Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sound keeps playing automatically. Sounds like many radio stations playing at once with frequent adverts. Cuts out frequently and then comes back on.


  • This topic is locked This topic is locked
18 replies to this topic

#1 markyftw

markyftw

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 01 June 2012 - 04:23 PM

Started today when I opened Pro Tools. There was audio playing that sounded like a radio station. Sometimes two tracks would be played over one another and other times there would be adverts. The audio cuts out every now and then and then starts playing a few seconds or so later. In the volume mixer it is under "Name Not Available". That's all I can think of that might help sorry :/



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Marky at 22:13:40 on 2012-06-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.7659.4577 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\TEMP\mrt6A27.tmp\stdrt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Users\Marky\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Program Files (x86)\Cobian Backup 11\cbService.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Codecv Class: {befbdbb0-dbdc-450b-bbe0-f9bd7665a18a} - C:\ProgramData\Codecv\bhoclass.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Marky\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
uRun: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AdobeBridge]
uRun: [Spotify Web Helper] "C:\Users\Marky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [chromium] C:\Users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
uRun: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
StartupFolder: C:\Users\Marky\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Marky\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Marky\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9EDE4E1D-E76A-48BC-A5E0-134FD0ACE298} : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{BFDDEE2E-43AE-421B-8236-9ADAF831EB70} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{ECDD88C8-9F2E-49FA-AED0-43E7ED052637} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Codecv Class: {BEFBDBB0-DBDC-450B-BBE0-F9BD7665A18A} - C:\ProgramData\Codecv\bhoclass.dll
BHO-X64: Codecv - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-28 361984]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-6-1 67584]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 CobianBackup11;Cobian Backup 11 Gravity;C:\Program Files (x86)\Cobian Backup 11\cbService.exe [2012-6-1 1131008]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 easytether;easytether;C:\Windows\system32\DRIVERS\easytthr.sys --> C:\Windows\system32\DRIVERS\easytthr.sys [?]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys --> C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;C:\Windows\system32\DRIVERS\MAudioFastTrack.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrack.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 Adobe Licensing Console;Adobe Licensing Console;C:\Windows\SysWOW64\adbcnsl.exe [2012-5-18 689492]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-13 257696]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\system32\DRIVERS\RsFx0105.sys --> C:\Windows\system32\DRIVERS\RsFx0105.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== Created Last 30 ================
.
2012-06-01 20:54:18 -------- d-----w- C:\Users\Marky\G
2012-06-01 20:33:58 -------- d-----w- C:\Program Files (x86)\Cobian Backup 11
2012-06-01 19:08:06 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5D0A88B4-0B5B-45D3-8041-3186447A7232}\mpengine.dll
2012-06-01 01:03:41 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-05-31 16:34:05 -------- d-----w- C:\Users\Marky\AppData\Roaming\Unity
2012-05-31 16:28:57 -------- d-----w- C:\Users\Marky\AppData\Local\Unity
2012-05-31 16:23:44 -------- d-----w- C:\Program Files (x86)\Unity
2012-05-31 15:47:36 -------- d-----w- C:\Users\Marky\AppData\Local\{BE5DE613-59B9-4201-9BEC-7548358F3304}
2012-05-31 15:47:25 -------- d-----w- C:\Users\Marky\AppData\Local\{B208CE4C-685C-4C16-AD5C-A686B2F8FF51}
2012-05-31 15:40:20 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-30 18:57:08 -------- d-----w- C:\Users\Marky\AppData\Local\{40B44D1E-D585-4C2A-9C59-E25E5A9EF780}
2012-05-30 18:56:57 -------- d-----w- C:\Users\Marky\AppData\Local\{713552A2-3F5D-41AF-8D0E-5E7DCFFD62A3}
2012-05-30 18:32:56 -------- d-----w- C:\Users\Marky\AppData\Local\LogiShrd
2012-05-30 18:22:16 53248 ----a-r- C:\Users\Marky\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-05-30 18:21:14 -------- d-----w- C:\Windows\SysWow64\logishrd
2012-05-30 18:21:14 -------- d-----w- C:\Windows\System32\logishrd
2012-05-30 18:20:51 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2012-05-28 19:05:06 -------- d-----w- C:\Program Files (x86)\SpriteFont 2
2012-05-24 21:39:57 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-24 21:39:57 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-24 21:39:57 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-24 21:39:57 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-24 21:39:57 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-24 21:39:57 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-24 21:39:57 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-24 21:37:00 -------- d-----w- C:\Users\Marky\AppData\Local\Apple Computer
2012-05-24 21:25:41 -------- d-----w- C:\Users\Marky\AppData\Local\Apple
2012-05-24 21:14:21 -------- d-----w- C:\Users\Marky\AppData\Local\{1D17A912-7F84-47C2-A64C-2EA817318EBA}
2012-05-24 21:14:10 -------- d-----w- C:\Users\Marky\AppData\Local\{11580F62-5080-48CE-AD08-EE99F6813E43}
2012-05-24 15:26:34 -------- d-----w- C:\Users\Marky\AppData\Local\{C0B7A605-7C3E-4264-951B-EF2CABF8E18E}
2012-05-24 15:26:24 -------- d-----w- C:\Users\Marky\AppData\Local\{B829D7B3-99C6-471E-9717-DB97052D1A2F}
2012-05-24 13:21:21 -------- d-----w- C:\Users\Marky\AppData\Local\{6EF0039E-5843-4932-87BE-BC80BBA1B334}
2012-05-24 13:21:11 -------- d-----w- C:\Users\Marky\AppData\Local\{6B32FABC-F192-44B4-8DEA-73D526E81FFE}
2012-05-23 13:10:29 -------- d-----w- C:\Users\Marky\AppData\Local\{D0C979AA-ED02-428F-AC00-70FC0EC6CCA1}
2012-05-23 13:10:19 -------- d-----w- C:\Users\Marky\AppData\Local\{ED746E67-F83C-4E42-BDAE-D8DEAF959D8E}
2012-05-22 15:18:49 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-20 21:20:31 -------- d-----w- C:\Users\Marky\AppData\Local\{DA1F9EC5-9DAC-4FFA-92B2-B1AEE65998EC}
2012-05-20 21:20:20 -------- d-----w- C:\Users\Marky\AppData\Local\{C0F50F1E-5A58-4B47-90F9-90DAAE83786E}
2012-05-20 19:28:34 -------- d-----w- C:\Users\Marky\AppData\Local\Oblivion
2012-05-20 15:46:13 -------- d-----w- C:\Users\Marky\AppData\Local\{63D37BDA-4CF6-46A7-8392-B962981F5DB7}
2012-05-20 15:46:02 -------- d-----w- C:\Users\Marky\AppData\Local\{BAFF4722-7952-4E96-A634-CED7211203AE}
2012-05-19 12:06:26 384 ----a-w- C:\Windows\SysWow64\checkOS.bat
2012-05-18 20:36:07 -------- d-----w- C:\Users\Marky\AppData\Roaming\RenPy
2012-05-18 19:28:03 -------- d-----w- C:\Users\Marky\AppData\Roaming\Image-Line
2012-05-18 19:22:13 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2012-05-18 19:21:50 225280 ----a-w- C:\Windows\SysWow64\rewire.dll
2012-05-18 19:21:50 -------- d-----w- C:\Program Files (x86)\VstPlugins
2012-05-18 19:21:39 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm
2012-05-18 19:21:32 -------- d-----w- C:\Program Files (x86)\Outsim
2012-05-18 19:16:41 -------- d-----w- C:\Program Files (x86)\Image-Line
2012-05-18 19:15:01 -------- d-----w- C:\Users\Marky\AppData\Roaming\MMFApplications
2012-05-18 19:14:14 689492 ----a-w- C:\Windows\SysWow64\adbcnsl.exe
2012-05-18 16:43:44 -------- d-----w- C:\Users\Marky\AppData\Local\{5A9DF99C-80E1-4DE0-9CC7-3D29B71B1ACD}
2012-05-18 16:43:34 -------- d-----w- C:\Users\Marky\AppData\Local\{2B9EBD23-F026-4348-B1A9-513615201D4E}
2012-05-18 01:49:56 -------- d-----w- C:\Users\Marky\AppData\Local\{476B6BF3-D5AD-4F14-8E98-575EB67599F7}
2012-05-18 01:49:46 -------- d-----w- C:\Users\Marky\AppData\Local\{6FB0C218-4BF5-4404-8F49-DD4EDA4BFE11}
2012-05-17 21:08:38 -------- d-----w- C:\Users\Marky\AppData\Local\{1E1CAA73-5375-4D97-967F-D20D6083C39B}
2012-05-17 21:08:28 -------- d-----w- C:\Users\Marky\AppData\Local\{E8B39C02-BA84-4E73-B9F0-B7C01252B14C}
2012-05-17 17:08:13 -------- d-----w- C:\Users\Marky\AppData\Local\{4CDA9DFF-5EC8-43BD-8072-E15156B08ED4}
2012-05-17 17:08:02 -------- d-----w- C:\Users\Marky\AppData\Local\{57DC3611-1D91-4E16-8393-C3BCC00DC176}
2012-05-17 16:34:11 -------- d-----w- C:\Users\Marky\AppData\Roaming\Media Finder
2012-05-17 15:57:11 -------- d-----w- C:\Users\Marky\AppData\Roaming\ColorSchemer
2012-05-17 15:57:09 303104 ----a-w- C:\Windows\SysWow64\lcms.dll
2012-05-17 15:57:09 1706800 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-05-17 15:57:08 -------- d-----w- C:\Program Files (x86)\ColorSchemer Studio 2
2012-05-17 15:36:09 -------- d-----w- C:\Program Files (x86)\Katawa Shoujo
2012-05-16 00:16:13 -------- d-----w- C:\Program Files (x86)\Macromedia
2012-05-16 00:16:13 -------- d-----w- C:\Program Files (x86)\Common Files\Macromedia
2012-05-16 00:15:12 180224 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll
2012-05-16 00:15:11 409600 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll
2012-05-16 00:15:11 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll
2012-05-16 00:15:11 266240 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll
2012-05-16 00:15:11 172032 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll
2012-05-16 00:15:09 761856 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe
2012-05-16 00:15:08 540772 ------w- C:\Program Files (x86)\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll
2012-05-16 00:15:05 -------- d-----w- C:\Windows\Downloaded Installations
2012-05-12 13:55:06 -------- d-----w- C:\Users\Marky\AppData\Local\{88129AEF-8146-4DFF-8E05-E47CF89801F6}
2012-05-12 13:54:55 -------- d-----w- C:\Users\Marky\AppData\Local\{3D584E5C-47D3-4419-8817-355ACEBC5DC3}
2012-05-10 23:52:53 -------- d-----w- C:\Users\Marky\AppData\Local\{88404F06-6D93-4E15-A32C-E76414C860F7}
2012-05-10 23:52:42 -------- d-----w- C:\Users\Marky\AppData\Local\{7C82E7A0-CDD9-4C41-BD6D-C10F34BF6D7F}
2012-05-10 23:37:27 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-10 23:37:26 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-10 23:37:24 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-10 23:37:23 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-10 23:37:22 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-10 23:37:22 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-10 23:36:56 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-10 23:36:45 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-10 23:36:43 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-10 23:36:42 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 23:36:42 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-10 23:36:42 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-10 23:36:42 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-07 22:39:38 -------- d-----w- C:\Users\Marky\AppData\Local\{8A87F99D-36F5-450B-813E-DACB73AE0B5B}
2012-05-07 22:39:26 -------- d-----w- C:\Users\Marky\AppData\Local\{9AB7AA2E-181E-4468-8005-8CA312CF6D40}
2012-05-07 21:52:31 -------- d-----w- C:\Users\Marky\AppData\Local\smuxi
2012-05-07 21:52:30 -------- d-----w- C:\Users\Marky\AppData\Roaming\smuxi
2012-05-07 21:51:51 -------- d-----w- C:\Program Files (x86)\Smuxi
2012-05-07 21:51:14 -------- d-----w- C:\Program Files (x86)\GtkSharp
2012-05-07 16:33:45 -------- d-----w- C:\Users\Marky\AppData\Local\{B025B656-9A09-4829-B61F-BDDC9E140EBD}
2012-05-07 16:33:35 -------- d-----w- C:\Users\Marky\AppData\Local\{D2431C84-7957-4848-828B-FA4BB7470289}
2012-05-06 18:41:37 -------- d-----w- C:\Users\Marky\AppData\Local\{F68235DB-0AC1-4FC6-B780-DA469DD3A9C7}
2012-05-06 18:41:27 -------- d-----w- C:\Users\Marky\AppData\Local\{86F500E3-3463-4D15-86CD-E9C25357CF5C}
2012-05-05 23:48:24 -------- d-----w- C:\Users\Marky\AppData\Local\{F7D2C3D8-269E-44B3-BBD5-DF1C1F93BAB8}
2012-05-05 23:48:13 -------- d-----w- C:\Users\Marky\AppData\Local\{FA90A3D4-CAB7-4016-90C0-56738B8E0D84}
2012-05-04 23:35:02 -------- d-----w- C:\Users\Marky\AppData\Local\Rockstar Games
2012-05-04 19:52:38 -------- d-----w- C:\Users\Marky\AppData\Local\{EA3F7D3D-1953-4B05-B6A8-DC7F991E57DC}
2012-05-04 19:52:26 -------- d-----w- C:\Users\Marky\AppData\Local\{07736488-076C-4A92-916B-CE1CE9F77FD8}
2012-05-04 16:47:35 -------- d-----w- C:\Users\Marky\AppData\Roaming\Blender Foundation
.
==================== Find3M ====================
.
2012-05-04 21:20:47 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 21:20:47 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 21:20:26 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-30 20:43:09 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-04-30 20:43:09 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-04-23 23:51:04 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-23 23:51:04 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-22 00:12:44 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-04-22 00:12:36 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-03-20 19:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 19:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-16 19:58:02 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2012-03-16 19:42:43 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 22:14:06.05 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 05 June 2012 - 02:13 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 markyftw

