Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hit by malware or rogueware


  • This topic is locked This topic is locked
25 replies to this topic

#1 rko48

rko48

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 23 May 2012 - 10:00 PM

My wife's computer got hit several years ago by some nasty rogueware and I have been very diligent in what I do on my computer, but alas I am a victim. I have been trying for the past several days and nothing. I found out I was hit when I went to check my gmail and chrome sent a warning about a weak algorithm. I have run several malware programs and they all say clean. Now my computer says that I am not running a genuine copy of windows. I have had the computer for 2 years and bought it new from Best Buy so I know its good. So without further ado, my hijack this log. Thanks for any help.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:45:35 PM, on 5/23/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\AsScrPro.exe
C:\Users\Jason\Downloads\WindowsActivationUpdate.exe
J:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120426203029.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user')
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files (x86)\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files (x86)\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - https://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O20 - AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll acaptuser32.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Sprint Con App Svc (CASprint) - SmithMicro Inc. - C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdx_device - Unknown owner - C:\Windows\system32\lxdxcoms.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NovaCore SDK Service (NvtlService) - Unknown owner - C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: Super Thruster Service (SupThrSrv) - ASUS - C:\eSupport\SupThrSrv\SupThrSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 17826 bytes

Edited by rko48, 23 May 2012 - 10:05 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 AM

Posted 28 May 2012 - 08:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

HijackThis is not able to provide accurate information for 64 bit systems.
In your case we need to see a DDS Log.
I would remove HijackThis using the Add/Remove Programs list.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===

Third party programs if not up to date can be an open door for an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs for my review.

#3 rko48

rko48
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 28 May 2012 - 11:17 AM

Doing that now.

Edited by rko48, 28 May 2012 - 11:38 AM.


#4 rko48

rko48
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 28 May 2012 - 12:11 PM

DDS Log


.
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by Jason at 11:33:11 on 2012-05-28
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://asus.msn.com
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120426203029.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
mRun: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
IE: Add to AMV Convert Tool... - C:\Program Files (x86)\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Add to Media Manager... - C:\Program Files (x86)\MP3 Player Utilities 4.00\MediaManager\grab.html
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxps://s3.amazonaws.com/content.systemrequirementslab.com/global/bin/srldetect_cyri_4.1.72.0_x.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0A64D68B-9B02-4DB4-8443-B475249FBF38} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{367C2C9A-F14E-45B6-855B-35AAD6455303} : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{642FC2E4-B453-4991-B157-3F424AD0217B} : DhcpNameServer = 168.94.0.15 168.94.0.14
TCP: Interfaces\{B6E1DB30-3718-4849-A31C-F93FA2703B78} : DhcpNameServer = 172.16.206.215 172.16.206.215
TCP: Interfaces\{C173DDEA-68A4-41B2-AF0E-C82CB2BF8F05} : DhcpNameServer = 172.18.64.215 172.18.64.215
TCP: Interfaces\{CE2668FD-9046-40F5-90E2-31D8C9231543} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CE2668FD-9046-40F5-90E2-31D8C9231543}\2375942554437373 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CE2668FD-9046-40F5-90E2-31D8C9231543}\2375942554536383 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CE2668FD-9046-40F5-90E2-31D8C9231543}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 192.168.0.1
TCP: Interfaces\{CE2668FD-9046-40F5-90E2-31D8C9231543}\34563696C602758696474716B656277237 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CE2668FD-9046-40F5-90E2-31D8C9231543}\35072796E647 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CE2668FD-9046-40F5-90E2-31D8C9231543}\E6564776561627D21607 : DhcpNameServer = 192.168.80.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: UrlHelper Class: {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120426203029.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
BHO-X64: MediaBar - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [(Default)]
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [DATAMNGR] C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
mRun-x64: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
AppInit_DLLs-X64: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll acaptuser32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-05-23 15:37:58 -------- d-----w- C:\Users\Jason\AppData\Roaming\SUPERAntiSpyware.com
2012-05-23 15:37:01 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-23 15:37:01 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-05-23 05:34:10 -------- d-----w- C:\Users\Jason\AppData\Roaming\Malwarebytes
2012-05-23 05:33:40 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-23 05:33:36 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-23 05:33:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-23 05:22:56 16200 ----a-w- C:\Windows\stinger.sys
2012-05-23 05:22:28 -------- d-----w- C:\Program Files (x86)\stinger
2012-05-23 04:28:30 -------- d-----w- C:\Users\Jason\AppData\Roaming\McAfee
2012-05-23 02:18:54 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-21 05:31:55 -------- d-----w- C:\Program Files (x86)\Diablo III
2012-05-18 22:38:15 -------- d-----w- C:\Users\Jason\AppData\Roaming\Karaoke Builder
2012-05-18 22:29:31 152848 ----a-w- C:\Windows\SysWow64\comdlg32.ocx
2012-05-18 22:29:31 117760 ----a-w- C:\Windows\SysWow64\wnaspi32.dll
2012-05-18 04:09:36 -------- d-----w- C:\Program Files (x86)\Common Files\Doblon
2012-05-18 02:07:55 -------- d-----w- C:\Users\Jason\AppData\Roaming\Doblon
2012-05-18 02:07:02 -------- d-----w- C:\Program Files (x86)\Common Files\cdrdao
2012-05-18 02:06:57 -------- d-----w- C:\Program Files (x86)\Doblon
2012-05-12 04:17:22 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-12 04:17:19 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-12 04:17:16 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-05-12 04:17:14 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-05-12 04:17:13 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-05-12 04:17:09 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-05-12 04:17:08 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-05-12 04:17:04 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-05-12 04:17:04 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-05-12 04:17:00 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-05-12 04:14:00 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-12 04:13:53 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-05-12 04:13:48 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-12 04:13:41 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-12 04:13:25 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-12 04:12:50 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 04:12:32 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 04:12:31 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 04:12:23 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 04:12:22 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 04:12:22 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-09 03:38:17 -------- d-----r- C:\Program Files (x86)\Skype
2012-05-06 00:28:33 -------- d-----w- C:\Program Files (x86)\Request Slip Generator
2012-05-06 00:24:34 -------- d-----w- C:\Program Files (x86)\KJ File Manager
2012-05-06 00:15:31 -------- d-----w- C:\Program Files (x86)\Absolute Media Library
2012-05-06 00:02:22 -------- d-----w- C:\Users\Jason\AppData\Local\Latshaw_Systems
2012-05-06 00:01:11 -------- d-----w- C:\ProgramData\Latshaw Systems
2012-05-05 23:59:57 -------- d-----w- C:\Program Files (x86)\Song List Generator
2012-05-04 04:35:50 17920 ----a-w- C:\Windows\SysWow64\temp.003
2012-05-04 04:35:50 147728 ----a-w- C:\Windows\SysWow64\temp.002
2012-05-04 04:35:50 1409024 ----a-w- C:\Windows\SysWow64\temp.004
2012-05-04 04:35:49 598288 ----a-w- C:\Windows\SysWow64\temp.000
2012-05-04 04:35:49 164112 ----a-w- C:\Windows\SysWow64\temp.001
2012-05-02 15:05:47 523264 ----a-w- C:\Windows\SysWow64\AviProcessor.dll
2012-05-02 15:05:45 32768 ----a-w- C:\Windows\SysWow64\TimeEditkb.ocx
2012-05-02 15:05:42 33280 ----a-w- C:\Windows\SysWow64\Huffyuv.dll
2012-05-02 15:05:41 51200 ----a-w- C:\Windows\SysWow64\camcodec.dll
2012-05-02 15:05:41 114688 ----a-w- C:\Windows\SysWow64\avizlib.dll
2012-05-02 15:05:41 -------- d-----w- C:\KBStudio
2012-04-30 15:30:04 -------- d-----w- C:\Users\Jason\Stuff from work
.
==================== Find3M ====================
.
2012-05-23 02:18:53 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 18:11:30 162192 ----a-w- C:\Windows\System32\mfevtps.exe
2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:45:41 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:40:14 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:35:16 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
.
============= FINISH: 11:35:27.70 ===============

