\WRusr.dll
2012-05-21 21:24 . 2012-02-02 21:01 148216 ----a-w- c:\windows\SysWow64\WRusr.dll
2012-05-21 21:24 . 2012-02-02 21:01 112720 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-05-10 16:04 . 2012-04-08 02:43 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-10 16:04 . 2011-05-25 05:07 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 18:45 . 2012-04-08 02:45 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-09 21:40 . 2011-02-21 06:13 345600 ----a-w- c:\windows\SetLCDStretchMode.exe
2012-04-09 21:40 . 2011-02-21 06:13 407040 ----a-w- c:\windows\HotfixChecker.exe
2012-04-04 23:47 . 2011-05-29 23:51 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-11 21:13 . 2011-05-03 01:36 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-05-03 01:36 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-05-03 01:36 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-10-27 17:14 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2011-05-03 01:36 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-11 21:13 . 2011-05-03 01:36 389840 ----a-w- c:\windows\system32\guard64.dll
2012-03-01 06:46 . 2012-04-12 08:01 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 08:01 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 08:01 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 08:01 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 08:01 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 08:01 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 08:01 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-03-01 00:02 . 2012-04-09 23:38 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-01 00:02 . 2012-04-09 23:38 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-01 00:02 . 2012-04-09 23:38 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2012-04-09 23:38 962368 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-03-01 00:02 . 2012-04-09 23:38 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-03-01 00:02 . 2012-04-09 23:38 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-01 00:02 . 2012-04-09 23:38 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-01 00:02 . 2012-04-09 23:38 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-03-01 00:02 . 2012-04-09 23:38 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-03-01 00:02 . 2012-04-09 23:38 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-03-01 00:02 . 2012-04-09 23:38 28992 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2012-03-01 00:02 . 2012-04-09 23:38 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-01 00:02 . 2012-04-09 23:38 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-01 00:02 . 2012-04-09 23:38 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2012-04-09 23:38 260416 ----a-w- c:\windows\system32\nvinitx.dll
2012-03-01 00:02 . 2012-04-09 23:38 25543488 ----a-w- c:\windows\system32\nvoglv64.dll
2012-03-01 00:02 . 2012-04-09 23:38 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-01 00:02 . 2012-04-09 23:38 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-03-01 00:02 . 2012-04-09 23:38 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-03-01 00:02 . 2012-04-09 23:38 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2012-04-09 23:38 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-03-01 00:02 . 2012-04-09 23:38 19444544 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-03-01 00:02 . 2012-04-09 23:38 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-03-01 00:02 . 2012-04-09 23:38 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-03-01 00:02 . 2012-04-09 23:38 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2012-04-09 23:38 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-03-01 00:02 . 2012-04-09 23:38 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2012-04-09 23:38 13626688 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 21:00 . 2012-04-09 23:39 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2012-04-09 23:39 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2012-04-09 23:39 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2012-04-09 23:39 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:59 . 2012-04-09 23:39 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-02-29 20:59 . 2012-04-09 23:39 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-29 20:59 . 2012-04-09 23:39 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2012-04-09 23:39 849728 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-02-29 20:59 . 2012-04-09 23:39 2515790 ----a-w- c:\windows\system32\nvcoproc.bin
2012-02-28 06:39 . 2012-04-12 00:27 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 05:38 . 2012-04-12 00:27 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 04:31 . 2012-04-12 00:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 03:52 . 2012-04-12 00:27 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 16:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-29 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-08 618496]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-08-25 75048]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-05-18 679672]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/02/21 14:29;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-08-25 246256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 257696]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SASDIFSV;SASDIFSV;c:\superantispyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\superantispyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\superantispyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-05-18 679672]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 16:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-09-01 1449984]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-06 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-06 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-06 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: DhcpNameServer = 97.64.168.12 97.64.183.165
TCP: Interfaces\{2287089B-49F8-4E14-BB90-FADA8A77A34C}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{5ECF6964-5134-48AE-9AE2-42FB06D7F5A3}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ue9zhuio.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Norton Online Backup - c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Nehrim - At Fate's Edge_is1 - c:\nerhim\Nehrim\unins000.exe
AddRemove-Oblivion mod manager_is1 - c:\program files (x86)\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4159443991-512847242-1124234837-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:43,9e,ee,90,0e,b2,ed,93,dd,05,73,19,86,99,30,83,f0,8c,24,cb,10,27,b7,
c9,a4,aa,d5,90,43,bf,53,8c,20,ae,36,b3,bc,de,ea,35,d6,f7,cb,41,6d,4f,6b,f5,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-4159443991-512847242-1124234837-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Samsung\Easy Display Manager\WifiManager.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
.
**************************************************************************
.
Completion time: 2012-05-21 16:42:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-21 21:42
.
Pre-Run: 155,414,495,232 bytes free
Post-Run: 157,847,588,864 bytes free
.
- - End Of File - - BD5B8AAA4F7468BD629640F260621B53

How it's running now:

Hard to say. As I stated previously, "Google Search stops working 'periodically'", so I won't really know unless it stops working again.

Edited by VicVegas, 21 May 2012 - 06:15 PM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 21 May 2012 - 06:24 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 VicVegas

VicVegas
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornville, USA
  • Local time:06:09 PM