markyftw
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 07 June 2012 - 03:26 PM

Security Check


Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 11.2.202.235
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Combofix

ComboFix 12-06-06.02 - Marky 06/06/2012 22:37:59.1.3 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.7659.5579 [GMT 1:00]
Running from: c:\users\Marky\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Marky\AppData\Local\Temp\08f56ff6-864d-4a92-944a-57b870198cb2\CliSecureRT.dll
c:\users\Sandy\AppData\Roaming\Microsoft\Office\Recent\AlexanderMcquiresCVdocs.doc.LNK
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))))
.
.
2012-06-01 20:54 . 2012-06-06 21:57 -------- d-----w- c:\users\Marky\G
2012-06-01 20:33 . 2012-06-01 20:39 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2012-06-01 19:08 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D0A88B4-0B5B-45D3-8041-3186447A7232}\mpengine.dll
2012-06-01 01:03 . 2012-06-01 01:03 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-05-31 16:34 . 2012-05-31 16:34 -------- d-----w- c:\users\Marky\AppData\Roaming\Unity
2012-05-31 16:28 . 2012-05-31 16:34 -------- d-----w- c:\users\Marky\AppData\Local\Unity
2012-05-31 16:23 . 2012-05-31 16:28 -------- d-----w- c:\program files (x86)\Unity
2012-05-31 15:40 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-30 18:34 . 2012-05-30 18:34 -------- d-----w- c:\programdata\LogiShrd
2012-05-30 18:32 . 2012-05-30 18:32 -------- d-----w- c:\users\Marky\AppData\Local\LogiShrd
2012-05-30 18:22 . 2012-05-30 18:22 53248 ----a-r- c:\users\Marky\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-05-30 18:21 . 2012-06-06 21:50 -------- d-----w- c:\windows\SysWow64\logishrd
2012-05-30 18:21 . 2012-06-06 21:50 -------- d-----w- c:\windows\system32\logishrd
2012-05-30 18:20 . 2012-05-30 18:20 -------- d-----w- c:\programdata\Logitech
2012-05-30 18:20 . 2012-05-30 18:20 -------- d-----w- c:\program files (x86)\Common Files\LWS
2012-05-30 18:20 . 2012-05-30 18:22 -------- d-----w- c:\program files (x86)\Logitech
2012-05-30 18:20 . 2012-05-30 18:23 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-05-30 18:20 . 2012-05-30 18:22 -------- d-----w- c:\program files\Common Files\logishrd
2012-05-29 10:01 . 2012-05-29 10:01 -------- d-----w- c:\users\Sandy\AppData\Roaming\Apple Computer
2012-05-28 19:16 . 2012-05-28 19:16 -------- d-----w- c:\windows\Sun
2012-05-28 19:05 . 2012-05-28 19:05 -------- d-----w- c:\program files (x86)\SpriteFont 2
2012-05-26 19:08 . 2012-05-26 19:08 -------- d-----w- c:\users\Marky\AppData\Roaming\Apple Computer
2012-05-24 21:39 . 2012-05-24 21:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-24 21:39 . 2012-05-24 21:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-24 21:39 . 2012-05-24 21:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-24 21:39 . 2012-05-24 21:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-24 21:39 . 2012-05-24 21:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-24 21:39 . 2012-05-24 21:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-24 21:39 . 2012-05-24 21:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-24 21:39 . 2012-05-24 21:39 -------- d-----w- c:\program files (x86)\QuickTime
2012-05-24 21:39 . 2012-05-24 21:39 -------- d-----w- c:\programdata\Apple Computer
2012-05-24 21:37 . 2012-05-24 21:37 -------- d-----w- c:\users\Marky\AppData\Local\Apple Computer
2012-05-24 21:25 . 2012-05-24 21:25 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-05-24 21:25 . 2012-05-24 21:25 -------- d-----w- c:\users\Marky\AppData\Local\Apple
2012-05-24 21:25 . 2012-05-24 21:25 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-05-24 21:25 . 2012-05-24 21:25 -------- d-----w- c:\programdata\Apple
2012-05-22 15:18 . 2012-05-22 15:18 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-20 19:28 . 2012-05-20 19:28 -------- d-----w- c:\users\Marky\AppData\Local\Oblivion
2012-05-19 12:06 . 2012-05-19 12:06 384 ----a-w- c:\windows\SysWow64\checkOS.bat
2012-05-18 20:36 . 2012-05-18 23:12 -------- d-----w- c:\users\Marky\AppData\Roaming\RenPy
2012-05-18 19:28 . 2012-05-18 19:28 -------- d-----w- c:\users\Marky\AppData\Roaming\Image-Line
2012-05-18 19:22 . 2012-05-18 19:22 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-05-18 19:21 . 2012-05-18 19:21 -------- d-----w- c:\program files (x86)\VstPlugins
2012-05-18 19:21 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2012-05-18 19:21 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-05-18 19:21 . 2012-05-18 19:21 -------- d-----w- c:\program files (x86)\Outsim
2012-05-18 19:16 . 2012-05-18 19:21 -------- d-----w- c:\program files (x86)\Image-Line
2012-05-18 19:15 . 2012-05-18 19:15 -------- d-----w- c:\users\Marky\AppData\Roaming\MMFApplications
2012-05-18 19:14 . 2012-05-18 19:14 689492 ----a-w- c:\windows\SysWow64\adbcnsl.exe
2012-05-17 16:34 . 2012-05-17 16:45 -------- d-----w- c:\users\Marky\AppData\Roaming\Media Finder
2012-05-17 15:57 . 2012-05-17 15:57 -------- d-----w- c:\users\Marky\AppData\Roaming\ColorSchemer
2012-05-17 15:57 . 2007-07-28 10:54 303104 ----a-w- c:\windows\SysWow64\lcms.dll
2012-05-17 15:57 . 2001-08-23 16:25 1706800 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-05-17 15:57 . 2012-05-17 15:57 -------- d-----w- c:\program files (x86)\ColorSchemer Studio 2
2012-05-17 15:36 . 2012-05-17 15:37 -------- d-----w- c:\program files (x86)\Katawa Shoujo
2012-05-16 00:16 . 2012-05-16 00:17 -------- d-----w- c:\program files (x86)\Common Files\Macromedia
2012-05-16 00:16 . 2012-05-16 00:16 -------- d-----w- c:\program files (x86)\Macromedia
2012-05-16 00:15 . 2012-05-16 00:15 180224 ------w- c:\program files (x86)\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll
2012-05-16 00:15 . 2012-05-16 00:15 266240 ------w- c:\program files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll
2012-05-16 00:15 . 2012-05-16 00:15 409600 ------w- c:\program files (x86)\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll
2012-05-16 00:15 . 2012-05-16 00:15 32768 ------w- c:\program files (x86)\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll
2012-05-16 00:15 . 2012-05-16 00:15 172032 ------w- c:\program files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll
2012-05-16 00:15 . 2012-05-16 00:15 761856 ------w- c:\program files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe
2012-05-16 00:15 . 2012-05-16 00:15 540772 ------w- c:\program files (x86)\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll
2012-05-16 00:15 . 2012-05-16 00:15 -------- d-----w- c:\windows\Downloaded Installations
2012-05-10 23:37 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 23:37 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 23:37 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 23:37 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 23:37 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 23:37 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 23:36 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 23:36 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 23:36 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 23:36 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 23:36 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 23:36 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 23:36 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 21:20 . 2012-03-13 20:04 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 21:20 . 2012-02-28 11:53 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 21:20 . 2012-03-16 20:20 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-02 00:55 . 2012-02-28 14:03 2382080 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-04-30 20:43 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-30 20:43 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-23 23:51 . 2012-04-22 00:13 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-23 23:51 . 2012-04-22 00:12 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-22 00:12 . 2012-04-22 00:13 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-22 00:12 . 2012-04-22 00:12 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-20 19:44 . 2011-04-27 15:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2011-04-18 13:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-16 21:16 . 2012-03-16 21:16 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-16 21:16 . 2012-03-16 21:16 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-16 21:16 . 2012-03-16 21:16 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-16 21:16 . 2012-03-16 21:16 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-16 21:16 . 2012-03-16 21:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-16 21:16 . 2012-03-16 21:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-16 21:16 . 2012-03-16 21:16 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-16 21:16 . 2012-03-16 21:16 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-16 21:16 . 2012-03-16 21:16 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-16 21:16 . 2012-03-16 21:16 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-16 21:16 . 2012-03-16 21:16 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-16 21:16 . 2012-03-16 21:16 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-16 21:16 . 2012-03-16 21:16 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-16 21:16 . 2012-03-16 21:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-16 21:16 . 2012-03-16 21:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-16 21:16 . 2012-03-16 21:16 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-16 21:16 . 2012-03-16 21:16 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-16 21:16 . 2012-03-16 21:16 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 21:16 . 2012-03-16 21:16 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-16 21:16 . 2012-03-16 21:16 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-16 21:16 . 2012-03-16 21:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-16 21:16 . 2012-03-16 21:16 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-16 21:16 . 2012-03-16 21:16 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-16 21:16 . 2012-03-16 21:16 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-16 21:16 . 2012-03-16 21:16 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 21:16 . 2012-03-16 21:16 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-16 21:16 . 2012-03-16 21:16 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-16 21:16 . 2012-03-16 21:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-16 21:16 . 2012-03-16 21:16 448512 ----a-w- c:\windows\system32\html.iec
2012-03-16 21:16 . 2012-03-16 21:16 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-16 21:16 . 2012-03-16 21:16 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-16 21:16 . 2012-03-16 21:16 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-16 21:16 . 2012-03-16 21:16 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-16 21:16 . 2012-03-16 21:16 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-16 19:58 . 2012-03-16 19:58 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-16 19:42 . 2012-03-16 19:42 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BEFBDBB0-DBDC-450B-BBE0-F9BD7665A18A}]
2012-04-29 19:15 140800 ----a-w- c:\programdata\Codecv\bhoclass.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Marky\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Marky\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Marky\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-02-27 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2011-05-22 48648]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-03-07 943504]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-07 21392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Spotify Web Helper"="c:\users\Marky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-04 932528]
"chromium"="c:\users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-05-23 1240088]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2010-06-24 77824]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-03-07 3508624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Cobian Backup 11 interface"="c:\program files (x86)\Cobian Backup 11\cbInterface.exe" [2012-06-01 4407296]
.
c:\users\Marky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Marky\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\SysWOW64\adbcnsl.exe [2012-05-18 689492]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-05-25 67584]
S2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files (x86)\Cobian Backup 11\cbService.exe [2012-06-01 1131008]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-13 21:20]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1325042464-3324406629-1313267307-1000Core.job
- c:\users\Marky\AppData\Local\Google\Update\GoogleUpdate.exe [2008-01-02 22:16]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1325042464-3324406629-1313267307-1000UA.job
- c:\users\Marky\AppData\Local\Google\Update\GoogleUpdate.exe [2008-01-02 22:16]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1325042464-3324406629-1313267307-1010Core.job
- c:\users\Sandy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 22:57]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1325042464-3324406629-1313267307-1010UA.job
- c:\users\Sandy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 22:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Marky\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Marky\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Marky\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Marky\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-25 12681320]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Media Finder - c:\program files (x86)\Media Finder\Media Finder.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{BEFBDBB0-DBDC-450B-BBE0-F9BD7665A18A}"=hex:51,66,7a,6c,4c,1d,38,12,de,d8,e8,
ba,ee,95,65,00,c4,f6,ba,fd,73,3b,e5,9e
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:53,79,33,6e,db,3d,cd,01
.
[HKEY_USERS\S-1-5-21-1325042464-3324406629-1313267307-1000\Software\SecuROM\License information*]
"datasecu"=hex:cd,46,1b,ee,05,25,82,61,d8,c5,56,79,00,8f,2d,39,a3,81,2f,ed,83,
22,4b,45,3b,a4,28,4e,04,c4,03,35,25,df,d8,0e,30,99,7c,af,a6,04,46,ba,2f,c2,\
"rkeysecu"=hex:99,b6,f2,7a,5d,b1,6a,12,cf,ed,44,18,45,35,b2,42
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\TEMP\mrt62A8.tmp\stdrt.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
.
**************************************************************************
.
Completion time: 2012-06-06 23:39:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-06 22:38
.
Pre-Run: 737,207,836,672 bytes free
Post-Run: 748,394,987,520 bytes free
.
- - End Of File - - 28B1D09A819C9DB6705B6754022B5A70