Combo Fix Log


ComboFix 12-05-28.02 - Jason 05/28/2012 11:39:40.1.2 - x64 MINIMAL
Running from: c:\users\Jason\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-23 15:37 . 2012-05-23 15:37 -------- d-----w- c:\users\Jason\AppData\Roaming\SUPERAntiSpyware.com
2012-05-23 15:37 . 2012-05-24 02:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-23 15:37 . 2012-05-23 15:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-23 05:34 . 2012-05-24 05:25 -------- d-----w- c:\users\Jason\AppData\Roaming\Malwarebytes
2012-05-23 05:33 . 2012-05-24 05:25 -------- d-----w- c:\programdata\Malwarebytes
2012-05-23 05:33 . 2012-05-24 05:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-23 05:33 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-23 05:22 . 2012-05-23 05:22 16200 ----a-w- c:\windows\stinger.sys
2012-05-23 05:22 . 2012-05-24 05:26 -------- d-----w- c:\program files (x86)\stinger
2012-05-23 04:28 . 2012-05-24 05:25 -------- d-----w- c:\users\Jason\AppData\Roaming\McAfee
2012-05-23 02:18 . 2012-05-23 02:18 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-21 08:01 . 2012-05-21 08:01 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-21 08:01 . 2012-05-21 08:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-21 05:31 . 2012-05-22 03:29 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-18 22:38 . 2012-05-18 22:38 -------- d-----w- c:\users\Jason\AppData\Roaming\Karaoke Builder
2012-05-18 22:29 . 2010-01-14 16:33 117760 ----a-w- c:\windows\SysWow64\wnaspi32.dll
2012-05-18 22:29 . 2004-03-09 06:00 152848 ----a-w- c:\windows\SysWow64\comdlg32.ocx
2012-05-18 04:09 . 2012-05-18 04:09 -------- d-----w- c:\program files (x86)\Common Files\Doblon
2012-05-18 02:07 . 2012-05-18 02:07 -------- d-----w- c:\users\Jason\AppData\Roaming\Doblon
2012-05-18 02:07 . 2012-05-18 02:07 -------- d-----w- c:\program files (x86)\Common Files\cdrdao
2012-05-18 02:06 . 2012-05-18 04:45 -------- d-----w- c:\program files (x86)\Doblon
2012-05-12 04:17 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 04:17 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 04:17 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-12 04:17 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-05-12 04:17 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-12 04:17 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-05-12 04:17 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-05-12 04:17 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-12 04:17 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-05-12 04:17 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-05-12 04:14 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 04:13 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 04:13 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 04:13 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 04:13 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 04:12 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 04:12 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 04:12 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 04:12 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 04:12 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 04:12 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 03:38 . 2012-05-28 16:08 -------- d-----w- c:\users\Jason\AppData\Roaming\Skype
2012-05-09 03:38 . 2012-05-09 03:38 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-09 03:38 . 2012-05-09 03:38 -------- d-----r- c:\program files (x86)\Skype
2012-05-09 03:38 . 2012-05-09 03:38 -------- d-----w- c:\programdata\Skype
2012-05-06 00:28 . 2012-05-06 00:28 -------- d-----w- c:\program files (x86)\Request Slip Generator
2012-05-06 00:24 . 2012-05-06 00:24 -------- d-----w- c:\program files (x86)\KJ File Manager
2012-05-06 00:15 . 2012-05-06 00:16 -------- d-----w- c:\program files (x86)\Absolute Media Library
2012-05-06 00:02 . 2012-05-06 07:00 -------- d-----w- c:\users\Jason\AppData\Local\Latshaw_Systems
2012-05-06 00:01 . 2012-05-06 07:00 -------- d-----w- c:\programdata\Latshaw Systems
2012-05-05 23:59 . 2012-05-06 00:00 -------- d-----w- c:\program files (x86)\Song List Generator
2012-05-04 04:35 . 1998-10-06 05:00 17920 ----a-w- c:\windows\SysWow64\temp.003
2012-05-04 04:35 . 1998-10-06 05:00 147728 ----a-w- c:\windows\SysWow64\temp.002
2012-05-04 04:35 . 1998-09-25 05:00 1409024 ----a-w- c:\windows\SysWow64\temp.004
2012-05-04 04:35 . 1998-10-06 05:00 598288 ----a-w- c:\windows\SysWow64\temp.000
2012-05-04 04:35 . 1998-10-06 05:00 164112 ----a-w- c:\windows\SysWow64\temp.001
2012-05-02 15:05 . 2003-01-26 03:32 523264 ----a-w- c:\windows\SysWow64\AviProcessor.dll
2012-05-02 15:05 . 2004-07-28 02:19 32768 ----a-w- c:\windows\SysWow64\TimeEditkb.ocx
2012-05-02 15:05 . 2000-08-23 22:00 33280 ----a-w- c:\windows\SysWow64\Huffyuv.dll
2012-05-02 15:05 . 2012-05-06 23:49 -------- d-----w- C:\KBStudio
2012-05-02 15:05 . 2003-03-13 17:51 51200 ----a-w- c:\windows\SysWow64\camcodec.dll
2012-05-02 15:05 . 2000-09-20 05:14 114688 ----a-w- c:\windows\SysWow64\avizlib.dll
2012-04-30 15:30 . 2012-05-12 05:53 -------- d-----w- c:\users\Jason\Stuff from work
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-23 02:18 . 2011-11-14 03:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 18:11 . 2011-03-03 07:00 162192 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-08 09:06 . 2012-03-08 09:06 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-08 09:06 . 2012-03-08 09:06 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-08 09:06 . 2012-03-08 09:06 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-08 09:06 . 2012-03-08 09:06 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-08 09:06 . 2012-03-08 09:06 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-08 09:06 . 2012-03-08 09:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-08 09:06 . 2012-03-08 09:06 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-08 09:06 . 2012-03-08 09:06 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-08 09:06 . 2012-03-08 09:06 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-08 09:06 . 2012-03-08 09:06 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-08 09:06 . 2012-03-08 09:06 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-08 09:06 . 2012-03-08 09:06 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-08 09:06 . 2012-03-08 09:06 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-08 09:06 . 2012-03-08 09:06 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-08 09:06 . 2012-03-08 09:06 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-08 09:06 . 2012-03-08 09:06 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-08 09:06 . 2012-03-08 09:06 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-08 09:06 . 2012-03-08 09:06 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-08 09:06 . 2012-03-08 09:06 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-08 09:06 . 2012-03-08 09:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-08 09:06 . 2012-03-08 09:06 448512 ----a-w- c:\windows\system32\html.iec
2012-03-08 09:06 . 2012-03-08 09:06 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-08 09:06 . 2012-03-08 09:06 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-08 09:06 . 2012-03-08 09:06 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-08 09:06 . 2012-03-08 09:06 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-08 09:06 . 2012-03-08 09:06 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-08 09:06 . 2012-03-08 09:06 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-08 09:06 . 2012-03-08 09:06 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-08 09:06 . 2012-03-08 09:06 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-08 09:06 . 2012-03-08 09:06 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-08 09:06 . 2012-03-08 09:06 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-08 09:06 . 2012-03-08 09:06 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-08 09:06 . 2012-03-08 09:06 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-08 09:06 . 2012-03-08 09:06 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-01 06:54 . 2012-04-13 08:01 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-13 08:01 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-13 08:01 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-13 08:01 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-13 08:01 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-13 08:01 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-13 08:01 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-08-09 10:36 1235376 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
2011-05-30 13:48 87480 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~2\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll" [2011-05-30 87480]
.
[HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-02-17 5244216]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-04-05 17356424]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-21 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-09 6937216]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-12-22 38840]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-12-21 640440]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Sprint SmartView"="c:\program files (x86)\Sprint\Sprint SmartView\SprintSV.exe" [2010-05-25 75072]
"RDVCHG"="c:\program files (x86)\Sprint\Sprint SmartView\RDVCHG.exe" [2010-05-25 316736]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
.
c:\users\Zoomdog Sound\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-1-7 12862]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-1-7 156880]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2009-10-5 1132472]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
R2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2011-08-10 102608]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-01-11 82944]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R2 SupThrSrv;Super Thruster Service;c:\esupport\SupThrSrv\SupThrSrv.exe [2009-09-04 80512]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys [x]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys [x]
R3 CASprint;Sprint Con App Svc;c:\program files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2010-05-25 124224]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-02-09 21712]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\DRIVERS\mr97310c.sys [2008-03-27 143872]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R3 ZTEMSD0227;ZTE Dummy MSD Device 0227;c:\windows\system32\Drivers\ZTEMSD0227.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67452594-1902842713-3490076094-1000Core.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-14 18:58]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-67452594-1902842713-3490076094-1000UA.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-14 18:58]
.
2012-05-26 c:\windows\Tasks\RegCure Program Check.job
- c:\program files (x86)\RegCure\RegCure.exe [2010-05-19 02:05]
.
2012-05-28 c:\windows\Tasks\RegCure.job
- c:\program files (x86)\RegCure\RegCure.exe [2010-05-19 02:05]
.
2012-05-26 c:\windows\Tasks\vtscheduletask.job
- c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2012-05-23 06:33]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2011-08-09 10:36 1792944 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="VSTARTUP" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll c:\windows\System32\acaptuser64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to AMV Convert Tool... - c:\program files (x86)\MP3 Player Utilities 4.00\AMVConverter\grab.html
IE: Add to Media Manager... - c:\program files (x86)\MP3 Player Utilities 4.00\MediaManager\grab.html
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-ETDWare - TECH\ETDCTRL.EXE
HKLM-Run-AmIcoSinglun64 - 64.EXE
HKLM-Run-IgfxTray - DOWS\SYSTEM32\IGFXTRAY.EXE
HKLM-Run-HotKeysCmds - DOWS\SYSTEM32\HKCMD.EXE
HKLM-Run-Persistence - DOWS\SYSTEM32\IGFXPERS.EXE
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ASUS_UL_Series_Screensaver - c:\windows\system32\ASUS_UL_Series_Screensaver.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-28 11:57:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-28 16:57
.
Pre-Run: 147,070,595,072 bytes free
Post-Run: 147,329,753,088 bytes free
.
- - End Of File - - A335314C34A1062165196015830550D5