Posted 21 May 2012 - 06:49 PM

TDSSKiller found nothing, no reboot.
Here's the log anyway:
18:30:52.0762 0784 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
18:30:53.0092 0784 ============================================================
18:30:53.0092 0784 Current date / time: 2012/05/21 18:30:53.0092
18:30:53.0092 0784 SystemInfo:
18:30:53.0092 0784
18:30:53.0092 0784 OS Version: 6.1.7601 ServicePack: 1.0
18:30:53.0092 0784 Product type: Workstation
18:30:53.0092 0784 ComputerName: OWNER-PC
18:30:53.0092 0784 UserName: Owner
18:30:53.0092 0784 Windows directory: C:\Windows
18:30:53.0092 0784 System windows directory: C:\Windows
18:30:53.0092 0784 Running under WOW64
18:30:53.0092 0784 Processor architecture: Intel x64
18:30:53.0092 0784 Number of processors: 8
18:30:53.0092 0784 Page size: 0x1000
18:30:53.0093 0784 Boot type: Normal boot
18:30:53.0093 0784 ============================================================
18:30:53.0539 0784 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:30:53.0543 0784 ============================================================
18:30:53.0543 0784 \Device\Harddisk0\DR0:
18:30:53.0544 0784 MBR partitions:
18:30:53.0544 0784 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:30:53.0544 0784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x21E00000
18:30:53.0569 0784 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x21E33000, BlocksNum 0x32C53800
18:30:53.0569 0784 ============================================================
18:30:53.0619 0784 C: <-> \Device\Harddisk0\DR0\Partition1
18:30:53.0648 0784 D: <-> \Device\Harddisk0\DR0\Partition2
18:30:53.0648 0784 ============================================================
18:30:53.0648 0784 Initialize success
18:30:53.0648 0784 ============================================================
18:31:17.0079 3436 ============================================================
18:31:17.0079 3436 Scan started
18:31:17.0079 3436 Mode: Manual;
18:31:17.0079 3436 ============================================================
18:31:17.0611 3436 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\SuperAntiSpyware\SASCORE64.EXE
18:31:17.0612 3436 !SASCORE - ok
18:31:17.0862 3436 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:31:17.0864 3436 1394ohci - ok
18:31:17.0915 3436 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:31:17.0919 3436 ACPI - ok
18:31:17.0951 3436 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:31:17.0952 3436 AcpiPmi - ok
18:31:18.0033 3436 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:31:18.0034 3436 AdobeARMservice - ok
18:31:18.0187 3436 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:31:18.0189 3436 AdobeFlashPlayerUpdateSvc - ok
18:31:18.0274 3436 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:31:18.0280 3436 adp94xx - ok
18:31:18.0325 3436 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:31:18.0329 3436 adpahci - ok
18:31:18.0359 3436 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:31:18.0361 3436 adpu320 - ok
18:31:18.0392 3436 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:31:18.0393 3436 AeLookupSvc - ok
18:31:18.0475 3436 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:31:18.0479 3436 AFD - ok
18:31:18.0511 3436 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:31:18.0512 3436 agp440 - ok
18:31:18.0554 3436 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:31:18.0556 3436 ALG - ok
18:31:18.0601 3436 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:31:18.0602 3436 aliide - ok
18:31:18.0618 3436 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:31:18.0619 3436 amdide - ok
18:31:18.0647 3436 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:31:18.0648 3436 AmdK8 - ok
18:31:18.0665 3436 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:31:18.0667 3436 AmdPPM - ok
18:31:18.0712 3436 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:31:18.0713 3436 amdsata - ok
18:31:18.0748 3436 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:31:18.0751 3436 amdsbs - ok
18:31:18.0771 3436 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:31:18.0771 3436 amdxata - ok
18:31:18.0822 3436 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:31:18.0824 3436 AppID - ok
18:31:18.0845 3436 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:31:18.0846 3436 AppIDSvc - ok
18:31:18.0888 3436 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:31:18.0889 3436 Appinfo - ok
18:31:18.0939 3436 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:31:18.0940 3436 arc - ok
18:31:18.0959 3436 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:31:18.0960 3436 arcsas - ok
18:31:19.0067 3436 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:31:19.0068 3436 aspnet_state - ok
18:31:19.0107 3436 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:31:19.0108 3436 AsyncMac - ok
18:31:19.0158 3436 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:31:19.0158 3436 atapi - ok
18:31:19.0248 3436 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:31:19.0255 3436 AudioEndpointBuilder - ok
18:31:19.0260 3436 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:31:19.0264 3436 AudioSrv - ok
18:31:19.0313 3436 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:31:19.0314 3436 AxInstSV - ok
18:31:19.0383 3436 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:31:19.0388 3436 b06bdrv - ok
18:31:19.0451 3436 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:31:19.0454 3436 b57nd60a - ok
18:31:19.0629 3436 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
18:31:19.0630 3436 BBSvc - ok
18:31:19.0690 3436 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
18:31:19.0693 3436 BBUpdate - ok
18:31:19.0716 3436 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:31:19.0718 3436 BDESVC - ok
18:31:19.0758 3436 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:31:19.0759 3436 Beep - ok
18:31:19.0856 3436 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:31:19.0864 3436 BFE - ok
18:31:19.0958 3436 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
18:31:19.0968 3436 BITS - ok
18:31:20.0019 3436 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:31:20.0020 3436 blbdrive - ok
18:31:20.0061 3436 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:31:20.0063 3436 bowser - ok
18:31:20.0108 3436 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\Windows\system32\DRIVERS\bpenum.sys
18:31:20.0109 3436 bpenum - ok
18:31:20.0141 3436 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\Windows\system32\DRIVERS\bpmp.sys
18:31:20.0144 3436 bpmp - ok
18:31:20.0171 3436 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\Windows\system32\Drivers\bpusb.sys
18:31:20.0173 3436 bpusb - ok
18:31:20.0199 3436 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:31:20.0199 3436 BrFiltLo - ok
18:31:20.0228 3436 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:31:20.0228 3436 BrFiltUp - ok
18:31:20.0248 3436 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
18:31:20.0250 3436 BridgeMP - ok
18:31:20.0308 3436 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:31:20.0310 3436 Browser - ok
18:31:20.0360 3436 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:31:20.0363 3436 Brserid - ok
18:31:20.0382 3436 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:31:20.0383 3436 BrSerWdm - ok
18:31:20.0418 3436 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:31:20.0419 3436 BrUsbMdm - ok
18:31:20.0448 3436 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:31:20.0449 3436 BrUsbSer - ok
18:31:20.0490 3436 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:31:20.0492 3436 BTHMODEM - ok
18:31:20.0528 3436 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:31:20.0529 3436 bthserv - ok
18:31:20.0546 3436 catchme - ok
18:31:20.0578 3436 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:31:20.0579 3436 cdfs - ok
18:31:20.0622 3436 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:31:20.0624 3436 cdrom - ok
18:31:20.0662 3436 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:31:20.0663 3436 CertPropSvc - ok
18:31:20.0690 3436 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:31:20.0691 3436 circlass - ok
18:31:20.0742 3436 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:31:20.0746 3436 CLFS - ok
18:31:20.0885 3436 CLKMSVC10_38F51D56 (fe1c81a049e5c5d67c4ab7c31c899f6f) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
18:31:20.0887 3436 CLKMSVC10_38F51D56 - ok
18:31:20.0953 3436 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:31:20.0954 3436 clr_optimization_v2.0.50727_32 - ok
18:31:21.0001 3436 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:31:21.0003 3436 clr_optimization_v2.0.50727_64 - ok
18:31:21.0078 3436 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:31:21.0079 3436 clr_optimization_v4.0.30319_32 - ok
18:31:21.0144 3436 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:31:21.0145 3436 clr_optimization_v4.0.30319_64 - ok
18:31:21.0262 3436 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
18:31:21.0262 3436 clwvd - ok
18:31:21.0296 3436 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:31:21.0296 3436 CmBatt - ok
18:31:21.0547 3436 cmdagent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
18:31:21.0562 3436 cmdagent - ok
18:31:21.0734 3436 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
18:31:21.0737 3436 cmdGuard - ok
18:31:21.0755 3436 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
18:31:21.0755 3436 cmdHlp - ok
18:31:21.0771 3436 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:31:21.0772 3436 cmdide - ok
18:31:21.0840 3436 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:31:21.0845 3436 CNG - ok
18:31:21.0879 3436 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:31:21.0879 3436 Compbatt - ok
18:31:21.0906 3436 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:31:21.0907 3436 CompositeBus - ok
18:31:21.0921 3436 COMSysApp - ok
18:31:21.0946 3436 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:31:21.0947 3436 crcdisk - ok
18:31:22.0025 3436 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
18:31:22.0028 3436 CryptSvc - ok
18:31:22.0128 3436 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:31:22.0133 3436 DcomLaunch - ok
18:31:22.0196 3436 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:31:22.0200 3436 defragsvc - ok
18:31:22.0236 3436 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:31:22.0238 3436 DfsC - ok
18:31:22.0293 3436 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:31:22.0297 3436 Dhcp - ok
18:31:22.0327 3436 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:31:22.0328 3436 discache - ok
18:31:22.0370 3436 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:31:22.0371 3436 Disk - ok
18:31:22.0475 3436 DMAgent (c4aebbeb530706b45b7916161a1f525d) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
18:31:22.0478 3436 DMAgent - ok
18:31:22.0515 3436 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:31:22.0518 3436 Dnscache - ok
18:31:22.0567 3436 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:31:22.0570 3436 dot3svc - ok
18:31:22.0618 3436 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:31:22.0620 3436 DPS - ok
18:31:22.0651 3436 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:31:22.0652 3436 drmkaud - ok
18:31:22.0759 3436 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:31:22.0764 3436 DXGKrnl - ok
18:31:22.0797 3436 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:31:22.0799 3436 EapHost - ok
18:31:23.0031 3436 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:31:23.0063 3436 ebdrv - ok
18:31:23.0210 3436 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:31:23.0211 3436 EFS - ok
18:31:23.0312 3436 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:31:23.0320 3436 ehRecvr - ok
18:31:23.0351 3436 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:31:23.0353 3436 ehSched - ok
18:31:23.0473 3436 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:31:23.0479 3436 elxstor - ok
18:31:23.0501 3436 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:31:23.0502 3436 ErrDev - ok