Computer is still playing radio in background and running slower than usual :) sorry for the delay.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 07 June 2012 - 03:55 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 markyftw

markyftw
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 07 June 2012 - 05:34 PM

TDSSKiller


22:50:01.0652 7108 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:50:03.0478 7108 ============================================================
22:50:03.0478 7108 Current date / time: 2012/06/07 22:50:03.0478
22:50:03.0478 7108 SystemInfo:
22:50:03.0478 7108
22:50:03.0478 7108 OS Version: 6.1.7601 ServicePack: 1.0
22:50:03.0478 7108 Product type: Workstation
22:50:03.0478 7108 ComputerName: ENKIDU
22:50:03.0479 7108 UserName: Marky
22:50:03.0479 7108 Windows directory: C:\Windows
22:50:03.0479 7108 System windows directory: C:\Windows
22:50:03.0479 7108 Running under WOW64
22:50:03.0479 7108 Processor architecture: Intel x64
22:50:03.0479 7108 Number of processors: 3
22:50:03.0479 7108 Page size: 0x1000
22:50:03.0479 7108 Boot type: Normal boot
22:50:03.0479 7108 ============================================================
22:50:04.0269 7108 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:50:04.0275 7108 ============================================================
22:50:04.0275 7108 \Device\Harddisk0\DR0:
22:50:04.0275 7108 MBR partitions:
22:50:04.0275 7108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:50:04.0275 7108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
22:50:04.0275 7108 ============================================================
22:50:04.0292 7108 C: <-> \Device\Harddisk0\DR0\Partition1
22:50:04.0293 7108 ============================================================
22:50:04.0293 7108 Initialize success
22:50:04.0293 7108 ============================================================
22:50:11.0594 4992 ============================================================
22:50:11.0594 4992 Scan started
22:50:11.0594 4992 Mode: Manual;
22:50:11.0594 4992 ============================================================
22:50:13.0100 4992 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:50:13.0103 4992 1394ohci - ok
22:50:13.0136 4992 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:50:13.0140 4992 ACPI - ok
22:50:13.0166 4992 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:50:13.0167 4992 AcpiPmi - ok
22:50:13.0260 4992 Adobe Licensing Console (14ef8ea2211a3d9a1cc11b7bbac1848e) C:\Windows\SysWOW64\adbcnsl.exe
22:50:13.0264 4992 Adobe Licensing Console - ok
22:50:13.0321 4992 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:50:13.0325 4992 AdobeFlashPlayerUpdateSvc - ok
22:50:13.0434 4992 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:50:13.0440 4992 adp94xx - ok
22:50:13.0454 4992 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:50:13.0459 4992 adpahci - ok
22:50:13.0477 4992 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:50:13.0480 4992 adpu320 - ok
22:50:13.0508 4992 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:50:13.0509 4992 AeLookupSvc - ok
22:50:13.0556 4992 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:50:13.0561 4992 AFD - ok
22:50:13.0575 4992 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:50:13.0576 4992 agp440 - ok
22:50:13.0586 4992 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:50:13.0588 4992 ALG - ok
22:50:13.0603 4992 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:50:13.0604 4992 aliide - ok
22:50:13.0628 4992 AMD External Events Utility (a2f5bea5b45a8e7c4776f39c25e8699d) C:\Windows\system32\atiesrxx.exe
22:50:13.0631 4992 AMD External Events Utility - ok
22:50:13.0686 4992 AMD FUEL Service - ok
22:50:13.0701 4992 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:50:13.0702 4992 amdide - ok
22:50:13.0711 4992 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
22:50:13.0712 4992 amdiox64 - ok
22:50:13.0730 4992 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:50:13.0732 4992 AmdK8 - ok
22:50:14.0045 4992 amdkmdag (5b03217859b014b090cb5060c1d96875) C:\Windows\system32\DRIVERS\atikmdag.sys
22:50:14.0202 4992 amdkmdag - ok
22:50:14.0305 4992 amdkmdap (35d2184a99ad4cd5d17284d6c9f382c9) C:\Windows\system32\DRIVERS\atikmpag.sys
22:50:14.0307 4992 amdkmdap - ok
22:50:14.0325 4992 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:50:14.0326 4992 AmdPPM - ok
22:50:14.0338 4992 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:50:14.0340 4992 amdsata - ok
22:50:14.0358 4992 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:50:14.0361 4992 amdsbs - ok
22:50:14.0375 4992 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:50:14.0376 4992 amdxata - ok
22:50:14.0407 4992 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
22:50:14.0408 4992 androidusb - ok
22:50:14.0448 4992 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:50:14.0450 4992 AppID - ok
22:50:14.0474 4992 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:50:14.0475 4992 AppIDSvc - ok
22:50:14.0491 4992 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:50:14.0492 4992 Appinfo - ok
22:50:14.0524 4992 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
22:50:14.0527 4992 AppMgmt - ok
22:50:14.0544 4992 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:50:14.0547 4992 arc - ok
22:50:14.0559 4992 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:50:14.0561 4992 arcsas - ok
22:50:14.0627 4992 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:50:14.0629 4992 aspnet_state - ok
22:50:14.0647 4992 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:50:14.0648 4992 AsyncMac - ok
22:50:14.0658 4992 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:50:14.0658 4992 atapi - ok
22:50:14.0772 4992 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:50:14.0787 4992 AudioEndpointBuilder - ok
22:50:14.0794 4992 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:50:14.0798 4992 AudioSrv - ok
22:50:14.0827 4992 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:50:14.0829 4992 AxInstSV - ok
22:50:14.0876 4992 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:50:14.0882 4992 b06bdrv - ok
22:50:14.0905 4992 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:50:14.0909 4992 b57nd60a - ok
22:50:14.0929 4992 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:50:14.0931 4992 BDESVC - ok
22:50:14.0941 4992 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:50:14.0942 4992 Beep - ok
22:50:15.0003 4992 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:50:15.0011 4992 BFE - ok
22:50:15.0059 4992 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
22:50:15.0071 4992 BITS - ok
22:50:15.0096 4992 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:50:15.0098 4992 blbdrive - ok
22:50:15.0119 4992 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:50:15.0120 4992 bowser - ok
22:50:15.0135 4992 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:50:15.0137 4992 BrFiltLo - ok
22:50:15.0146 4992 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:50:15.0147 4992 BrFiltUp - ok
22:50:15.0167 4992 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:50:15.0169 4992 BridgeMP - ok
22:50:15.0189 4992 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:50:15.0192 4992 Browser - ok
22:50:15.0214 4992 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:50:15.0218 4992 Brserid - ok
22:50:15.0232 4992 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:50:15.0234 4992 BrSerWdm - ok
22:50:15.0247 4992 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:50:15.0248 4992 BrUsbMdm - ok
22:50:15.0256 4992 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:50:15.0257 4992 BrUsbSer - ok
22:50:15.0274 4992 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:50:15.0275 4992 BTHMODEM - ok
22:50:15.0287 4992 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:50:15.0289 4992 bthserv - ok
22:50:15.0304 4992 catchme - ok
22:50:15.0376 4992 cbVSCService11 (58bf7714a312698108a96d0de2bb6825) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
22:50:15.0377 4992 cbVSCService11 - ok
22:50:15.0397 4992 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:50:15.0399 4992 cdfs - ok
22:50:15.0434 4992 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:50:15.0436 4992 cdrom - ok
22:50:15.0453 4992 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:50:15.0455 4992 CertPropSvc - ok
22:50:15.0471 4992 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:50:15.0472 4992 circlass - ok
22:50:15.0496 4992 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:50:15.0501 4992 CLFS - ok
22:50:15.0546 4992 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:50:15.0547 4992 clr_optimization_v2.0.50727_32 - ok
22:50:15.0585 4992 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:50:15.0587 4992 clr_optimization_v2.0.50727_64 - ok
22:50:15.0879 4992 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:50:15.0881 4992 clr_optimization_v4.0.30319_32 - ok
22:50:15.0899 4992 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:50:15.0901 4992 clr_optimization_v4.0.30319_64 - ok
22:50:15.0929 4992 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:50:15.0930 4992 CmBatt - ok
22:50:15.0958 4992 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:50:15.0959 4992 cmdide - ok
22:50:15.0998 4992 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:50:16.0004 4992 CNG - ok
22:50:16.0109 4992 CobianBackup11 (5d3f91fdeb28adb57be10afb6e7f89e0) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
22:50:16.0116 4992 CobianBackup11 - ok
22:50:16.0193 4992 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:50:16.0195 4992 Compbatt - ok
22:50:16.0227 4992 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:50:16.0228 4992 CompositeBus - ok
22:50:16.0242 4992 COMSysApp - ok
22:50:16.0258 4992 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:50:16.0260 4992 crcdisk - ok
22:50:16.0298 4992 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:50:16.0301 4992 CryptSvc - ok
22:50:16.0345 4992 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
22:50:16.0351 4992 CSC - ok
22:50:16.0403 4992 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
22:50:16.0411 4992 CscService - ok
22:50:16.0441 4992 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:50:16.0448 4992 DcomLaunch - ok
22:50:16.0475 4992 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:50:16.0479 4992 defragsvc - ok
22:50:16.0505 4992 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:50:16.0507 4992 DfsC - ok
22:50:16.0534 4992 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:50:16.0537 4992 Dhcp - ok
22:50:16.0576 4992 DigiRefresh - ok
22:50:16.0587 4992 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:50:16.0588 4992 discache - ok
22:50:16.0609 4992 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:50:16.0610 4992 Disk - ok
22:50:16.0629 4992 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:50:16.0632 4992 Dnscache - ok
22:50:16.0660 4992 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:50:16.0663 4992 dot3svc - ok
22:50:16.0696 4992 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:50:16.0699 4992 DPS - ok
22:50:16.0717 4992 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:50:16.0719 4992 drmkaud - ok
22:50:16.0769 4992 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:50:16.0775 4992 DXGKrnl - ok
22:50:16.0801 4992 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:50:16.0803 4992 EapHost - ok
22:50:16.0830 4992 easytether (1e8d0e318d3f17b2eaaf993db20c76f0) C:\Windows\system32\DRIVERS\easytthr.sys
22:50:16.0831 4992 easytether - ok
22:50:16.0966 4992 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:50:17.0018 4992 ebdrv - ok
22:50:17.0083 4992 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:50:17.0085 4992 EFS - ok
22:50:17.0118 4992 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:50:17.0127 4992 ehRecvr - ok
22:50:17.0146 4992 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:50:17.0148 4992 ehSched - ok