Security Check


Results of screen317's Security Check version 0.99.39
Windows 7 x64
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 24
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 10.0.32.18 Flash Player out of Date!
Adobe Flash Player 10.0.32.18
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
[/u]````````````````````End of Log``````````````````````[/u]

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 AM

Posted 28 May 2012 - 01:41 PM

I can't understand why no processes are shown.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

Will take care of the security updates later.

#6 rko48

rko48
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 28 May 2012 - 02:04 PM

TDSS Log

13:52:58.0206 0168 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
13:52:58.0269 0168 ============================================================
13:52:58.0269 0168 Current date / time: 2012/05/28 13:52:58.0269
13:52:58.0269 0168 SystemInfo:
13:52:58.0269 0168
13:52:58.0269 0168 OS Version: 6.1.7600 ServicePack: 0.0
13:52:58.0269 0168 Product type: Workstation
13:52:58.0269 0168 ComputerName: JASON-PC
13:52:58.0269 0168 UserName: Jason
13:52:58.0269 0168 Windows directory: C:\Windows
13:52:58.0269 0168 System windows directory: C:\Windows
13:52:58.0269 0168 Running under WOW64
13:52:58.0269 0168 Processor architecture: Intel x64
13:52:58.0269 0168 Number of processors: 2
13:52:58.0269 0168 Page size: 0x1000
13:52:58.0269 0168 Boot type: Safe boot with network
13:52:58.0269 0168 ============================================================
13:52:58.0799 0168 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:52:58.0815 0168 Drive \Device\Harddisk1\DR3 - Size: 0x1E3000000 (7.55 Gb), SectorSize: 0x200, Cylinders: 0x3D9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:52:58.0815 0168 Drive \Device\Harddisk2\DR2 - Size: 0xEC580000 (3.69 Gb), SectorSize: 0x200, Cylinders: 0x1E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:52:58.0815 0168 ============================================================
13:52:58.0815 0168 \Device\Harddisk0\DR0:
13:52:58.0815 0168 MBR partitions:
13:52:58.0815 0168 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4B178, BlocksNum 0x3863A6B8
13:52:58.0815 0168 \Device\Harddisk1\DR3:
13:52:58.0815 0168 MBR partitions:
13:52:58.0815 0168 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xF17FC1
13:52:58.0815 0168 \Device\Harddisk2\DR2:
13:52:58.0815 0168 MBR partitions:
13:52:58.0815 0168 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x760C00
13:52:58.0815 0168 ============================================================
13:52:58.0862 0168 C: <-> \Device\Harddisk0\DR0\Partition0
13:52:58.0862 0168 ============================================================
13:52:58.0862 0168 Initialize success
13:52:58.0862 0168 ============================================================
13:53:09.0969 1752 ============================================================
13:53:09.0969 1752 Scan started
13:53:09.0969 1752 Mode: Manual;
13:53:09.0969 1752 ============================================================
13:53:10.0281 1752 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
13:53:10.0281 1752 !SASCORE - ok
13:53:10.0468 1752 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:53:10.0468 1752 1394ohci - ok
13:53:10.0530 1752 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:53:10.0546 1752 ACPI - ok
13:53:10.0593 1752 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:53:10.0608 1752 AcpiPmi - ok
13:53:10.0811 1752 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:53:10.0811 1752 AdobeARMservice - ok
13:53:10.0874 1752 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:53:10.0905 1752 adp94xx - ok
13:53:10.0998 1752 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:53:10.0998 1752 adpahci - ok
13:53:11.0030 1752 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:53:11.0045 1752 adpu320 - ok
13:53:11.0092 1752 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:53:11.0092 1752 AeLookupSvc - ok
13:53:11.0170 1752 AFBAgent (fb2be0bae9b3f248080cdbf91ef16c7f) C:\Windows\system32\FBAgent.exe
13:53:11.0186 1752 AFBAgent - ok
13:53:11.0295 1752 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
13:53:11.0326 1752 AFD - ok
13:53:11.0435 1752 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
13:53:11.0482 1752 AgereSoftModem - ok
13:53:11.0560 1752 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:53:11.0560 1752 agp440 - ok
13:53:11.0622 1752 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:53:11.0622 1752 ALG - ok
13:53:11.0685 1752 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:53:11.0685 1752 aliide - ok
13:53:11.0700 1752 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:53:11.0700 1752 amdide - ok
13:53:11.0732 1752 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:53:11.0732 1752 AmdK8 - ok
13:53:11.0747 1752 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:53:11.0763 1752 AmdPPM - ok
13:53:11.0810 1752 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
13:53:11.0810 1752 amdsata - ok
13:53:11.0872 1752 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:53:11.0872 1752 amdsbs - ok
13:53:11.0903 1752 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
13:53:11.0903 1752 amdxata - ok
13:53:11.0966 1752 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
13:53:11.0981 1752 AmUStor - ok
13:53:12.0059 1752 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:53:12.0059 1752 AppID - ok
13:53:12.0090 1752 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:53:12.0090 1752 AppIDSvc - ok
13:53:12.0293 1752 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:53:12.0293 1752 Apple Mobile Device - ok
13:53:12.0371 1752 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:53:12.0371 1752 arc - ok
13:53:12.0387 1752 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:53:12.0402 1752 arcsas - ok
13:53:12.0496 1752 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
13:53:12.0496 1752 ASLDRService - ok
13:53:12.0574 1752 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
13:53:12.0574 1752 ASMMAP64 - ok
13:53:12.0621 1752 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:53:12.0621 1752 AsyncMac - ok
13:53:12.0683 1752 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:53:12.0683 1752 atapi - ok
13:53:12.0777 1752 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
13:53:12.0855 1752 athr - ok
13:53:12.0917 1752 ATKGFNEXSrv (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe
13:53:12.0917 1752 ATKGFNEXSrv - ok
13:53:13.0073 1752 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:53:13.0120 1752 AudioEndpointBuilder - ok
13:53:13.0136 1752 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
13:53:13.0136 1752 AudioSrv - ok
13:53:13.0229 1752 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:53:13.0260 1752 b06bdrv - ok
13:53:13.0323 1752 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:53:13.0323 1752 b57nd60a - ok
13:53:13.0463 1752 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
13:53:13.0463 1752 BBSvc - ok
13:53:13.0541 1752 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
13:53:13.0541 1752 BBUpdate - ok
13:53:13.0619 1752 bcm (e1a8f4e38ccfcbcc44a6a0afe800b6bd) C:\Windows\system32\DRIVERS\drxvi314_64.sys
13:53:13.0635 1752 bcm - ok
13:53:13.0713 1752 bcmbusctr (d789ccf166315f33fdd31e8486efbf8d) C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys
13:53:13.0713 1752 bcmbusctr - ok
13:53:13.0775 1752 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:53:13.0791 1752 BDESVC - ok
13:53:13.0838 1752 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:53:13.0853 1752 Beep - ok
13:53:13.0931 1752 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
13:53:13.0931 1752 BITS - ok
13:53:13.0947 1752 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:53:13.0947 1752 blbdrive - ok
13:53:14.0118 1752 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:53:14.0134 1752 Bonjour Service - ok
13:53:14.0212 1752 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:53:14.0212 1752 bowser - ok
13:53:14.0274 1752 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:53:14.0274 1752 BrFiltLo - ok
13:53:14.0290 1752 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:53:14.0290 1752 BrFiltUp - ok
13:53:14.0321 1752 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:53:14.0321 1752 BridgeMP - ok
13:53:14.0337 1752 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
13:53:14.0352 1752 Browser - ok
13:53:14.0368 1752 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:53:14.0368 1752 Brserid - ok
13:53:14.0384 1752 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:53:14.0399 1752 BrSerWdm - ok
13:53:14.0399 1752 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:53:14.0415 1752 BrUsbMdm - ok
13:53:14.0430 1752 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:53:14.0430 1752 BrUsbSer - ok
13:53:14.0446 1752 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:53:14.0446 1752 BTHMODEM - ok
13:53:14.0508 1752 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:53:14.0508 1752 bthserv - ok
13:53:14.0649 1752 CASprint (32e9e92c57fe0c107691a250dae69f1e) C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe
13:53:14.0649 1752 CASprint - ok
13:53:14.0711 1752 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:53:14.0711 1752 cdfs - ok
13:53:14.0774 1752 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:53:14.0774 1752 cdrom - ok
13:53:14.0852 1752 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:53:14.0852 1752 CertPropSvc - ok
13:53:14.0914 1752 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
13:53:14.0914 1752 cfwids - ok
13:53:14.0992 1752 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:53:14.0992 1752 circlass - ok
13:53:15.0023 1752 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:53:15.0039 1752 CLFS - ok
13:53:15.0117 1752 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:53:15.0117 1752 clr_optimization_v2.0.50727_32 - ok