18:31:23.0562 3436 ETD (9d8739a2a2173c9d27c499a3fc6eda3f) C:\Windows\system32\DRIVERS\ETD.sys
18:31:23.0563 3436 ETD - ok
18:31:23.0634 3436 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:31:23.0638 3436 EventSystem - ok
18:31:23.0787 3436 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:31:23.0795 3436 EvtEng - ok
18:31:23.0949 3436 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:31:23.0951 3436 exfat - ok
18:31:23.0988 3436 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:31:23.0991 3436 fastfat - ok
18:31:24.0089 3436 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:31:24.0097 3436 Fax - ok
18:31:24.0130 3436 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:31:24.0131 3436 fdc - ok
18:31:24.0161 3436 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:31:24.0161 3436 fdPHost - ok
18:31:24.0169 3436 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:31:24.0170 3436 FDResPub - ok
18:31:24.0210 3436 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:31:24.0211 3436 FileInfo - ok
18:31:24.0232 3436 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:31:24.0233 3436 Filetrace - ok
18:31:24.0262 3436 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:31:24.0263 3436 flpydisk - ok
18:31:24.0312 3436 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:31:24.0315 3436 FltMgr - ok
18:31:24.0426 3436 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:31:24.0437 3436 FontCache - ok
18:31:24.0517 3436 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:31:24.0518 3436 FontCache3.0.0.0 - ok
18:31:24.0575 3436 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:31:24.0576 3436 FsDepends - ok
18:31:24.0620 3436 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:31:24.0621 3436 Fs_Rec - ok
18:31:24.0677 3436 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:31:24.0679 3436 fvevol - ok
18:31:24.0722 3436 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:31:24.0723 3436 gagp30kx - ok
18:31:24.0808 3436 GameConsoleService (521a469caf61f00e1de081cc2099c1d6) C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
18:31:24.0811 3436 GameConsoleService - ok
18:31:24.0913 3436 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:31:24.0921 3436 gpsvc - ok
18:31:24.0951 3436 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:31:24.0952 3436 hcw85cir - ok
18:31:25.0014 3436 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:31:25.0018 3436 HdAudAddService - ok
18:31:25.0050 3436 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:31:25.0051 3436 HDAudBus - ok
18:31:25.0073 3436 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:31:25.0073 3436 HidBatt - ok
18:31:25.0093 3436 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:31:25.0094 3436 HidBth - ok
18:31:25.0116 3436 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:31:25.0117 3436 HidIr - ok
18:31:25.0141 3436 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
18:31:25.0143 3436 hidserv - ok
18:31:25.0173 3436 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:31:25.0174 3436 HidUsb - ok
18:31:25.0220 3436 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:31:25.0222 3436 hkmsvc - ok
18:31:25.0264 3436 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:31:25.0267 3436 HomeGroupListener - ok
18:31:25.0313 3436 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:31:25.0316 3436 HomeGroupProvider - ok
18:31:25.0351 3436 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:31:25.0352 3436 HpSAMD - ok
18:31:25.0451 3436 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:31:25.0459 3436 HTTP - ok
18:31:25.0499 3436 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:31:25.0499 3436 hwpolicy - ok
18:31:25.0549 3436 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:31:25.0551 3436 i8042prt - ok
18:31:25.0617 3436 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
18:31:25.0619 3436 iaStor - ok
18:31:25.0680 3436 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:31:25.0685 3436 iaStorV - ok
18:31:25.0802 3436 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:31:25.0811 3436 idsvc - ok
18:31:26.0693 3436 igfx (10bb0dc3361c9420cc1b0b2128bb89db) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:31:26.0875 3436 igfx - ok
18:31:27.0007 3436 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:31:27.0008 3436 iirsp - ok
18:31:27.0091 3436 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:31:27.0100 3436 IKEEXT - ok
18:31:27.0143 3436 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
18:31:27.0144 3436 inspect - ok
18:31:27.0339 3436 IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys
18:31:27.0353 3436 IntcAzAudAddService - ok
18:31:27.0515 3436 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
18:31:27.0518 3436 IntcDAud - ok
18:31:27.0558 3436 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:31:27.0559 3436 intelide - ok
18:31:27.0597 3436 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:31:27.0598 3436 intelppm - ok
18:31:27.0623 3436 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:31:27.0625 3436 IPBusEnum - ok
18:31:27.0667 3436 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:31:27.0669 3436 IpFilterDriver - ok
18:31:27.0744 3436 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:31:27.0750 3436 iphlpsvc - ok
18:31:27.0783 3436 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:31:27.0784 3436 IPMIDRV - ok
18:31:27.0818 3436 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:31:27.0820 3436 IPNAT - ok
18:31:27.0840 3436 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:31:27.0841 3436 IRENUM - ok
18:31:27.0878 3436 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:31:27.0879 3436 isapnp - ok
18:31:27.0917 3436 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:31:27.0920 3436 iScsiPrt - ok
18:31:27.0951 3436 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:31:27.0951 3436 kbdclass - ok
18:31:27.0977 3436 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:31:27.0978 3436 kbdhid - ok
18:31:28.0011 3436 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:31:28.0012 3436 KeyIso - ok
18:31:28.0033 3436 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:31:28.0034 3436 KSecDD - ok
18:31:28.0061 3436 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:31:28.0063 3436 KSecPkg - ok
18:31:28.0103 3436 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:31:28.0104 3436 ksthunk - ok
18:31:28.0155 3436 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:31:28.0159 3436 KtmRm - ok
18:31:28.0235 3436 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
18:31:28.0238 3436 LanmanServer - ok
18:31:28.0283 3436 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:31:28.0286 3436 LanmanWorkstation - ok
18:31:28.0360 3436 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:31:28.0371 3436 lltdio - ok
18:31:28.0423 3436 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:31:28.0427 3436 lltdsvc - ok
18:31:28.0441 3436 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:31:28.0442 3436 lmhosts - ok
18:31:28.0545 3436 LMS (926eba26a8b49d1597751ced06b50862) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
18:31:28.0547 3436 LMS - ok
18:31:28.0585 3436 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:31:28.0586 3436 LSI_FC - ok
18:31:28.0603 3436 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:31:28.0605 3436 LSI_SAS - ok
18:31:28.0629 3436 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:31:28.0631 3436 LSI_SAS2 - ok
18:31:28.0666 3436 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:31:28.0668 3436 LSI_SCSI - ok
18:31:28.0705 3436 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:31:28.0707 3436 luafv - ok
18:31:28.0753 3436 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:31:28.0754 3436 Mcx2Svc - ok
18:31:28.0770 3436 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:31:28.0771 3436 megasas - ok
18:31:28.0815 3436 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:31:28.0818 3436 MegaSR - ok
18:31:28.0851 3436 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
18:31:28.0852 3436 MEIx64 - ok
18:31:28.0886 3436 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:31:28.0887 3436 MMCSS - ok
18:31:28.0908 3436 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:31:28.0909 3436 Modem - ok
18:31:28.0941 3436 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:31:28.0942 3436 monitor - ok
18:31:28.0978 3436 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:31:28.0978 3436 mouclass - ok
18:31:29.0020 3436 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:31:29.0021 3436 mouhid - ok
18:31:29.0068 3436 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:31:29.0070 3436 mountmgr - ok
18:31:29.0146 3436 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:31:29.0147 3436 MozillaMaintenance - ok
18:31:29.0186 3436 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:31:29.0188 3436 mpio - ok
18:31:29.0219 3436 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:31:29.0221 3436 mpsdrv - ok
18:31:29.0306 3436 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:31:29.0315 3436 MpsSvc - ok
18:31:29.0338 3436 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:31:29.0340 3436 MRxDAV - ok
18:31:29.0383 3436 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:31:29.0386 3436 mrxsmb - ok
18:31:29.0444 3436 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:31:29.0447 3436 mrxsmb10 - ok
18:31:29.0481 3436 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:31:29.0482 3436 mrxsmb20 - ok
18:31:29.0508 3436 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:31:29.0508 3436 msahci - ok
18:31:29.0535 3436 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:31:29.0537 3436 msdsm - ok
18:31:29.0570 3436 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:31:29.0573 3436 MSDTC - ok
18:31:29.0617 3436 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:31:29.0618 3436 Msfs - ok
18:31:29.0634 3436 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:31:29.0635 3436 mshidkmdf - ok
18:31:29.0664 3436 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:31:29.0665 3436 msisadrv - ok
18:31:29.0708 3436 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:31:29.0710 3436 MSiSCSI - ok
18:31:29.0713 3436 msiserver - ok
18:31:29.0742 3436 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:31:29.0743 3436 MSKSSRV - ok
18:31:29.0761 3436 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:31:29.0762 3436 MSPCLOCK - ok
18:31:29.0773 3436 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:31:29.0774 3436 MSPQM - ok
18:31:29.0829 3436 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:31:29.0833 3436 MsRPC - ok
18:31:29.0856 3436 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:31:29.0856 3436 mssmbios - ok
18:31:29.0884 3436 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:31:29.0885 3436 MSTEE - ok
18:31:29.0893 3436 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:31:29.0894 3436 MTConfig - ok
18:31:29.0914 3436 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:31:29.0914 3436 Mup - ok
18:31:30.0017 3436 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
18:31:30.0020 3436 MyWiFiDHCPDNS - ok
18:31:30.0085 3436 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:31:30.0091 3436 napagent - ok
18:31:30.0153 3436 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:31:30.0157 3436 NativeWifiP - ok
18:31:30.0255 3436 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
18:31:30.0265 3436 NDIS - ok
18:31:30.0297 3436 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:31:30.0298 3436 NdisCap - ok
18:31:30.0322 3436 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:31:30.0323 3436 NdisTapi - ok
18:31:30.0348 3436 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:31:30.0349 3436 Ndisuio - ok
18:31:30.0374 3436 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:31:30.0376 3436 NdisWan - ok
18:31:30.0406 3436 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:31:30.0407 3436 NDProxy - ok