22:50:17.0221 4992 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:50:17.0228 4992 elxstor - ok
22:50:17.0251 4992 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:50:17.0251 4992 ErrDev - ok
22:50:17.0284 4992 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:50:17.0289 4992 EventSystem - ok
22:50:17.0305 4992 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:50:17.0308 4992 exfat - ok
22:50:17.0335 4992 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:50:17.0339 4992 fastfat - ok
22:50:17.0702 4992 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:50:17.0727 4992 Fax - ok
22:50:17.0749 4992 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:50:17.0752 4992 fdc - ok
22:50:17.0767 4992 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:50:17.0770 4992 fdPHost - ok
22:50:17.0781 4992 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:50:17.0783 4992 FDResPub - ok
22:50:17.0839 4992 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:50:17.0841 4992 FileInfo - ok
22:50:17.0887 4992 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:50:17.0889 4992 Filetrace - ok
22:50:17.0940 4992 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:50:17.0952 4992 flpydisk - ok
22:50:18.0250 4992 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:50:18.0254 4992 FltMgr - ok
22:50:18.0326 4992 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:50:18.0349 4992 FontCache - ok
22:50:18.0395 4992 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:50:18.0396 4992 FontCache3.0.0.0 - ok
22:50:18.0414 4992 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:50:18.0416 4992 FsDepends - ok
22:50:18.0447 4992 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:50:18.0448 4992 Fs_Rec - ok
22:50:18.0530 4992 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:50:18.0533 4992 fvevol - ok
22:50:18.0575 4992 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:50:18.0578 4992 gagp30kx - ok
22:50:19.0198 4992 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:50:19.0208 4992 gpsvc - ok
22:50:19.0243 4992 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:50:19.0244 4992 hcw85cir - ok
22:50:19.0308 4992 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:50:19.0312 4992 HdAudAddService - ok
22:50:19.0354 4992 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:50:19.0356 4992 HDAudBus - ok
22:50:19.0375 4992 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:50:19.0378 4992 HidBatt - ok
22:50:19.0424 4992 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:50:19.0426 4992 HidBth - ok
22:50:19.0449 4992 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:50:19.0451 4992 HidIr - ok
22:50:19.0484 4992 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:50:19.0487 4992 hidserv - ok
22:50:19.0518 4992 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:50:19.0520 4992 HidUsb - ok
22:50:19.0575 4992 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:50:19.0578 4992 hkmsvc - ok
22:50:19.0743 4992 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:50:19.0747 4992 HomeGroupListener - ok
22:50:19.0892 4992 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:50:19.0898 4992 HomeGroupProvider - ok
22:50:19.0968 4992 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:50:19.0976 4992 HpSAMD - ok
22:50:20.0312 4992 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:50:20.0321 4992 HTTP - ok
22:50:20.0346 4992 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:50:20.0347 4992 hwpolicy - ok
22:50:20.0361 4992 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:50:20.0363 4992 i8042prt - ok
22:50:20.0388 4992 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:50:20.0393 4992 iaStorV - ok
22:50:20.0460 4992 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:50:20.0470 4992 idsvc - ok
22:50:20.0483 4992 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:50:20.0485 4992 iirsp - ok
22:50:20.0673 4992 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:50:20.0685 4992 IKEEXT - ok
22:50:20.0855 4992 InputFilter_Hid_FlexDef2b (caa8bc6737dfa3bf1a50175cfb226788) C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys
22:50:20.0857 4992 InputFilter_Hid_FlexDef2b - ok
22:50:21.0503 4992 IntcAzAudAddService (e7e0e8f2f44bcb48143fbba70106d8c1) C:\Windows\system32\drivers\RTKVHD64.sys
22:50:21.0522 4992 IntcAzAudAddService - ok
22:50:21.0918 4992 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:50:21.0921 4992 intelide - ok
22:50:21.0978 4992 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:50:21.0980 4992 intelppm - ok
22:50:22.0119 4992 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:50:22.0122 4992 IPBusEnum - ok
22:50:22.0248 4992 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:50:22.0253 4992 IpFilterDriver - ok
22:50:22.0514 4992 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:50:22.0521 4992 iphlpsvc - ok
22:50:22.0537 4992 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:50:22.0538 4992 IPMIDRV - ok
22:50:22.0552 4992 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:50:22.0555 4992 IPNAT - ok
22:50:22.0566 4992 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:50:22.0567 4992 IRENUM - ok
22:50:22.0575 4992 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:50:22.0576 4992 isapnp - ok
22:50:22.0601 4992 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:50:22.0605 4992 iScsiPrt - ok
22:50:22.0629 4992 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:50:22.0630 4992 kbdclass - ok
22:50:22.0640 4992 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:50:22.0642 4992 kbdhid - ok
22:50:22.0654 4992 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:50:22.0655 4992 KeyIso - ok
22:50:22.0665 4992 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:50:22.0666 4992 KSecDD - ok
22:50:22.0699 4992 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:50:22.0703 4992 KSecPkg - ok
22:50:22.0724 4992 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:50:22.0726 4992 ksthunk - ok
22:50:22.0960 4992 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:50:22.0966 4992 KtmRm - ok
22:50:23.0130 4992 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
22:50:23.0136 4992 LanmanServer - ok
22:50:23.0454 4992 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:50:23.0457 4992 LanmanWorkstation - ok
22:50:23.0488 4992 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:50:23.0490 4992 lltdio - ok
22:50:23.0512 4992 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:50:23.0517 4992 lltdsvc - ok
22:50:23.0532 4992 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:50:23.0534 4992 lmhosts - ok
22:50:23.0559 4992 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:50:23.0561 4992 LSI_FC - ok
22:50:23.0574 4992 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:50:23.0576 4992 LSI_SAS - ok
22:50:23.0585 4992 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:50:23.0587 4992 LSI_SAS2 - ok
22:50:23.0632 4992 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:50:23.0635 4992 LSI_SCSI - ok
22:50:23.0699 4992 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:50:23.0702 4992 luafv - ok
22:50:23.0743 4992 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
22:50:23.0744 4992 LVPr2M64 - ok
22:50:23.0747 4992 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
22:50:23.0748 4992 LVPr2Mon - ok
22:50:23.0870 4992 LVPrcS64 (9cd0dc863be5d40a762f7d84f11a8471) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
22:50:23.0873 4992 LVPrcS64 - ok
22:50:24.0086 4992 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
22:50:24.0089 4992 LVRS64 - ok
22:50:24.0578 4992 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
22:50:24.0603 4992 LVUVC64 - ok
22:50:24.0721 4992 MAUSBFASTTRACK (e2c6a3f80c1979b911408c17e3893371) C:\Windows\system32\DRIVERS\MAudioFastTrack.sys
22:50:24.0724 4992 MAUSBFASTTRACK - ok
22:50:24.0746 4992 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:50:24.0748 4992 Mcx2Svc - ok
22:50:24.0763 4992 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:50:24.0765 4992 megasas - ok
22:50:24.0788 4992 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:50:24.0793 4992 MegaSR - ok
22:50:24.0843 4992 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:50:24.0845 4992 Microsoft Office Groove Audit Service - ok
22:50:24.0875 4992 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:50:24.0877 4992 MMCSS - ok
22:50:24.0884 4992 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:50:24.0885 4992 Modem - ok
22:50:24.0899 4992 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:50:24.0900 4992 monitor - ok
22:50:24.0923 4992 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:50:24.0924 4992 mouclass - ok
22:50:24.0932 4992 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:50:24.0934 4992 mouhid - ok
22:50:24.0957 4992 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:50:24.0958 4992 mountmgr - ok
22:50:24.0997 4992 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
22:50:25.0000 4992 MpFilter - ok
22:50:25.0031 4992 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:50:25.0033 4992 mpio - ok
22:50:25.0047 4992 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:50:25.0049 4992 mpsdrv - ok
22:50:25.0100 4992 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:50:25.0110 4992 MpsSvc - ok
22:50:25.0141 4992 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:50:25.0144 4992 MRxDAV - ok
22:50:25.0168 4992 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:50:25.0171 4992 mrxsmb - ok
22:50:25.0195 4992 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:50:25.0199 4992 mrxsmb10 - ok
22:50:25.0221 4992 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:50:25.0223 4992 mrxsmb20 - ok
22:50:25.0237 4992 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:50:25.0238 4992 msahci - ok
22:50:25.0259 4992 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:50:25.0261 4992 msdsm - ok
22:50:25.0280 4992 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:50:25.0283 4992 MSDTC - ok
22:50:25.0302 4992 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:50:25.0303 4992 Msfs - ok
22:50:25.0318 4992 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:50:25.0320 4992 mshidkmdf - ok
22:50:25.0328 4992 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:50:25.0329 4992 msisadrv - ok
22:50:25.0355 4992 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:50:25.0358 4992 MSiSCSI - ok
22:50:25.0361 4992 msiserver - ok
22:50:25.0385 4992 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:50:25.0386 4992 MSKSSRV - ok
22:50:25.0442 4992 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:50:25.0442 4992 MsMpSvc - ok
22:50:25.0454 4992 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:50:25.0455 4992 MSPCLOCK - ok
22:50:25.0463 4992 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:50:25.0464 4992 MSPQM - ok
22:50:25.0506 4992 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:50:25.0511 4992 MsRPC - ok
22:50:25.0551 4992 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:50:25.0552 4992 mssmbios - ok
22:50:25.0594 4992 MSSQL$SQLEXPRESS - ok
22:50:25.0629 4992 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
22:50:25.0630 4992 MSSQLServerADHelper100 - ok
22:50:25.0635 4992 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:50:25.0636 4992 MSTEE - ok
22:50:25.0646 4992 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:50:25.0647 4992 MTConfig - ok
22:50:25.0670 4992 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:50:25.0672 4992 Mup - ok
22:50:25.0699 4992 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:50:25.0705 4992 napagent - ok
22:50:25.0732 4992 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:50:25.0735 4992 NativeWifiP - ok
22:50:25.0811 4992 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:50:25.0821 4992 NDIS - ok
22:50:25.0835 4992 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:50:25.0837 4992 NdisCap - ok
22:50:25.0859 4992 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:50:25.0860 4992 NdisTapi - ok