13:53:15.0148 1752 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:53:15.0148 1752 clr_optimization_v2.0.50727_64 - ok
13:53:15.0226 1752 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:53:15.0242 1752 clr_optimization_v4.0.30319_32 - ok
13:53:15.0257 1752 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:53:15.0273 1752 clr_optimization_v4.0.30319_64 - ok
13:53:15.0288 1752 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:53:15.0288 1752 CmBatt - ok
13:53:15.0320 1752 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:53:15.0320 1752 cmdide - ok
13:53:15.0382 1752 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
13:53:15.0413 1752 CNG - ok
13:53:15.0460 1752 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:53:15.0476 1752 Compbatt - ok
13:53:15.0522 1752 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:53:15.0522 1752 CompositeBus - ok
13:53:15.0554 1752 COMSysApp - ok
13:53:15.0585 1752 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:53:15.0585 1752 crcdisk - ok
13:53:15.0616 1752 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
13:53:15.0616 1752 CryptSvc - ok
13:53:15.0710 1752 dc3d (c3cecf0919bc03a0bab3a3691f5f43ba) C:\Windows\system32\DRIVERS\dc3d.sys
13:53:15.0710 1752 dc3d - ok
13:53:15.0772 1752 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:53:15.0772 1752 DcomLaunch - ok
13:53:15.0819 1752 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:53:15.0834 1752 defragsvc - ok
13:53:15.0881 1752 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
13:53:15.0881 1752 DfsC - ok
13:53:15.0944 1752 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
13:53:15.0959 1752 Dhcp - ok
13:53:15.0990 1752 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:53:15.0990 1752 discache - ok
13:53:16.0037 1752 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:53:16.0037 1752 Disk - ok
13:53:16.0084 1752 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
13:53:16.0084 1752 Dnscache - ok
13:53:16.0131 1752 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
13:53:16.0146 1752 dot3svc - ok
13:53:16.0224 1752 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
13:53:16.0224 1752 Dot4 - ok
13:53:16.0318 1752 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:53:16.0318 1752 Dot4Print - ok
13:53:16.0365 1752 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
13:53:16.0365 1752 dot4usb - ok
13:53:16.0396 1752 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
13:53:16.0396 1752 DPS - ok
13:53:16.0458 1752 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:53:16.0458 1752 drmkaud - ok
13:53:16.0599 1752 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
13:53:16.0599 1752 DrvAgent64 - ok
13:53:16.0692 1752 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:53:16.0724 1752 DXGKrnl - ok
13:53:16.0755 1752 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:53:16.0755 1752 EapHost - ok
13:53:16.0926 1752 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:53:17.0020 1752 ebdrv - ok
13:53:17.0129 1752 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
13:53:17.0129 1752 EFS - ok
13:53:17.0207 1752 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
13:53:17.0254 1752 ehRecvr - ok
13:53:17.0285 1752 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:53:17.0285 1752 ehSched - ok
13:53:17.0394 1752 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:53:17.0410 1752 elxstor - ok
13:53:17.0426 1752 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:53:17.0426 1752 ErrDev - ok
13:53:17.0504 1752 ETD (3c38648375b7f3988691f53a7aae10a9) C:\Windows\system32\DRIVERS\ETD.sys
13:53:17.0504 1752 ETD - ok
13:53:17.0535 1752 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:53:17.0535 1752 EventSystem - ok
13:53:17.0582 1752 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:53:17.0582 1752 exfat - ok
13:53:17.0597 1752 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:53:17.0613 1752 fastfat - ok
13:53:17.0675 1752 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
13:53:17.0706 1752 Fax - ok
13:53:17.0738 1752 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:53:17.0738 1752 fdc - ok
13:53:17.0769 1752 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:53:17.0769 1752 fdPHost - ok
13:53:17.0784 1752 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:53:17.0784 1752 FDResPub - ok
13:53:17.0800 1752 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:53:17.0800 1752 FileInfo - ok
13:53:17.0816 1752 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:53:17.0816 1752 Filetrace - ok
13:53:17.0972 1752 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:53:18.0003 1752 FLEXnet Licensing Service - ok
13:53:18.0034 1752 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:53:18.0034 1752 flpydisk - ok
13:53:18.0065 1752 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:53:18.0081 1752 FltMgr - ok
13:53:18.0143 1752 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:53:18.0143 1752 FontCache3.0.0.0 - ok
13:53:18.0159 1752 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:53:18.0159 1752 FsDepends - ok
13:53:18.0237 1752 fssfltr (5814011b2f6e088e29d689b5fcd49b8f) C:\Windows\system32\DRIVERS\fssfltr.sys
13:53:18.0237 1752 fssfltr - ok
13:53:18.0299 1752 fsssvc (f6717211c1ec2cddaa81b97b0727c2e9) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:53:18.0330 1752 fsssvc - ok
13:53:18.0362 1752 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
13:53:18.0362 1752 Fs_Rec - ok
13:53:18.0471 1752 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:53:18.0471 1752 fvevol - ok
13:53:18.0486 1752 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:53:18.0502 1752 gagp30kx - ok
13:53:18.0580 1752 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:53:18.0580 1752 GEARAspiWDM - ok
13:53:18.0642 1752 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
13:53:18.0658 1752 gpsvc - ok
13:53:18.0689 1752 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:53:18.0689 1752 hcw85cir - ok
13:53:18.0752 1752 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:53:18.0767 1752 HdAudAddService - ok
13:53:18.0830 1752 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:53:18.0830 1752 HDAudBus - ok
13:53:18.0845 1752 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:53:18.0845 1752 HidBatt - ok
13:53:18.0861 1752 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:53:18.0876 1752 HidBth - ok
13:53:18.0892 1752 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:53:18.0892 1752 HidIr - ok
13:53:18.0908 1752 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:53:18.0908 1752 hidserv - ok
13:53:18.0954 1752 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:53:18.0954 1752 HidUsb - ok
13:53:18.0986 1752 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
13:53:19.0001 1752 hkmsvc - ok
13:53:19.0017 1752 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
13:53:19.0017 1752 HomeGroupListener - ok
13:53:19.0048 1752 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
13:53:19.0048 1752 HomeGroupProvider - ok
13:53:19.0079 1752 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:53:19.0079 1752 HpSAMD - ok
13:53:19.0173 1752 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:53:19.0204 1752 HTTP - ok
13:53:19.0220 1752 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:53:19.0220 1752 hwpolicy - ok
13:53:19.0282 1752 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:53:19.0282 1752 i8042prt - ok
13:53:19.0313 1752 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
13:53:19.0313 1752 iaStor - ok
13:53:19.0407 1752 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
13:53:19.0422 1752 iaStorV - ok
13:53:19.0516 1752 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:53:19.0547 1752 idsvc - ok
13:53:19.0906 1752 igfx (dfeaf0a1d98d397035012c8e28d1520f) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:53:20.0078 1752 igfx - ok
13:53:20.0202 1752 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:53:20.0202 1752 iirsp - ok
13:53:20.0296 1752 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
13:53:20.0327 1752 IKEEXT - ok
13:53:20.0483 1752 IntcAzAudAddService (5ba1779e2c84fde2a5e201fff9c42c9c) C:\Windows\system32\drivers\RTKVHD64.sys
13:53:20.0546 1752 IntcAzAudAddService - ok
13:53:20.0670 1752 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:53:20.0670 1752 intelide - ok
13:53:20.0717 1752 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:53:20.0733 1752 intelppm - ok
13:53:20.0780 1752 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:53:20.0780 1752 IpFilterDriver - ok
13:53:20.0826 1752 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
13:53:20.0858 1752 iphlpsvc - ok
13:53:20.0858 1752 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:53:20.0873 1752 IPMIDRV - ok
13:53:20.0936 1752 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:53:20.0936 1752 IPNAT - ok
13:53:21.0092 1752 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
13:53:21.0107 1752 iPod Service - ok
13:53:21.0170 1752 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:53:21.0170 1752 IRENUM - ok
13:53:21.0185 1752 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:53:21.0201 1752 isapnp - ok
13:53:21.0232 1752 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:53:21.0232 1752 iScsiPrt - ok
13:53:21.0294 1752 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:53:21.0294 1752 kbdclass - ok
13:53:21.0310 1752 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:53:21.0310 1752 kbdhid - ok
13:53:21.0372 1752 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
13:53:21.0372 1752 kbfiltr - ok
13:53:21.0404 1752 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:53:21.0404 1752 KeyIso - ok
13:53:21.0419 1752 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
13:53:21.0419 1752 KSecDD - ok
13:53:21.0435 1752 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
13:53:21.0450 1752 KSecPkg - ok
13:53:21.0513 1752 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:53:21.0513 1752 ksthunk - ok
13:53:21.0606 1752 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:53:21.0622 1752 KtmRm - ok