18:31:30.0443 3436 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:31:30.0444 3436 NetBIOS - ok
18:31:30.0492 3436 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:31:30.0495 3436 NetBT - ok
18:31:30.0544 3436 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:31:30.0545 3436 Netlogon - ok
18:31:30.0597 3436 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:31:30.0602 3436 Netman - ok
18:31:30.0727 3436 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:31:30.0729 3436 NetMsmqActivator - ok
18:31:30.0731 3436 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:31:30.0732 3436 NetPipeActivator - ok
18:31:30.0801 3436 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:31:30.0807 3436 netprofm - ok
18:31:30.0810 3436 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:31:30.0810 3436 NetTcpActivator - ok
18:31:30.0813 3436 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:31:30.0814 3436 NetTcpPortSharing - ok
18:31:31.0328 3436 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys
18:31:31.0462 3436 NETwNs64 - ok
18:31:31.0579 3436 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:31:31.0580 3436 nfrd960 - ok
18:31:31.0645 3436 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:31:31.0649 3436 NlaSvc - ok
18:31:31.0675 3436 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:31:31.0676 3436 Npfs - ok
18:31:31.0699 3436 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:31:31.0700 3436 nsi - ok
18:31:31.0708 3436 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:31:31.0708 3436 nsiproxy - ok
18:31:31.0851 3436 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:31:31.0867 3436 Ntfs - ok
18:31:31.0983 3436 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:31:31.0983 3436 Null - ok
18:31:32.0010 3436 nusb3hub (786db821bfd57c0551dbbe4f75384a7d) C:\Windows\system32\DRIVERS\nusb3hub.sys
18:31:32.0012 3436 nusb3hub - ok
18:31:32.0040 3436 nusb3xhc (daa8005caf745042bb427a1ed7433354) C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:31:32.0042 3436 nusb3xhc - ok
18:31:32.0986 3436 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:31:33.0057 3436 nvlddmkm - ok
18:31:33.0185 3436 nvpciflt (3629b8c7257c6231a3cfb44359c68b1d) C:\Windows\system32\DRIVERS\nvpciflt.sys
18:31:33.0186 3436 nvpciflt - ok
18:31:33.0240 3436 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:31:33.0242 3436 nvraid - ok
18:31:33.0255 3436 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:31:33.0257 3436 nvstor - ok
18:31:33.0387 3436 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
18:31:33.0393 3436 nvsvc - ok
18:31:33.0631 3436 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:31:33.0644 3436 nvUpdatusService - ok
18:31:33.0786 3436 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:31:33.0787 3436 nv_agp - ok
18:31:33.0803 3436 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:31:33.0804 3436 ohci1394 - ok
18:31:33.0880 3436 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:31:33.0883 3436 ose - ok
18:31:34.0287 3436 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:31:34.0364 3436 osppsvc - ok
18:31:34.0522 3436 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:31:34.0526 3436 p2pimsvc - ok
18:31:34.0580 3436 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:31:34.0585 3436 p2psvc - ok
18:31:34.0648 3436 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:31:34.0650 3436 Parport - ok
18:31:34.0687 3436 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:31:34.0689 3436 partmgr - ok
18:31:34.0725 3436 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:31:34.0727 3436 PcaSvc - ok
18:31:34.0768 3436 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:31:34.0770 3436 pci - ok
18:31:34.0790 3436 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:31:34.0791 3436 pciide - ok
18:31:34.0829 3436 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:31:34.0832 3436 pcmcia - ok
18:31:34.0847 3436 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:31:34.0848 3436 pcw - ok
18:31:34.0923 3436 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:31:34.0930 3436 PEAUTH - ok
18:31:35.0031 3436 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:31:35.0033 3436 PerfHost - ok
18:31:35.0148 3436 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:31:35.0163 3436 pla - ok
18:31:35.0237 3436 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:31:35.0242 3436 PlugPlay - ok
18:31:35.0260 3436 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:31:35.0262 3436 PNRPAutoReg - ok
18:31:35.0303 3436 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:31:35.0305 3436 PNRPsvc - ok
18:31:35.0380 3436 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:31:35.0386 3436 PolicyAgent - ok
18:31:35.0424 3436 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:31:35.0427 3436 Power - ok
18:31:35.0500 3436 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:31:35.0501 3436 PptpMiniport - ok
18:31:35.0524 3436 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:31:35.0525 3436 Processor - ok
18:31:35.0577 3436 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:31:35.0580 3436 ProfSvc - ok
18:31:35.0610 3436 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:31:35.0611 3436 ProtectedStorage - ok
18:31:35.0663 3436 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:31:35.0665 3436 Psched - ok
18:31:35.0804 3436 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:31:35.0819 3436 ql2300 - ok
18:31:35.0958 3436 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:31:35.0960 3436 ql40xx - ok
18:31:36.0011 3436 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:31:36.0015 3436 QWAVE - ok
18:31:36.0036 3436 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:31:36.0037 3436 QWAVEdrv - ok
18:31:36.0050 3436 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:31:36.0051 3436 RasAcd - ok
18:31:36.0102 3436 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:31:36.0103 3436 RasAgileVpn - ok
18:31:36.0144 3436 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:31:36.0146 3436 RasAuto - ok
18:31:36.0179 3436 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:31:36.0181 3436 Rasl2tp - ok
18:31:36.0233 3436 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:31:36.0238 3436 RasMan - ok
18:31:36.0264 3436 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:31:36.0266 3436 RasPppoe - ok
18:31:36.0290 3436 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:31:36.0291 3436 RasSstp - ok
18:31:36.0330 3436 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:31:36.0333 3436 rdbss - ok
18:31:36.0360 3436 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:31:36.0361 3436 rdpbus - ok
18:31:36.0383 3436 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:31:36.0384 3436 RDPCDD - ok
18:31:36.0407 3436 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:31:36.0407 3436 RDPENCDD - ok
18:31:36.0423 3436 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:31:36.0424 3436 RDPREFMP - ok
18:31:36.0475 3436 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
18:31:36.0478 3436 RDPWD - ok
18:31:36.0530 3436 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:31:36.0533 3436 rdyboost - ok
18:31:36.0680 3436 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:31:36.0685 3436 RegSrvc - ok
18:31:36.0708 3436 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:31:36.0710 3436 RemoteAccess - ok
18:31:36.0757 3436 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:31:36.0760 3436 RemoteRegistry - ok
18:31:36.0864 3436 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:31:36.0865 3436 RichVideo - ok
18:31:36.0886 3436 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:31:36.0888 3436 RpcEptMapper - ok
18:31:36.0916 3436 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:31:36.0917 3436 RpcLocator - ok
18:31:36.0988 3436 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:31:36.0991 3436 RpcSs - ok
18:31:37.0040 3436 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:31:37.0042 3436 rspndr - ok
18:31:37.0091 3436 RTL8167 (bfe0ef0c4c15820698f50ad73af5e35f) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:31:37.0094 3436 RTL8167 - ok
18:31:37.0183 3436 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\Windows\SysWOW64\drivers\rtport.sys
18:31:37.0184 3436 rtport - ok
18:31:37.0205 3436 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\Windows\system32\Drivers\SABI.sys
18:31:37.0206 3436 SABI - ok
18:31:37.0244 3436 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:31:37.0245 3436 SamSs - ok
18:31:37.0289 3436 Samsung UPD Service (d641337b75b9a9d5ae10687aa1097755) C:\Windows\System32\SUPDSvc.exe
18:31:37.0292 3436 Samsung UPD Service - ok
18:31:37.0356 3436 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\SuperAntiSpyware\SASDIFSV64.SYS
18:31:37.0356 3436 SASDIFSV - ok
18:31:37.0381 3436 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\SuperAntiSpyware\SASKUTIL64.SYS
18:31:37.0381 3436 SASKUTIL - ok
18:31:37.0408 3436 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:31:37.0410 3436 sbp2port - ok
18:31:37.0449 3436 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:31:37.0453 3436 SCardSvr - ok
18:31:37.0482 3436 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:31:37.0483 3436 scfilter - ok
18:31:37.0603 3436 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:31:37.0615 3436 Schedule - ok
18:31:37.0650 3436 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:31:37.0651 3436 SCPolicySvc - ok
18:31:37.0694 3436 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:31:37.0697 3436 SDRSVC - ok
18:31:37.0754 3436 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:31:37.0755 3436 secdrv - ok
18:31:37.0767 3436 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:31:37.0768 3436 seclogon - ok
18:31:37.0805 3436 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
18:31:37.0807 3436 SENS - ok
18:31:37.0840 3436 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:31:37.0841 3436 SensrSvc - ok
18:31:37.0871 3436 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:31:37.0872 3436 Serenum - ok
18:31:37.0905 3436 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:31:37.0906 3436 Serial - ok
18:31:37.0935 3436 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:31:37.0936 3436 sermouse - ok
18:31:37.0985 3436 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:31:37.0988 3436 SessionEnv - ok
18:31:38.0011 3436 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:31:38.0012 3436 sffdisk - ok
18:31:38.0024 3436 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:31:38.0025 3436 sffp_mmc - ok
18:31:38.0042 3436 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:31:38.0043 3436 sffp_sd - ok
18:31:38.0100 3436 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:31:38.0101 3436 sfloppy - ok
18:31:38.0149 3436 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:31:38.0153 3436 SharedAccess - ok
18:31:38.0210 3436 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:31:38.0215 3436 ShellHWDetection - ok
18:31:38.0236 3436 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:31:38.0237 3436 SiSRaid2 - ok
18:31:38.0253 3436 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:31:38.0255 3436 SiSRaid4 - ok
18:31:38.0343 3436 SkypeUpdate (8c5477eb1c03ca76cd8eb66a610a9e90) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:31:38.0344 3436 SkypeUpdate - ok
18:31:38.0375 3436 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:31:38.0377 3436 Smb - ok
18:31:38.0407 3436 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:31:38.0409 3436 SNMPTRAP - ok
18:31:38.0439 3436 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:31:38.0440 3436 spldr - ok
18:31:38.0519 3436 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:31:38.0523 3436 Spooler - ok
18:31:38.0783 3436 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:31:38.0802 3436 sppsvc - ok
18:31:38.0937 3436 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:31:38.0939 3436 sppuinotify - ok