22:50:25.0877 4992 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:50:25.0879 4992 Ndisuio - ok
22:50:25.0909 4992 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:50:25.0911 4992 NdisWan - ok
22:50:25.0928 4992 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:50:25.0930 4992 NDProxy - ok
22:50:25.0940 4992 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:50:25.0942 4992 NetBIOS - ok
22:50:25.0980 4992 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:50:25.0983 4992 NetBT - ok
22:50:25.0996 4992 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:50:25.0997 4992 Netlogon - ok
22:50:26.0025 4992 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:50:26.0030 4992 Netman - ok
22:50:26.0105 4992 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:50:26.0107 4992 NetMsmqActivator - ok
22:50:26.0111 4992 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:50:26.0112 4992 NetPipeActivator - ok
22:50:26.0153 4992 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:50:26.0160 4992 netprofm - ok
22:50:26.0164 4992 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:50:26.0165 4992 NetTcpActivator - ok
22:50:26.0169 4992 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:50:26.0170 4992 NetTcpPortSharing - ok
22:50:26.0211 4992 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:50:26.0212 4992 nfrd960 - ok
22:50:26.0257 4992 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:50:26.0259 4992 NisDrv - ok
22:50:26.0308 4992 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
22:50:26.0311 4992 NisSrv - ok
22:50:26.0339 4992 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:50:26.0343 4992 NlaSvc - ok
22:50:26.0355 4992 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:50:26.0356 4992 Npfs - ok
22:50:26.0363 4992 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:50:26.0365 4992 nsi - ok
22:50:26.0405 4992 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:50:26.0406 4992 nsiproxy - ok
22:50:26.0628 4992 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:50:26.0659 4992 Ntfs - ok
22:50:26.0721 4992 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:50:26.0722 4992 Null - ok
22:50:26.0759 4992 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:50:26.0761 4992 nvraid - ok
22:50:26.0782 4992 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:50:26.0785 4992 nvstor - ok
22:50:26.0800 4992 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:50:26.0803 4992 nv_agp - ok
22:50:26.0876 4992 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:50:26.0881 4992 odserv - ok
22:50:26.0912 4992 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:50:26.0913 4992 ohci1394 - ok
22:50:26.0938 4992 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:50:26.0941 4992 ose - ok
22:50:26.0970 4992 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:50:26.0975 4992 p2pimsvc - ok
22:50:27.0001 4992 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:50:27.0007 4992 p2psvc - ok
22:50:27.0028 4992 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:50:27.0029 4992 Parport - ok
22:50:27.0054 4992 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:50:27.0056 4992 partmgr - ok
22:50:27.0073 4992 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:50:27.0077 4992 PcaSvc - ok
22:50:27.0090 4992 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:50:27.0092 4992 pci - ok
22:50:27.0101 4992 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:50:27.0102 4992 pciide - ok
22:50:27.0118 4992 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:50:27.0121 4992 pcmcia - ok
22:50:27.0136 4992 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:50:27.0139 4992 pcw - ok
22:50:27.0172 4992 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:50:27.0179 4992 PEAUTH - ok
22:50:27.0252 4992 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
22:50:27.0278 4992 PeerDistSvc - ok
22:50:27.0337 4992 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:50:27.0339 4992 PerfHost - ok
22:50:27.0454 4992 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:50:27.0481 4992 pla - ok
22:50:27.0516 4992 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:50:27.0523 4992 PlugPlay - ok
22:50:27.0546 4992 PnkBstrA - ok
22:50:27.0563 4992 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:50:27.0566 4992 PNRPAutoReg - ok
22:50:27.0587 4992 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:50:27.0590 4992 PNRPsvc - ok
22:50:27.0632 4992 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:50:27.0638 4992 PolicyAgent - ok
22:50:27.0669 4992 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:50:27.0672 4992 Power - ok
22:50:27.0715 4992 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:50:27.0717 4992 PptpMiniport - ok
22:50:27.0731 4992 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:50:27.0733 4992 Processor - ok
22:50:27.0761 4992 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:50:27.0765 4992 ProfSvc - ok
22:50:27.0778 4992 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:50:27.0780 4992 ProtectedStorage - ok
22:50:27.0806 4992 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:50:27.0808 4992 Psched - ok
22:50:27.0883 4992 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:50:27.0915 4992 ql2300 - ok
22:50:27.0985 4992 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:50:27.0987 4992 ql40xx - ok
22:50:28.0011 4992 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:50:28.0015 4992 QWAVE - ok
22:50:28.0031 4992 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:50:28.0033 4992 QWAVEdrv - ok
22:50:28.0044 4992 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:50:28.0045 4992 RasAcd - ok
22:50:28.0065 4992 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:50:28.0067 4992 RasAgileVpn - ok
22:50:28.0078 4992 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:50:28.0081 4992 RasAuto - ok
22:50:28.0095 4992 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:50:28.0097 4992 Rasl2tp - ok
22:50:28.0124 4992 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:50:28.0130 4992 RasMan - ok
22:50:28.0145 4992 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:50:28.0147 4992 RasPppoe - ok
22:50:28.0160 4992 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:50:28.0162 4992 RasSstp - ok
22:50:28.0199 4992 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:50:28.0203 4992 rdbss - ok
22:50:28.0215 4992 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:50:28.0217 4992 rdpbus - ok
22:50:28.0225 4992 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:50:28.0225 4992 RDPCDD - ok
22:50:28.0253 4992 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
22:50:28.0255 4992 RDPDR - ok
22:50:28.0279 4992 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:50:28.0279 4992 RDPENCDD - ok
22:50:28.0296 4992 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:50:28.0296 4992 RDPREFMP - ok
22:50:28.0323 4992 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:50:28.0326 4992 RDPWD - ok
22:50:28.0361 4992 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:50:28.0365 4992 rdyboost - ok
22:50:28.0406 4992 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:50:28.0409 4992 RemoteAccess - ok
22:50:28.0423 4992 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:50:28.0427 4992 RemoteRegistry - ok
22:50:28.0436 4992 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:50:28.0438 4992 RpcEptMapper - ok
22:50:28.0463 4992 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:50:28.0464 4992 RpcLocator - ok
22:50:28.0502 4992 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:50:28.0506 4992 RpcSs - ok
22:50:28.0558 4992 RsFx0105 (c9fe05a63c500abe3afa5786504c4d36) C:\Windows\system32\DRIVERS\RsFx0105.sys
22:50:28.0562 4992 RsFx0105 - ok
22:50:28.0575 4992 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:50:28.0576 4992 rspndr - ok
22:50:28.0620 4992 RTL8167 (9140db0911de035fed0a9a77a2d156ea) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:50:28.0623 4992 RTL8167 - ok
22:50:28.0647 4992 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
22:50:28.0648 4992 s3cap - ok
22:50:28.0661 4992 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:50:28.0663 4992 SamSs - ok
22:50:28.0693 4992 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:50:28.0695 4992 sbp2port - ok
22:50:28.0713 4992 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:50:28.0717 4992 SCardSvr - ok
22:50:28.0739 4992 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:50:28.0740 4992 scfilter - ok
22:50:28.0802 4992 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:50:28.0827 4992 Schedule - ok
22:50:28.0855 4992 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:50:28.0856 4992 SCPolicySvc - ok
22:50:28.0876 4992 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:50:28.0881 4992 SDRSVC - ok
22:50:28.0912 4992 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:50:28.0913 4992 secdrv - ok
22:50:28.0921 4992 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:50:28.0923 4992 seclogon - ok
22:50:28.0934 4992 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:50:28.0937 4992 SENS - ok
22:50:28.0946 4992 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:50:28.0948 4992 SensrSvc - ok
22:50:28.0962 4992 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:50:28.0963 4992 Serenum - ok
22:50:28.0979 4992 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:50:28.0981 4992 Serial - ok
22:50:29.0008 4992 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:50:29.0010 4992 sermouse - ok
22:50:29.0042 4992 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:50:29.0045 4992 SessionEnv - ok
22:50:29.0076 4992 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:50:29.0078 4992 sffdisk - ok
22:50:29.0086 4992 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:50:29.0087 4992 sffp_mmc - ok
22:50:29.0099 4992 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:50:29.0100 4992 sffp_sd - ok
22:50:29.0115 4992 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:50:29.0117 4992 sfloppy - ok
22:50:29.0150 4992 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:50:29.0155 4992 SharedAccess - ok
22:50:29.0194 4992 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:50:29.0200 4992 ShellHWDetection - ok
22:50:29.0223 4992 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:50:29.0225 4992 SiSRaid2 - ok
22:50:29.0241 4992 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:50:29.0243 4992 SiSRaid4 - ok
22:50:29.0293 4992 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:50:29.0295 4992 SkypeUpdate - ok
22:50:29.0310 4992 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:50:29.0312 4992 Smb - ok
22:50:29.0336 4992 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:50:29.0339 4992 SNMPTRAP - ok
22:50:29.0348 4992 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:50:29.0350 4992 spldr - ok
22:50:29.0374 4992 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:50:29.0382 4992 Spooler - ok
22:50:29.0541 4992 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:50:29.0599 4992 sppsvc - ok
22:50:29.0665 4992 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:50:29.0668 4992 sppuinotify - ok
22:50:29.0717 4992 sptd (dfc4e2081324e505ca479e473a78d893) C:\Windows\System32\Drivers\sptd.sys
22:50:29.0724 4992 sptd - ok
22:50:29.0799 4992 SQLAgent$SQLEXPRESS (45e65fb17a4cd5facbd3ca16c8334c82) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
22:50:29.0805 4992 SQLAgent$SQLEXPRESS - ok
22:50:29.0850 4992 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:50:29.0853 4992 SQLBrowser - ok
22:50:29.0905 4992 SQLWriter (f92e5f93be572b512da3c016b675ede0) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:50:29.0908 4992 SQLWriter - ok
22:50:30.0020 4992 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:50:30.0026 4992 srv - ok
22:50:30.0053 4992 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:50:30.0059 4992 srv2 - ok