13:53:21.0684 1752 L1C (b4a3a05b0f9c81d098b96ab6aa915042) C:\Windows\system32\DRIVERS\L1C62x64.sys
13:53:21.0684 1752 L1C - ok
13:53:21.0762 1752 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
13:53:21.0778 1752 LanmanServer - ok
13:53:21.0809 1752 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
13:53:21.0809 1752 LanmanWorkstation - ok
13:53:21.0887 1752 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:53:21.0887 1752 lltdio - ok
13:53:21.0965 1752 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:53:21.0981 1752 lltdsvc - ok
13:53:21.0981 1752 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:53:21.0996 1752 lmhosts - ok
13:53:22.0059 1752 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:53:22.0059 1752 LSI_FC - ok
13:53:22.0090 1752 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:53:22.0090 1752 LSI_SAS - ok
13:53:22.0106 1752 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:53:22.0106 1752 LSI_SAS2 - ok
13:53:22.0137 1752 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:53:22.0137 1752 LSI_SCSI - ok
13:53:22.0184 1752 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:53:22.0184 1752 luafv - ok
13:53:22.0262 1752 lvpepf64 (4cb64d7458abd8396bcd389a69c8fc80) C:\Windows\system32\DRIVERS\lv302a64.sys
13:53:22.0262 1752 lvpepf64 - ok
13:53:22.0371 1752 lvupdtio (fdc2e61ccd08d468ee729bf5b28201a5) C:\Program Files (x86)\ASUS\ASUS Live Update\SYS64\lvupdtio.sys
13:53:22.0371 1752 lvupdtio - ok
13:53:22.0433 1752 LVUSBS64 (0034f69d0007d3f77f6b96fa51228e85) C:\Windows\system32\drivers\LVUSBS64.sys
13:53:22.0433 1752 LVUSBS64 - ok
13:53:22.0464 1752 lxdx_device - ok
13:53:22.0542 1752 McAfee SiteAdvisor Service (02aa4f6f30605c72faab7a2858735c11) c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
13:53:22.0542 1752 McAfee SiteAdvisor Service - ok
13:53:22.0683 1752 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:53:22.0683 1752 McMPFSvc - ok
13:53:22.0714 1752 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:53:22.0714 1752 mcmscsvc - ok
13:53:22.0730 1752 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:53:22.0730 1752 McNaiAnn - ok
13:53:22.0761 1752 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:53:22.0761 1752 McNASvc - ok
13:53:22.0823 1752 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\McAfee\VirusScan\mcods.exe
13:53:22.0854 1752 McODS - ok
13:53:22.0886 1752 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
13:53:22.0886 1752 McProxy - ok
13:53:22.0948 1752 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
13:53:22.0948 1752 McShield - ok
13:53:22.0979 1752 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
13:53:22.0995 1752 Mcx2Svc - ok
13:53:23.0042 1752 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:53:23.0042 1752 megasas - ok
13:53:23.0073 1752 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:53:23.0088 1752 MegaSR - ok
13:53:23.0166 1752 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
13:53:23.0166 1752 mfeapfk - ok
13:53:23.0244 1752 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
13:53:23.0260 1752 mfeavfk - ok
13:53:23.0338 1752 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
13:53:23.0338 1752 mfefire - ok
13:53:23.0416 1752 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
13:53:23.0416 1752 mfefirek - ok
13:53:23.0541 1752 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
13:53:23.0572 1752 mfehidk - ok
13:53:23.0619 1752 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
13:53:23.0619 1752 mfenlfk - ok
13:53:23.0681 1752 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
13:53:23.0697 1752 mferkdet - ok
13:53:23.0712 1752 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
13:53:23.0712 1752 mferkdk - ok
13:53:23.0775 1752 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
13:53:23.0790 1752 mfesmfk - ok
13:53:23.0853 1752 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
13:53:23.0868 1752 mfevtp - ok
13:53:23.0931 1752 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
13:53:23.0946 1752 mfewfpk - ok
13:53:24.0071 1752 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:53:24.0071 1752 Microsoft Office Groove Audit Service - ok
13:53:24.0102 1752 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:53:24.0102 1752 MMCSS - ok
13:53:24.0118 1752 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:53:24.0118 1752 Modem - ok
13:53:24.0134 1752 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:53:24.0134 1752 monitor - ok
13:53:24.0196 1752 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:53:24.0196 1752 mouclass - ok
13:53:24.0212 1752 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:53:24.0212 1752 mouhid - ok
13:53:24.0227 1752 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:53:24.0243 1752 mountmgr - ok
13:53:24.0258 1752 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:53:24.0258 1752 mpio - ok
13:53:24.0274 1752 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:53:24.0274 1752 mpsdrv - ok
13:53:24.0336 1752 mr97310c (637650a42fd23947d837053fac789d38) C:\Windows\system32\DRIVERS\mr97310c.sys
13:53:24.0352 1752 mr97310c - ok
13:53:24.0368 1752 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:53:24.0368 1752 MRxDAV - ok
13:53:24.0414 1752 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:53:24.0414 1752 mrxsmb - ok
13:53:24.0477 1752 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:53:24.0477 1752 mrxsmb10 - ok
13:53:24.0492 1752 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:53:24.0492 1752 mrxsmb20 - ok
13:53:24.0524 1752 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:53:24.0524 1752 msahci - ok
13:53:24.0539 1752 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:53:24.0539 1752 msdsm - ok
13:53:24.0586 1752 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:53:24.0586 1752 MSDTC - ok
13:53:24.0633 1752 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:53:24.0633 1752 Msfs - ok
13:53:24.0648 1752 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:53:24.0648 1752 mshidkmdf - ok
13:53:24.0664 1752 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:53:24.0664 1752 msisadrv - ok
13:53:24.0726 1752 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:53:24.0726 1752 MSiSCSI - ok
13:53:24.0742 1752 msiserver - ok
13:53:24.0758 1752 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:53:24.0758 1752 MSKSSRV - ok
13:53:24.0773 1752 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:53:24.0773 1752 MSPCLOCK - ok
13:53:24.0773 1752 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:53:24.0773 1752 MSPQM - ok
13:53:24.0804 1752 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:53:24.0820 1752 MsRPC - ok
13:53:24.0851 1752 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:53:24.0851 1752 mssmbios - ok
13:53:24.0867 1752 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:53:24.0867 1752 MSTEE - ok
13:53:24.0882 1752 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:53:24.0882 1752 MTConfig - ok
13:53:24.0914 1752 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
13:53:24.0914 1752 MTsensor - ok
13:53:24.0960 1752 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:53:24.0960 1752 Mup - ok
13:53:25.0007 1752 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
13:53:25.0023 1752 napagent - ok
13:53:25.0116 1752 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:53:25.0132 1752 NativeWifiP - ok
13:53:25.0226 1752 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:53:25.0226 1752 NDIS - ok
13:53:25.0272 1752 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:53:25.0272 1752 NdisCap - ok
13:53:25.0304 1752 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:53:25.0319 1752 NdisTapi - ok
13:53:25.0382 1752 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:53:25.0382 1752 Ndisuio - ok
13:53:25.0397 1752 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:53:25.0413 1752 NdisWan - ok
13:53:25.0413 1752 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:53:25.0413 1752 NDProxy - ok
13:53:25.0460 1752 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
13:53:25.0460 1752 Netaapl - ok
13:53:25.0506 1752 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:53:25.0506 1752 NetBIOS - ok
13:53:25.0538 1752 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:53:25.0538 1752 NetBT - ok
13:53:25.0584 1752 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:53:25.0584 1752 Netlogon - ok
13:53:25.0662 1752 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:53:25.0662 1752 NetTcpPortSharing - ok
13:53:26.0006 1752 NETw1v64 (e72f4522801ffb8f0456924fb0017bff) C:\Windows\system32\DRIVERS\NETw1v64.sys
13:53:26.0193 1752 NETw1v64 - ok
13:53:26.0302 1752 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:53:26.0302 1752 nfrd960 - ok
13:53:26.0380 1752 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
13:53:26.0396 1752 NlaSvc - ok
13:53:26.0411 1752 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:53:26.0411 1752 Npfs - ok
13:53:26.0411 1752 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:53:26.0427 1752 nsiproxy - ok
13:53:26.0536 1752 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
13:53:26.0552 1752 Ntfs - ok
13:53:26.0661 1752 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:53:26.0661 1752 Null - ok
13:53:26.0739 1752 NVHDA (6e41a4df26340a07a489b721f9721ec1) C:\Windows\system32\drivers\nvhda64v.sys
13:53:26.0739 1752 NVHDA - ok
13:53:27.0269 1752 nvlddmkm (5a9a416f77e98686079e4d7f90a55498) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:53:27.0503 1752 nvlddmkm - ok
13:53:27.0675 1752 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
13:53:27.0675 1752 nvraid - ok
13:53:27.0706 1752 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
13:53:27.0706 1752 nvstor - ok
13:53:27.0784 1752 nvsvc (72545fe7bd0410e72d00b0029dae3700) C:\Windows\system32\nvvsvc.exe
13:53:27.0800 1752 nvsvc - ok
13:53:27.0940 1752 NvtlService (7d4ed787e0d06677776339318df25bdc) C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