18:31:39.0037 3436 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:31:39.0042 3436 srv - ok
18:31:39.0106 3436 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:31:39.0111 3436 srv2 - ok
18:31:39.0161 3436 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:31:39.0163 3436 srvnet - ok
18:31:39.0210 3436 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:31:39.0213 3436 SSDPSRV - ok
18:31:39.0260 3436 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:31:39.0262 3436 SstpSvc - ok
18:31:39.0332 3436 Steam Client Service - ok
18:31:39.0361 3436 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:31:39.0362 3436 stexstor - ok
18:31:39.0388 3436 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
18:31:39.0389 3436 StillCam - ok
18:31:39.0462 3436 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:31:39.0469 3436 stisvc - ok
18:31:39.0494 3436 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:31:39.0494 3436 swenum - ok
18:31:39.0554 3436 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:31:39.0560 3436 swprv - ok
18:31:39.0714 3436 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:31:39.0732 3436 SysMain - ok
18:31:39.0866 3436 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:31:39.0868 3436 TabletInputService - ok
18:31:39.0929 3436 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:31:39.0933 3436 TapiSrv - ok
18:31:39.0958 3436 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:31:39.0959 3436 TBS - ok
18:31:40.0129 3436 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:31:40.0148 3436 Tcpip - ok
18:31:40.0406 3436 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:31:40.0415 3436 TCPIP6 - ok
18:31:40.0552 3436 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:31:40.0553 3436 tcpipreg - ok
18:31:40.0580 3436 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:31:40.0581 3436 TDPIPE - ok
18:31:40.0608 3436 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:31:40.0609 3436 TDTCP - ok
18:31:40.0659 3436 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:31:40.0660 3436 tdx - ok
18:31:40.0692 3436 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:31:40.0693 3436 TermDD - ok
18:31:40.0783 3436 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:31:40.0791 3436 TermService - ok
18:31:40.0815 3436 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:31:40.0816 3436 Themes - ok
18:31:40.0841 3436 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:31:40.0842 3436 THREADORDER - ok
18:31:40.0888 3436 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:31:40.0890 3436 TrkWks - ok
18:31:40.0959 3436 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:31:40.0961 3436 TrustedInstaller - ok
18:31:40.0995 3436 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:31:40.0996 3436 tssecsrv - ok
18:31:41.0046 3436 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:31:41.0047 3436 TsUsbFlt - ok
18:31:41.0083 3436 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:31:41.0084 3436 tunnel - ok
18:31:41.0112 3436 TurboB (48743b69ea47c020a792d8649f753f44) C:\Windows\system32\DRIVERS\TurboB.sys
18:31:41.0113 3436 TurboB - ok
18:31:41.0205 3436 TurboBoost (759f59e3ea3802ff23f93dcdb6fe9171) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
18:31:41.0207 3436 TurboBoost - ok
18:31:41.0244 3436 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:31:41.0246 3436 uagp35 - ok
18:31:41.0304 3436 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:31:41.0307 3436 udfs - ok
18:31:41.0337 3436 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:31:41.0339 3436 UI0Detect - ok
18:31:41.0372 3436 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:31:41.0374 3436 uliagpkx - ok
18:31:41.0393 3436 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:31:41.0394 3436 umbus - ok
18:31:41.0428 3436 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:31:41.0429 3436 UmPass - ok
18:31:41.0680 3436 UNS (fdf92ec84fecee834fb10a2a0a19bcda) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
18:31:41.0693 3436 UNS - ok
18:31:41.0837 3436 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:31:41.0842 3436 upnphost - ok
18:31:41.0917 3436 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:31:41.0918 3436 usbaudio - ok
18:31:41.0971 3436 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:31:41.0972 3436 usbccgp - ok
18:31:42.0004 3436 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:31:42.0005 3436 usbcir - ok
18:31:42.0048 3436 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
18:31:42.0049 3436 usbehci - ok
18:31:42.0106 3436 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:31:42.0109 3436 usbhub - ok
18:31:42.0133 3436 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:31:42.0134 3436 usbohci - ok
18:31:42.0161 3436 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:31:42.0162 3436 usbprint - ok
18:31:42.0188 3436 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:31:42.0190 3436 USBSTOR - ok
18:31:42.0222 3436 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:31:42.0224 3436 usbuhci - ok
18:31:42.0287 3436 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:31:42.0289 3436 usbvideo - ok
18:31:42.0310 3436 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:31:42.0312 3436 UxSms - ok
18:31:42.0355 3436 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:31:42.0355 3436 VaultSvc - ok
18:31:42.0385 3436 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:31:42.0385 3436 vdrvroot - ok
18:31:42.0456 3436 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:31:42.0463 3436 vds - ok
18:31:42.0491 3436 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:31:42.0492 3436 vga - ok
18:31:42.0503 3436 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:31:42.0504 3436 VgaSave - ok
18:31:42.0549 3436 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:31:42.0552 3436 vhdmp - ok
18:31:42.0570 3436 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:31:42.0571 3436 viaide - ok
18:31:42.0611 3436 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:31:42.0612 3436 volmgr - ok
18:31:42.0661 3436 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:31:42.0665 3436 volmgrx - ok
18:31:42.0711 3436 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:31:42.0714 3436 volsnap - ok
18:31:42.0761 3436 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:31:42.0763 3436 vsmraid - ok
18:31:42.0896 3436 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:31:42.0913 3436 VSS - ok
18:31:43.0044 3436 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:31:43.0045 3436 vwifibus - ok
18:31:43.0080 3436 VWiFiFlt (13a0decd1794de60a8427862c8669d27) C:\Windows\system32\DRIVERS\vwififlt.sys
18:31:43.0082 3436 VWiFiFlt - ok
18:31:43.0104 3436 vwifimp (49003b357d101cdc474937437ecf5abc) C:\Windows\system32\DRIVERS\vwifimp.sys
18:31:43.0105 3436 vwifimp - ok
18:31:43.0171 3436 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:31:43.0176 3436 W32Time - ok
18:31:43.0202 3436 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:31:43.0203 3436 WacomPen - ok
18:31:43.0248 3436 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:31:43.0250 3436 WANARP - ok
18:31:43.0252 3436 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:31:43.0253 3436 Wanarpv6 - ok
18:31:43.0370 3436 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:31:43.0383 3436 WatAdminSvc - ok
18:31:43.0504 3436 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:31:43.0520 3436 wbengine - ok
18:31:43.0652 3436 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:31:43.0655 3436 WbioSrvc - ok
18:31:43.0716 3436 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:31:43.0720 3436 wcncsvc - ok
18:31:43.0750 3436 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:31:43.0751 3436 WcsPlugInService - ok
18:31:43.0802 3436 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:31:43.0803 3436 Wd - ok
18:31:43.0867 3436 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:31:43.0874 3436 Wdf01000 - ok
18:31:43.0887 3436 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:31:43.0889 3436 WdiServiceHost - ok
18:31:43.0892 3436 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:31:43.0893 3436 WdiSystemHost - ok
18:31:43.0926 3436 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\Windows\system32\DRIVERS\WDKMD.sys
18:31:43.0927 3436 wdkmd - ok
18:31:43.0975 3436 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:31:43.0978 3436 WebClient - ok
18:31:44.0039 3436 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:31:44.0042 3436 Wecsvc - ok
18:31:44.0068 3436 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:31:44.0070 3436 wercplsupport - ok
18:31:44.0119 3436 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:31:44.0121 3436 WerSvc - ok
18:31:44.0149 3436 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:31:44.0150 3436 WfpLwf - ok
18:31:44.0287 3436 WiMAXAppSrv (f3c522691316a24328a7b58b0a86028d) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
18:31:44.0292 3436 WiMAXAppSrv - ok
18:31:44.0313 3436 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:31:44.0314 3436 WIMMount - ok
18:31:44.0335 3436 WinDefend - ok
18:31:44.0340 3436 WinHttpAutoProxySvc - ok
18:31:44.0409 3436 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:31:44.0411 3436 Winmgmt - ok
18:31:44.0568 3436 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:31:44.0589 3436 WinRM - ok
18:31:44.0781 3436 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:31:44.0791 3436 Wlansvc - ok
18:31:44.0845 3436 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:31:44.0846 3436 wlcrasvc - ok
18:31:45.0077 3436 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:31:45.0090 3436 wlidsvc - ok
18:31:45.0214 3436 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:31:45.0214 3436 WmiAcpi - ok
18:31:45.0283 3436 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:31:45.0286 3436 wmiApSrv - ok
18:31:45.0312 3436 WMPNetworkSvc - ok
18:31:45.0346 3436 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:31:45.0347 3436 WPCSvc - ok
18:31:45.0376 3436 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:31:45.0378 3436 WPDBusEnum - ok
18:31:45.0445 3436 WRkrn (37335ce3a5df673c03abb64b6df1456e) C:\Windows\system32\drivers\WRkrn.sys
18:31:45.0447 3436 WRkrn - ok
18:31:45.0562 3436 WRSVC (784a12feeda1b5dfcef38d4769b1904a) C:\Program Files\Webroot\WRSA.exe
18:31:45.0566 3436 WRSVC - ok
18:31:45.0587 3436 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:31:45.0587 3436 ws2ifsl - ok
18:31:45.0610 3436 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
18:31:45.0612 3436 wscsvc - ok
18:31:45.0615 3436 WSearch - ok
18:31:45.0803 3436 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
18:31:45.0828 3436 wuauserv - ok
18:31:45.0970 3436 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:31:45.0971 3436 WudfPf - ok
18:31:46.0008 3436 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:31:46.0010 3436 WUDFRd - ok
18:31:46.0034 3436 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:31:46.0036 3436 wudfsvc - ok
18:31:46.0089 3436 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:31:46.0092 3436 WwanSvc - ok
18:31:46.0125 3436 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
18:31:46.0400 3436 \Device\Harddisk0\DR0 - ok
18:31:46.0411 3436 Boot (0x1200) (14ee1d9b767b8dca6e7adb960e470cb5) \Device\Harddisk0\DR0\Partition0
18:31:46.0413 3436 \Device\Harddisk0\DR0\Partition0 - ok
18:31:46.0419 3436 Boot (0x1200) (5d15efa20fd228e2a16372a5424f4698) \Device\Harddisk0\DR0\Partition1
18:31:46.0421 3436 \Device\Harddisk0\DR0\Partition1 - ok
18:31:46.0443 3436 Boot (0x1200) (12865e160d2214fc09a42d01b2955fa1) \Device\Harddisk0\DR0\Partition2
18:31:46.0444 3436 \Device\Harddisk0\DR0\Partition2 - ok
18:31:46.0445 3436 ============================================================
18:31:46.0445 3436 Scan finished
18:31:46.0445 3436 ============================================================
18:31:46.0451 3864 Detected object count: 0
18:31:46.0451 3864 Actual detected object count: 0
18:32:02.0741 5036 Deinitialize success

aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-21 18:35:27
-----------------------------
18:35:27.008 OS Version: Windows x64 6.1.7601 Service Pack 1
18:35:27.008 Number of processors: 8 586 0x2A07
18:35:27.009 ComputerName: OWNER-PC UserName: Owner
18:35:28.053 Initialize success
18:36:13.506 AVAST engine defs: 12052101
18:36:48.241 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:36:48.243 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
18:36:48.249 Disk 0 MBR read successfully
18:36:48.251 Disk 0 MBR scan
18:36:48.264 Disk 0 unknown MBR code
18:36:48.279 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:36:48.288 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 277504 MB offset 206848
18:36:48.291 Disk 0 Partition - 00 0F Extended LBA 415912 MB offset 568535040
18:36:48.322 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 21886 MB offset 1420322816
18:36:48.378 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 415911 MB offset 568537088
18:36:48.428 Disk 0 scanning C:\Windows\system32\drivers
18:36:56.868 Service scanning
18:37:21.426 Modules scanning
18:37:21.756 Disk 0 trace - called modules:
18:37:21.780 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:37:21.784 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007df9790]
18:37:21.787 3 CLASSPNP.SYS[fffff88001bb543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f30050]
18:37:22.678 AVAST engine scan C:\Windows
18:37:25.711 AVAST engine scan C:\Windows\system32
18:40:11.911 AVAST engine scan C:\Windows\system32\drivers
18:40:21.932 AVAST engine scan C:\Users\Owner
18:44:04.474 AVAST engine scan C:\ProgramData
18:45:07.840 Scan finished successfully
18:46:37.864 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
18:46:37.868 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