22:50:30.0075 4992 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:50:30.0078 4992 srvnet - ok
22:50:30.0122 4992 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
22:50:30.0125 4992 ssadbus - ok
22:50:30.0141 4992 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
22:50:30.0142 4992 ssadmdfl - ok
22:50:30.0159 4992 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
22:50:30.0162 4992 ssadmdm - ok
22:50:30.0190 4992 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
22:50:30.0192 4992 ssadserd - ok
22:50:30.0225 4992 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:50:30.0229 4992 SSDPSRV - ok
22:50:30.0235 4992 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:50:30.0237 4992 SstpSvc - ok
22:50:30.0262 4992 Steam Client Service - ok
22:50:30.0276 4992 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:50:30.0277 4992 stexstor - ok
22:50:30.0329 4992 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:50:30.0338 4992 stisvc - ok
22:50:30.0365 4992 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
22:50:30.0367 4992 storflt - ok
22:50:30.0384 4992 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
22:50:30.0387 4992 StorSvc - ok
22:50:30.0401 4992 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
22:50:30.0402 4992 storvsc - ok
22:50:30.0417 4992 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:50:30.0417 4992 swenum - ok
22:50:30.0497 4992 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
22:50:30.0503 4992 SwitchBoard - ok
22:50:30.0560 4992 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:50:30.0567 4992 swprv - ok
22:50:30.0656 4992 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:50:30.0692 4992 SysMain - ok
22:50:30.0775 4992 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:50:30.0778 4992 TabletInputService - ok
22:50:30.0800 4992 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:50:30.0805 4992 TapiSrv - ok
22:50:30.0822 4992 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:50:30.0824 4992 TBS - ok
22:50:30.0927 4992 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:50:30.0966 4992 Tcpip - ok
22:50:31.0118 4992 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:50:31.0129 4992 TCPIP6 - ok
22:50:31.0202 4992 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:50:31.0203 4992 tcpipreg - ok
22:50:31.0224 4992 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:50:31.0225 4992 TDPIPE - ok
22:50:31.0246 4992 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:50:31.0247 4992 TDTCP - ok
22:50:31.0270 4992 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:50:31.0273 4992 tdx - ok
22:50:31.0298 4992 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:50:31.0299 4992 TermDD - ok
22:50:31.0332 4992 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:50:31.0342 4992 TermService - ok
22:50:31.0354 4992 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:50:31.0357 4992 Themes - ok
22:50:31.0380 4992 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:50:31.0381 4992 THREADORDER - ok
22:50:31.0468 4992 Tpkd (c676b0f52f2b6483afb88f79cabb011e) C:\Windows\system32\drivers\Tpkd.sys
22:50:31.0470 4992 Tpkd - ok
22:50:31.0503 4992 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:50:31.0506 4992 TrkWks - ok
22:50:31.0586 4992 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:50:31.0590 4992 TrustedInstaller - ok
22:50:31.0645 4992 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:50:31.0648 4992 tssecsrv - ok
22:50:31.0725 4992 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:50:31.0728 4992 TsUsbFlt - ok
22:50:31.0787 4992 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:50:31.0790 4992 tunnel - ok
22:50:31.0908 4992 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:50:31.0910 4992 uagp35 - ok
22:50:32.0104 4992 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:50:32.0116 4992 udfs - ok
22:50:32.0338 4992 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:50:32.0340 4992 UI0Detect - ok
22:50:32.0358 4992 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:50:32.0359 4992 uliagpkx - ok
22:50:32.0395 4992 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:50:32.0396 4992 umbus - ok
22:50:32.0405 4992 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:50:32.0407 4992 UmPass - ok
22:50:32.0426 4992 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
22:50:32.0431 4992 UmRdpService - ok
22:50:32.0506 4992 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
22:50:32.0508 4992 UMVPFSrv - ok
22:50:32.0530 4992 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:50:32.0536 4992 upnphost - ok
22:50:32.0554 4992 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
22:50:32.0555 4992 usbaudio - ok
22:50:32.0575 4992 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:50:32.0577 4992 usbccgp - ok
22:50:32.0598 4992 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:50:32.0600 4992 usbcir - ok
22:50:32.0612 4992 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:50:32.0613 4992 usbehci - ok
22:50:32.0636 4992 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:50:32.0641 4992 usbhub - ok
22:50:32.0649 4992 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
22:50:32.0650 4992 usbohci - ok
22:50:32.0684 4992 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:50:32.0685 4992 usbprint - ok
22:50:32.0718 4992 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
22:50:32.0720 4992 usbscan - ok
22:50:32.0734 4992 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:50:32.0735 4992 USBSTOR - ok
22:50:32.0746 4992 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:50:32.0747 4992 usbuhci - ok
22:50:32.0782 4992 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
22:50:32.0785 4992 usbvideo - ok
22:50:32.0807 4992 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
22:50:32.0808 4992 usb_rndisx - ok
22:50:32.0817 4992 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:50:32.0819 4992 UxSms - ok
22:50:32.0834 4992 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:50:32.0835 4992 VaultSvc - ok
22:50:32.0844 4992 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:50:32.0846 4992 vdrvroot - ok
22:50:32.0887 4992 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:50:32.0895 4992 vds - ok
22:50:32.0928 4992 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:50:32.0929 4992 vga - ok
22:50:32.0943 4992 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:50:32.0945 4992 VgaSave - ok
22:50:32.0999 4992 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:50:33.0002 4992 vhdmp - ok
22:50:33.0018 4992 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:50:33.0020 4992 viaide - ok
22:50:33.0040 4992 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
22:50:33.0043 4992 vmbus - ok
22:50:33.0060 4992 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
22:50:33.0061 4992 VMBusHID - ok
22:50:33.0077 4992 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:50:33.0079 4992 volmgr - ok
22:50:33.0113 4992 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:50:33.0117 4992 volmgrx - ok
22:50:33.0136 4992 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys
22:50:33.0140 4992 volsnap - ok
22:50:33.0166 4992 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:50:33.0168 4992 vsmraid - ok
22:50:33.0245 4992 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:50:33.0278 4992 VSS - ok
22:50:33.0353 4992 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:50:33.0354 4992 vwifibus - ok
22:50:33.0386 4992 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:50:33.0392 4992 W32Time - ok
22:50:33.0410 4992 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:50:33.0411 4992 WacomPen - ok
22:50:33.0438 4992 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:50:33.0441 4992 WANARP - ok
22:50:33.0451 4992 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:50:33.0452 4992 Wanarpv6 - ok
22:50:33.0522 4992 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:50:33.0551 4992 WatAdminSvc - ok
22:50:33.0637 4992 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:50:33.0697 4992 wbengine - ok
22:50:33.0777 4992 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:50:33.0781 4992 WbioSrvc - ok
22:50:33.0826 4992 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:50:33.0833 4992 wcncsvc - ok
22:50:33.0844 4992 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:50:33.0847 4992 WcsPlugInService - ok
22:50:33.0867 4992 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:50:33.0869 4992 Wd - ok
22:50:33.0925 4992 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:50:33.0934 4992 Wdf01000 - ok
22:50:33.0946 4992 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:50:33.0949 4992 WdiServiceHost - ok
22:50:33.0952 4992 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:50:33.0954 4992 WdiSystemHost - ok
22:50:33.0986 4992 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:50:33.0991 4992 WebClient - ok
22:50:34.0012 4992 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:50:34.0017 4992 Wecsvc - ok
22:50:34.0031 4992 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:50:34.0034 4992 wercplsupport - ok
22:50:34.0065 4992 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:50:34.0068 4992 WerSvc - ok
22:50:34.0089 4992 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:50:34.0090 4992 WfpLwf - ok
22:50:34.0103 4992 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:50:34.0104 4992 WIMMount - ok
22:50:34.0120 4992 WinDefend - ok
22:50:34.0129 4992 WinHttpAutoProxySvc - ok
22:50:34.0166 4992 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:50:34.0170 4992 Winmgmt - ok
22:50:34.0267 4992 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:50:34.0304 4992 WinRM - ok
22:50:34.0408 4992 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
22:50:34.0409 4992 WinUsb - ok
22:50:34.0452 4992 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:50:34.0463 4992 Wlansvc - ok
22:50:34.0582 4992 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:50:34.0624 4992 wlidsvc - ok
22:50:34.0712 4992 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:50:34.0713 4992 WmiAcpi - ok
22:50:34.0738 4992 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:50:34.0741 4992 wmiApSrv - ok
22:50:34.0746 4992 WMPNetworkSvc - ok
22:50:34.0760 4992 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:50:34.0763 4992 WPCSvc - ok
22:50:34.0798 4992 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:50:34.0801 4992 WPDBusEnum - ok
22:50:34.0813 4992 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:50:34.0814 4992 ws2ifsl - ok
22:50:34.0832 4992 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
22:50:34.0835 4992 wscsvc - ok
22:50:34.0838 4992 WSearch - ok
22:50:34.0951 4992 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:50:34.0992 4992 wuauserv - ok
22:50:35.0104 4992 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:50:35.0106 4992 WudfPf - ok
22:50:35.0134 4992 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:50:35.0137 4992 WUDFRd - ok
22:50:35.0171 4992 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:50:35.0175 4992 wudfsvc - ok
22:50:35.0192 4992 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:50:35.0197 4992 WwanSvc - ok
22:50:35.0228 4992 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
22:50:35.0229 4992 xusb21 - ok
22:50:35.0254 4992 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:50:35.0400 4992 \Device\Harddisk0\DR0 - ok
22:50:35.0405 4992 Boot (0x1200) (4fb024514f41d99dfe52cd5b82e13840) \Device\Harddisk0\DR0\Partition0
22:50:35.0409 4992 \Device\Harddisk0\DR0\Partition0 - ok
22:50:35.0429 4992 Boot (0x1200) (0907dab5aa4cba2f3fdefea8b745ba57) \Device\Harddisk0\DR0\Partition1
22:50:35.0432 4992 \Device\Harddisk0\DR0\Partition1 - ok
22:50:35.0433 4992 ============================================================
22:50:35.0433 4992 Scan finished
22:50:35.0433 4992 ============================================================
22:50:35.0443 7084 Detected object count: 0
22:50:35.0443 7084 Actual detected object count: 0