13:53:27.0940 1752 NvtlService - ok
13:53:27.0971 1752 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:53:27.0971 1752 nv_agp - ok
13:53:28.0002 1752 NWADI (f79633a8b7db75cb5fad53b02985a414) C:\Windows\system32\DRIVERS\NWADIenum.sys
13:53:28.0002 1752 NWADI - ok
13:53:28.0096 1752 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:53:28.0127 1752 odserv - ok
13:53:28.0143 1752 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:53:28.0158 1752 ohci1394 - ok
13:53:28.0205 1752 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:53:28.0221 1752 ose - ok
13:53:28.0299 1752 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:53:28.0299 1752 p2pimsvc - ok
13:53:28.0330 1752 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:53:28.0361 1752 p2psvc - ok
13:53:28.0392 1752 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:53:28.0392 1752 Parport - ok
13:53:28.0424 1752 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
13:53:28.0424 1752 partmgr - ok
13:53:28.0455 1752 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:53:28.0455 1752 PcaSvc - ok
13:53:28.0486 1752 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:53:28.0486 1752 pci - ok
13:53:28.0517 1752 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:53:28.0517 1752 pciide - ok
13:53:28.0533 1752 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:53:28.0548 1752 pcmcia - ok
13:53:28.0611 1752 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
13:53:28.0611 1752 pcouffin - ok
13:53:28.0626 1752 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:53:28.0626 1752 pcw - ok
13:53:28.0673 1752 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:53:28.0689 1752 PEAUTH - ok
13:53:28.0751 1752 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:53:28.0767 1752 PerfHost - ok
13:53:28.0954 1752 PID_PEPI (37ea62238e17ae88e4713d9246ca1c1c) C:\Windows\system32\DRIVERS\LV302V64.SYS
13:53:29.0001 1752 PID_PEPI - ok
13:53:29.0094 1752 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
13:53:29.0126 1752 pla - ok
13:53:29.0141 1752 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:53:29.0157 1752 PNRPAutoReg - ok
13:53:29.0188 1752 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
13:53:29.0219 1752 PolicyAgent - ok
13:53:29.0250 1752 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:53:29.0250 1752 Power - ok
13:53:29.0328 1752 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:53:29.0328 1752 PptpMiniport - ok
13:53:29.0360 1752 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:53:29.0360 1752 Processor - ok
13:53:29.0391 1752 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
13:53:29.0391 1752 ProfSvc - ok
13:53:29.0438 1752 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:53:29.0438 1752 ProtectedStorage - ok
13:53:29.0500 1752 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:53:29.0500 1752 Psched - ok
13:53:29.0531 1752 PxHlpa64 - ok
13:53:29.0625 1752 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:53:29.0672 1752 ql2300 - ok
13:53:29.0796 1752 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:53:29.0796 1752 ql40xx - ok
13:53:29.0812 1752 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:53:29.0828 1752 QWAVEdrv - ok
13:53:29.0828 1752 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:53:29.0828 1752 RasAcd - ok
13:53:29.0906 1752 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:53:29.0906 1752 RasAgileVpn - ok
13:53:29.0921 1752 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:53:29.0921 1752 RasAuto - ok
13:53:29.0952 1752 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:53:29.0952 1752 Rasl2tp - ok
13:53:30.0015 1752 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:53:30.0015 1752 RasPppoe - ok
13:53:30.0046 1752 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:53:30.0062 1752 RasSstp - ok
13:53:30.0093 1752 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:53:30.0108 1752 rdbss - ok
13:53:30.0124 1752 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:53:30.0124 1752 rdpbus - ok
13:53:30.0140 1752 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:53:30.0155 1752 RDPCDD - ok
13:53:30.0202 1752 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:53:30.0218 1752 RDPENCDD - ok
13:53:30.0233 1752 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:53:30.0233 1752 RDPREFMP - ok
13:53:30.0264 1752 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
13:53:30.0264 1752 RDPWD - ok
13:53:30.0342 1752 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:53:30.0342 1752 rdyboost - ok
13:53:30.0405 1752 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:53:30.0405 1752 RemoteAccess - ok
13:53:30.0436 1752 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:53:30.0452 1752 RemoteRegistry - ok
13:53:30.0452 1752 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:53:30.0467 1752 RpcEptMapper - ok
13:53:30.0483 1752 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:53:30.0483 1752 RpcLocator - ok
13:53:30.0530 1752 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
13:53:30.0530 1752 RpcSs - ok
13:53:30.0623 1752 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:53:30.0623 1752 rspndr - ok
13:53:30.0654 1752 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:53:30.0654 1752 SamSs - ok
13:53:30.0748 1752 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:53:30.0748 1752 SASDIFSV - ok
13:53:30.0779 1752 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:53:30.0779 1752 SASKUTIL - ok
13:53:30.0810 1752 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:53:30.0810 1752 sbp2port - ok
13:53:30.0842 1752 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:53:30.0857 1752 SCardSvr - ok
13:53:30.0935 1752 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
13:53:30.0935 1752 SCDEmu - ok
13:53:30.0951 1752 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:53:30.0951 1752 scfilter - ok
13:53:31.0029 1752 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
13:53:31.0044 1752 Schedule - ok
13:53:31.0076 1752 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
13:53:31.0076 1752 SCPolicySvc - ok
13:53:31.0122 1752 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
13:53:31.0122 1752 SDRSVC - ok
13:53:31.0232 1752 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:53:31.0232 1752 secdrv - ok
13:53:31.0278 1752 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
13:53:31.0294 1752 seclogon - ok
13:53:31.0341 1752 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:53:31.0341 1752 Serenum - ok
13:53:31.0403 1752 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:53:31.0403 1752 Serial - ok
13:53:31.0419 1752 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:53:31.0434 1752 sermouse - ok
13:53:31.0466 1752 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:53:31.0466 1752 sffdisk - ok
13:53:31.0466 1752 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:53:31.0466 1752 sffp_mmc - ok
13:53:31.0481 1752 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:53:31.0481 1752 sffp_sd - ok
13:53:31.0497 1752 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:53:31.0497 1752 sfloppy - ok
13:53:31.0590 1752 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:53:31.0606 1752 SharedAccess - ok
13:53:31.0637 1752 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
13:53:31.0653 1752 ShellHWDetection - ok
13:53:31.0715 1752 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
13:53:31.0715 1752 SiSGbeLH - ok
13:53:31.0731 1752 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:53:31.0746 1752 SiSRaid2 - ok
13:53:31.0762 1752 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:53:31.0762 1752 SiSRaid4 - ok
13:53:31.0902 1752 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:53:31.0902 1752 SkypeUpdate - ok
13:53:31.0934 1752 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:53:31.0934 1752 Smb - ok
13:53:32.0012 1752 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:53:32.0012 1752 SNMPTRAP - ok
13:53:32.0136 1752 SNP2UVC (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys
13:53:32.0214 1752 SNP2UVC - ok
13:53:32.0355 1752 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:53:32.0355 1752 spldr - ok
13:53:32.0417 1752 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
13:53:32.0433 1752 Spooler - ok
13:53:32.0589 1752 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
13:53:32.0682 1752 sppsvc - ok
13:53:32.0792 1752 SprintRcAppSvc (578fdbe70b9190af340da6e9c637026c) C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
13:53:32.0792 1752 SprintRcAppSvc - ok
13:53:32.0948 1752 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
13:53:32.0963 1752 srv - ok
13:53:32.0994 1752 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
13:53:33.0010 1752 srv2 - ok
13:53:33.0041 1752 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
13:53:33.0041 1752 srvnet - ok
13:53:33.0104 1752 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:53:33.0104 1752 SSDPSRV - ok
13:53:33.0119 1752 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:53:33.0119 1752 SstpSvc - ok
13:53:33.0150 1752 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:53:33.0150 1752 stexstor - ok
13:53:33.0244 1752 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
13:53:33.0275 1752 stisvc - ok
13:53:33.0353 1752 SupThrSrv (4a726e190b676444f2d42f0f56cf72f4) C:\eSupport\SupThrSrv\SupThrSrv.exe
13:53:33.0353 1752 SupThrSrv - ok
13:53:33.0478 1752 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:53:33.0478 1752 swenum - ok
13:53:33.0556 1752 swmsflt (7e6fa3ad57467b3af471c3e1041e350c) C:\Windows\system32\DRIVERS\swmsflt.sys
13:53:33.0556 1752 swmsflt - ok
13:53:33.0603 1752 swmx00 (a8e9e76cc2f342f205273702969c84c9) C:\Windows\system32\DRIVERS\swmx00.sys
13:53:33.0618 1752 swmx00 - ok
13:53:33.0650 1752 SWNC5E00 (b053610bb36d9bd1bff7102727427600) C:\Windows\system32\DRIVERS\SWNC5E00.sys
13:53:33.0650 1752 SWNC5E00 - ok
13:53:33.0728 1752 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:53:33.0759 1752 swprv - ok