How it is now:
Google still fails periodically.

Typically I'll run a search and it will get stuck on a page like this:
Posted Image
Then I click the search button several times and it will work.

Edited by VicVegas, 21 May 2012 - 07:28 PM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 21 May 2012 - 10:20 PM

Greetings

this only happens in firefox?


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 VicVegas

VicVegas
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornville, USA
  • Local time:06:09 PM

Posted 21 May 2012 - 11:55 PM

As far as I could tell, yes it is/was only occurring in Firefox. So I came to the conclusion that maybe a clean uninstall and reinstall of Firefox would fix the problem.

It seems to have worked (emphasis on "seems" as it's been working fine for a good amount of time at this point). Granted I probably shouldn't have done that, if only to help clear up what I had.

I cannot be certain yet that it's gone though, it was indeed a "periodic" problem.

I'll still post the results of the log in a minute.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 22 May 2012 - 12:00 AM

That is where I was headed next


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 VicVegas

VicVegas
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornville, USA
  • Local time:06:09 PM

Posted 22 May 2012 - 02:46 AM

Pardon me, I believe my definition of "a minute" is a little bit off.

ComboFix 12-05-21.05 - Owner 05/22/2012 0:02.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6056.4306 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-22 05:07 . 2012-05-22 05:07 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-22 05:07 . 2012-05-22 05:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-22 02:43 . 2012-05-22 02:43 -------- d-----w- c:\program files\Google
2012-05-22 02:42 . 2012-05-22 02:43 -------- d-----w- c:\program files (x86)\Google
2012-05-22 02:42 . 2012-05-22 02:43 -------- d-----w- c:\users\Owner\AppData\Local\Google
2012-05-22 02:10 . 2012-05-22 02:13 -------- d--h--w- c:\windows\msdownld.tmp
2012-05-17 21:02 . 2012-05-17 21:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-05-17 20:54 . 2012-05-17 20:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-17 20:54 . 2012-05-17 20:54 -------- d-----w- c:\program files (x86)\Oracle
2012-05-17 20:53 . 2012-04-04 23:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-16 15:46 . 2012-05-16 15:46 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-05-16 15:45 . 2012-05-16 15:45 -------- d-----w- c:\programdata\Malwarebytes
2012-05-16 15:45 . 2012-05-16 15:46 -------- d-----w- C:\Malwarebytes' Anti-Malware
2012-05-16 15:45 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-16 15:03 . 2012-05-16 15:03 -------- d-----w- c:\users\Owner\AppData\Local\ElevatedDiagnostics
2012-05-16 14:42 . 2012-05-16 14:42 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-05-16 14:42 . 2012-05-16 14:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-16 14:42 . 2012-05-16 14:42 -------- d-----w- C:\SuperAntiSpyware
2012-05-13 17:00 . 2012-05-13 17:00 -------- d-----w- c:\users\Owner\AppData\Roaming\NVIDIA
2012-05-13 15:22 . 2012-05-13 15:22 -------- d-----w- c:\users\Owner\AppData\Local\DOSBox
2012-05-13 15:19 . 2012-05-13 18:50 -------- d-----w- C:\OLDGAMES
2012-05-13 15:18 . 2012-05-17 08:07 -------- d-----w- C:\DOSBox-0.74
2012-05-10 20:16 . 2012-05-13 15:19 -------- d-----w- C:\BOSS
2012-05-10 19:39 . 2012-05-10 19:39 -------- d-----w- C:\Oblivion Mods
2012-05-10 14:38 . 2012-05-10 14:38 -------- d-----w- c:\program files (x86)\Common Files\Wrye Bash
2012-05-10 14:38 . 2012-05-10 14:38 -------- d-----w- C:\Nerhim
2012-05-10 02:39 . 2012-05-10 04:22 -------- d-----w- c:\users\Owner\AppData\Local\Black_Tree_Gaming
2012-05-09 15:52 . 2012-05-13 08:12 -------- d-----w- C:\Oblivion
2012-05-03 00:49 . 2012-05-14 04:08 -------- d-----w- c:\users\Owner\AppData\Roaming\gtk-2.0
2012-05-03 00:42 . 2012-05-03 00:42 -------- d-----w- c:\users\Owner\.thumbnails
2012-05-03 00:38 . 2012-05-22 04:43 -------- d-----w- c:\users\Owner\.gimp-2.6
2012-05-03 00:38 . 2012-05-03 00:38 -------- d-----w- c:\program files (x86)\GIMP-2.0
2012-05-01 14:46 . 2012-02-20 15:34 -------- d-----w- C:\nifskope-1.1.0-rc6
2012-04-30 23:53 . 2012-04-30 23:53 -------- d--h--r- c:\users\Owner\AppData\Roaming\SecuROM
2012-04-30 23:52 . 2012-05-03 00:40 -------- d-----w- c:\program files (x86)\Telltale Games
2012-04-24 13:36 . 2012-04-24 13:36 -------- d-----w- c:\program files (x86)\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-21 21:24 . 2012-02-02 21:01 100824 ----a-w- c:\windows\system32\WRusr.dll
2012-05-21 21:24 . 2012-02-02 21:01 148216 ----a-w- c:\windows\SysWow64\WRusr.dll
2012-05-21 21:24 . 2012-02-02 21:01 112720 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-05-10 16:04 . 2012-04-08 02:43 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-10 16:04 . 2011-05-25 05:07 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 18:45 . 2012-04-08 02:45 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-09 21:40 . 2011-02-21 06:13 345600 ----a-w- c:\windows\SetLCDStretchMode.exe
2012-04-09 21:40 . 2011-02-21 06:13 407040 ----a-w- c:\windows\HotfixChecker.exe
2012-04-04 23:47 . 2011-05-29 23:51 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-11 21:13 . 2011-05-03 01:36 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-05-03 01:36 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-05-03 01:36 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-10-27 17:14 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 21:13 . 2011-05-03 01:36 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-11 21:13 . 2011-05-03 01:36 389840 ----a-w- c:\windows\system32\guard64.dll
2012-03-01 06:46 . 2012-04-12 08:01 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 08:01 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 08:01 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 08:01 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 08:01 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 08:01 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 08:01 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-03-01 00:02 . 2012-04-09 23:38 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-01 00:02 . 2012-04-09 23:38 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-01 00:02 . 2012-04-09 23:38 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2012-04-09 23:38 962368 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-03-01 00:02 . 2012-04-09 23:38 812352 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-03-01 00:02 . 2012-04-09 23:38 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-01 00:02 . 2012-04-09 23:38 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-01 00:02 . 2012-04-09 23:38 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-03-01 00:02 . 2012-04-09 23:38 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-03-01 00:02 . 2012-04-09 23:38 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-03-01 00:02 . 2012-04-09 23:38 28992 ----a-w- c:\windows\system32\drivers\nvpciflt.sys
2012-03-01 00:02 . 2012-04-09 23:38 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-01 00:02 . 2012-04-09 23:38 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-01 00:02 . 2012-04-09 23:38 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2012-04-09 23:38 260416 ----a-w- c:\windows\system32\nvinitx.dll
2012-03-01 00:02 . 2012-04-09 23:38 25543488 ----a-w- c:\windows\system32\nvoglv64.dll
2012-03-01 00:02 . 2012-04-09 23:38 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-01 00:02 . 2012-04-09 23:38 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-03-01 00:02 . 2012-04-09 23:38 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-03-01 00:02 . 2012-04-09 23:38 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2012-04-09 23:38 215360 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-03-01 00:02 . 2012-04-09 23:38 19444544 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-03-01 00:02 . 2012-04-09 23:38 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-03-01 00:02 . 2012-04-09 23:38 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-03-01 00:02 . 2012-04-09 23:38 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2012-04-09 23:38 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-03-01 00:02 . 2012-04-09 23:38 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2012-04-09 23:38 13626688 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-29 21:00 . 2012-04-09 23:39 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2012-04-09 23:39 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2012-04-09 23:39 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2012-04-09 23:39 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 20:59 . 2012-04-09 23:39 55616 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-02-29 20:59 . 2012-04-09 23:39 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-02-29 20:59 . 2012-04-09 23:39 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2012-04-09 23:39 849728 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-02-29 20:59 . 2012-04-09 23:39 2515790 ----a-w- c:\windows\system32\nvcoproc.bin
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-21_21.37.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-22 02:12 . 2012-05-22 02:12 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2012-05-22 02:12 . 2012-05-22 02:12 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2012-05-22 02:12 . 2012-05-22 02:12 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 11776 c:\windows\SysWOW64\mshta.exe
+ 2012-05-22 02:12 . 2012-05-22 02:12 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2012-05-22 02:12 . 2012-05-22 02:12 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 78848 c:\windows\SysWOW64\inseng.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 35840 c:\windows\SysWOW64\imgutil.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 74752 c:\windows\SysWOW64\iesetup.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 31744 c:\windows\SysWOW64\iernonce.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2012-05-22 02:12 . 2012-05-22 02:12 66048 c:\windows\SysWOW64\icardie.dll
- 2009-07-14 04:54 . 2012-05-17 21:36 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-22 02:16 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-17 21:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-22 02:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-22 02:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-17 21:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-21 06:37 . 2012-05-22 02:20 47596 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-22 02:20 35610 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-05-22 02:12 . 2012-05-22 02:12 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2012-05-22 02:12 . 2012-05-22 02:12 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2012-05-22 02:12 . 2012-05-22 02:12 65024 c:\windows\system32\pngfilt.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 48640 c:\windows\system32\mshtmler.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 96256 c:\windows\system32\mshtmled.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 12288 c:\windows\system32\mshta.exe
+ 2012-05-22 02:12 . 2012-05-22 02:12 10752 c:\windows\system32\msfeedssync.exe
+ 2012-05-22 02:12 . 2012-05-22 02:12 55296 c:\windows\system32\msfeedsbs.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 30720 c:\windows\system32\licmgr10.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 85504 c:\windows\system32\jsproxy.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 49664 c:\windows\system32\imgutil.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 85504 c:\windows\system32\iesetup.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 39936 c:\windows\system32\iernonce.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 89088 c:\windows\system32\ie4uinit.exe
+ 2012-05-22 02:12 . 2012-05-22 02:12 82432 c:\windows\system32\icardie.dll
+ 2011-02-21 05:13 . 2012-05-22 05:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-21 05:13 . 2012-05-21 21:36 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-21 05:13 . 2012-05-21 21:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-21 05:13 . 2012-05-22 05:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-22 05:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-21 21:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-05-22 02:21 93696 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-04-22 09:08 . 2012-05-22 02:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-22 09:08 . 2012-05-21 21:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-21 09:30 . 2012-05-22 02:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-21 09:30 . 2012-05-21 21:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-22 02:43 . 2012-05-22 02:43 28160 c:\windows\Installer\18b1cc.msi
+ 2012-05-22 02:42 . 2012-05-22 02:42 25600 c:\windows\Installer\18b1c6.msi
+ 2011-04-22 05:56 . 2012-05-22 02:20 9000 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4159443991-512847242-1124234837-1001_UserData.bin
+ 2012-05-22 05:08 . 2012-05-22 05:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-21 21:35 . 2012-05-21 21:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-22 05:08 . 2012-05-22 05:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-21 21:35 . 2012-05-21 21:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-22 02:12 . 2012-05-22 02:12 152064 c:\windows\SysWOW64\wextract.exe
+ 2012-05-22 02:12 . 2012-05-22 02:12 203776 c:\windows\SysWOW64\webcheck.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 420864 c:\windows\SysWOW64\vbscript.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 231936 c:\windows\SysWOW64\url.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 123392 c:\windows\SysWOW64\occache.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 162304 c:\windows\SysWOW64\msrating.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 161792 c:\windows\SysWOW64\msls31.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 580608 c:\windows\SysWOW64\msfeeds.dll
- 2012-01-12 11:40 . 2011-10-14 04:24 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 716800 c:\windows\SysWOW64\jscript.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 150528 c:\windows\SysWOW64\iexpress.exe
+ 2012-05-22 02:12 . 2012-05-22 02:12 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2012-05-22 02:12 . 2012-05-22 02:12 176640 c:\windows\SysWOW64\ieui.dll
- 2012-04-12 00:27 . 2012-02-28 05:34 176640 c:\windows\SysWOW64\ieui.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 118784 c:\windows\SysWOW64\iepeers.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 434176 c:\windows\SysWOW64\ieapfltr.dll
- 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 163840 c:\windows\SysWOW64\ieakui.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 223232 c:\windows\SysWOW64\dxtrans.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 101888 c:\windows\SysWOW64\admparse.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 160256 c:\windows\system32\wextract.exe
+ 2012-05-22 02:12 . 2012-05-22 02:12 249344 c:\windows\system32\webcheck.dll
+ 2011-04-22 07:53 . 2012-05-21 23:01 330302 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2012-05-22 02:12 . 2012-05-22 02:12 603648 c:\windows\system32\vbscript.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 237056 c:\windows\system32\url.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 149504 c:\windows\system32\occache.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 197120 c:\windows\system32\msrating.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 222208 c:\windows\system32\msls31.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 697344 c:\windows\system32\msfeeds.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 818688 c:\windows\system32\jscript.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 103936 c:\windows\system32\inseng.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 165888 c:\windows\system32\iexpress.exe
+ 2012-05-22 02:12 . 2012-05-22 02:12 173056 c:\windows\system32\ieUnatt.exe
+ 2012-05-22 02:12 . 2012-05-22 02:12 248320 c:\windows\system32\ieui.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 111616 c:\windows\system32\iesysprep.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 145920 c:\windows\system32\iepeers.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 403248 c:\windows\system32\iedkcs32.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 534528 c:\windows\system32\ieapfltr.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 163840 c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 267776 c:\windows\system32\ieaksie.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 160256 c:\windows\system32\ieakeng.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 135168 c:\windows\system32\IEAdvpack.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 282112 c:\windows\system32\dxtrans.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 452608 c:\windows\system32\dxtmsft.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 114176 c:\windows\system32\admparse.dll
+ 2009-07-14 05:01 . 2012-05-22 05:07 389516 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-21 21:35 389516 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-05-22 02:12 . 2012-05-22 02:12 1127424 c:\windows\SysWOW64\wininet.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 1103360 c:\windows\SysWOW64\urlmon.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 1798656 c:\windows\SysWOW64\jscript9.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 1792000 c:\windows\SysWOW64\iertutil.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 9705472 c:\windows\SysWOW64\ieframe.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 3695416 c:\windows\SysWOW64\ieapfltr.dat
+ 2012-05-22 02:12 . 2012-05-22 02:12 1390080 c:\windows\system32\wininet.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 1345536 c:\windows\system32\urlmon.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 2308096 c:\windows\system32\jscript9.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 2144256 c:\windows\system32\iertutil.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 3695416 c:\windows\system32\ieapfltr.dat
- 2009-07-14 04:45 . 2012-05-14 18:16 7174117 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-05-22 02:20 7174117 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-05-22 02:12 . 2012-05-22 02:12 12282368 c:\windows\SysWOW64\mshtml.dll
- 2009-07-14 02:34 . 2012-05-14 05:55 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-05-22 02:15 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-05-22 02:12 . 2012-05-22 02:12 17790464 c:\windows\system32\mshtml.dll
+ 2012-05-22 02:12 . 2012-05-22 02:12 10887168 c:\windows\system32\ieframe.dll
+ 2011-05-24 23:24 . 2012-05-22 05:07 43435804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4159443991-512847242-1124234837-1001-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 16:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-29 1242448]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-08 618496]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-08-25 75048]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-05-18 679672]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup]
c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [BU]
.
2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/02/21 14:29;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-08-25 246256]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-22 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 257696]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-22 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SASDIFSV;SASDIFSV;c:\superantispyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\superantispyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\superantispyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-05-18 679672]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 16:04]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-22 02:42]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-22 02:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-09-01 1449984]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-06 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-06 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-06 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: DhcpNameServer = 97.64.168.12 97.64.183.165
TCP: Interfaces\{2287089B-49F8-4E14-BB90-FADA8A77A34C}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{5ECF6964-5134-48AE-9AE2-42FB06D7F5A3}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\v79jla4y.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4159443991-512847242-1124234837-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:43,9e,ee,90,0e,b2,ed,93,dd,05,73,19,86,99,30,83,f0,8c,24,cb,10,27,b7,
c9,a4,aa,d5,90,43,bf,53,8c,20,ae,36,b3,bc,de,ea,35,d6,f7,cb,41,6d,4f,6b,f5,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-4159443991-512847242-1124234837-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
.
**************************************************************************
.
Completion time: 2012-05-22 00:14:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-22 05:14
ComboFix2.txt 2012-05-21 21:42
.
Pre-Run: 157,629,677,568 bytes free
Post-Run: 157,449,060,352 bytes free
.
- - End Of File - - A4A80227B2E79078933CE6CCEDDAC151