aswMBR

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-07 22:53:03
-----------------------------
22:53:03.214 OS Version: Windows x64 6.1.7601 Service Pack 1
22:53:03.214 Number of processors: 3 586 0x100
22:53:03.215 ComputerName: ENKIDU UserName: Marky
22:53:08.645 Initialize success
22:54:09.060 AVAST engine defs: 12060700
22:58:41.011 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:58:41.013 Disk 0 Vendor: ST31000340AS SD1A Size: 953869MB BusType: 3
22:58:41.031 Disk 0 MBR read successfully
22:58:41.033 Disk 0 MBR scan
22:58:41.037 Disk 0 Windows 7 default MBR code
22:58:41.046 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:58:41.056 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
22:58:41.073 Disk 0 scanning C:\Windows\system32\drivers
22:58:56.210 Service scanning
22:59:29.012 Modules scanning
22:59:29.020 Disk 0 trace - called modules:
22:59:29.048 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80066ab2c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:59:29.052 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80072b7410]
22:59:29.381 3 CLASSPNP.SYS[fffff8800186c43f] -> nt!IofCallDriver -> [0xfffffa8007123580]
22:59:29.386 5 ACPI.sys[fffff880011a87a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007112060]
22:59:29.391 \Driver\atapi[0xfffffa80070fb960] -> IRP_MJ_CREATE -> 0xfffffa80066ab2c0
22:59:33.546 AVAST engine scan C:\Windows
22:59:37.419 AVAST engine scan C:\Windows\system32
23:05:00.875 AVAST engine scan C:\Windows\system32\drivers
23:05:33.553 AVAST engine scan C:\Users\Marky
23:13:40.618 File: C:\Users\Marky\AppData\Roaming\SuperPump\FileHunter.exe **INFECTED** Win32:Adware-gen [Adw]
23:13:40.942 File: C:\Users\Marky\AppData\Roaming\SuperPump\updater.exe **INFECTED** Win32:Downloader-NXU [Trj]
23:30:05.559 AVAST engine scan C:\ProgramData
23:31:32.556 Scan finished successfully
23:33:20.679 Disk 0 MBR has been saved successfully to "C:\Users\Marky\Desktop\fightthegoodfight\MBR.dat"
23:33:20.684 The log file has been saved successfully to "C:\Users\Marky\Desktop\fightthegoodfight\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 07 June 2012 - 09:06 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
C:\Users\Marky\AppData\Roaming\SuperPump\FileHunter.exe
C:\Users\Marky\AppData\Roaming\SuperPump\updater.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 markyftw

markyftw
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 09 June 2012 - 03:24 PM

COMBOFIX LOG


ComboFix 12-06-09.02 - Marky 09/06/2012 20:16:45.2.3 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.7659.5770 [GMT 1:00]
Running from: c:\users\Marky\Desktop\ComboFix.exe
Command switches used :: c:\users\Marky\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\Marky\AppData\Roaming\SuperPump\FileHunter.exe"
"c:\users\Marky\AppData\Roaming\SuperPump\updater.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marky\AppData\Local\Temp\08f56ff6-864d-4a92-944a-57b870198cb2\CliSecureRT.dll
c:\users\Marky\AppData\Roaming\SuperPump\FileHunter.exe
c:\users\Marky\AppData\Roaming\SuperPump\updater.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-06-09 19:52 . 2012-06-09 19:52 -------- d-----w- c:\users\Sandy\AppData\Local\temp
2012-06-09 19:52 . 2012-06-09 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-07 20:22 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BB2E678D-3405-4DD8-B9EC-3F0D9D036048}\mpengine.dll
2012-06-01 20:54 . 2012-06-07 21:53 -------- d-----w- c:\users\Marky\G
2012-06-01 20:33 . 2012-06-01 20:39 -------- d-----w- c:\program files (x86)\Cobian Backup 11
2012-06-01 19:08 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-01 01:03 . 2012-06-01 01:03 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-05-31 16:34 . 2012-05-31 16:34 -------- d-----w- c:\users\Marky\AppData\Roaming\Unity
2012-05-31 16:28 . 2012-05-31 16:34 -------- d-----w- c:\users\Marky\AppData\Local\Unity
2012-05-31 16:23 . 2012-05-31 16:28 -------- d-----w- c:\program files (x86)\Unity
2012-05-30 18:34 . 2012-05-30 18:34 -------- d-----w- c:\programdata\LogiShrd
2012-05-30 18:32 . 2012-05-30 18:32 -------- d-----w- c:\users\Marky\AppData\Local\LogiShrd
2012-05-30 18:22 . 2012-05-30 18:22 53248 ----a-r- c:\users\Marky\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-05-30 18:21 . 2012-06-09 19:53 -------- d-----w- c:\windows\SysWow64\logishrd
2012-05-30 18:21 . 2012-06-09 19:53 -------- d-----w- c:\windows\system32\logishrd
2012-05-30 18:20 . 2012-05-30 18:20 -------- d-----w- c:\programdata\Logitech
2012-05-30 18:20 . 2012-05-30 18:20 -------- d-----w- c:\program files (x86)\Common Files\LWS
2012-05-30 18:20 . 2012-05-30 18:22 -------- d-----w- c:\program files (x86)\Logitech
2012-05-30 18:20 . 2012-05-30 18:23 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-05-30 18:20 . 2012-05-30 18:22 -------- d-----w- c:\program files\Common Files\logishrd
2012-05-29 10:01 . 2012-05-29 10:01 -------- d-----w- c:\users\Sandy\AppData\Roaming\Apple Computer
2012-05-28 19:16 . 2012-05-28 19:16 -------- d-----w- c:\windows\Sun
2012-05-28 19:05 . 2012-05-28 19:05 -------- d-----w- c:\program files (x86)\SpriteFont 2
2012-05-26 19:08 . 2012-05-26 19:08 -------- d-----w- c:\users\Marky\AppData\Roaming\Apple Computer
2012-05-24 21:39 . 2012-05-24 21:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-24 21:39 . 2012-05-24 21:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-24 21:39 . 2012-05-24 21:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-24 21:39 . 2012-05-24 21:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-24 21:39 . 2012-05-24 21:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-24 21:39 . 2012-05-24 21:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-24 21:39 . 2012-05-24 21:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-24 21:39 . 2012-05-24 21:39 -------- d-----w- c:\program files (x86)\QuickTime
2012-05-24 21:39 . 2012-05-24 21:39 -------- d-----w- c:\programdata\Apple Computer
2012-05-24 21:37 . 2012-05-24 21:37 -------- d-----w- c:\users\Marky\AppData\Local\Apple Computer
2012-05-24 21:25 . 2012-05-24 21:25 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-05-24 21:25 . 2012-05-24 21:25 -------- d-----w- c:\users\Marky\AppData\Local\Apple
2012-05-24 21:25 . 2012-05-24 21:25 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-05-24 21:25 . 2012-05-24 21:25 -------- d-----w- c:\programdata\Apple
2012-05-22 15:18 . 2012-05-22 15:18 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-20 19:28 . 2012-05-20 19:28 -------- d-----w- c:\users\Marky\AppData\Local\Oblivion
2012-05-19 12:06 . 2012-05-19 12:06 384 ----a-w- c:\windows\SysWow64\checkOS.bat
2012-05-18 20:36 . 2012-05-18 23:12 -------- d-----w- c:\users\Marky\AppData\Roaming\RenPy
2012-05-18 19:28 . 2012-05-18 19:28 -------- d-----w- c:\users\Marky\AppData\Roaming\Image-Line
2012-05-18 19:22 . 2012-05-18 19:22 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-05-18 19:21 . 2012-05-18 19:21 -------- d-----w- c:\program files (x86)\VstPlugins
2012-05-18 19:21 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2012-05-18 19:21 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-05-18 19:21 . 2012-05-18 19:21 -------- d-----w- c:\program files (x86)\Outsim
2012-05-18 19:16 . 2012-05-18 19:21 -------- d-----w- c:\program files (x86)\Image-Line
2012-05-18 19:15 . 2012-05-18 19:15 -------- d-----w- c:\users\Marky\AppData\Roaming\MMFApplications
2012-05-18 19:14 . 2012-05-18 19:14 689492 ----a-w- c:\windows\SysWow64\adbcnsl.exe
2012-05-17 16:34 . 2012-05-17 16:45 -------- d-----w- c:\users\Marky\AppData\Roaming\Media Finder
2012-05-17 15:57 . 2012-05-17 15:57 -------- d-----w- c:\users\Marky\AppData\Roaming\ColorSchemer
2012-05-17 15:57 . 2007-07-28 10:54 303104 ----a-w- c:\windows\SysWow64\lcms.dll
2012-05-17 15:57 . 2001-08-23 16:25 1706800 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-05-17 15:57 . 2012-05-17 15:57 -------- d-----w- c:\program files (x86)\ColorSchemer Studio 2
2012-05-17 15:36 . 2012-05-17 15:37 -------- d-----w- c:\program files (x86)\Katawa Shoujo
2012-05-16 00:16 . 2012-05-16 00:17 -------- d-----w- c:\program files (x86)\Common Files\Macromedia
2012-05-16 00:16 . 2012-05-16 00:16 -------- d-----w- c:\program files (x86)\Macromedia
2012-05-16 00:15 . 2012-05-16 00:15 180224 ------w- c:\program files (x86)\Common Files\InstallShield\Driver\10\Intel 32\iGdiCnv.dll
2012-05-16 00:15 . 2012-05-16 00:15 266240 ------w- c:\program files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IScrCnv.dll
2012-05-16 00:15 . 2012-05-16 00:15 409600 ------w- c:\program files (x86)\Common Files\InstallShield\Driver\10\Intel 32\ISRT.dll
2012-05-16 00:15 . 2012-05-16 00:15 32768 ------w- c:\program files (x86)\Common Files\InstallShield\Driver\10\Intel 32\objpscnv.dll
2012-05-16 00:15 . 2012-05-16 00:15 172032 ------w- c:\program files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IUserCnv.dll
2012-05-16 00:15 . 2012-05-16 00:15 761856 ------w- c:\program files (x86)\Common Files\InstallShield\Driver\10\Intel 32\IDriver.exe
2012-05-16 00:15 . 2012-05-16 00:15 540772 ------w- c:\program files (x86)\Common Files\InstallShield\Driver\10\Intel 32\_ISRES1033.dll
2012-05-16 00:15 . 2012-05-16 00:15 -------- d-----w- c:\windows\Downloaded Installations
2012-05-10 23:37 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 23:37 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-10 23:37 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 23:37 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 23:37 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 23:37 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 23:36 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 23:36 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 23:36 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-10 23:36 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-10 23:36 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 23:36 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-10 23:36 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 21:20 . 2012-03-13 20:04 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 21:20 . 2012-02-28 11:53 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 21:20 . 2012-03-16 20:20 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-02 00:55 . 2012-02-28 14:03 2382080 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-04-30 20:43 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-04-30 20:43 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-23 23:51 . 2012-04-22 00:13 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-23 23:51 . 2012-04-22 00:12 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-22 00:12 . 2012-04-22 00:13 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-22 00:12 . 2012-04-22 00:12 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-20 19:44 . 2011-04-27 15:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2011-04-18 13:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-16 21:16 . 2012-03-16 21:16 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-16 21:16 . 2012-03-16 21:16 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-16 21:16 . 2012-03-16 21:16 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-16 21:16 . 2012-03-16 21:16 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-16 21:16 . 2012-03-16 21:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-16 21:16 . 2012-03-16 21:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-16 21:16 . 2012-03-16 21:16 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-16 21:16 . 2012-03-16 21:16 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-16 21:16 . 2012-03-16 21:16 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-16 21:16 . 2012-03-16 21:16 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-16 21:16 . 2012-03-16 21:16 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-16 21:16 . 2012-03-16 21:16 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-16 21:16 . 2012-03-16 21:16 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-16 21:16 . 2012-03-16 21:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-16 21:16 . 2012-03-16 21:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-16 21:16 . 2012-03-16 21:16 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-16 21:16 . 2012-03-16 21:16 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-16 21:16 . 2012-03-16 21:16 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 21:16 . 2012-03-16 21:16 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-16 21:16 . 2012-03-16 21:16 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-16 21:16 . 2012-03-16 21:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-16 21:16 . 2012-03-16 21:16 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-16 21:16 . 2012-03-16 21:16 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-16 21:16 . 2012-03-16 21:16 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-16 21:16 . 2012-03-16 21:16 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 21:16 . 2012-03-16 21:16 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-16 21:16 . 2012-03-16 21:16 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-16 21:16 . 2012-03-16 21:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-16 21:16 . 2012-03-16 21:16 448512 ----a-w- c:\windows\system32\html.iec
2012-03-16 21:16 . 2012-03-16 21:16 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-16 21:16 . 2012-03-16 21:16 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-16 21:16 . 2012-03-16 21:16 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-16 21:16 . 2012-03-16 21:16 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-16 21:16 . 2012-03-16 21:16 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-16 19:58 . 2012-03-16 19:58 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-16 19:42 . 2012-03-16 19:42 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-06_22.16.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-26 19:54 . 2012-06-09 19:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-05-26 19:54 . 2012-06-06 21:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-06-09 19:54 . 2012-06-09 19:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012060920120610\index.dat
- 2012-05-26 19:54 . 2012-06-06 22:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-05-26 19:54 . 2012-06-09 19:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2008-01-02 21:50 . 2012-06-09 19:12 33312 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-09 19:12 39054 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2008-01-02 21:21 . 2012-06-08 09:40 11882 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1325042464-3324406629-1313267307-1000_UserData.bin
- 2012-06-06 21:49 . 2012-06-06 21:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-09 19:53 . 2012-06-09 19:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-09 19:53 . 2012-06-09 19:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-06 21:49 . 2012-06-06 21:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-09 19:53 . 2012-06-09 19:53 372736 c:\windows\temp\mrt561A.tmp\stdrt.exe
+ 2012-06-09 19:53 . 2012-06-09 19:53 307200 c:\windows\temp\mrt561A.tmp\mmfs2.dll
+ 2012-06-06 23:05 . 2012-06-08 09:54 442888 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\MMFApplications\msdc1.dll
+ 2009-07-14 04:54 . 2012-06-09 19:53 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-06 21:49 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-06 21:49 737280 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-09 19:53 737280 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-09 19:53 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-06 21:49 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:01 . 2012-06-09 19:52 515472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-06 21:48 515472 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-05-19 14:00 . 2012-06-06 21:48 696404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-05-19 14:00 . 2012-06-09 19:52 696404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-05-29 12:58 . 2012-06-09 19:52 1689320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-02-28 00:22 . 2012-06-09 19:52 12270288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1325042464-3324406629-1313267307-1000-8192.dat
- 2012-02-28 00:22 . 2012-06-06 21:48 12270288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1325042464-3324406629-1313267307-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BEFBDBB0-DBDC-450B-BBE0-F9BD7665A18A}]
2012-04-29 19:15 140800 ----a-w- c:\programdata\Codecv\bhoclass.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Marky\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Marky\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Marky\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-02-27 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2011-05-22 48648]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-03-07 943504]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-03-07 21392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Spotify Web Helper"="c:\users\Marky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-04 932528]
"chromium"="c:\users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-05-23 1240088]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2010-06-24 77824]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-03-07 3508624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Cobian Backup 11 interface"="c:\program files (x86)\Cobian Backup 11\cbInterface.exe" [2012-06-01 4407296]
.
c:\users\Marky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Marky\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Adobe Licensing Console;Adobe Licensing Console;c:\windows\SysWOW64\adbcnsl.exe [2012-05-18 689492]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [x]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-05-25 67584]
S2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files (x86)\Cobian Backup 11\cbService.exe [2012-06-01 1131008]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-13 21:20]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1325042464-3324406629-1313267307-1000Core.job
- c:\users\Marky\AppData\Local\Google\Update\GoogleUpdate.exe [2008-01-02 22:16]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1325042464-3324406629-1313267307-1000UA.job
- c:\users\Marky\AppData\Local\Google\Update\GoogleUpdate.exe [2008-01-02 22:16]
.
2012-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1325042464-3324406629-1313267307-1010Core.job
- c:\users\Sandy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 22:57]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1325042464-3324406629-1313267307-1010UA.job
- c:\users\Sandy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 22:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Marky\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Marky\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Marky\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Marky\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-25 12681320]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{BEFBDBB0-DBDC-450B-BBE0-F9BD7665A18A}"=hex:51,66,7a,6c,4c,1d,38,12,de,d8,e8,
ba,ee,95,65,00,c4,f6,ba,fd,73,3b,e5,9e
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:53,79,33,6e,db,3d,cd,01
.
[HKEY_USERS\S-1-5-21-1325042464-3324406629-1313267307-1000\Software\SecuROM\License information*]
"datasecu"=hex:cd,46,1b,ee,05,25,82,61,d8,c5,56,79,00,8f,2d,39,a3,81,2f,ed,83,
22,4b,45,3b,a4,28,4e,04,c4,03,35,25,df,d8,0e,30,99,7c,af,a6,04,46,ba,2f,c2,\
"rkeysecu"=hex:99,b6,f2,7a,5d,b1,6a,12,cf,ed,44,18,45,35,b2,42
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\TEMP\mrt561A.tmp\stdrt.exe
c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
.
**************************************************************************
.
Completion time: 2012-06-09 21:12:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-09 20:11
ComboFix2.txt 2012-06-06 22:39
.
Pre-Run: 745,730,265,088 bytes free
Post-Run: 745,542,557,696 bytes free
.
- - End Of File - - BC683D200173FC5F5F7FB3F070D9F588