13:53:33.0774 1752 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
13:53:33.0774 1752 TabletInputService - ok
13:53:33.0790 1752 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
13:53:33.0806 1752 TapiSrv - ok
13:53:33.0806 1752 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:53:33.0821 1752 TBS - ok
13:53:33.0962 1752 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
13:53:33.0977 1752 Tcpip - ok
13:53:34.0164 1752 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
13:53:34.0180 1752 TCPIP6 - ok
13:53:34.0258 1752 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:53:34.0258 1752 tcpipreg - ok
13:53:34.0289 1752 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:53:34.0289 1752 TDPIPE - ok
13:53:34.0320 1752 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
13:53:34.0320 1752 TDTCP - ok
13:53:34.0336 1752 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:53:34.0336 1752 tdx - ok
13:53:34.0352 1752 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:53:34.0352 1752 TermDD - ok
13:53:34.0398 1752 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
13:53:34.0414 1752 TermService - ok
13:53:34.0430 1752 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:53:34.0430 1752 Themes - ok
13:53:34.0461 1752 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:53:34.0461 1752 THREADORDER - ok
13:53:34.0523 1752 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:53:34.0523 1752 TrkWks - ok
13:53:34.0570 1752 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
13:53:34.0570 1752 TrustedInstaller - ok
13:53:34.0586 1752 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:53:34.0601 1752 tssecsrv - ok
13:53:34.0664 1752 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:53:34.0664 1752 tunnel - ok
13:53:34.0679 1752 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:53:34.0695 1752 uagp35 - ok
13:53:34.0726 1752 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:53:34.0742 1752 udfs - ok
13:53:34.0773 1752 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:53:34.0788 1752 UI0Detect - ok
13:53:34.0804 1752 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:53:34.0804 1752 uliagpkx - ok
13:53:34.0866 1752 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:53:34.0866 1752 umbus - ok
13:53:34.0913 1752 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:53:34.0913 1752 UmPass - ok
13:53:34.0976 1752 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:53:34.0976 1752 USBAAPL64 - ok
13:53:35.0054 1752 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
13:53:35.0054 1752 usbaudio - ok
13:53:35.0100 1752 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
13:53:35.0100 1752 usbccgp - ok
13:53:35.0163 1752 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:53:35.0178 1752 usbcir - ok
13:53:35.0210 1752 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
13:53:35.0225 1752 usbehci - ok
13:53:35.0303 1752 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
13:53:35.0319 1752 usbhub - ok
13:53:35.0366 1752 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
13:53:35.0366 1752 usbohci - ok
13:53:35.0397 1752 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:53:35.0397 1752 usbprint - ok
13:53:35.0444 1752 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:53:35.0444 1752 usbscan - ok
13:53:35.0490 1752 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:53:35.0490 1752 USBSTOR - ok
13:53:35.0522 1752 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:53:35.0522 1752 usbuhci - ok
13:53:35.0600 1752 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
13:53:35.0600 1752 usbvideo - ok
13:53:35.0631 1752 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:53:35.0631 1752 UxSms - ok
13:53:35.0678 1752 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
13:53:35.0678 1752 VaultSvc - ok
13:53:35.0724 1752 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:53:35.0740 1752 vdrvroot - ok
13:53:35.0818 1752 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
13:53:35.0834 1752 vds - ok
13:53:35.0880 1752 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:53:35.0896 1752 vga - ok
13:53:35.0896 1752 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:53:35.0896 1752 VgaSave - ok
13:53:35.0927 1752 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:53:35.0943 1752 vhdmp - ok
13:53:35.0958 1752 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:53:35.0958 1752 viaide - ok
13:53:35.0974 1752 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:53:35.0974 1752 volmgr - ok
13:53:36.0005 1752 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:53:36.0021 1752 volmgrx - ok
13:53:36.0052 1752 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:53:36.0052 1752 volsnap - ok
13:53:36.0083 1752 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:53:36.0083 1752 vsmraid - ok
13:53:36.0177 1752 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
13:53:36.0239 1752 VSS - ok
13:53:36.0348 1752 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:53:36.0348 1752 vwifibus - ok
13:53:36.0364 1752 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:53:36.0364 1752 vwififlt - ok
13:53:36.0426 1752 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:53:36.0426 1752 vwifimp - ok
13:53:36.0473 1752 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:53:36.0489 1752 W32Time - ok
13:53:36.0504 1752 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:53:36.0504 1752 WacomPen - ok
13:53:36.0582 1752 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:53:36.0582 1752 WANARP - ok
13:53:36.0582 1752 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:53:36.0582 1752 Wanarpv6 - ok
13:53:36.0707 1752 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:53:36.0723 1752 WatAdminSvc - ok
13:53:36.0816 1752 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
13:53:36.0848 1752 wbengine - ok
13:53:36.0926 1752 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:53:36.0941 1752 WbioSrvc - ok
13:53:36.0957 1752 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:53:36.0957 1752 Wd - ok
13:53:37.0004 1752 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:53:37.0019 1752 Wdf01000 - ok
13:53:37.0035 1752 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:53:37.0050 1752 WdiServiceHost - ok
13:53:37.0050 1752 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:53:37.0050 1752 WdiSystemHost - ok
13:53:37.0082 1752 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:53:37.0097 1752 Wecsvc - ok
13:53:37.0128 1752 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:53:37.0128 1752 wercplsupport - ok
13:53:37.0191 1752 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:53:37.0191 1752 WerSvc - ok
13:53:37.0206 1752 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:53:37.0206 1752 WfpLwf - ok
13:53:37.0253 1752 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
13:53:37.0253 1752 WimFltr - ok
13:53:37.0269 1752 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:53:37.0284 1752 WIMMount - ok
13:53:37.0347 1752 WinDefend - ok
13:53:37.0378 1752 WinHttpAutoProxySvc - ok
13:53:37.0456 1752 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:53:37.0472 1752 Winmgmt - ok
13:53:37.0581 1752 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
13:53:37.0659 1752 WinRM - ok
13:53:37.0830 1752 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
13:53:37.0830 1752 WinUsb - ok
13:53:37.0893 1752 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:53:37.0924 1752 Wlansvc - ok
13:53:37.0955 1752 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:53:37.0955 1752 WmiAcpi - ok
13:53:38.0033 1752 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:53:38.0049 1752 wmiApSrv - ok
13:53:38.0080 1752 WMPNetworkSvc - ok
13:53:38.0142 1752 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:53:38.0142 1752 WPCSvc - ok
13:53:38.0174 1752 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:53:38.0189 1752 ws2ifsl - ok
13:53:38.0252 1752 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
13:53:38.0252 1752 wscsvc - ok
13:53:38.0330 1752 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
13:53:38.0330 1752 WSDPrintDevice - ok
13:53:38.0361 1752 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
13:53:38.0361 1752 WSDScan - ok
13:53:38.0361 1752 WSearch - ok
13:53:38.0532 1752 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
13:53:38.0595 1752 wuauserv - ok
13:53:38.0704 1752 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:53:38.0704 1752 WudfPf - ok
13:53:38.0766 1752 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:53:38.0766 1752 WUDFRd - ok
13:53:38.0813 1752 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
13:53:38.0813 1752 wudfsvc - ok
13:53:38.0985 1752 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
13:53:39.0000 1752 YahooAUService - ok
13:53:39.0063 1752 ZTEMSD0227 (33e227f419fd864027631363f57c9231) C:\Windows\system32\Drivers\ZTEMSD0227.sys
13:53:39.0063 1752 ZTEMSD0227 - ok
13:53:39.0203 1752 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:53:39.0406 1752 \Device\Harddisk0\DR0 - ok
13:53:39.0422 1752 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
13:53:43.0337 1752 \Device\Harddisk1\DR3 - ok
13:53:43.0337 1752 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
13:53:43.0353 1752 \Device\Harddisk2\DR2 - ok
13:53:43.0353 1752 Boot (0x1200) (70add13524db71bacb1bafde6665c6c0) \Device\Harddisk0\DR0\Partition0
13:53:43.0353 1752 \Device\Harddisk0\DR0\Partition0 - ok
13:53:43.0368 1752 Boot (0x1200) (d0247546bf8bcb61b4802d8227d26ece) \Device\Harddisk1\DR3\Partition0
13:53:43.0368 1752 \Device\Harddisk1\DR3\Partition0 - ok
13:53:43.0368 1752 Boot (0x1200) (8d8ce22e8d9c08f1d1cef971bc138f88) \Device\Harddisk2\DR2\Partition0
13:53:43.0368 1752 \Device\Harddisk2\DR2\Partition0 - ok
13:53:43.0384 1752 ============================================================
13:53:43.0384 1752 Scan finished
13:53:43.0384 1752 ============================================================
13:53:43.0384 0588 Detected object count: 0
13:53:43.0415 0588 Actual detected object count: 0