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 22 May 2012 - 07:49 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 VicVegas

VicVegas
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornville, USA
  • Local time:06:09 PM

Posted 22 May 2012 - 03:58 PM

It started doing it again. This happened immediately after I plugged my portable drive in. That can't be good...

Granted if it were some kind of portable infection, I'm not seeing any of the telltale signs of such an infection on the drive.

Edit: "ETD control center" a program related to touchpad operation is occasionally getting stuck at 13% CPU usage. I end the process when this happens. Apparently some Spyware may try to mask themselves as this program.

I found something else interesting:
Notice that the "successful" search is not encrypted.
Posted Image



LOG:

???? ??? Windows Live
???? Windows Live
????? Messenger
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?? Messenger
???????? ?????????? Windows Live
????????? Messenger
?????????? Windows Live
??????????? ?? Windows Live
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Agatha Christie - Death on the Nile
„Messenger“ pagalbine priemone
Audacity 1.3.14 (Unicode)
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Messenger“
„Windows Live“ fotogalerija
BatteryLifeExtender
Bejeweled 2 Deluxe
Best Buy pc app
Bing Bar
Bing Rewards Client Installer
BOSS
Build-a-lot
ChargeableUSB
Chuzzle Deluxe
Complemento Messenger
Complément Messenger
CyberLink Media Suite
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 10
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Doplnok programu Messenger
EA Download Manager
Easy Content Share
Easy Display Manager
Easy Migration
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
ESET Online Scanner v3
Fallout 3
Fallout 3 - Unofficial Fallout 3 Patch
Farm Frenzy
Fast Start
Fotogalerija Windows Live
Fraps (remove only)
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
GIMP 2.6.11
Google Toolbar for Internet Explorer
Google Update Helper
Insaniquarium Deluxe
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® Wireless Display
Java Auto Updater
Java™ 7 Update 4
JavaFX 2.1.0
John Deere Drive Green
Junk Mail filter update
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger-kumppani
Messenger ??? ??
Messenger ????
Messenger ?????
Messenger Assistent
Messenger Companion
Messenger kíséro
Messenger Pratilac
Messenger Suradnik
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Movie Color Enhancer
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia POP
NehrimUninstaller
NVIDIA PhysX
Oblivion
Oblivion - Construction Set
Oblivion mod manager 1.1.12
Pam Call Recorder 4.8
Peggle
Penguins!
Plants vs. Zombies
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Golfer
Pomocnik Messenger
Pošta Windows Live
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
S?????? f?t???af??? t?? Windows Live
Samsung AnyWeb Print
Samsung Recovery Solution 5
Samsung Support Center
Samsung Universal Print Driver
Samsung Universal Scan Driver
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
SimCity 4 Deluxe
Skype™ 5.8
Sony Vocal Eraser
Sound Forge Audio Studio 10.0
Spremljevalec Messenger
Star Wars Republic Commando
Steam
swMSM
System Requirements Lab
Team Fortress 2
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Fast Lane Stuff
The Sims™ 3 Late Night
The Sims™ 3 World Adventures
Unofficial Oblivion Patch v3.2.0
Unofficial Official Mods Patch v16
Unofficial Shivering Isles Patch v1.5.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
User Guide
Vegas Movie Studio HD Platinum 10.0
VTFEdit 1.2.5
Webroot SecureAnywhere
WildTangent Games
WildTangent ORB Game Console
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Wrye Bash
Zuma Deluxe

Edited by VicVegas, 22 May 2012 - 04:46 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:09 PM

Posted 22 May 2012 - 05:29 PM

Greetings

I want you to uninstall FireFox once more and if asked about user data or settings then remove those also

Restart the computer and reinstall firefox

check things out again


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 VicVegas

VicVegas
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornville, USA
  • Local time:06:09 PM

Posted 22 May 2012 - 05:41 PM

This is the exact action I committed before, but if it is part of the process I will not hesitate. Hold on...

#15 VicVegas

VicVegas
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cornville, USA
  • Local time:06:09 PM

Posted 22 May 2012 - 05:57 PM

Seems to be gone again... I'll go through a few common routines of mine to see if it will reinfect/break. If I have your approval?

Edit: When infected/broken repeatedly pressing the search key would hold the negative results if it would not occur immediately. So far I've been searching for the past few minutes with nothing happening. At this point I'm fairly sure it's gone, but I'm not sure how it gets back in. That is why I wish to test previous actions to discover what causes it.

Edited by VicVegas, 22 May 2012 - 06:06 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users