Computer is running faster and no sound but the "name not available" section in the volume mixer that was playing the radio sounds is still appearing.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 09 June 2012 - 05:15 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Acrobat 4.0
BitTorrent
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 12 June 2012 - 06:03 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 markyftw

markyftw
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 12 June 2012 - 04:18 PM

Hi there, sorry for the delay. Having to submit my final college assessments just now. Sorry again.

#11 markyftw

markyftw
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 12 June 2012 - 04:53 PM

MBAM


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Marky :: ENKIDU [administrator]

Protection: Enabled

12/06/2012 22:32:24
mbam-log-2012-06-12 (22-32-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230673
Time elapsed: 2 minute(s), 33 second(s)

Memory Processes Detected: 1
C:\Windows\temp\mrt9481.tmp\stdrt.exe (Trojan.Clicker.CT) -> 1760 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\CLSID\{BEFBDBB0-DBDC-450B-BBE0-F9BD7665A18A} (PUP.DownloadnSave) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BEFBDBB0-DBDC-450B-BBE0-F9BD7665A18A} (PUP.DownloadnSave) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BEFBDBB0-DBDC-450B-BBE0-F9BD7665A18A} (PUP.DownloadnSave) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEFBDBB0-DBDC-450B-BBE0-F9BD7665A18A} (PUP.DownloadnSave) -> No action taken.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> No action taken.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\Adobe Licensing Console (Trojan.Clicker.CT) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> No action taken.
C:\Windows\temp\mrt9481.tmp\stdrt.exe (Trojan.Clicker.CT) -> Delete on reboot.
C:\Windows\SysWOW64\adbcnsl.exe (Trojan.Clicker.CT) -> Delete on reboot.
C:\Windows\System32\adbcnsl.exe (Trojan.Clicker.CT) -> Delete on reboot.
C:\Windows\temp\mrt950D.tmp\stdrt.exe (Trojan.Clicker.CT) -> Quarantined and deleted successfully.
C:\Windows\temp\mrt974F.tmp\stdrt.exe (Trojan.Clicker.CT) -> Quarantined and deleted successfully.
C:\Users\Marky\Downloads\Adobe.Flash.Professional.CS5.Keymaker-EMBRACE.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Marky\Downloads\Codec-V.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

(end)

HiJackThis


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:52:29, on 12/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\WTClient.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\Marky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Users\Marky\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Codecv - {BEFBDBB0-DBDC-450B-BBE0-F9BD7665A18A} - C:\ProgramData\Codecv\bhoclass.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Marky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [chromium] C:\Users\Marky\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
O4 - Startup: Dropbox.lnk = Marky\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Cobian Backup 11 Volume Shadow Copy Requester (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
O23 - Service: Cobian Backup 11 Gravity (CobianBackup11) - Luis Cobian, CobianSoft - C:\Program Files (x86)\Cobian Backup 11\cbService.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Avid Technology, Inc.. - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11368 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 12 June 2012 - 08:57 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
      O4 - HKLM\..\Run: [Cobian Backup 11 interface] "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
      O4 - HKCU\..\Run: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Marky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
      O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
      O4 - Startup: Dropbox.lnk = Marky\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 markyftw

markyftw
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 14 June 2012 - 05:38 PM

ESET


C:\Qoobox\Quarantine\C\Users\Marky\AppData\Roaming\SuperPump\FileHunter.exe.vir a variant of Win32/Adware.WinPump.AF application
C:\Users\Marky\Downloads\Adobe_PhotoShop_CS5_Extented_12.0.3_downloader.exe a variant of Win32/InstallCore.T application
C:\Users\Marky\Downloads\DTLite4453-0297.exe Win32/OpenCandy application
C:\Users\Marky\Downloads\winamp5623_full_emusic-7plus_all.exe Win32/OpenCandy application
C:\Users\Marky\Downloads\FL Studio 10.0.9 XXL Bundle + 24 Plugins Retail [ChingLiu]\flstudio_10.0.9.exe Win32/OpenCandy application
C:\Users\Marky\Downloads\FL Studio 10.0.9 XXL Bundle + 24 Plugins Retail [ChingLiu]\XXL_Plugins\deckadance_1.93.exe Win32/OpenCandy application
C:\Users\Marky\Downloads\PSC5\Adobe Patch\Block Activation\Adobe Blocker.cmd BAT/HostsChanger.A application

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 14 June 2012 - 08:49 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Marky\Downloads\Adobe_PhotoShop_CS5_Extented_12.0.3_downloader.exe"
    del /f /s /q "C:\Users\Marky\Downloads\DTLite4453-0297.exe"
    del /f /s /q "C:\Users\Marky\Downloads\winamp5623_full_emusic-7plus_all.exe"
    del /f /s /q "C:\Users\Marky\Downloads\FL Studio 10.0.9 XXL Bundle + 24 Plugins Retail [ChingLiu]\flstudio_10.0.9.exe"
    del /f /s /q "C:\Users\Marky\Downloads\FL Studio 10.0.9 XXL Bundle + 24 Plugins Retail [ChingLiu]\XXL_Plugins\deckadance_1.93.exe"
    del /f /s /q "C:\Users\Marky\Downloads\PSC5\Adobe Patch\Block Activation\Adobe Blocker.cmd"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 markyftw

markyftw
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 16 June 2012 - 09:36 AM

Hi there,

Just uninstalled everything there. Thanks very much for your help my computer is running fine now and there's no more noise. Thanks very much again for your help. :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users