#7 rko48

rko48
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 28 May 2012 - 02:05 PM

aswMBR Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-28 13:58:01
-----------------------------
13:58:01.306 OS Version: Windows x64 6.1.7600
13:58:01.306 Number of processors: 2 586 0x170A
13:58:01.306 ComputerName: JASON-PC UserName: Jason
13:58:02.320 Initialize success
13:58:12.070 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:58:12.070 Disk 0 Vendor: ST950032 0002 Size: 476940MB BusType: 3
13:58:12.085 Disk 0 MBR read successfully
13:58:12.085 Disk 0 MBR scan
13:58:12.085 Disk 0 Windows VISTA default MBR code
13:58:12.101 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 14997 MB offset 2048
13:58:12.117 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 461940 MB offset 30716280
13:58:12.132 Disk 0 scanning C:\Windows\system32\drivers
13:58:22.553 Service scanning
13:58:40.992 Modules scanning
13:58:40.992 Disk 0 trace - called modules:
13:58:41.070 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
13:58:41.070 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004adf060]
13:58:41.086 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8004a559a0]
13:58:41.086 5 ACPI.sys[fffff88000ef2781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a5a050]
13:58:41.102 Scan finished successfully
13:59:00.165 Disk 0 MBR has been saved successfully to "J:\MBR.dat"
13:59:00.180 The log file has been saved successfully to "J:\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   556bytes   0 downloads


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 AM

Posted 29 May 2012 - 09:43 AM

Please download and run this tool for my review.

Sophos Anti-Rootkit
http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx
===

#9 rko48

rko48
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 29 May 2012 - 02:01 PM

It will not let me run that. I get an error that says "The specified service does not exist as an installed service."

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 AM

Posted 30 May 2012 - 08:02 AM

Try one of these.

Norton - ZeroAccess Removal tool. May not be ready for 64bit...
http://www.symantec.com/security_response/writeup.jsp?docid=2011-121607-4952-99
===

SanityCheck
http://www.softpedia.com/get/Antivirus/SanityCheck.shtml

http://free.antivirus.com/rootkit-buster/
Trend Micro RootkitBuster
<<<>>>

#11 rko48

rko48
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 31 May 2012 - 12:01 PM

I can't run any of those, I get the same error.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 AM

Posted 31 May 2012 - 12:56 PM

Try this first.
Using Last Known Good Configuration
http://windows.microsoft.com/en-us/windows-vista/Using-Last-Known-Good-Configuration

Read about it and execute it.
<<<>>>

If you still have difficulties with the computer continue.

The cause of this error may be attributed to your services or processes.

Navigate to this Microsoft article.

How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7
http://support.microsoft.com/kb/929135

Execute the suggestions on the page.

If at any time you need advice before proceeding please ask.

Keep me posted.
==

#13 rko48

rko48
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 31 May 2012 - 01:34 PM

No dice for either of those.

#14 rko48

rko48
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 31 May 2012 - 02:41 PM

I can't run any .exe files

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 AM

Posted 01 June 2012 - 07:07 AM

Print out these instructions as we may need to close every window that is open later in the fix.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Using the infected computer or the method above download these files.

RKill Download Link

FixNCR.reg

===

This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes.

Download FixNCR.reg

Once that file is downloaded and saved on a removable devices, insert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer. You should now be able to run your normal executable programs and can proceed to the next step.

If you do not have any removable media or another clean computer that you can download the FixNCR.reg file onto, you can try and download it to your infected computer using another method. On the infected computer, right click on the Internet Explorer's icon, or any other browser's icon, and select Run As or Run as Administrator. If you are using Windows XP, you will be prompted to select a user and enter its password. It is suggested that you attempt to login as the Administrator user. For Windows 7 or Windows Vista, you will be prompted to enter your Administrator account password.

Once you enter the password, your browser will start and you can download the above FixNCR.reg file. When saving it, make sure you save it to a folder that can be accessed by your normal account. Remember, that you will be launching the browser as another user, so if you save it to a My Documents folder, it will not be your normal My Documents folder that it is downloaded into. Instead it will be the My Documents folder that belongs to the user you ran the browser as. Once the download has finished, close your browser and find the FixNCR.reg file that you downloaded. Now double-click on it and allow the data to be merged. You should now be able to run your normal executable programs and can proceed to the next step.
===

Before we can do anything we must first end the processes that belong malware so that it does not interfere with the cleaning procedure.

Double-click on the RKill.exe icon in order to automatically attempt to stop any processes associated with the Rogue programs.
===

Do not restart the computer.

You should now be able to download Malwarebytes Anti-Malware and save it to your desktop.
  • alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users